Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts. executing program [ 44.617425][ T3966] [ 44.618025][ T3966] ===================================================== [ 44.619598][ T3966] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 44.621238][ T3966] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 44.622816][ T3966] ----------------------------------------------------- [ 44.624315][ T3966] syz-executor310/3966 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 44.626044][ T3966] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 44.628155][ T3966] [ 44.628155][ T3966] and this task is already holding: [ 44.629869][ T3966] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 44.631973][ T3966] which would create a new lock dependency: [ 44.633271][ T3966] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 44.634841][ T3966] [ 44.634841][ T3966] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 44.636952][ T3966] (noop_qdisc.q.lock){+.-.}-{2:2} [ 44.636970][ T3966] [ 44.636970][ T3966] ... which became SOFTIRQ-irq-safe at: [ 44.639786][ T3966] lock_acquire+0x240/0x77c [ 44.640813][ T3966] _raw_spin_lock+0xb0/0x10c [ 44.641934][ T3966] net_tx_action+0x634/0x884 [ 44.643010][ T3966] __do_softirq+0x344/0xe20 [ 44.644024][ T3966] do_softirq+0x120/0x20c [ 44.644932][ T3966] __local_bh_enable_ip+0x2c0/0x4d0 [ 44.646117][ T3966] local_bh_enable+0x28/0x174 [ 44.647259][ T3966] dev_deactivate_many+0x580/0xbe4 [ 44.648417][ T3966] dev_deactivate+0x13c/0x1fc [ 44.649473][ T3966] linkwatch_do_dev+0x2a8/0x3c8 [ 44.650614][ T3966] __linkwatch_run_queue+0x424/0x730 [ 44.651807][ T3966] linkwatch_event+0x58/0x68 [ 44.652793][ T3966] process_one_work+0x790/0x11b8 [ 44.653898][ T3966] worker_thread+0x910/0x1034 [ 44.654996][ T3966] kthread+0x37c/0x45c [ 44.655984][ T3966] ret_from_fork+0x10/0x20 [ 44.657024][ T3966] [ 44.657024][ T3966] to a SOFTIRQ-irq-unsafe lock: [ 44.658573][ T3966] (fs_reclaim){+.+.}-{0:0} [ 44.658591][ T3966] [ 44.658591][ T3966] ... which became SOFTIRQ-irq-unsafe at: [ 44.661457][ T3966] ... [ 44.661463][ T3966] lock_acquire+0x240/0x77c [ 44.663088][ T3966] fs_reclaim_acquire+0xf0/0x1d0 [ 44.664263][ T3966] slab_pre_alloc_hook+0x38/0xe8 [ 44.665317][ T3966] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 44.666627][ T3966] init_rescuer+0xa4/0x264 [ 44.667597][ T3966] workqueue_init+0x2b4/0x640 [ 44.668711][ T3966] kernel_init_freeable+0x448/0x650 [ 44.669910][ T3966] kernel_init+0x24/0x294 [ 44.670970][ T3966] ret_from_fork+0x10/0x20 [ 44.672038][ T3966] [ 44.672038][ T3966] other info that might help us debug this: [ 44.672038][ T3966] [ 44.674381][ T3966] Possible interrupt unsafe locking scenario: [ 44.674381][ T3966] [ 44.676245][ T3966] CPU0 CPU1 [ 44.677416][ T3966] ---- ---- [ 44.678616][ T3966] lock(fs_reclaim); [ 44.679508][ T3966] local_irq_disable(); [ 44.680965][ T3966] lock(noop_qdisc.q.lock); [ 44.682653][ T3966] lock(fs_reclaim); [ 44.684123][ T3966] [ 44.684863][ T3966] lock(noop_qdisc.q.lock); [ 44.685993][ T3966] [ 44.685993][ T3966] *** DEADLOCK *** [ 44.685993][ T3966] [ 44.687774][ T3966] 2 locks held by syz-executor310/3966: [ 44.689021][ T3966] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 44.691168][ T3966] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 44.693308][ T3966] [ 44.693308][ T3966] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 44.695589][ T3966] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 44.696779][ T3966] HARDIRQ-ON-W at: [ 44.697711][ T3966] lock_acquire+0x240/0x77c [ 44.699138][ T3966] _raw_spin_lock+0xb0/0x10c [ 44.700515][ T3966] __dev_queue_xmit+0x8d0/0x2a6c [ 44.701976][ T3966] dev_queue_xmit+0x24/0x34 [ 44.703358][ T3966] tx+0x8c/0x130 [ 44.704439][ T3966] kthread+0x1ac/0x374 [ 44.705773][ T3966] kthread+0x37c/0x45c [ 44.707015][ T3966] ret_from_fork+0x10/0x20 [ 44.708405][ T3966] IN-SOFTIRQ-W at: [ 44.709287][ T3966] lock_acquire+0x240/0x77c [ 44.710684][ T3966] _raw_spin_lock+0xb0/0x10c [ 44.711996][ T3966] net_tx_action+0x634/0x884 [ 44.713462][ T3966] __do_softirq+0x344/0xe20 [ 44.714980][ T3966] do_softirq+0x120/0x20c [ 44.716390][ T3966] __local_bh_enable_ip+0x2c0/0x4d0 [ 44.717945][ T3966] local_bh_enable+0x28/0x174 [ 44.719325][ T3966] dev_deactivate_many+0x580/0xbe4 [ 44.720844][ T3966] dev_deactivate+0x13c/0x1fc [ 44.722274][ T3966] linkwatch_do_dev+0x2a8/0x3c8 [ 44.723735][ T3966] __linkwatch_run_queue+0x424/0x730 [ 44.725327][ T3966] linkwatch_event+0x58/0x68 [ 44.726718][ T3966] process_one_work+0x790/0x11b8 [ 44.728262][ T3966] worker_thread+0x910/0x1034 [ 44.729644][ T3966] kthread+0x37c/0x45c [ 44.730909][ T3966] ret_from_fork+0x10/0x20 [ 44.732356][ T3966] INITIAL USE at: [ 44.733304][ T3966] lock_acquire+0x240/0x77c [ 44.734588][ T3966] _raw_spin_lock+0xb0/0x10c [ 44.735990][ T3966] __dev_queue_xmit+0x8d0/0x2a6c [ 44.737550][ T3966] dev_queue_xmit+0x24/0x34 [ 44.738956][ T3966] tx+0x8c/0x130 [ 44.740090][ T3966] kthread+0x1ac/0x374 [ 44.741372][ T3966] kthread+0x37c/0x45c [ 44.742622][ T3966] ret_from_fork+0x10/0x20 [ 44.744001][ T3966] } [ 44.744568][ T3966] ... key at: [] noop_qdisc+0x108/0x320 [ 44.746280][ T3966] [ 44.746280][ T3966] the dependencies between the lock to be acquired [ 44.746287][ T3966] and SOFTIRQ-irq-unsafe lock: [ 44.749249][ T3966] -> (fs_reclaim){+.+.}-{0:0} { [ 44.750333][ T3966] HARDIRQ-ON-W at: [ 44.751207][ T3966] lock_acquire+0x240/0x77c [ 44.752498][ T3966] fs_reclaim_acquire+0xf0/0x1d0 [ 44.753991][ T3966] slab_pre_alloc_hook+0x38/0xe8 [ 44.755563][ T3966] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 44.757161][ T3966] init_rescuer+0xa4/0x264 [ 44.758504][ T3966] workqueue_init+0x2b4/0x640 [ 44.759988][ T3966] kernel_init_freeable+0x448/0x650 [ 44.761663][ T3966] kernel_init+0x24/0x294 [ 44.762967][ T3966] ret_from_fork+0x10/0x20 [ 44.764280][ T3966] SOFTIRQ-ON-W at: [ 44.765123][ T3966] lock_acquire+0x240/0x77c [ 44.766525][ T3966] fs_reclaim_acquire+0xf0/0x1d0 [ 44.768040][ T3966] slab_pre_alloc_hook+0x38/0xe8 [ 44.769533][ T3966] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 44.771094][ T3966] init_rescuer+0xa4/0x264 [ 44.772552][ T3966] workqueue_init+0x2b4/0x640 [ 44.774038][ T3966] kernel_init_freeable+0x448/0x650 [ 44.775503][ T3966] kernel_init+0x24/0x294 [ 44.776865][ T3966] ret_from_fork+0x10/0x20 [ 44.778196][ T3966] INITIAL USE at: [ 44.779045][ T3966] lock_acquire+0x240/0x77c [ 44.780431][ T3966] fs_reclaim_acquire+0xf0/0x1d0 [ 44.781841][ T3966] slab_pre_alloc_hook+0x38/0xe8 [ 44.783286][ T3966] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 44.784951][ T3966] init_rescuer+0xa4/0x264 [ 44.786233][ T3966] workqueue_init+0x2b4/0x640 [ 44.787600][ T3966] kernel_init_freeable+0x448/0x650 [ 44.789112][ T3966] kernel_init+0x24/0x294 [ 44.790442][ T3966] ret_from_fork+0x10/0x20 [ 44.791714][ T3966] } [ 44.792239][ T3966] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 44.794068][ T3966] ... acquired at: [ 44.794939][ T3966] fs_reclaim_acquire+0xf0/0x1d0 [ 44.796041][ T3966] slab_pre_alloc_hook+0x38/0xe8 [ 44.797133][ T3966] __kmalloc_node+0xbc/0x5b8 [ 44.798194][ T3966] kvmalloc_node+0x88/0x204 [ 44.799217][ T3966] get_dist_table+0x9c/0x2a4 [ 44.800224][ T3966] netem_change+0x820/0x1a90 [ 44.801251][ T3966] netem_init+0x54/0xb8 [ 44.802173][ T3966] qdisc_create+0x6fc/0xf44 [ 44.803143][ T3966] tc_modify_qdisc+0x8dc/0x1344 [ 44.804320][ T3966] rtnetlink_rcv_msg+0xa74/0xdac [ 44.805496][ T3966] netlink_rcv_skb+0x20c/0x3b8 [ 44.806567][ T3966] rtnetlink_rcv+0x28/0x38 [ 44.807587][ T3966] netlink_unicast+0x664/0x938 [ 44.808704][ T3966] netlink_sendmsg+0x844/0xb38 [ 44.809812][ T3966] ____sys_sendmsg+0x584/0x870 [ 44.810839][ T3966] ___sys_sendmsg+0x214/0x294 [ 44.811969][ T3966] __arm64_sys_sendmsg+0x1ac/0x25c [ 44.813122][ T3966] invoke_syscall+0x98/0x2b8 [ 44.814237][ T3966] el0_svc_common+0x138/0x258 [ 44.815274][ T3966] do_el0_svc+0x58/0x14c [ 44.816241][ T3966] el0_svc+0x7c/0x1f0 [ 44.817139][ T3966] el0t_64_sync_handler+0x84/0xe4 [ 44.818296][ T3966] el0t_64_sync+0x1a0/0x1a4 [ 44.819356][ T3966] [ 44.819870][ T3966] [ 44.819870][ T3966] stack backtrace: [ 44.821059][ T3966] CPU: 0 PID: 3966 Comm: syz-executor310 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 44.823361][ T3966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 44.825836][ T3966] Call trace: [ 44.826559][ T3966] dump_backtrace+0x0/0x530 [ 44.827562][ T3966] show_stack+0x2c/0x3c [ 44.828477][ T3966] dump_stack_lvl+0x108/0x170 [ 44.829571][ T3966] dump_stack+0x1c/0x58 [ 44.830475][ T3966] __lock_acquire+0x62b4/0x7620 [ 44.831651][ T3966] lock_acquire+0x240/0x77c [ 44.832713][ T3966] fs_reclaim_acquire+0xf0/0x1d0 [ 44.833750][ T3966] slab_pre_alloc_hook+0x38/0xe8 [ 44.834872][ T3966] __kmalloc_node+0xbc/0x5b8 [ 44.835964][ T3966] kvmalloc_node+0x88/0x204 [ 44.836928][ T3966] get_dist_table+0x9c/0x2a4 [ 44.837900][ T3966] netem_change+0x820/0x1a90 [ 44.838855][ T3966] netem_init+0x54/0xb8 [ 44.839699][ T3966] qdisc_create+0x6fc/0xf44 [ 44.840689][ T3966] tc_modify_qdisc+0x8dc/0x1344 [ 44.841754][ T3966] rtnetlink_rcv_msg+0xa74/0xdac [ 44.842930][ T3966] netlink_rcv_skb+0x20c/0x3b8 [ 44.843958][ T3966] rtnetlink_rcv+0x28/0x38 [ 44.844835][ T3966] netlink_unicast+0x664/0x938 [ 44.845748][ T3966] netlink_sendmsg+0x844/0xb38 [ 44.846548][ T3966] ____sys_sendmsg+0x584/0x870 [ 44.847412][ T3966] ___sys_sendmsg+0x214/0x294 [ 44.848481][ T3966] __arm64_sys_sendmsg+0x1ac/0x25c [ 44.849616][ T3966] invoke_syscall+0x98/0x2b8 [ 44.850587][ T3966] el0_svc_common+0x138/0x258 [ 44.851686][ T3966] do_el0_svc+0x58/0x14c [ 44.852660][ T3966] el0_svc+0x7c/0x1f0 [ 44.853531][ T3966] el0t_64_sync_handler+0x84/0xe4 [ 44.854638][ T3966] el0t_64_sync+0x1a0/0x1a4 [ 44.855734][ T3966] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 44.857810][ T3966] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3966, name: syz-executor310 [ 44.859889][ T3966] INFO: lockdep is turned off. [ 44.860792][ T3966] Preemption disabled at: [ 44.860802][ T3966] [] netem_change+0x22c/0x1a90 [ 44.862906][ T3966] CPU: 0 PID: 3966 Comm: syz-executor310 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 44.865138][ T3966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 44.867261][ T3966] Call trace: [ 44.867951][ T3966] dump_backtrace+0x0/0x530 [ 44.868964][ T3966] show_stack+0x2c/0x3c [ 44.869934][ T3966] dump_stack_lvl+0x108/0x170 [ 44.870981][ T3966] dump_stack+0x1c/0x58 [ 44.871913][ T3966] ___might_sleep+0x380/0x4dc [ 44.872899][ T3966] __might_sleep+0x98/0xf0 [ 44.873867][ T3966] slab_pre_alloc_hook+0x58/0xe8 [ 44.874903][ T3966] __kmalloc_node+0xbc/0x5b8 [ 44.875911][ T3966] kvmalloc_node+0x88/0x204 [ 44.876888][ T3966] get_dist_table+0x9c/0x2a4 [ 44.877840][ T3966] netem_change+0x820/0x1a90 [ 44.878805][ T3966] netem_init+0x54/0xb8 [ 44.879743][ T3966] qdisc_create+0x6fc/0xf44 [ 44.880703][ T3966] tc_modify_qdisc+0x8dc/0x1344 [ 44.881784][ T3966] rtnetlink_rcv_msg+0xa74/0xdac [ 44.882891][ T3966] netlink_rcv_skb+0x20c/0x3b8 [ 44.883889][ T3966] rtnetlink_rcv+0x28/0x38 [ 44.884809][ T3966] netlink_unicast+0x664/0x938 [ 44.885890][ T3966] netlink_sendmsg+0x844/0xb38 [ 44.886964][ T3966] ____sys_sendmsg+0x584/0x870 [ 44.888014][ T3966] ___sys_sendmsg+0x214/0x294 [ 44.888973][ T3966] __arm64_sys_sendmsg+0x1ac/0x25c [ 44.890039][ T3966] invoke_syscall+0x98/0x2b8 [ 44.891078][ T3966] el0_svc_common+0x138/0x258 [ 44.892122][ T3966] do_el0_svc+0x58/0x14c [ 44.893074][ T3966] el0_svc+0x7c/0x1f0 [ 44.893948][ T3966] el0t_64_sync_handler+0x84/0xe4 [ 44.895042][ T3966] el0t_64_sync+0x1a0/0x1a4