Warning: Permanently added '10.128.1.99' (ED25519) to the list of known hosts. executing program [ 36.239907][ T4217] [ 36.240515][ T4217] ===================================================== [ 36.242069][ T4217] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 36.243686][ T4217] 6.1.45-syzkaller #0 Not tainted [ 36.244732][ T4217] ----------------------------------------------------- [ 36.246290][ T4217] syz-executor290/4217 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 36.248049][ T4217] ffff800015b3c360 (fs_reclaim){+.+.}-{0:0}, at: __kmem_cache_alloc_node+0x58/0x388 [ 36.250135][ T4217] [ 36.250135][ T4217] and this task is already holding: [ 36.251678][ T4217] ffff800017eb4848 (noop_qdisc.q.lock){+.-.}-{2:2}, at: sch_tree_lock+0x120/0x1d4 [ 36.253656][ T4217] which would create a new lock dependency: [ 36.255020][ T4217] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 36.256689][ T4217] [ 36.256689][ T4217] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 36.258727][ T4217] (noop_qdisc.q.lock){+.-.}-{2:2} [ 36.258744][ T4217] [ 36.258744][ T4217] ... which became SOFTIRQ-irq-safe at: [ 36.261481][ T4217] lock_acquire+0x26c/0x7cc [ 36.262492][ T4217] _raw_spin_lock+0x54/0x6c [ 36.263480][ T4217] net_tx_action+0x6ec/0x94c [ 36.264477][ T4217] __do_softirq+0x30c/0xea0 [ 36.265446][ T4217] ____do_softirq+0x14/0x20 [ 36.266412][ T4217] call_on_irq_stack+0x24/0x4c [ 36.267494][ T4217] do_softirq_own_stack+0x20/0x2c [ 36.268596][ T4217] do_softirq+0x120/0x20c [ 36.269536][ T4217] __local_bh_enable_ip+0x2c0/0x4d0 [ 36.270698][ T4217] local_bh_enable+0x28/0x34 [ 36.271748][ T4217] dev_deactivate_many+0x3d4/0xa8c [ 36.272844][ T4217] dev_deactivate+0x13c/0x1fc [ 36.273837][ T4217] linkwatch_do_dev+0x29c/0x3a4 [ 36.274869][ T4217] __linkwatch_run_queue+0x3a0/0x700 [ 36.276048][ T4217] linkwatch_event+0x58/0x68 [ 36.277075][ T4217] process_one_work+0x7ac/0x1404 [ 36.278188][ T4217] worker_thread+0x8e4/0xfec [ 36.279185][ T4217] kthread+0x250/0x2d8 [ 36.280060][ T4217] ret_from_fork+0x10/0x20 [ 36.281050][ T4217] [ 36.281050][ T4217] to a SOFTIRQ-irq-unsafe lock: [ 36.282578][ T4217] (fs_reclaim){+.+.}-{0:0} [ 36.282595][ T4217] [ 36.282595][ T4217] ... which became SOFTIRQ-irq-unsafe at: [ 36.285217][ T4217] ... [ 36.285223][ T4217] lock_acquire+0x26c/0x7cc [ 36.286800][ T4217] fs_reclaim_acquire+0x90/0x12c [ 36.287881][ T4217] __kmem_cache_alloc_node+0x58/0x388 [ 36.289056][ T4217] kmalloc_node_trace+0x44/0x90 [ 36.290092][ T4217] init_rescuer+0xa4/0x264 [ 36.291014][ T4217] workqueue_init+0x298/0x5b4 [ 36.292062][ T4217] kernel_init_freeable+0x33c/0x528 [ 36.293225][ T4217] kernel_init+0x24/0x29c [ 36.294149][ T4217] ret_from_fork+0x10/0x20 [ 36.295086][ T4217] [ 36.295086][ T4217] other info that might help us debug this: [ 36.295086][ T4217] [ 36.297401][ T4217] Possible interrupt unsafe locking scenario: [ 36.297401][ T4217] [ 36.299207][ T4217] CPU0 CPU1 [ 36.300382][ T4217] ---- ---- [ 36.301495][ T4217] lock(fs_reclaim); [ 36.302413][ T4217] local_irq_disable(); [ 36.303850][ T4217] lock(noop_qdisc.q.lock); [ 36.305342][ T4217] lock(fs_reclaim); [ 36.306773][ T4217] [ 36.307623][ T4217] lock(noop_qdisc.q.lock); [ 36.308742][ T4217] [ 36.308742][ T4217] *** DEADLOCK *** [ 36.308742][ T4217] [ 36.310461][ T4217] 2 locks held by syz-executor290/4217: [ 36.311748][ T4217] #0: ffff800017e6fdc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 [ 36.313902][ T4217] #1: ffff800017eb4848 (noop_qdisc.q.lock){+.-.}-{2:2}, at: sch_tree_lock+0x120/0x1d4 [ 36.315990][ T4217] [ 36.315990][ T4217] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 36.318189][ T4217] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 36.319477][ T4217] HARDIRQ-ON-W at: [ 36.320314][ T4217] lock_acquire+0x26c/0x7cc [ 36.321706][ T4217] _raw_spin_lock+0x54/0x6c [ 36.323049][ T4217] __dev_queue_xmit+0xb14/0x38d8 [ 36.324549][ T4217] tx+0x90/0x134 [ 36.325594][ T4217] kthread+0x1ac/0x374 [ 36.326851][ T4217] kthread+0x250/0x2d8 [ 36.328044][ T4217] ret_from_fork+0x10/0x20 [ 36.329406][ T4217] IN-SOFTIRQ-W at: [ 36.330248][ T4217] lock_acquire+0x26c/0x7cc [ 36.331531][ T4217] _raw_spin_lock+0x54/0x6c [ 36.332843][ T4217] net_tx_action+0x6ec/0x94c [ 36.334253][ T4217] __do_softirq+0x30c/0xea0 [ 36.335562][ T4217] ____do_softirq+0x14/0x20 [ 36.336869][ T4217] call_on_irq_stack+0x24/0x4c [ 36.338255][ T4217] do_softirq_own_stack+0x20/0x2c [ 36.339751][ T4217] do_softirq+0x120/0x20c [ 36.341065][ T4217] __local_bh_enable_ip+0x2c0/0x4d0 [ 36.342543][ T4217] local_bh_enable+0x28/0x34 [ 36.343952][ T4217] dev_deactivate_many+0x3d4/0xa8c [ 36.345380][ T4217] dev_deactivate+0x13c/0x1fc [ 36.346791][ T4217] linkwatch_do_dev+0x29c/0x3a4 [ 36.348261][ T4217] __linkwatch_run_queue+0x3a0/0x700 [ 36.349804][ T4217] linkwatch_event+0x58/0x68 [ 36.351192][ T4217] process_one_work+0x7ac/0x1404 [ 36.352587][ T4217] worker_thread+0x8e4/0xfec [ 36.353910][ T4217] kthread+0x250/0x2d8 [ 36.355173][ T4217] ret_from_fork+0x10/0x20 [ 36.356464][ T4217] INITIAL USE at: [ 36.357274][ T4217] lock_acquire+0x26c/0x7cc [ 36.358534][ T4217] _raw_spin_lock+0x54/0x6c [ 36.359864][ T4217] __dev_queue_xmit+0xb14/0x38d8 [ 36.361174][ T4217] tx+0x90/0x134 [ 36.362299][ T4217] kthread+0x1ac/0x374 [ 36.363518][ T4217] kthread+0x250/0x2d8 [ 36.364798][ T4217] ret_from_fork+0x10/0x20 [ 36.366088][ T4217] } [ 36.366609][ T4217] ... key at: [] noop_qdisc+0x108/0x320 [ 36.368291][ T4217] [ 36.368291][ T4217] the dependencies between the lock to be acquired [ 36.368298][ T4217] and SOFTIRQ-irq-unsafe lock: [ 36.371137][ T4217] -> (fs_reclaim){+.+.}-{0:0} { [ 36.372419][ T4217] HARDIRQ-ON-W at: [ 36.373292][ T4217] lock_acquire+0x26c/0x7cc [ 36.374707][ T4217] fs_reclaim_acquire+0x90/0x12c [ 36.376139][ T4217] __kmem_cache_alloc_node+0x58/0x388 [ 36.377745][ T4217] kmalloc_node_trace+0x44/0x90 [ 36.379182][ T4217] init_rescuer+0xa4/0x264 [ 36.380567][ T4217] workqueue_init+0x298/0x5b4 [ 36.381966][ T4217] kernel_init_freeable+0x33c/0x528 [ 36.383514][ T4217] kernel_init+0x24/0x29c [ 36.384787][ T4217] ret_from_fork+0x10/0x20 [ 36.386108][ T4217] SOFTIRQ-ON-W at: [ 36.386952][ T4217] lock_acquire+0x26c/0x7cc [ 36.388305][ T4217] fs_reclaim_acquire+0x90/0x12c [ 36.389781][ T4217] __kmem_cache_alloc_node+0x58/0x388 [ 36.391260][ T4217] kmalloc_node_trace+0x44/0x90 [ 36.392665][ T4217] init_rescuer+0xa4/0x264 [ 36.393934][ T4217] workqueue_init+0x298/0x5b4 [ 36.395380][ T4217] kernel_init_freeable+0x33c/0x528 [ 36.396968][ T4217] kernel_init+0x24/0x29c [ 36.398405][ T4217] ret_from_fork+0x10/0x20 [ 36.399733][ T4217] INITIAL USE at: [ 36.400647][ T4217] lock_acquire+0x26c/0x7cc [ 36.402010][ T4217] fs_reclaim_acquire+0x90/0x12c [ 36.403383][ T4217] __kmem_cache_alloc_node+0x58/0x388 [ 36.404915][ T4217] kmalloc_node_trace+0x44/0x90 [ 36.406334][ T4217] init_rescuer+0xa4/0x264 [ 36.407577][ T4217] workqueue_init+0x298/0x5b4 [ 36.408941][ T4217] kernel_init_freeable+0x33c/0x528 [ 36.410429][ T4217] kernel_init+0x24/0x29c [ 36.411662][ T4217] ret_from_fork+0x10/0x20 [ 36.412965][ T4217] } [ 36.413539][ T4217] ... key at: [] __fs_reclaim_map+0x0/0xe0 [ 36.415227][ T4217] ... acquired at: [ 36.416022][ T4217] fs_reclaim_acquire+0x90/0x12c [ 36.417167][ T4217] __kmem_cache_alloc_node+0x58/0x388 [ 36.418409][ T4217] __kmalloc_node+0xcc/0x1d0 [ 36.419473][ T4217] kvmalloc_node+0x84/0x1e4 [ 36.420465][ T4217] get_dist_table+0xa0/0x354 [ 36.421497][ T4217] netem_change+0x7a4/0x1900 [ 36.422575][ T4217] netem_init+0x54/0xb8 [ 36.423523][ T4217] qdisc_create+0x70c/0xe64 [ 36.424530][ T4217] tc_modify_qdisc+0x9f0/0x1840 [ 36.425679][ T4217] rtnetlink_rcv_msg+0x72c/0xd94 [ 36.426783][ T4217] netlink_rcv_skb+0x20c/0x3b8 [ 36.427891][ T4217] rtnetlink_rcv+0x28/0x38 [ 36.428894][ T4217] netlink_unicast+0x660/0x8d4 [ 36.429950][ T4217] netlink_sendmsg+0x834/0xb18 [ 36.431120][ T4217] ____sys_sendmsg+0x558/0x844 [ 36.432257][ T4217] __sys_sendmsg+0x26c/0x33c [ 36.433297][ T4217] __arm64_sys_sendmsg+0x80/0x94 [ 36.434350][ T4217] invoke_syscall+0x98/0x2c0 [ 36.435299][ T4217] el0_svc_common+0x138/0x258 [ 36.436309][ T4217] do_el0_svc+0x64/0x218 [ 36.437276][ T4217] el0_svc+0x58/0x168 [ 36.438194][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 36.439307][ T4217] el0t_64_sync+0x18c/0x190 [ 36.440326][ T4217] [ 36.440791][ T4217] [ 36.440791][ T4217] stack backtrace: [ 36.441976][ T4217] CPU: 1 PID: 4217 Comm: syz-executor290 Not tainted 6.1.45-syzkaller #0 [ 36.443722][ T4217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 36.445800][ T4217] Call trace: [ 36.446533][ T4217] dump_backtrace+0x1c8/0x1f4 [ 36.447643][ T4217] show_stack+0x2c/0x3c [ 36.448525][ T4217] dump_stack_lvl+0x108/0x170 [ 36.449579][ T4217] dump_stack+0x1c/0x58 [ 36.450522][ T4217] __lock_acquire+0x6310/0x764c [ 36.451510][ T4217] lock_acquire+0x26c/0x7cc [ 36.452479][ T4217] fs_reclaim_acquire+0x90/0x12c [ 36.453502][ T4217] __kmem_cache_alloc_node+0x58/0x388 [ 36.454722][ T4217] __kmalloc_node+0xcc/0x1d0 [ 36.455708][ T4217] kvmalloc_node+0x84/0x1e4 [ 36.456717][ T4217] get_dist_table+0xa0/0x354 [ 36.457703][ T4217] netem_change+0x7a4/0x1900 [ 36.458682][ T4217] netem_init+0x54/0xb8 [ 36.459598][ T4217] qdisc_create+0x70c/0xe64 [ 36.460604][ T4217] tc_modify_qdisc+0x9f0/0x1840 [ 36.461634][ T4217] rtnetlink_rcv_msg+0x72c/0xd94 [ 36.462749][ T4217] netlink_rcv_skb+0x20c/0x3b8 [ 36.463832][ T4217] rtnetlink_rcv+0x28/0x38 [ 36.464790][ T4217] netlink_unicast+0x660/0x8d4 [ 36.465813][ T4217] netlink_sendmsg+0x834/0xb18 [ 36.466790][ T4217] ____sys_sendmsg+0x558/0x844 [ 36.467836][ T4217] __sys_sendmsg+0x26c/0x33c [ 36.468830][ T4217] __arm64_sys_sendmsg+0x80/0x94 [ 36.469873][ T4217] invoke_syscall+0x98/0x2c0 [ 36.470878][ T4217] el0_svc_common+0x138/0x258 [ 36.471880][ T4217] do_el0_svc+0x64/0x218 [ 36.472802][ T4217] el0_svc+0x58/0x168 [ 36.473645][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 36.474768][ T4217] el0t_64_sync+0x18c/0x190 [ 36.475791][ T4217] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 [ 36.477793][ T4217] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4217, name: syz-executor290 [ 36.479774][ T4217] preempt_count: 201, expected: 0 [ 36.480869][ T4217] RCU nest depth: 0, expected: 0 [ 36.481849][ T4217] INFO: lockdep is turned off. [ 36.482832][ T4217] Preemption disabled at: [ 36.482841][ T4217] [] sch_tree_lock+0x120/0x1d4 [ 36.485121][ T4217] CPU: 1 PID: 4217 Comm: syz-executor290 Not tainted 6.1.45-syzkaller #0 [ 36.486937][ T4217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 36.489110][ T4217] Call trace: [ 36.489754][ T4217] dump_backtrace+0x1c8/0x1f4 [ 36.490820][ T4217] show_stack+0x2c/0x3c [ 36.491746][ T4217] dump_stack_lvl+0x108/0x170 [ 36.492745][ T4217] dump_stack+0x1c/0x58 [ 36.493677][ T4217] __might_resched+0x37c/0x4d8 [ 36.494694][ T4217] __might_sleep+0x90/0xe4 [ 36.495601][ T4217] __kmem_cache_alloc_node+0x74/0x388 [ 36.496746][ T4217] __kmalloc_node+0xcc/0x1d0 [ 36.497760][ T4217] kvmalloc_node+0x84/0x1e4 [ 36.498788][ T4217] get_dist_table+0xa0/0x354 [ 36.499838][ T4217] netem_change+0x7a4/0x1900 [ 36.500762][ T4217] netem_init+0x54/0xb8 [ 36.501641][ T4217] qdisc_create+0x70c/0xe64 [ 36.502593][ T4217] tc_modify_qdisc+0x9f0/0x1840 [ 36.503770][ T4217] rtnetlink_rcv_msg+0x72c/0xd94 [ 36.504862][ T4217] netlink_rcv_skb+0x20c/0x3b8 [ 36.505858][ T4217] rtnetlink_rcv+0x28/0x38 [ 36.506807][ T4217] netlink_unicast+0x660/0x8d4 [ 36.507838][ T4217] netlink_sendmsg+0x834/0xb18 [ 36.508780][ T4217] ____sys_sendmsg+0x558/0x844 [ 36.509874][ T4217] __sys_sendmsg+0x26c/0x33c [ 36.510854][ T4217] __arm64_sys_sendmsg+0x80/0x94 [ 36.511975][ T4217] invoke_syscall+0x98/0x2c0 [ 36.512944][ T4217] el0_svc_common+0x138/0x258 [ 36.514025][ T4217] do_el0_svc+0x64/0x218 [ 36.514950][ T4217] el0_svc+0x58/0x168 [ 36.515761][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 36.516918][ T4217] el0t_64_sync+0x18c/0x190