[ 15.185033][ T3893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.188503][ T3893] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.235227][ T1644] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.239632][ T3802] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.176' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.205845][ T4218] [ 36.206301][ T4218] ===================================================== [ 36.207813][ T4218] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 36.209442][ T4218] 6.1.36-syzkaller #0 Not tainted [ 36.210554][ T4218] ----------------------------------------------------- [ 36.212078][ T4218] syz-executor319/4218 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 36.213927][ T4218] ffff80001585bd40 (fs_reclaim){+.+.}-{0:0}, at: __kmem_cache_alloc_node+0x58/0x388 [ 36.216108][ T4218] [ 36.216108][ T4218] and this task is already holding: [ 36.217631][ T4218] ffff800017bd3208 (noop_qdisc.q.lock){+.-.}-{2:2}, at: sch_tree_lock+0x120/0x1d4 [ 36.219576][ T4218] which would create a new lock dependency: [ 36.220880][ T4218] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 36.222727][ T4218] [ 36.222727][ T4218] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 36.224860][ T4218] (noop_qdisc.q.lock){+.-.}-{2:2} [ 36.224877][ T4218] [ 36.224877][ T4218] ... which became SOFTIRQ-irq-safe at: [ 36.227669][ T4218] lock_acquire+0x26c/0x7cc [ 36.228684][ T4218] _raw_spin_lock+0x54/0x6c [ 36.229702][ T4218] net_tx_action+0x6ec/0x94c [ 36.230764][ T4218] __do_softirq+0x30c/0xea0 [ 36.231841][ T4218] run_ksoftirqd+0x68/0x258 [ 36.232804][ T4218] smpboot_thread_fn+0x4b0/0x96c [ 36.233942][ T4218] kthread+0x250/0x2d8 [ 36.234957][ T4218] ret_from_fork+0x10/0x20 [ 36.235925][ T4218] [ 36.235925][ T4218] to a SOFTIRQ-irq-unsafe lock: [ 36.237621][ T4218] (fs_reclaim){+.+.}-{0:0} [ 36.237640][ T4218] [ 36.237640][ T4218] ... which became SOFTIRQ-irq-unsafe at: [ 36.240327][ T4218] ... [ 36.240333][ T4218] lock_acquire+0x26c/0x7cc [ 36.241999][ T4218] fs_reclaim_acquire+0x90/0x12c [ 36.243153][ T4218] __kmem_cache_alloc_node+0x58/0x388 [ 36.244311][ T4218] kmalloc_node_trace+0x44/0x90 [ 36.245476][ T4218] init_rescuer+0xa4/0x264 [ 36.246480][ T4218] workqueue_init+0x298/0x5b4 [ 36.247592][ T4218] kernel_init_freeable+0x33c/0x528 [ 36.248764][ T4218] kernel_init+0x24/0x29c [ 36.249728][ T4218] ret_from_fork+0x10/0x20 [ 36.250700][ T4218] [ 36.250700][ T4218] other info that might help us debug this: [ 36.250700][ T4218] [ 36.252882][ T4218] Possible interrupt unsafe locking scenario: [ 36.252882][ T4218] [ 36.254673][ T4218] CPU0 CPU1 [ 36.255866][ T4218] ---- ---- [ 36.256977][ T4218] lock(fs_reclaim); [ 36.257962][ T4218] local_irq_disable(); [ 36.259397][ T4218] lock(noop_qdisc.q.lock); [ 36.261029][ T4218] lock(fs_reclaim); [ 36.262412][ T4218] [ 36.263180][ T4218] lock(noop_qdisc.q.lock); [ 36.264142][ T4218] [ 36.264142][ T4218] *** DEADLOCK *** [ 36.264142][ T4218] [ 36.265991][ T4218] 2 locks held by syz-executor319/4218: [ 36.267211][ T4218] #0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 [ 36.269213][ T4218] #1: ffff800017bd3208 (noop_qdisc.q.lock){+.-.}-{2:2}, at: sch_tree_lock+0x120/0x1d4 [ 36.271358][ T4218] [ 36.271358][ T4218] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 36.273585][ T4218] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 36.274740][ T4218] HARDIRQ-ON-W at: [ 36.275645][ T4218] lock_acquire+0x26c/0x7cc [ 36.277131][ T4218] _raw_spin_lock+0x54/0x6c [ 36.278552][ T4218] __dev_queue_xmit+0xb14/0x38d8 [ 36.279963][ T4218] tx+0x90/0x134 [ 36.281007][ T4218] kthread+0x1ac/0x374 [ 36.282250][ T4218] kthread+0x250/0x2d8 [ 36.283446][ T4218] ret_from_fork+0x10/0x20 [ 36.284796][ T4218] IN-SOFTIRQ-W at: [ 36.285623][ T4218] lock_acquire+0x26c/0x7cc [ 36.286998][ T4218] _raw_spin_lock+0x54/0x6c [ 36.288366][ T4218] net_tx_action+0x6ec/0x94c [ 36.289701][ T4218] __do_softirq+0x30c/0xea0 [ 36.291003][ T4218] run_ksoftirqd+0x68/0x258 [ 36.292323][ T4218] smpboot_thread_fn+0x4b0/0x96c [ 36.293778][ T4218] kthread+0x250/0x2d8 [ 36.295158][ T4218] ret_from_fork+0x10/0x20 [ 36.296438][ T4218] INITIAL USE at: [ 36.297317][ T4218] lock_acquire+0x26c/0x7cc [ 36.298632][ T4218] _raw_spin_lock+0x54/0x6c [ 36.300005][ T4218] __dev_queue_xmit+0xb14/0x38d8 [ 36.301377][ T4218] tx+0x90/0x134 [ 36.302542][ T4218] kthread+0x1ac/0x374 [ 36.303757][ T4218] kthread+0x250/0x2d8 [ 36.305008][ T4218] ret_from_fork+0x10/0x20 [ 36.306320][ T4218] } [ 36.306873][ T4218] ... key at: [] noop_qdisc+0x108/0x320 [ 36.308566][ T4218] [ 36.308566][ T4218] the dependencies between the lock to be acquired [ 36.308574][ T4218] and SOFTIRQ-irq-unsafe lock: [ 36.311468][ T4218] -> (fs_reclaim){+.+.}-{0:0} { [ 36.312533][ T4218] HARDIRQ-ON-W at: [ 36.313439][ T4218] lock_acquire+0x26c/0x7cc [ 36.314773][ T4218] fs_reclaim_acquire+0x90/0x12c [ 36.316181][ T4218] __kmem_cache_alloc_node+0x58/0x388 [ 36.317714][ T4218] kmalloc_node_trace+0x44/0x90 [ 36.319165][ T4218] init_rescuer+0xa4/0x264 [ 36.320462][ T4218] workqueue_init+0x298/0x5b4 [ 36.321891][ T4218] kernel_init_freeable+0x33c/0x528 [ 36.323429][ T4218] kernel_init+0x24/0x29c [ 36.324665][ T4218] ret_from_fork+0x10/0x20 [ 36.326018][ T4218] SOFTIRQ-ON-W at: [ 36.326967][ T4218] lock_acquire+0x26c/0x7cc [ 36.328312][ T4218] fs_reclaim_acquire+0x90/0x12c [ 36.329883][ T4218] __kmem_cache_alloc_node+0x58/0x388 [ 36.331397][ T4218] kmalloc_node_trace+0x44/0x90 [ 36.332823][ T4218] init_rescuer+0xa4/0x264 [ 36.334058][ T4218] workqueue_init+0x298/0x5b4 [ 36.335454][ T4218] kernel_init_freeable+0x33c/0x528 [ 36.336946][ T4218] kernel_init+0x24/0x29c [ 36.338280][ T4218] ret_from_fork+0x10/0x20 [ 36.339642][ T4218] INITIAL USE at: [ 36.340430][ T4218] lock_acquire+0x26c/0x7cc [ 36.341756][ T4218] fs_reclaim_acquire+0x90/0x12c [ 36.343179][ T4218] __kmem_cache_alloc_node+0x58/0x388 [ 36.344748][ T4218] kmalloc_node_trace+0x44/0x90 [ 36.346244][ T4218] init_rescuer+0xa4/0x264 [ 36.347585][ T4218] workqueue_init+0x298/0x5b4 [ 36.348985][ T4218] kernel_init_freeable+0x33c/0x528 [ 36.350494][ T4218] kernel_init+0x24/0x29c [ 36.351863][ T4218] ret_from_fork+0x10/0x20 [ 36.353042][ T4218] } [ 36.353587][ T4218] ... key at: [] __fs_reclaim_map+0x0/0xe0 [ 36.355385][ T4218] ... acquired at: [ 36.356234][ T4218] fs_reclaim_acquire+0x90/0x12c [ 36.357439][ T4218] __kmem_cache_alloc_node+0x58/0x388 [ 36.358674][ T4218] __kmalloc_node+0xcc/0x1d0 [ 36.359755][ T4218] kvmalloc_node+0x84/0x1e4 [ 36.360803][ T4218] get_dist_table+0xa0/0x354 [ 36.361772][ T4218] netem_change+0x754/0x1900 [ 36.362792][ T4218] netem_init+0x54/0xb8 [ 36.363746][ T4218] qdisc_create+0x70c/0xe64 [ 36.364800][ T4218] tc_modify_qdisc+0x9f0/0x1840 [ 36.365946][ T4218] rtnetlink_rcv_msg+0x72c/0xd94 [ 36.367022][ T4218] netlink_rcv_skb+0x20c/0x3b8 [ 36.368141][ T4218] rtnetlink_rcv+0x28/0x38 [ 36.369122][ T4218] netlink_unicast+0x660/0x8d4 [ 36.370305][ T4218] netlink_sendmsg+0x834/0xb18 [ 36.371488][ T4218] ____sys_sendmsg+0x558/0x844 [ 36.372658][ T4218] __sys_sendmsg+0x26c/0x33c [ 36.373623][ T4218] __arm64_sys_sendmsg+0x80/0x94 [ 36.374783][ T4218] invoke_syscall+0x98/0x2c0 [ 36.375783][ T4218] el0_svc_common+0x138/0x258 [ 36.376753][ T4218] do_el0_svc+0x64/0x218 [ 36.377654][ T4218] el0_svc+0x58/0x168 [ 36.378578][ T4218] el0t_64_sync_handler+0x84/0xf0 [ 36.379733][ T4218] el0t_64_sync+0x18c/0x190 [ 36.380756][ T4218] [ 36.381236][ T4218] [ 36.381236][ T4218] stack backtrace: [ 36.382449][ T4218] CPU: 0 PID: 4218 Comm: syz-executor319 Not tainted 6.1.36-syzkaller #0 [ 36.384444][ T4218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 36.386625][ T4218] Call trace: [ 36.387385][ T4218] dump_backtrace+0x1c8/0x1f4 [ 36.388415][ T4218] show_stack+0x2c/0x3c [ 36.389397][ T4218] dump_stack_lvl+0x108/0x170 [ 36.390400][ T4218] dump_stack+0x1c/0x58 [ 36.391402][ T4218] __lock_acquire+0x6310/0x764c [ 36.392525][ T4218] lock_acquire+0x26c/0x7cc [ 36.393530][ T4218] fs_reclaim_acquire+0x90/0x12c [ 36.394558][ T4218] __kmem_cache_alloc_node+0x58/0x388 [ 36.395732][ T4218] __kmalloc_node+0xcc/0x1d0 [ 36.396793][ T4218] kvmalloc_node+0x84/0x1e4 [ 36.397800][ T4218] get_dist_table+0xa0/0x354 [ 36.398798][ T4218] netem_change+0x754/0x1900 [ 36.399758][ T4218] netem_init+0x54/0xb8 [ 36.400698][ T4218] qdisc_create+0x70c/0xe64 [ 36.401674][ T4218] tc_modify_qdisc+0x9f0/0x1840 [ 36.402778][ T4218] rtnetlink_rcv_msg+0x72c/0xd94 [ 36.403833][ T4218] netlink_rcv_skb+0x20c/0x3b8 [ 36.404775][ T4218] rtnetlink_rcv+0x28/0x38 [ 36.405765][ T4218] netlink_unicast+0x660/0x8d4 [ 36.406805][ T4218] netlink_sendmsg+0x834/0xb18 [ 36.407787][ T4218] ____sys_sendmsg+0x558/0x844 [ 36.408760][ T4218] __sys_sendmsg+0x26c/0x33c [ 36.409731][ T4218] __arm64_sys_sendmsg+0x80/0x94 [ 36.410753][ T4218] invoke_syscall+0x98/0x2c0 [ 36.411765][ T4218] el0_svc_common+0x138/0x258 [ 36.412791][ T4218] do_el0_svc+0x64/0x218 [ 36.413697][ T4218] el0_svc+0x58/0x168 [ 36.414592][ T4218] el0t_64_sync_handler+0x84/0xf0 [ 36.415643][ T4218] el0t_64_sync+0x18c/0x190 [ 36.416567][ T4218] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 [ 36.418064][ T4218] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4218, name: syz-executor319 [ 36.419873][ T4218] preempt_count: 201, expected: 0 [ 36.420934][ T4218] RCU nest depth: 0, expected: 0 [ 36.421896][ T4218] INFO: lockdep is turned off. [ 36.422857][ T4218] Preemption disabled at: [ 36.422866][ T4218] [] sch_tree_lock+0x120/0x1d4 [ 36.425045][ T4218] CPU: 0 PID: 4218 Comm: syz-executor319 Not tainted 6.1.36-syzkaller #0 [ 36.426640][ T4218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 36.428718][ T4218] Call trace: [ 36.429384][ T4218] dump_backtrace+0x1c8/0x1f4 [ 36.430390][ T4218] show_stack+0x2c/0x3c [ 36.431187][ T4218] dump_stack_lvl+0x108/0x170 [ 36.432080][ T4218] dump_stack+0x1c/0x58 [ 36.432890][ T4218] __might_resched+0x37c/0x4d8 [ 36.433973][ T4218] __might_sleep+0x90/0xe4 [ 36.434941][ T4218] __kmem_cache_alloc_node+0x74/0x388 [ 36.436047][ T4218] __kmalloc_node+0xcc/0x1d0 [ 36.437049][ T4218] kvmalloc_node+0x84/0x1e4 [ 36.437993][ T4218] get_dist_table+0xa0/0x354 [ 36.438981][ T4218] netem_change+0x754/0x1900 [ 36.440040][ T4218] netem_init+0x54/0xb8 [ 36.440927][ T4218] qdisc_create+0x70c/0xe64 [ 36.441873][ T4218] tc_modify_qdisc+0x9f0/0x1840 [ 36.442903][ T4218] rtnetlink_rcv_msg+0x72c/0xd94 [ 36.444096][ T4218] netlink_rcv_skb+0x20c/0x3b8 [ 36.445253][ T4218] rtnetlink_rcv+0x28/0x38 [ 36.446171][ T4218] netlink_unicast+0x660/0x8d4 [ 36.447103][ T4218] netlink_sendmsg+0x834/0xb18 [ 36.448226][ T4218] ____sys_sendmsg+0x558/0x844 [ 36.449207][ T4218] __sys_sendmsg+0x26c/0x33c [ 36.450108][ T4218] __arm64_sys_sendmsg+0x80/0x94 [ 36.451121][ T4218] invoke_syscall+0x98/0x2c0 [ 36.452069][ T4218] el0_svc_common+0x138/0x258 [ 36.453017][ T4218] do_el0_svc+0x64/0x218 [ 36.453859][ T4218] el0_svc+0x58/0x168 [ 36.454796][ T4218] el0t_64_sync_handler+0x84/0xf0 [ 36.455917][ T4218] el0t_64_sync+0x18c/0x190