Warning: Permanently added '10.128.0.157' (ED25519) to the list of known hosts. executing program [ 37.884667][ T4224] [ 37.885217][ T4224] ===================================================== [ 37.886709][ T4224] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 37.888199][ T4224] 6.1.44-syzkaller #0 Not tainted [ 37.889276][ T4224] ----------------------------------------------------- [ 37.890700][ T4224] syz-executor410/4224 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 37.892429][ T4224] ffff800015b3c2e0 (fs_reclaim){+.+.}-{0:0}, at: __kmem_cache_alloc_node+0x58/0x388 [ 37.894462][ T4224] [ 37.894462][ T4224] and this task is already holding: [ 37.896137][ T4224] ffff800017eb4748 (noop_qdisc.q.lock){+.-.}-{2:2}, at: sch_tree_lock+0x120/0x1d4 [ 37.898095][ T4224] which would create a new lock dependency: [ 37.899359][ T4224] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 37.900942][ T4224] [ 37.900942][ T4224] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 37.903048][ T4224] (noop_qdisc.q.lock){+.-.}-{2:2} [ 37.903065][ T4224] [ 37.903065][ T4224] ... which became SOFTIRQ-irq-safe at: [ 37.905791][ T4224] lock_acquire+0x26c/0x7cc [ 37.906787][ T4224] _raw_spin_lock+0x54/0x6c [ 37.907823][ T4224] net_tx_action+0x6ec/0x94c [ 37.908888][ T4224] __do_softirq+0x30c/0xea0 [ 37.909929][ T4224] run_ksoftirqd+0x68/0x258 [ 37.910920][ T4224] smpboot_thread_fn+0x4b0/0x96c [ 37.912046][ T4224] kthread+0x250/0x2d8 [ 37.913013][ T4224] ret_from_fork+0x10/0x20 [ 37.914038][ T4224] [ 37.914038][ T4224] to a SOFTIRQ-irq-unsafe lock: [ 37.915549][ T4224] (fs_reclaim){+.+.}-{0:0} [ 37.915566][ T4224] [ 37.915566][ T4224] ... which became SOFTIRQ-irq-unsafe at: [ 37.918233][ T4224] ... [ 37.918239][ T4224] lock_acquire+0x26c/0x7cc [ 37.919777][ T4224] fs_reclaim_acquire+0x90/0x12c [ 37.920940][ T4224] __kmem_cache_alloc_node+0x58/0x388 [ 37.922097][ T4224] kmalloc_node_trace+0x44/0x90 [ 37.923170][ T4224] init_rescuer+0xa4/0x264 [ 37.924249][ T4224] workqueue_init+0x298/0x5b4 [ 37.925333][ T4224] kernel_init_freeable+0x33c/0x528 [ 37.926523][ T4224] kernel_init+0x24/0x29c [ 37.927515][ T4224] ret_from_fork+0x10/0x20 [ 37.928535][ T4224] [ 37.928535][ T4224] other info that might help us debug this: [ 37.928535][ T4224] [ 37.930675][ T4224] Possible interrupt unsafe locking scenario: [ 37.930675][ T4224] [ 37.932517][ T4224] CPU0 CPU1 [ 37.933697][ T4224] ---- ---- [ 37.934886][ T4224] lock(fs_reclaim); [ 37.935743][ T4224] local_irq_disable(); [ 37.937169][ T4224] lock(noop_qdisc.q.lock); [ 37.938685][ T4224] lock(fs_reclaim); [ 37.940085][ T4224] [ 37.940825][ T4224] lock(noop_qdisc.q.lock); [ 37.941947][ T4224] [ 37.941947][ T4224] *** DEADLOCK *** [ 37.941947][ T4224] [ 37.943725][ T4224] 2 locks held by syz-executor410/4224: [ 37.944962][ T4224] #0: ffff800017e6fcc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 [ 37.947085][ T4224] #1: ffff800017eb4748 (noop_qdisc.q.lock){+.-.}-{2:2}, at: sch_tree_lock+0x120/0x1d4 [ 37.949163][ T4224] [ 37.949163][ T4224] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 37.951442][ T4224] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 37.952714][ T4224] HARDIRQ-ON-W at: [ 37.953629][ T4224] lock_acquire+0x26c/0x7cc [ 37.954924][ T4224] _raw_spin_lock+0x54/0x6c [ 37.956293][ T4224] __dev_queue_xmit+0xb14/0x38d8 [ 37.957717][ T4224] tx+0x90/0x134 [ 37.958866][ T4224] kthread+0x1ac/0x374 [ 37.960108][ T4224] kthread+0x250/0x2d8 [ 37.961330][ T4224] ret_from_fork+0x10/0x20 [ 37.962657][ T4224] IN-SOFTIRQ-W at: [ 37.963535][ T4224] lock_acquire+0x26c/0x7cc [ 37.964777][ T4224] _raw_spin_lock+0x54/0x6c [ 37.966119][ T4224] net_tx_action+0x6ec/0x94c [ 37.967463][ T4224] __do_softirq+0x30c/0xea0 [ 37.968805][ T4224] run_ksoftirqd+0x68/0x258 [ 37.970142][ T4224] smpboot_thread_fn+0x4b0/0x96c [ 37.971586][ T4224] kthread+0x250/0x2d8 [ 37.972767][ T4224] ret_from_fork+0x10/0x20 [ 37.974139][ T4224] INITIAL USE at: [ 37.974908][ T4224] lock_acquire+0x26c/0x7cc [ 37.976339][ T4224] _raw_spin_lock+0x54/0x6c [ 37.977695][ T4224] __dev_queue_xmit+0xb14/0x38d8 [ 37.979132][ T4224] tx+0x90/0x134 [ 37.980231][ T4224] kthread+0x1ac/0x374 [ 37.981433][ T4224] kthread+0x250/0x2d8 [ 37.982660][ T4224] ret_from_fork+0x10/0x20 [ 37.983902][ T4224] } [ 37.984468][ T4224] ... key at: [] noop_qdisc+0x108/0x320 [ 37.986220][ T4224] [ 37.986220][ T4224] the dependencies between the lock to be acquired [ 37.986227][ T4224] and SOFTIRQ-irq-unsafe lock: [ 37.989197][ T4224] -> (fs_reclaim){+.+.}-{0:0} { [ 37.990233][ T4224] HARDIRQ-ON-W at: [ 37.991134][ T4224] lock_acquire+0x26c/0x7cc [ 37.992430][ T4224] fs_reclaim_acquire+0x90/0x12c [ 37.993904][ T4224] __kmem_cache_alloc_node+0x58/0x388 [ 37.995458][ T4224] kmalloc_node_trace+0x44/0x90 [ 37.996842][ T4224] init_rescuer+0xa4/0x264 [ 37.998098][ T4224] workqueue_init+0x298/0x5b4 [ 37.999478][ T4224] kernel_init_freeable+0x33c/0x528 [ 38.000991][ T4224] kernel_init+0x24/0x29c [ 38.002274][ T4224] ret_from_fork+0x10/0x20 [ 38.003590][ T4224] SOFTIRQ-ON-W at: [ 38.004456][ T4224] lock_acquire+0x26c/0x7cc [ 38.005797][ T4224] fs_reclaim_acquire+0x90/0x12c [ 38.007207][ T4224] __kmem_cache_alloc_node+0x58/0x388 [ 38.008740][ T4224] kmalloc_node_trace+0x44/0x90 [ 38.010279][ T4224] init_rescuer+0xa4/0x264 [ 38.011593][ T4224] workqueue_init+0x298/0x5b4 [ 38.012950][ T4224] kernel_init_freeable+0x33c/0x528 [ 38.014480][ T4224] kernel_init+0x24/0x29c [ 38.015852][ T4224] ret_from_fork+0x10/0x20 [ 38.017147][ T4224] INITIAL USE at: [ 38.017929][ T4224] lock_acquire+0x26c/0x7cc [ 38.019202][ T4224] fs_reclaim_acquire+0x90/0x12c [ 38.020591][ T4224] __kmem_cache_alloc_node+0x58/0x388 [ 38.022109][ T4224] kmalloc_node_trace+0x44/0x90 [ 38.023591][ T4224] init_rescuer+0xa4/0x264 [ 38.024924][ T4224] workqueue_init+0x298/0x5b4 [ 38.026346][ T4224] kernel_init_freeable+0x33c/0x528 [ 38.027852][ T4224] kernel_init+0x24/0x29c [ 38.029086][ T4224] ret_from_fork+0x10/0x20 [ 38.030335][ T4224] } [ 38.030864][ T4224] ... key at: [] __fs_reclaim_map+0x0/0xe0 [ 38.032600][ T4224] ... acquired at: [ 38.033435][ T4224] fs_reclaim_acquire+0x90/0x12c [ 38.034445][ T4224] __kmem_cache_alloc_node+0x58/0x388 [ 38.035721][ T4224] __kmalloc_node+0xcc/0x1d0 [ 38.036765][ T4224] kvmalloc_node+0x84/0x1e4 [ 38.037748][ T4224] get_dist_table+0xa0/0x354 [ 38.038797][ T4224] netem_change+0x754/0x1900 [ 38.039868][ T4224] netem_init+0x54/0xb8 [ 38.040856][ T4224] qdisc_create+0x70c/0xe64 [ 38.041927][ T4224] tc_modify_qdisc+0x9f0/0x1840 [ 38.043152][ T4224] rtnetlink_rcv_msg+0x72c/0xd94 [ 38.044298][ T4224] netlink_rcv_skb+0x20c/0x3b8 [ 38.045375][ T4224] rtnetlink_rcv+0x28/0x38 [ 38.046423][ T4224] netlink_unicast+0x660/0x8d4 [ 38.047484][ T4224] netlink_sendmsg+0x834/0xb18 [ 38.048480][ T4224] ____sys_sendmsg+0x558/0x844 [ 38.049574][ T4224] __sys_sendmsg+0x26c/0x33c [ 38.050667][ T4224] __arm64_sys_sendmsg+0x80/0x94 [ 38.051786][ T4224] invoke_syscall+0x98/0x2c0 [ 38.052851][ T4224] el0_svc_common+0x138/0x258 [ 38.053907][ T4224] do_el0_svc+0x64/0x218 [ 38.054868][ T4224] el0_svc+0x58/0x168 [ 38.055870][ T4224] el0t_64_sync_handler+0x84/0xf0 [ 38.057031][ T4224] el0t_64_sync+0x18c/0x190 [ 38.058082][ T4224] [ 38.058590][ T4224] [ 38.058590][ T4224] stack backtrace: [ 38.059905][ T4224] CPU: 1 PID: 4224 Comm: syz-executor410 Not tainted 6.1.44-syzkaller #0 [ 38.061716][ T4224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 38.063809][ T4224] Call trace: [ 38.064517][ T4224] dump_backtrace+0x1c8/0x1f4 [ 38.065571][ T4224] show_stack+0x2c/0x3c [ 38.066494][ T4224] dump_stack_lvl+0x108/0x170 [ 38.067522][ T4224] dump_stack+0x1c/0x58 [ 38.068387][ T4224] __lock_acquire+0x6310/0x764c [ 38.069429][ T4224] lock_acquire+0x26c/0x7cc [ 38.070428][ T4224] fs_reclaim_acquire+0x90/0x12c [ 38.071476][ T4224] __kmem_cache_alloc_node+0x58/0x388 [ 38.072651][ T4224] __kmalloc_node+0xcc/0x1d0 [ 38.073641][ T4224] kvmalloc_node+0x84/0x1e4 [ 38.074648][ T4224] get_dist_table+0xa0/0x354 [ 38.075632][ T4224] netem_change+0x754/0x1900 [ 38.076577][ T4224] netem_init+0x54/0xb8 [ 38.077499][ T4224] qdisc_create+0x70c/0xe64 [ 38.078504][ T4224] tc_modify_qdisc+0x9f0/0x1840 [ 38.079529][ T4224] rtnetlink_rcv_msg+0x72c/0xd94 [ 38.080592][ T4224] netlink_rcv_skb+0x20c/0x3b8 [ 38.081555][ T4224] rtnetlink_rcv+0x28/0x38 [ 38.082550][ T4224] netlink_unicast+0x660/0x8d4 [ 38.083606][ T4224] netlink_sendmsg+0x834/0xb18 [ 38.084641][ T4224] ____sys_sendmsg+0x558/0x844 [ 38.085662][ T4224] __sys_sendmsg+0x26c/0x33c [ 38.086726][ T4224] __arm64_sys_sendmsg+0x80/0x94 [ 38.087748][ T4224] invoke_syscall+0x98/0x2c0 [ 38.088777][ T4224] el0_svc_common+0x138/0x258 [ 38.089765][ T4224] do_el0_svc+0x64/0x218 [ 38.090663][ T4224] el0_svc+0x58/0x168 [ 38.091610][ T4224] el0t_64_sync_handler+0x84/0xf0 [ 38.092687][ T4224] el0t_64_sync+0x18c/0x190 [ 38.093739][ T4224] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 [ 38.095789][ T4224] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4224, name: syz-executor410 [ 38.097809][ T4224] preempt_count: 201, expected: 0 [ 38.098908][ T4224] RCU nest depth: 0, expected: 0 [ 38.099943][ T4224] INFO: lockdep is turned off. [ 38.100933][ T4224] Preemption disabled at: [ 38.100942][ T4224] [] sch_tree_lock+0x120/0x1d4 [ 38.103119][ T4224] CPU: 1 PID: 4224 Comm: syz-executor410 Not tainted 6.1.44-syzkaller #0 [ 38.104915][ T4224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 38.107046][ T4224] Call trace: [ 38.107734][ T4224] dump_backtrace+0x1c8/0x1f4 [ 38.108819][ T4224] show_stack+0x2c/0x3c [ 38.109735][ T4224] dump_stack_lvl+0x108/0x170 [ 38.110790][ T4224] dump_stack+0x1c/0x58 [ 38.111636][ T4224] __might_resched+0x37c/0x4d8 [ 38.112703][ T4224] __might_sleep+0x90/0xe4 [ 38.113692][ T4224] __kmem_cache_alloc_node+0x74/0x388 [ 38.114887][ T4224] __kmalloc_node+0xcc/0x1d0 [ 38.115867][ T4224] kvmalloc_node+0x84/0x1e4 [ 38.116846][ T4224] get_dist_table+0xa0/0x354 [ 38.117820][ T4224] netem_change+0x754/0x1900 [ 38.118846][ T4224] netem_init+0x54/0xb8 [ 38.119831][ T4224] qdisc_create+0x70c/0xe64 [ 38.120854][ T4224] tc_modify_qdisc+0x9f0/0x1840 [ 38.121933][ T4224] rtnetlink_rcv_msg+0x72c/0xd94 [ 38.122997][ T4224] netlink_rcv_skb+0x20c/0x3b8 [ 38.124059][ T4224] rtnetlink_rcv+0x28/0x38 [ 38.125050][ T4224] netlink_unicast+0x660/0x8d4 [ 38.126120][ T4224] netlink_sendmsg+0x834/0xb18 [ 38.127126][ T4224] ____sys_sendmsg+0x558/0x844 [ 38.128128][ T4224] __sys_sendmsg+0x26c/0x33c [ 38.129171][ T4224] __arm64_sys_sendmsg+0x80/0x94 [ 38.130307][ T4224] invoke_syscall+0x98/0x2c0 [ 38.131322][ T4224] el0_svc_common+0x138/0x258 [ 38.132343][ T4224] do_el0_svc+0x64/0x218 [ 38.133304][ T4224] el0_svc+0x58/0x168 [ 38.134250][ T4224] el0t_64_sync_handler+0x84/0xf0 [ 38.135358][ T4224] el0t_64_sync+0x18c/0x190