Warning: Permanently added '10.128.0.142' (ED25519) to the list of known hosts. executing program [ 42.981142][ T3971] [ 42.981913][ T3971] ===================================================== [ 42.983796][ T3971] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 42.985873][ T3971] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 42.987784][ T3971] ----------------------------------------------------- [ 42.989727][ T3971] syz-executor121/3971 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 42.991976][ T3971] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 42.994515][ T3971] [ 42.994515][ T3971] and this task is already holding: [ 42.996566][ T3971] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.999126][ T3971] which would create a new lock dependency: [ 43.000757][ T3971] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 43.002934][ T3971] [ 43.002934][ T3971] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 43.005554][ T3971] (noop_qdisc.q.lock){+.-.}-{2:2} [ 43.005573][ T3971] [ 43.005573][ T3971] ... which became SOFTIRQ-irq-safe at: [ 43.009214][ T3971] lock_acquire+0x240/0x77c [ 43.010468][ T3971] _raw_spin_lock+0xb0/0x10c [ 43.011747][ T3971] net_tx_action+0x634/0x884 [ 43.013086][ T3971] __do_softirq+0x344/0xe20 [ 43.014377][ T3971] do_softirq+0x120/0x20c [ 43.015583][ T3971] __local_bh_enable_ip+0x2c0/0x4d0 [ 43.017037][ T3971] local_bh_enable+0x28/0x174 [ 43.018354][ T3971] dev_deactivate_many+0x580/0xbe4 [ 43.019796][ T3971] dev_deactivate+0x13c/0x1fc [ 43.021172][ T3971] linkwatch_do_dev+0x2a8/0x3c8 [ 43.022560][ T3971] __linkwatch_run_queue+0x424/0x730 [ 43.024081][ T3971] linkwatch_event+0x58/0x68 [ 43.025378][ T3971] process_one_work+0x790/0x11b8 [ 43.026780][ T3971] worker_thread+0x910/0x1034 [ 43.028121][ T3971] kthread+0x37c/0x45c [ 43.029286][ T3971] ret_from_fork+0x10/0x20 [ 43.030535][ T3971] [ 43.030535][ T3971] to a SOFTIRQ-irq-unsafe lock: [ 43.032531][ T3971] (fs_reclaim){+.+.}-{0:0} [ 43.032550][ T3971] [ 43.032550][ T3971] ... which became SOFTIRQ-irq-unsafe at: [ 43.036098][ T3971] ... [ 43.036104][ T3971] lock_acquire+0x240/0x77c [ 43.038115][ T3971] fs_reclaim_acquire+0xf0/0x1d0 [ 43.039502][ T3971] slab_pre_alloc_hook+0x38/0xe8 [ 43.040878][ T3971] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 43.042530][ T3971] init_rescuer+0xa4/0x264 [ 43.043794][ T3971] workqueue_init+0x2b4/0x640 [ 43.045159][ T3971] kernel_init_freeable+0x448/0x650 [ 43.046638][ T3971] kernel_init+0x24/0x294 [ 43.047918][ T3971] ret_from_fork+0x10/0x20 [ 43.049172][ T3971] [ 43.049172][ T3971] other info that might help us debug this: [ 43.049172][ T3971] [ 43.052050][ T3971] Possible interrupt unsafe locking scenario: [ 43.052050][ T3971] [ 43.054440][ T3971] CPU0 CPU1 [ 43.055972][ T3971] ---- ---- [ 43.057480][ T3971] lock(fs_reclaim); [ 43.058583][ T3971] local_irq_disable(); [ 43.060553][ T3971] lock(noop_qdisc.q.lock); [ 43.062597][ T3971] lock(fs_reclaim); [ 43.064497][ T3971] [ 43.065440][ T3971] lock(noop_qdisc.q.lock); [ 43.066791][ T3971] [ 43.066791][ T3971] *** DEADLOCK *** [ 43.066791][ T3971] [ 43.069171][ T3971] 2 locks held by syz-executor121/3971: [ 43.070729][ T3971] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 43.073428][ T3971] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 43.076199][ T3971] [ 43.076199][ T3971] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 43.079134][ T3971] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 43.080668][ T3971] HARDIRQ-ON-W at: [ 43.081778][ T3971] lock_acquire+0x240/0x77c [ 43.083503][ T3971] _raw_spin_lock+0xb0/0x10c [ 43.085288][ T3971] __dev_queue_xmit+0x8d0/0x2a6c [ 43.087148][ T3971] dev_queue_xmit+0x24/0x34 [ 43.088864][ T3971] tx+0x8c/0x130 [ 43.090370][ T3971] kthread+0x1ac/0x374 [ 43.092016][ T3971] kthread+0x37c/0x45c [ 43.093661][ T3971] ret_from_fork+0x10/0x20 [ 43.095377][ T3971] IN-SOFTIRQ-W at: [ 43.096484][ T3971] lock_acquire+0x240/0x77c [ 43.098221][ T3971] _raw_spin_lock+0xb0/0x10c [ 43.100029][ T3971] net_tx_action+0x634/0x884 [ 43.101788][ T3971] __do_softirq+0x344/0xe20 [ 43.103564][ T3971] do_softirq+0x120/0x20c [ 43.105247][ T3971] __local_bh_enable_ip+0x2c0/0x4d0 [ 43.107230][ T3971] local_bh_enable+0x28/0x174 [ 43.109008][ T3971] dev_deactivate_many+0x580/0xbe4 [ 43.110980][ T3971] dev_deactivate+0x13c/0x1fc [ 43.112730][ T3971] linkwatch_do_dev+0x2a8/0x3c8 [ 43.114564][ T3971] __linkwatch_run_queue+0x424/0x730 [ 43.116489][ T3971] linkwatch_event+0x58/0x68 [ 43.118276][ T3971] process_one_work+0x790/0x11b8 [ 43.120124][ T3971] worker_thread+0x910/0x1034 [ 43.121932][ T3971] kthread+0x37c/0x45c [ 43.123603][ T3971] ret_from_fork+0x10/0x20 [ 43.125334][ T3971] INITIAL USE at: [ 43.126417][ T3971] lock_acquire+0x240/0x77c [ 43.128123][ T3971] _raw_spin_lock+0xb0/0x10c [ 43.129876][ T3971] __dev_queue_xmit+0x8d0/0x2a6c [ 43.131797][ T3971] dev_queue_xmit+0x24/0x34 [ 43.133559][ T3971] tx+0x8c/0x130 [ 43.134986][ T3971] kthread+0x1ac/0x374 [ 43.136553][ T3971] kthread+0x37c/0x45c [ 43.138120][ T3971] ret_from_fork+0x10/0x20 [ 43.139880][ T3971] } [ 43.140591][ T3971] ... key at: [] noop_qdisc+0x108/0x320 [ 43.142720][ T3971] [ 43.142720][ T3971] the dependencies between the lock to be acquired [ 43.142728][ T3971] and SOFTIRQ-irq-unsafe lock: [ 43.146493][ T3971] -> (fs_reclaim){+.+.}-{0:0} { [ 43.147868][ T3971] HARDIRQ-ON-W at: [ 43.149006][ T3971] lock_acquire+0x240/0x77c [ 43.150746][ T3971] fs_reclaim_acquire+0xf0/0x1d0 [ 43.152606][ T3971] slab_pre_alloc_hook+0x38/0xe8 [ 43.154476][ T3971] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 43.156554][ T3971] init_rescuer+0xa4/0x264 [ 43.158343][ T3971] workqueue_init+0x2b4/0x640 [ 43.160145][ T3971] kernel_init_freeable+0x448/0x650 [ 43.162096][ T3971] kernel_init+0x24/0x294 [ 43.163811][ T3971] ret_from_fork+0x10/0x20 [ 43.165528][ T3971] SOFTIRQ-ON-W at: [ 43.166630][ T3971] lock_acquire+0x240/0x77c [ 43.168320][ T3971] fs_reclaim_acquire+0xf0/0x1d0 [ 43.170177][ T3971] slab_pre_alloc_hook+0x38/0xe8 [ 43.172052][ T3971] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 43.174092][ T3971] init_rescuer+0xa4/0x264 [ 43.175769][ T3971] workqueue_init+0x2b4/0x640 [ 43.177615][ T3971] kernel_init_freeable+0x448/0x650 [ 43.179563][ T3971] kernel_init+0x24/0x294 [ 43.181232][ T3971] ret_from_fork+0x10/0x20 [ 43.182943][ T3971] INITIAL USE at: [ 43.184048][ T3971] lock_acquire+0x240/0x77c [ 43.185864][ T3971] fs_reclaim_acquire+0xf0/0x1d0 [ 43.187661][ T3971] slab_pre_alloc_hook+0x38/0xe8 [ 43.189515][ T3971] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 43.191601][ T3971] init_rescuer+0xa4/0x264 [ 43.193276][ T3971] workqueue_init+0x2b4/0x640 [ 43.194999][ T3971] kernel_init_freeable+0x448/0x650 [ 43.196864][ T3971] kernel_init+0x24/0x294 [ 43.198531][ T3971] ret_from_fork+0x10/0x20 [ 43.200264][ T3971] } [ 43.200969][ T3971] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 43.203204][ T3971] ... acquired at: [ 43.204282][ T3971] fs_reclaim_acquire+0xf0/0x1d0 [ 43.205721][ T3971] slab_pre_alloc_hook+0x38/0xe8 [ 43.207157][ T3971] __kmalloc_node+0xbc/0x5b8 [ 43.208451][ T3971] kvmalloc_node+0x88/0x204 [ 43.209754][ T3971] get_dist_table+0x9c/0x2a4 [ 43.211062][ T3971] netem_change+0x7cc/0x1a90 [ 43.212342][ T3971] netem_init+0x54/0xb8 [ 43.213608][ T3971] qdisc_create+0x6fc/0xf44 [ 43.214851][ T3971] tc_modify_qdisc+0x8dc/0x1344 [ 43.216175][ T3971] rtnetlink_rcv_msg+0xa74/0xdac [ 43.217574][ T3971] netlink_rcv_skb+0x20c/0x3b8 [ 43.218840][ T3971] rtnetlink_rcv+0x28/0x38 [ 43.220133][ T3971] netlink_unicast+0x664/0x938 [ 43.221516][ T3971] netlink_sendmsg+0x844/0xb38 [ 43.222894][ T3971] ____sys_sendmsg+0x584/0x870 [ 43.224306][ T3971] ___sys_sendmsg+0x214/0x294 [ 43.225642][ T3971] __arm64_sys_sendmsg+0x1ac/0x25c [ 43.227109][ T3971] invoke_syscall+0x98/0x2b8 [ 43.228488][ T3971] el0_svc_common+0x138/0x258 [ 43.229884][ T3971] do_el0_svc+0x58/0x14c [ 43.231163][ T3971] el0_svc+0x7c/0x1f0 [ 43.232368][ T3971] el0t_64_sync_handler+0x84/0xe4 [ 43.233771][ T3971] el0t_64_sync+0x1a0/0x1a4 [ 43.234980][ T3971] [ 43.235577][ T3971] [ 43.235577][ T3971] stack backtrace: [ 43.237167][ T3971] CPU: 0 PID: 3971 Comm: syz-executor121 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 43.239995][ T3971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 43.242767][ T3971] Call trace: [ 43.243679][ T3971] dump_backtrace+0x0/0x530 [ 43.244994][ T3971] show_stack+0x2c/0x3c [ 43.246130][ T3971] dump_stack_lvl+0x108/0x170 [ 43.247452][ T3971] dump_stack+0x1c/0x58 [ 43.248652][ T3971] __lock_acquire+0x62b4/0x7620 [ 43.250048][ T3971] lock_acquire+0x240/0x77c [ 43.251350][ T3971] fs_reclaim_acquire+0xf0/0x1d0 [ 43.252766][ T3971] slab_pre_alloc_hook+0x38/0xe8 [ 43.254196][ T3971] __kmalloc_node+0xbc/0x5b8 [ 43.255465][ T3971] kvmalloc_node+0x88/0x204 [ 43.256693][ T3971] get_dist_table+0x9c/0x2a4 [ 43.257905][ T3971] netem_change+0x7cc/0x1a90 [ 43.259178][ T3971] netem_init+0x54/0xb8 [ 43.260357][ T3971] qdisc_create+0x6fc/0xf44 [ 43.261580][ T3971] tc_modify_qdisc+0x8dc/0x1344 [ 43.262936][ T3971] rtnetlink_rcv_msg+0xa74/0xdac [ 43.264305][ T3971] netlink_rcv_skb+0x20c/0x3b8 [ 43.265647][ T3971] rtnetlink_rcv+0x28/0x38 [ 43.266840][ T3971] netlink_unicast+0x664/0x938 [ 43.268187][ T3971] netlink_sendmsg+0x844/0xb38 [ 43.269509][ T3971] ____sys_sendmsg+0x584/0x870 [ 43.270810][ T3971] ___sys_sendmsg+0x214/0x294 [ 43.272165][ T3971] __arm64_sys_sendmsg+0x1ac/0x25c [ 43.273605][ T3971] invoke_syscall+0x98/0x2b8 [ 43.274893][ T3971] el0_svc_common+0x138/0x258 [ 43.276180][ T3971] do_el0_svc+0x58/0x14c [ 43.277403][ T3971] el0_svc+0x7c/0x1f0 [ 43.278556][ T3971] el0t_64_sync_handler+0x84/0xe4 [ 43.280003][ T3971] el0t_64_sync+0x1a0/0x1a4 [ 43.281375][ T3971] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 43.283936][ T3971] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3971, name: syz-executor121 [ 43.286372][ T3971] INFO: lockdep is turned off. [ 43.287608][ T3971] Preemption disabled at: [ 43.287619][ T3971] [] netem_change+0x22c/0x1a90 [ 43.290386][ T3971] CPU: 0 PID: 3971 Comm: syz-executor121 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 43.293159][ T3971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 43.295861][ T3971] Call trace: [ 43.296738][ T3971] dump_backtrace+0x0/0x530 [ 43.297914][ T3971] show_stack+0x2c/0x3c [ 43.299087][ T3971] dump_stack_lvl+0x108/0x170 [ 43.300296][ T3971] dump_stack+0x1c/0x58 [ 43.301386][ T3971] ___might_sleep+0x380/0x4dc [ 43.302599][ T3971] __might_sleep+0x98/0xf0 [ 43.303745][ T3971] slab_pre_alloc_hook+0x58/0xe8 [ 43.305097][ T3971] __kmalloc_node+0xbc/0x5b8 [ 43.306315][ T3971] kvmalloc_node+0x88/0x204 [ 43.307577][ T3971] get_dist_table+0x9c/0x2a4 [ 43.308820][ T3971] netem_change+0x7cc/0x1a90 [ 43.310060][ T3971] netem_init+0x54/0xb8 [ 43.311186][ T3971] qdisc_create+0x6fc/0xf44 [ 43.312394][ T3971] tc_modify_qdisc+0x8dc/0x1344 [ 43.313701][ T3971] rtnetlink_rcv_msg+0xa74/0xdac [ 43.315038][ T3971] netlink_rcv_skb+0x20c/0x3b8 [ 43.316262][ T3971] rtnetlink_rcv+0x28/0x38 [ 43.317405][ T3971] netlink_unicast+0x664/0x938 [ 43.318647][ T3971] netlink_sendmsg+0x844/0xb38 [ 43.319948][ T3971] ____sys_sendmsg+0x584/0x870 [ 43.321288][ T3971] ___sys_sendmsg+0x214/0x294 [ 43.322545][ T3971] __arm64_sys_sendmsg+0x1ac/0x25c [ 43.323900][ T3971] invoke_syscall+0x98/0x2b8 [ 43.325115][ T3971] el0_svc_common+0x138/0x258 [ 43.326372][ T3971] do_el0_svc+0x58/0x14c [ 43.327517][ T3971] el0_svc+0x7c/0x1f0 [ 43.328629][ T3971] el0t_64_sync_handler+0x84/0xe4 [ 43.329991][ T3971] el0t_64_sync+0x1a0/0x1a4