Warning: Permanently added '10.128.10.0' (ED25519) to the list of known hosts. executing program [ 41.854895][ T3964] [ 41.855572][ T3964] ===================================================== [ 41.857411][ T3964] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 41.859172][ T3964] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 41.860801][ T3964] ----------------------------------------------------- [ 41.862467][ T3964] syz-executor316/3964 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 41.864474][ T3964] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 41.866785][ T3964] [ 41.866785][ T3964] and this task is already holding: [ 41.868662][ T3964] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 41.870790][ T3964] which would create a new lock dependency: [ 41.872329][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 41.874187][ T3964] [ 41.874187][ T3964] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 41.876498][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} [ 41.876517][ T3964] [ 41.876517][ T3964] ... which became SOFTIRQ-irq-safe at: [ 41.879755][ T3964] lock_acquire+0x240/0x77c [ 41.880901][ T3964] _raw_spin_lock+0xb0/0x10c [ 41.882089][ T3964] net_tx_action+0x634/0x884 [ 41.883315][ T3964] __do_softirq+0x344/0xe20 [ 41.884451][ T3964] do_softirq+0x120/0x20c [ 41.885529][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 41.886942][ T3964] local_bh_enable+0x28/0x174 [ 41.888226][ T3964] dev_deactivate_many+0x580/0xbe4 [ 41.889481][ T3964] dev_deactivate+0x13c/0x1fc [ 41.890685][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 41.891812][ T3964] __linkwatch_run_queue+0x424/0x730 [ 41.893160][ T3964] linkwatch_event+0x58/0x68 [ 41.894349][ T3964] process_one_work+0x790/0x11b8 [ 41.895567][ T3964] worker_thread+0x910/0x1034 [ 41.896774][ T3964] kthread+0x37c/0x45c [ 41.897839][ T3964] ret_from_fork+0x10/0x20 [ 41.898930][ T3964] [ 41.898930][ T3964] to a SOFTIRQ-irq-unsafe lock: [ 41.900648][ T3964] (fs_reclaim){+.+.}-{0:0} [ 41.900666][ T3964] [ 41.900666][ T3964] ... which became SOFTIRQ-irq-unsafe at: [ 41.903695][ T3964] ... [ 41.903701][ T3964] lock_acquire+0x240/0x77c [ 41.905517][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 41.906767][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 41.907929][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 41.909365][ T3964] init_rescuer+0xa4/0x264 [ 41.910443][ T3964] workqueue_init+0x2b4/0x640 [ 41.911684][ T3964] kernel_init_freeable+0x448/0x650 [ 41.913013][ T3964] kernel_init+0x24/0x294 [ 41.914152][ T3964] ret_from_fork+0x10/0x20 [ 41.915307][ T3964] [ 41.915307][ T3964] other info that might help us debug this: [ 41.915307][ T3964] [ 41.917605][ T3964] Possible interrupt unsafe locking scenario: [ 41.917605][ T3964] [ 41.919710][ T3964] CPU0 CPU1 [ 41.921049][ T3964] ---- ---- [ 41.922102][ T3964] lock(fs_reclaim); [ 41.923165][ T3964] local_irq_disable(); [ 41.924643][ T3964] lock(noop_qdisc.q.lock); [ 41.926408][ T3964] lock(fs_reclaim); [ 41.928034][ T3964] [ 41.928909][ T3964] lock(noop_qdisc.q.lock); [ 41.930123][ T3964] [ 41.930123][ T3964] *** DEADLOCK *** [ 41.930123][ T3964] [ 41.932168][ T3964] 2 locks held by syz-executor316/3964: [ 41.933596][ T3964] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 41.935928][ T3964] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 41.938346][ T3964] [ 41.938346][ T3964] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 41.940987][ T3964] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 41.942263][ T3964] HARDIRQ-ON-W at: [ 41.943132][ T3964] lock_acquire+0x240/0x77c [ 41.944639][ T3964] _raw_spin_lock+0xb0/0x10c [ 41.946119][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 41.947807][ T3964] dev_queue_xmit+0x24/0x34 [ 41.949304][ T3964] tx+0x8c/0x130 [ 41.950619][ T3964] kthread+0x1ac/0x374 [ 41.951977][ T3964] kthread+0x37c/0x45c [ 41.953346][ T3964] ret_from_fork+0x10/0x20 [ 41.954910][ T3964] IN-SOFTIRQ-W at: [ 41.955904][ T3964] lock_acquire+0x240/0x77c [ 41.957445][ T3964] _raw_spin_lock+0xb0/0x10c [ 41.959043][ T3964] net_tx_action+0x634/0x884 [ 41.960536][ T3964] __do_softirq+0x344/0xe20 [ 41.962100][ T3964] do_softirq+0x120/0x20c [ 41.963576][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 41.965370][ T3964] local_bh_enable+0x28/0x174 [ 41.966913][ T3964] dev_deactivate_many+0x580/0xbe4 [ 41.968623][ T3964] dev_deactivate+0x13c/0x1fc [ 41.970126][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 41.971641][ T3964] __linkwatch_run_queue+0x424/0x730 [ 41.973246][ T3964] linkwatch_event+0x58/0x68 [ 41.974799][ T3964] process_one_work+0x790/0x11b8 [ 41.976444][ T3964] worker_thread+0x910/0x1034 [ 41.977818][ T3964] kthread+0x37c/0x45c [ 41.979152][ T3964] ret_from_fork+0x10/0x20 [ 41.980467][ T3964] INITIAL USE at: [ 41.981436][ T3964] lock_acquire+0x240/0x77c [ 41.982964][ T3964] _raw_spin_lock+0xb0/0x10c [ 41.984209][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 41.985281][ T3964] dev_queue_xmit+0x24/0x34 [ 41.986287][ T3964] tx+0x8c/0x130 [ 41.987120][ T3964] kthread+0x1ac/0x374 [ 41.988053][ T3964] kthread+0x37c/0x45c [ 41.989482][ T3964] ret_from_fork+0x10/0x20 [ 41.991050][ T3964] } [ 41.991648][ T3964] ... key at: [] noop_qdisc+0x108/0x320 [ 41.993525][ T3964] [ 41.993525][ T3964] the dependencies between the lock to be acquired [ 41.993532][ T3964] and SOFTIRQ-irq-unsafe lock: [ 41.996953][ T3964] -> (fs_reclaim){+.+.}-{0:0} { [ 41.997967][ T3964] HARDIRQ-ON-W at: [ 41.998852][ T3964] lock_acquire+0x240/0x77c [ 42.000433][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.002123][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.003818][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.005771][ T3964] init_rescuer+0xa4/0x264 [ 42.007182][ T3964] workqueue_init+0x2b4/0x640 [ 42.008724][ T3964] kernel_init_freeable+0x448/0x650 [ 42.010414][ T3964] kernel_init+0x24/0x294 [ 42.011946][ T3964] ret_from_fork+0x10/0x20 [ 42.013386][ T3964] SOFTIRQ-ON-W at: [ 42.014314][ T3964] lock_acquire+0x240/0x77c [ 42.015653][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.017201][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.018876][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.020800][ T3964] init_rescuer+0xa4/0x264 [ 42.022284][ T3964] workqueue_init+0x2b4/0x640 [ 42.023801][ T3964] kernel_init_freeable+0x448/0x650 [ 42.025571][ T3964] kernel_init+0x24/0x294 [ 42.026868][ T3964] ret_from_fork+0x10/0x20 [ 42.028352][ T3964] INITIAL USE at: [ 42.029267][ T3964] lock_acquire+0x240/0x77c [ 42.030708][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.032393][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.033823][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.035639][ T3964] init_rescuer+0xa4/0x264 [ 42.036966][ T3964] workqueue_init+0x2b4/0x640 [ 42.038474][ T3964] kernel_init_freeable+0x448/0x650 [ 42.039922][ T3964] kernel_init+0x24/0x294 [ 42.040892][ T3964] ret_from_fork+0x10/0x20 [ 42.041874][ T3964] } [ 42.042290][ T3964] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 42.043599][ T3964] ... acquired at: [ 42.044219][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.045326][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.046529][ T3964] __kmalloc_node+0xbc/0x5b8 [ 42.047673][ T3964] kvmalloc_node+0x88/0x204 [ 42.048672][ T3964] get_dist_table+0x9c/0x2a4 [ 42.049836][ T3964] netem_change+0x7cc/0x1a90 [ 42.051023][ T3964] netem_init+0x54/0xb8 [ 42.052153][ T3964] qdisc_create+0x6fc/0xf44 [ 42.053398][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 42.054682][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 42.055871][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 42.057077][ T3964] rtnetlink_rcv+0x28/0x38 [ 42.058236][ T3964] netlink_unicast+0x664/0x938 [ 42.059501][ T3964] netlink_sendmsg+0x844/0xb38 [ 42.060787][ T3964] ____sys_sendmsg+0x584/0x870 [ 42.061900][ T3964] ___sys_sendmsg+0x214/0x294 [ 42.062931][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.064097][ T3964] invoke_syscall+0x98/0x2b8 [ 42.065352][ T3964] el0_svc_common+0x138/0x258 [ 42.066493][ T3964] do_el0_svc+0x58/0x14c [ 42.067604][ T3964] el0_svc+0x7c/0x1f0 [ 42.068613][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 42.069929][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 42.071132][ T3964] [ 42.071675][ T3964] [ 42.071675][ T3964] stack backtrace: [ 42.073089][ T3964] CPU: 1 PID: 3964 Comm: syz-executor316 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 42.075481][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 42.078080][ T3964] Call trace: [ 42.078794][ T3964] dump_backtrace+0x0/0x530 [ 42.079886][ T3964] show_stack+0x2c/0x3c [ 42.080885][ T3964] dump_stack_lvl+0x108/0x170 [ 42.082088][ T3964] dump_stack+0x1c/0x58 [ 42.083127][ T3964] __lock_acquire+0x62b4/0x7620 [ 42.084404][ T3964] lock_acquire+0x240/0x77c [ 42.085559][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.086813][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.088051][ T3964] __kmalloc_node+0xbc/0x5b8 [ 42.089134][ T3964] kvmalloc_node+0x88/0x204 [ 42.090287][ T3964] get_dist_table+0x9c/0x2a4 [ 42.091454][ T3964] netem_change+0x7cc/0x1a90 [ 42.092615][ T3964] netem_init+0x54/0xb8 [ 42.093655][ T3964] qdisc_create+0x6fc/0xf44 [ 42.094850][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 42.096089][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 42.097254][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 42.098433][ T3964] rtnetlink_rcv+0x28/0x38 [ 42.099488][ T3964] netlink_unicast+0x664/0x938 [ 42.100680][ T3964] netlink_sendmsg+0x844/0xb38 [ 42.101932][ T3964] ____sys_sendmsg+0x584/0x870 [ 42.103086][ T3964] ___sys_sendmsg+0x214/0x294 [ 42.104149][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.105383][ T3964] invoke_syscall+0x98/0x2b8 [ 42.106538][ T3964] el0_svc_common+0x138/0x258 [ 42.107700][ T3964] do_el0_svc+0x58/0x14c [ 42.108777][ T3964] el0_svc+0x7c/0x1f0 [ 42.109812][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 42.110921][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 42.111959][ T3964] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 42.114341][ T3964] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3964, name: syz-executor316 [ 42.116692][ T3964] INFO: lockdep is turned off. [ 42.117873][ T3964] Preemption disabled at: [ 42.117883][ T3964] [] netem_change+0x22c/0x1a90 [ 42.120268][ T3964] CPU: 1 PID: 3964 Comm: syz-executor316 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 42.122700][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 42.125099][ T3964] Call trace: [ 42.125741][ T3964] dump_backtrace+0x0/0x530 [ 42.126768][ T3964] show_stack+0x2c/0x3c [ 42.127639][ T3964] dump_stack_lvl+0x108/0x170 [ 42.128723][ T3964] dump_stack+0x1c/0x58 [ 42.129782][ T3964] ___might_sleep+0x380/0x4dc [ 42.130950][ T3964] __might_sleep+0x98/0xf0 [ 42.132055][ T3964] slab_pre_alloc_hook+0x58/0xe8 [ 42.133272][ T3964] __kmalloc_node+0xbc/0x5b8 [ 42.134391][ T3964] kvmalloc_node+0x88/0x204 [ 42.135333][ T3964] get_dist_table+0x9c/0x2a4 [ 42.136488][ T3964] netem_change+0x7cc/0x1a90 [ 42.137526][ T3964] netem_init+0x54/0xb8 [ 42.138536][ T3964] qdisc_create+0x6fc/0xf44 [ 42.139534][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 42.140709][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 42.141921][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 42.142972][ T3964] rtnetlink_rcv+0x28/0x38 [ 42.144105][ T3964] netlink_unicast+0x664/0x938 [ 42.145312][ T3964] netlink_sendmsg+0x844/0xb38 [ 42.146478][ T3964] ____sys_sendmsg+0x584/0x870 [ 42.147725][ T3964] ___sys_sendmsg+0x214/0x294 [ 42.148881][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.150192][ T3964] invoke_syscall+0x98/0x2b8 [ 42.151331][ T3964] el0_svc_common+0x138/0x258 [ 42.152516][ T3964] do_el0_svc+0x58/0x14c [ 42.153576][ T3964] el0_svc+0x7c/0x1f0 [ 42.154503][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 42.155760][ T3964] el0t_64_sync+0x1a0/0x1a4