Warning: Permanently added '10.128.1.63' (ED25519) to the list of known hosts. executing program [ 38.132584][ T3963] [ 38.133282][ T3963] ===================================================== [ 38.135121][ T3963] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 38.137020][ T3963] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 38.138826][ T3963] ----------------------------------------------------- [ 38.140749][ T3963] syz-executor100/3963 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 38.142871][ T3963] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 38.145222][ T3963] [ 38.145222][ T3963] and this task is already holding: [ 38.147200][ T3963] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 38.149626][ T3963] which would create a new lock dependency: [ 38.151173][ T3963] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 38.153163][ T3963] [ 38.153163][ T3963] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 38.155685][ T3963] (noop_qdisc.q.lock){+.-.}-{2:2} [ 38.155703][ T3963] [ 38.155703][ T3963] ... which became SOFTIRQ-irq-safe at: [ 38.159062][ T3963] lock_acquire+0x240/0x77c [ 38.160256][ T3963] _raw_spin_lock+0xb0/0x10c [ 38.161490][ T3963] net_tx_action+0x634/0x884 [ 38.162756][ T3963] __do_softirq+0x344/0xe20 [ 38.163998][ T3963] do_softirq+0x120/0x20c [ 38.165170][ T3963] __local_bh_enable_ip+0x2c0/0x4d0 [ 38.166577][ T3963] local_bh_enable+0x28/0x174 [ 38.167819][ T3963] dev_deactivate_many+0x580/0xbe4 [ 38.169214][ T3963] dev_deactivate+0x13c/0x1fc [ 38.170458][ T3963] linkwatch_do_dev+0x2a8/0x3c8 [ 38.171760][ T3963] __linkwatch_run_queue+0x424/0x730 [ 38.173182][ T3963] linkwatch_event+0x58/0x68 [ 38.174400][ T3963] process_one_work+0x790/0x11b8 [ 38.175713][ T3963] worker_thread+0x910/0x1034 [ 38.176970][ T3963] kthread+0x37c/0x45c [ 38.178032][ T3963] ret_from_fork+0x10/0x20 [ 38.179240][ T3963] [ 38.179240][ T3963] to a SOFTIRQ-irq-unsafe lock: [ 38.181056][ T3963] (fs_reclaim){+.+.}-{0:0} [ 38.181074][ T3963] [ 38.181074][ T3963] ... which became SOFTIRQ-irq-unsafe at: [ 38.184274][ T3963] ... [ 38.184280][ T3963] lock_acquire+0x240/0x77c [ 38.186119][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 38.187480][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 38.188830][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 38.190341][ T3963] init_rescuer+0xa4/0x264 [ 38.191567][ T3963] workqueue_init+0x2b4/0x640 [ 38.192815][ T3963] kernel_init_freeable+0x448/0x650 [ 38.194233][ T3963] kernel_init+0x24/0x294 [ 38.195448][ T3963] ret_from_fork+0x10/0x20 [ 38.196628][ T3963] [ 38.196628][ T3963] other info that might help us debug this: [ 38.196628][ T3963] [ 38.199306][ T3963] Possible interrupt unsafe locking scenario: [ 38.199306][ T3963] [ 38.201491][ T3963] CPU0 CPU1 [ 38.202900][ T3963] ---- ---- [ 38.204459][ T3963] lock(fs_reclaim); [ 38.205575][ T3963] local_irq_disable(); [ 38.207334][ T3963] lock(noop_qdisc.q.lock); [ 38.209295][ T3963] lock(fs_reclaim); [ 38.211098][ T3963] [ 38.211989][ T3963] lock(noop_qdisc.q.lock); [ 38.213239][ T3963] [ 38.213239][ T3963] *** DEADLOCK *** [ 38.213239][ T3963] [ 38.215425][ T3963] 2 locks held by syz-executor100/3963: [ 38.216962][ T3963] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 38.219485][ T3963] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 38.222036][ T3963] [ 38.222036][ T3963] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 38.224839][ T3963] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 38.226265][ T3963] HARDIRQ-ON-W at: [ 38.227288][ T3963] lock_acquire+0x240/0x77c [ 38.228885][ T3963] _raw_spin_lock+0xb0/0x10c [ 38.230538][ T3963] __dev_queue_xmit+0x8d0/0x2a6c [ 38.232296][ T3963] dev_queue_xmit+0x24/0x34 [ 38.233947][ T3963] tx+0x8c/0x130 [ 38.235283][ T3963] kthread+0x1ac/0x374 [ 38.236796][ T3963] kthread+0x37c/0x45c [ 38.238285][ T3963] ret_from_fork+0x10/0x20 [ 38.239944][ T3963] IN-SOFTIRQ-W at: [ 38.240968][ T3963] lock_acquire+0x240/0x77c [ 38.242560][ T3963] _raw_spin_lock+0xb0/0x10c [ 38.244225][ T3963] net_tx_action+0x634/0x884 [ 38.245883][ T3963] __do_softirq+0x344/0xe20 [ 38.247473][ T3963] do_softirq+0x120/0x20c [ 38.249040][ T3963] __local_bh_enable_ip+0x2c0/0x4d0 [ 38.250813][ T3963] local_bh_enable+0x28/0x174 [ 38.252464][ T3963] dev_deactivate_many+0x580/0xbe4 [ 38.254290][ T3963] dev_deactivate+0x13c/0x1fc [ 38.255943][ T3963] linkwatch_do_dev+0x2a8/0x3c8 [ 38.257640][ T3963] __linkwatch_run_queue+0x424/0x730 [ 38.259471][ T3963] linkwatch_event+0x58/0x68 [ 38.261160][ T3963] process_one_work+0x790/0x11b8 [ 38.262913][ T3963] worker_thread+0x910/0x1034 [ 38.264622][ T3963] kthread+0x37c/0x45c [ 38.266124][ T3963] ret_from_fork+0x10/0x20 [ 38.267719][ T3963] INITIAL USE at: [ 38.268741][ T3963] lock_acquire+0x240/0x77c [ 38.270322][ T3963] _raw_spin_lock+0xb0/0x10c [ 38.271932][ T3963] __dev_queue_xmit+0x8d0/0x2a6c [ 38.273657][ T3963] dev_queue_xmit+0x24/0x34 [ 38.275252][ T3963] tx+0x8c/0x130 [ 38.276554][ T3963] kthread+0x1ac/0x374 [ 38.278092][ T3963] kthread+0x37c/0x45c [ 38.279556][ T3963] ret_from_fork+0x10/0x20 [ 38.281136][ T3963] } [ 38.281780][ T3963] ... key at: [] noop_qdisc+0x108/0x320 [ 38.283746][ T3963] [ 38.283746][ T3963] the dependencies between the lock to be acquired [ 38.283754][ T3963] and SOFTIRQ-irq-unsafe lock: [ 38.287333][ T3963] -> (fs_reclaim){+.+.}-{0:0} { [ 38.288621][ T3963] HARDIRQ-ON-W at: [ 38.289630][ T3963] lock_acquire+0x240/0x77c [ 38.291272][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 38.293049][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 38.294799][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 38.296739][ T3963] init_rescuer+0xa4/0x264 [ 38.298362][ T3963] workqueue_init+0x2b4/0x640 [ 38.300072][ T3963] kernel_init_freeable+0x448/0x650 [ 38.301960][ T3963] kernel_init+0x24/0x294 [ 38.303529][ T3963] ret_from_fork+0x10/0x20 [ 38.305216][ T3963] SOFTIRQ-ON-W at: [ 38.306278][ T3963] lock_acquire+0x240/0x77c [ 38.307890][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 38.309603][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 38.311323][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 38.313264][ T3963] init_rescuer+0xa4/0x264 [ 38.314813][ T3963] workqueue_init+0x2b4/0x640 [ 38.316467][ T3963] kernel_init_freeable+0x448/0x650 [ 38.318238][ T3963] kernel_init+0x24/0x294 [ 38.319875][ T3963] ret_from_fork+0x10/0x20 [ 38.321549][ T3963] INITIAL USE at: [ 38.322600][ T3963] lock_acquire+0x240/0x77c [ 38.324193][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 38.325927][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 38.327667][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 38.329629][ T3963] init_rescuer+0xa4/0x264 [ 38.331225][ T3963] workqueue_init+0x2b4/0x640 [ 38.332893][ T3963] kernel_init_freeable+0x448/0x650 [ 38.334644][ T3963] kernel_init+0x24/0x294 [ 38.336196][ T3963] ret_from_fork+0x10/0x20 [ 38.337781][ T3963] } [ 38.338430][ T3963] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 38.340516][ T3963] ... acquired at: [ 38.341522][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 38.342842][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 38.344187][ T3963] __kmalloc_node+0xbc/0x5b8 [ 38.345465][ T3963] kvmalloc_node+0x88/0x204 [ 38.346701][ T3963] get_dist_table+0x9c/0x2a4 [ 38.347993][ T3963] netem_change+0x7cc/0x1a90 [ 38.349281][ T3963] netem_init+0x54/0xb8 [ 38.350449][ T3963] qdisc_create+0x6fc/0xf44 [ 38.351717][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 38.353058][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 38.354394][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 38.355690][ T3963] rtnetlink_rcv+0x28/0x38 [ 38.356906][ T3963] netlink_unicast+0x664/0x938 [ 38.358195][ T3963] netlink_sendmsg+0x844/0xb38 [ 38.359530][ T3963] ____sys_sendmsg+0x584/0x870 [ 38.360783][ T3963] ___sys_sendmsg+0x214/0x294 [ 38.362064][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 38.363465][ T3963] invoke_syscall+0x98/0x2b8 [ 38.364733][ T3963] el0_svc_common+0x138/0x258 [ 38.365987][ T3963] do_el0_svc+0x58/0x14c [ 38.367146][ T3963] el0_svc+0x7c/0x1f0 [ 38.368244][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 38.369634][ T3963] el0t_64_sync+0x1a0/0x1a4 [ 38.370895][ T3963] [ 38.371508][ T3963] [ 38.371508][ T3963] stack backtrace: [ 38.373069][ T3963] CPU: 1 PID: 3963 Comm: syz-executor100 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 38.375866][ T3963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 38.378524][ T3963] Call trace: [ 38.379370][ T3963] dump_backtrace+0x0/0x530 [ 38.380561][ T3963] show_stack+0x2c/0x3c [ 38.381666][ T3963] dump_stack_lvl+0x108/0x170 [ 38.382916][ T3963] dump_stack+0x1c/0x58 [ 38.384123][ T3963] __lock_acquire+0x62b4/0x7620 [ 38.385413][ T3963] lock_acquire+0x240/0x77c [ 38.386597][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 38.387926][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 38.389245][ T3963] __kmalloc_node+0xbc/0x5b8 [ 38.390431][ T3963] kvmalloc_node+0x88/0x204 [ 38.391598][ T3963] get_dist_table+0x9c/0x2a4 [ 38.392774][ T3963] netem_change+0x7cc/0x1a90 [ 38.393969][ T3963] netem_init+0x54/0xb8 [ 38.395072][ T3963] qdisc_create+0x6fc/0xf44 [ 38.396249][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 38.397488][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 38.398760][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 38.400047][ T3963] rtnetlink_rcv+0x28/0x38 [ 38.401190][ T3963] netlink_unicast+0x664/0x938 [ 38.402464][ T3963] netlink_sendmsg+0x844/0xb38 [ 38.403727][ T3963] ____sys_sendmsg+0x584/0x870 [ 38.405019][ T3963] ___sys_sendmsg+0x214/0x294 [ 38.406255][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 38.407631][ T3963] invoke_syscall+0x98/0x2b8 [ 38.408844][ T3963] el0_svc_common+0x138/0x258 [ 38.410113][ T3963] do_el0_svc+0x58/0x14c [ 38.411271][ T3963] el0_svc+0x7c/0x1f0 [ 38.412333][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 38.413936][ T3963] el0t_64_sync+0x1a0/0x1a4 [ 38.415294][ T3963] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 38.417724][ T3963] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3963, name: syz-executor100 [ 38.420183][ T3963] INFO: lockdep is turned off. [ 38.421082][ T3963] Preemption disabled at: [ 38.421093][ T3963] [] netem_change+0x22c/0x1a90 [ 38.423105][ T3963] CPU: 1 PID: 3963 Comm: syz-executor100 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 38.424996][ T3963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 38.426914][ T3963] Call trace: [ 38.427529][ T3963] dump_backtrace+0x0/0x530 [ 38.428401][ T3963] show_stack+0x2c/0x3c [ 38.429262][ T3963] dump_stack_lvl+0x108/0x170 [ 38.430154][ T3963] dump_stack+0x1c/0x58 [ 38.430990][ T3963] ___might_sleep+0x380/0x4dc [ 38.431926][ T3963] __might_sleep+0x98/0xf0 [ 38.432855][ T3963] slab_pre_alloc_hook+0x58/0xe8 [ 38.434243][ T3963] __kmalloc_node+0xbc/0x5b8 [ 38.435475][ T3963] kvmalloc_node+0x88/0x204 [ 38.436657][ T3963] get_dist_table+0x9c/0x2a4 [ 38.437876][ T3963] netem_change+0x7cc/0x1a90 [ 38.439120][ T3963] netem_init+0x54/0xb8 [ 38.440206][ T3963] qdisc_create+0x6fc/0xf44 [ 38.441405][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 38.442699][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 38.443980][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 38.445216][ T3963] rtnetlink_rcv+0x28/0x38 [ 38.446362][ T3963] netlink_unicast+0x664/0x938 [ 38.447624][ T3963] netlink_sendmsg+0x844/0xb38 [ 38.448883][ T3963] ____sys_sendmsg+0x584/0x870 [ 38.450119][ T3963] ___sys_sendmsg+0x214/0x294 [ 38.451362][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 38.452735][ T3963] invoke_syscall+0x98/0x2b8 [ 38.453977][ T3963] el0_svc_common+0x138/0x258 [ 38.455178][ T3963] do_el0_svc+0x58/0x14c [ 38.456305][ T3963] el0_svc+0x7c/0x1f0 [ 38.457402][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 38.458764][ T3963] el0t_64_sync+0x1a0/0x1a4