Warning: Permanently added '10.128.1.120' (ED25519) to the list of known hosts. executing program [ 50.674891][ T3964] [ 50.675508][ T3964] ===================================================== [ 50.677360][ T3964] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 50.679364][ T3964] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 50.681167][ T3964] ----------------------------------------------------- [ 50.682966][ T3964] syz-executor308/3964 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 50.685033][ T3964] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 50.687328][ T3964] [ 50.687328][ T3964] and this task is already holding: [ 50.689219][ T3964] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 50.691593][ T3964] which would create a new lock dependency: [ 50.693137][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 50.695131][ T3964] [ 50.695131][ T3964] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 50.697607][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} [ 50.697625][ T3964] [ 50.697625][ T3964] ... which became SOFTIRQ-irq-safe at: [ 50.700905][ T3964] lock_acquire+0x240/0x77c [ 50.702082][ T3964] _raw_spin_lock+0xb0/0x10c [ 50.703365][ T3964] net_tx_action+0x634/0x884 [ 50.704562][ T3964] __do_softirq+0x344/0xe20 [ 50.705740][ T3964] run_ksoftirqd+0x68/0x258 [ 50.706990][ T3964] smpboot_thread_fn+0x4b0/0x920 [ 50.708288][ T3964] kthread+0x37c/0x45c [ 50.709334][ T3964] ret_from_fork+0x10/0x20 [ 50.710529][ T3964] [ 50.710529][ T3964] to a SOFTIRQ-irq-unsafe lock: [ 50.712347][ T3964] (fs_reclaim){+.+.}-{0:0} [ 50.712365][ T3964] [ 50.712365][ T3964] ... which became SOFTIRQ-irq-unsafe at: [ 50.715554][ T3964] ... [ 50.715560][ T3964] lock_acquire+0x240/0x77c [ 50.717438][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 50.718757][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 50.720115][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 50.721636][ T3964] init_rescuer+0xa4/0x264 [ 50.722829][ T3964] workqueue_init+0x2b4/0x640 [ 50.724071][ T3964] kernel_init_freeable+0x448/0x650 [ 50.725433][ T3964] kernel_init+0x24/0x294 [ 50.726561][ T3964] ret_from_fork+0x10/0x20 [ 50.727741][ T3964] [ 50.727741][ T3964] other info that might help us debug this: [ 50.727741][ T3964] [ 50.730370][ T3964] Possible interrupt unsafe locking scenario: [ 50.730370][ T3964] [ 50.732531][ T3964] CPU0 CPU1 [ 50.733940][ T3964] ---- ---- [ 50.735378][ T3964] lock(fs_reclaim); [ 50.736431][ T3964] local_irq_disable(); [ 50.738137][ T3964] lock(noop_qdisc.q.lock); [ 50.739971][ T3964] lock(fs_reclaim); [ 50.741727][ T3964] [ 50.742582][ T3964] lock(noop_qdisc.q.lock); [ 50.743807][ T3964] [ 50.743807][ T3964] *** DEADLOCK *** [ 50.743807][ T3964] [ 50.745852][ T3964] 2 locks held by syz-executor308/3964: [ 50.747349][ T3964] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 50.749846][ T3964] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 50.752343][ T3964] [ 50.752343][ T3964] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 50.755133][ T3964] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 50.756577][ T3964] HARDIRQ-ON-W at: [ 50.757601][ T3964] lock_acquire+0x240/0x77c [ 50.759177][ T3964] _raw_spin_lock+0xb0/0x10c [ 50.760788][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 50.762473][ T3964] dev_queue_xmit+0x24/0x34 [ 50.764035][ T3964] tx+0x8c/0x130 [ 50.765373][ T3964] kthread+0x1ac/0x374 [ 50.766887][ T3964] kthread+0x37c/0x45c [ 50.768351][ T3964] ret_from_fork+0x10/0x20 [ 50.769900][ T3964] IN-SOFTIRQ-W at: [ 50.770944][ T3964] lock_acquire+0x240/0x77c [ 50.772557][ T3964] _raw_spin_lock+0xb0/0x10c [ 50.774176][ T3964] net_tx_action+0x634/0x884 [ 50.775848][ T3964] __do_softirq+0x344/0xe20 [ 50.777487][ T3964] run_ksoftirqd+0x68/0x258 [ 50.779092][ T3964] smpboot_thread_fn+0x4b0/0x920 [ 50.780813][ T3964] kthread+0x37c/0x45c [ 50.782277][ T3964] ret_from_fork+0x10/0x20 [ 50.783838][ T3964] INITIAL USE at: [ 50.784809][ T3964] lock_acquire+0x240/0x77c [ 50.786400][ T3964] _raw_spin_lock+0xb0/0x10c [ 50.788062][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 50.789760][ T3964] dev_queue_xmit+0x24/0x34 [ 50.791341][ T3964] tx+0x8c/0x130 [ 50.792712][ T3964] kthread+0x1ac/0x374 [ 50.794155][ T3964] kthread+0x37c/0x45c [ 50.795588][ T3964] ret_from_fork+0x10/0x20 [ 50.797162][ T3964] } [ 50.797812][ T3964] ... key at: [] noop_qdisc+0x108/0x320 [ 50.799844][ T3964] [ 50.799844][ T3964] the dependencies between the lock to be acquired [ 50.799851][ T3964] and SOFTIRQ-irq-unsafe lock: [ 50.803399][ T3964] -> (fs_reclaim){+.+.}-{0:0} { [ 50.804673][ T3964] HARDIRQ-ON-W at: [ 50.805681][ T3964] lock_acquire+0x240/0x77c [ 50.807287][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 50.808984][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 50.810673][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 50.812532][ T3964] init_rescuer+0xa4/0x264 [ 50.814102][ T3964] workqueue_init+0x2b4/0x640 [ 50.815696][ T3964] kernel_init_freeable+0x448/0x650 [ 50.817442][ T3964] kernel_init+0x24/0x294 [ 50.819023][ T3964] ret_from_fork+0x10/0x20 [ 50.820559][ T3964] SOFTIRQ-ON-W at: [ 50.821575][ T3964] lock_acquire+0x240/0x77c [ 50.823198][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 50.824919][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 50.826715][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 50.828767][ T3964] init_rescuer+0xa4/0x264 [ 50.830350][ T3964] workqueue_init+0x2b4/0x640 [ 50.831953][ T3964] kernel_init_freeable+0x448/0x650 [ 50.833694][ T3964] kernel_init+0x24/0x294 [ 50.835272][ T3964] ret_from_fork+0x10/0x20 [ 50.836861][ T3964] INITIAL USE at: [ 50.837887][ T3964] lock_acquire+0x240/0x77c [ 50.839420][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 50.841050][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 50.842725][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 50.844652][ T3964] init_rescuer+0xa4/0x264 [ 50.846176][ T3964] workqueue_init+0x2b4/0x640 [ 50.847755][ T3964] kernel_init_freeable+0x448/0x650 [ 50.849501][ T3964] kernel_init+0x24/0x294 [ 50.851014][ T3964] ret_from_fork+0x10/0x20 [ 50.852523][ T3964] } [ 50.853163][ T3964] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 50.855208][ T3964] ... acquired at: [ 50.856191][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 50.857573][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 50.858866][ T3964] __kmalloc_node+0xbc/0x5b8 [ 50.860090][ T3964] kvmalloc_node+0x88/0x204 [ 50.861345][ T3964] get_dist_table+0x9c/0x2a4 [ 50.862584][ T3964] netem_change+0x7cc/0x1a90 [ 50.863862][ T3964] netem_init+0x54/0xb8 [ 50.864978][ T3964] qdisc_create+0x6fc/0xf44 [ 50.866187][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 50.867445][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 50.868799][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 50.870026][ T3964] rtnetlink_rcv+0x28/0x38 [ 50.871239][ T3964] netlink_unicast+0x664/0x938 [ 50.872484][ T3964] netlink_sendmsg+0x844/0xb38 [ 50.873785][ T3964] ____sys_sendmsg+0x584/0x870 [ 50.875060][ T3964] ___sys_sendmsg+0x214/0x294 [ 50.876291][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 50.877704][ T3964] invoke_syscall+0x98/0x2b8 [ 50.878931][ T3964] el0_svc_common+0x138/0x258 [ 50.880190][ T3964] do_el0_svc+0x58/0x14c [ 50.881349][ T3964] el0_svc+0x7c/0x1f0 [ 50.882431][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 50.883830][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 50.885109][ T3964] [ 50.885686][ T3964] [ 50.885686][ T3964] stack backtrace: [ 50.887253][ T3964] CPU: 1 PID: 3964 Comm: syz-executor308 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 50.890151][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 50.892796][ T3964] Call trace: [ 50.893606][ T3964] dump_backtrace+0x0/0x530 [ 50.894925][ T3964] show_stack+0x2c/0x3c [ 50.896013][ T3964] dump_stack_lvl+0x108/0x170 [ 50.897191][ T3964] dump_stack+0x1c/0x58 [ 50.898237][ T3964] __lock_acquire+0x62b4/0x7620 [ 50.899508][ T3964] lock_acquire+0x240/0x77c [ 50.900860][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 50.902081][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 50.903387][ T3964] __kmalloc_node+0xbc/0x5b8 [ 50.904584][ T3964] kvmalloc_node+0x88/0x204 [ 50.905911][ T3964] get_dist_table+0x9c/0x2a4 [ 50.907109][ T3964] netem_change+0x7cc/0x1a90 [ 50.908241][ T3964] netem_init+0x54/0xb8 [ 50.909290][ T3964] qdisc_create+0x6fc/0xf44 [ 50.910466][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 50.911860][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 50.913165][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 50.914417][ T3964] rtnetlink_rcv+0x28/0x38 [ 50.915554][ T3964] netlink_unicast+0x664/0x938 [ 50.916809][ T3964] netlink_sendmsg+0x844/0xb38 [ 50.918083][ T3964] ____sys_sendmsg+0x584/0x870 [ 50.919505][ T3964] ___sys_sendmsg+0x214/0x294 [ 50.920781][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 50.922109][ T3964] invoke_syscall+0x98/0x2b8 [ 50.923329][ T3964] el0_svc_common+0x138/0x258 [ 50.924523][ T3964] do_el0_svc+0x58/0x14c [ 50.925779][ T3964] el0_svc+0x7c/0x1f0 [ 50.926907][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 50.928243][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 50.929532][ T3964] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 50.932093][ T3964] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3964, name: syz-executor308 [ 50.934540][ T3964] INFO: lockdep is turned off. [ 50.935777][ T3964] Preemption disabled at: [ 50.935788][ T3964] [] netem_change+0x22c/0x1a90 [ 50.938840][ T3964] CPU: 1 PID: 3964 Comm: syz-executor308 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 50.941414][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 50.943988][ T3964] Call trace: [ 50.944820][ T3964] dump_backtrace+0x0/0x530 [ 50.945960][ T3964] show_stack+0x2c/0x3c [ 50.946963][ T3964] dump_stack_lvl+0x108/0x170 [ 50.948159][ T3964] dump_stack+0x1c/0x58 [ 50.949257][ T3964] ___might_sleep+0x380/0x4dc [ 50.950507][ T3964] __might_sleep+0x98/0xf0 [ 50.951604][ T3964] slab_pre_alloc_hook+0x58/0xe8 [ 50.952949][ T3964] __kmalloc_node+0xbc/0x5b8 [ 50.954128][ T3964] kvmalloc_node+0x88/0x204 [ 50.955283][ T3964] get_dist_table+0x9c/0x2a4 [ 50.956267][ T3964] netem_change+0x7cc/0x1a90 [ 50.957343][ T3964] netem_init+0x54/0xb8 [ 50.958461][ T3964] qdisc_create+0x6fc/0xf44 [ 50.959637][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 50.960930][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 50.962240][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 50.963491][ T3964] rtnetlink_rcv+0x28/0x38 [ 50.964618][ T3964] netlink_unicast+0x664/0x938 [ 50.965886][ T3964] netlink_sendmsg+0x844/0xb38 [ 50.967156][ T3964] ____sys_sendmsg+0x584/0x870 [ 50.968396][ T3964] ___sys_sendmsg+0x214/0x294 [ 50.969592][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 50.970979][ T3964] invoke_syscall+0x98/0x2b8 [ 50.972149][ T3964] el0_svc_common+0x138/0x258 [ 50.973357][ T3964] do_el0_svc+0x58/0x14c [ 50.974502][ T3964] el0_svc+0x7c/0x1f0 [ 50.975525][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 50.976834][ T3964] el0t_64_sync+0x1a0/0x1a4