Warning: Permanently added '10.128.0.233' (ED25519) to the list of known hosts. executing program [ 42.775021][ T3964] [ 42.775738][ T3964] ===================================================== [ 42.777332][ T3964] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 42.779046][ T3964] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 42.780716][ T3964] ----------------------------------------------------- [ 42.782374][ T3964] syz-executor238/3964 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 42.784318][ T3964] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 42.786412][ T3964] [ 42.786412][ T3964] and this task is already holding: [ 42.788104][ T3964] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.790281][ T3964] which would create a new lock dependency: [ 42.791626][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 42.793398][ T3964] [ 42.793398][ T3964] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 42.795631][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} [ 42.795651][ T3964] [ 42.795651][ T3964] ... which became SOFTIRQ-irq-safe at: [ 42.798548][ T3964] lock_acquire+0x240/0x77c [ 42.799644][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.800730][ T3964] net_tx_action+0x634/0x884 [ 42.801793][ T3964] __do_softirq+0x344/0xe20 [ 42.802922][ T3964] do_softirq+0x120/0x20c [ 42.803992][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 42.805183][ T3964] local_bh_enable+0x28/0x174 [ 42.806283][ T3964] dev_deactivate_many+0x580/0xbe4 [ 42.807508][ T3964] dev_deactivate+0x13c/0x1fc [ 42.808563][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 42.809730][ T3964] __linkwatch_run_queue+0x424/0x730 [ 42.810995][ T3964] linkwatch_event+0x58/0x68 [ 42.812127][ T3964] process_one_work+0x790/0x11b8 [ 42.813256][ T3964] worker_thread+0x910/0x1034 [ 42.814336][ T3964] kthread+0x37c/0x45c [ 42.815265][ T3964] ret_from_fork+0x10/0x20 [ 42.816325][ T3964] [ 42.816325][ T3964] to a SOFTIRQ-irq-unsafe lock: [ 42.817961][ T3964] (fs_reclaim){+.+.}-{0:0} [ 42.817980][ T3964] [ 42.817980][ T3964] ... which became SOFTIRQ-irq-unsafe at: [ 42.820763][ T3964] ... [ 42.820769][ T3964] lock_acquire+0x240/0x77c [ 42.822433][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.823580][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.824818][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.826261][ T3964] init_rescuer+0xa4/0x264 [ 42.827339][ T3964] workqueue_init+0x2b4/0x640 [ 42.828514][ T3964] kernel_init_freeable+0x448/0x650 [ 42.829736][ T3964] kernel_init+0x24/0x294 [ 42.830791][ T3964] ret_from_fork+0x10/0x20 [ 42.831826][ T3964] [ 42.831826][ T3964] other info that might help us debug this: [ 42.831826][ T3964] [ 42.834228][ T3964] Possible interrupt unsafe locking scenario: [ 42.834228][ T3964] [ 42.836321][ T3964] CPU0 CPU1 [ 42.837556][ T3964] ---- ---- [ 42.838731][ T3964] lock(fs_reclaim); [ 42.839629][ T3964] local_irq_disable(); [ 42.841205][ T3964] lock(noop_qdisc.q.lock); [ 42.842826][ T3964] lock(fs_reclaim); [ 42.844271][ T3964] [ 42.845085][ T3964] lock(noop_qdisc.q.lock); [ 42.846201][ T3964] [ 42.846201][ T3964] *** DEADLOCK *** [ 42.846201][ T3964] [ 42.848136][ T3964] 2 locks held by syz-executor238/3964: [ 42.849406][ T3964] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 42.851601][ T3964] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.853916][ T3964] [ 42.853916][ T3964] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 42.856414][ T3964] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 42.857702][ T3964] HARDIRQ-ON-W at: [ 42.858557][ T3964] lock_acquire+0x240/0x77c [ 42.859996][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.861512][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 42.862982][ T3964] dev_queue_xmit+0x24/0x34 [ 42.864442][ T3964] tx+0x8c/0x130 [ 42.865685][ T3964] kthread+0x1ac/0x374 [ 42.867118][ T3964] kthread+0x37c/0x45c [ 42.868491][ T3964] ret_from_fork+0x10/0x20 [ 42.869836][ T3964] IN-SOFTIRQ-W at: [ 42.870735][ T3964] lock_acquire+0x240/0x77c [ 42.872171][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.873686][ T3964] net_tx_action+0x634/0x884 [ 42.875093][ T3964] __do_softirq+0x344/0xe20 [ 42.876540][ T3964] do_softirq+0x120/0x20c [ 42.877918][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 42.879571][ T3964] local_bh_enable+0x28/0x174 [ 42.881042][ T3964] dev_deactivate_many+0x580/0xbe4 [ 42.882606][ T3964] dev_deactivate+0x13c/0x1fc [ 42.884019][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 42.885568][ T3964] __linkwatch_run_queue+0x424/0x730 [ 42.887143][ T3964] linkwatch_event+0x58/0x68 [ 42.888579][ T3964] process_one_work+0x790/0x11b8 [ 42.890149][ T3964] worker_thread+0x910/0x1034 [ 42.891649][ T3964] kthread+0x37c/0x45c [ 42.892958][ T3964] ret_from_fork+0x10/0x20 [ 42.894290][ T3964] INITIAL USE at: [ 42.895148][ T3964] lock_acquire+0x240/0x77c [ 42.896541][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.897977][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 42.899528][ T3964] dev_queue_xmit+0x24/0x34 [ 42.900930][ T3964] tx+0x8c/0x130 [ 42.902117][ T3964] kthread+0x1ac/0x374 [ 42.903401][ T3964] kthread+0x37c/0x45c [ 42.904744][ T3964] ret_from_fork+0x10/0x20 [ 42.906146][ T3964] } [ 42.906711][ T3964] ... key at: [] noop_qdisc+0x108/0x320 [ 42.908403][ T3964] [ 42.908403][ T3964] the dependencies between the lock to be acquired [ 42.908410][ T3964] and SOFTIRQ-irq-unsafe lock: [ 42.911412][ T3964] -> (fs_reclaim){+.+.}-{0:0} { [ 42.912567][ T3964] HARDIRQ-ON-W at: [ 42.913514][ T3964] lock_acquire+0x240/0x77c [ 42.914937][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.916449][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.918011][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.919716][ T3964] init_rescuer+0xa4/0x264 [ 42.921132][ T3964] workqueue_init+0x2b4/0x640 [ 42.922598][ T3964] kernel_init_freeable+0x448/0x650 [ 42.924224][ T3964] kernel_init+0x24/0x294 [ 42.925641][ T3964] ret_from_fork+0x10/0x20 [ 42.927072][ T3964] SOFTIRQ-ON-W at: [ 42.928053][ T3964] lock_acquire+0x240/0x77c [ 42.929428][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.930899][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.932407][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.934100][ T3964] init_rescuer+0xa4/0x264 [ 42.935482][ T3964] workqueue_init+0x2b4/0x640 [ 42.936972][ T3964] kernel_init_freeable+0x448/0x650 [ 42.938513][ T3964] kernel_init+0x24/0x294 [ 42.939873][ T3964] ret_from_fork+0x10/0x20 [ 42.941290][ T3964] INITIAL USE at: [ 42.942129][ T3964] lock_acquire+0x240/0x77c [ 42.943580][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.945072][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.946605][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.948294][ T3964] init_rescuer+0xa4/0x264 [ 42.949783][ T3964] workqueue_init+0x2b4/0x640 [ 42.951275][ T3964] kernel_init_freeable+0x448/0x650 [ 42.952838][ T3964] kernel_init+0x24/0x294 [ 42.954215][ T3964] ret_from_fork+0x10/0x20 [ 42.955536][ T3964] } [ 42.956133][ T3964] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 42.958033][ T3964] ... acquired at: [ 42.958935][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.960119][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.961317][ T3964] __kmalloc_node+0xbc/0x5b8 [ 42.962474][ T3964] kvmalloc_node+0x88/0x204 [ 42.963598][ T3964] get_dist_table+0x9c/0x2a4 [ 42.964687][ T3964] netem_change+0x7cc/0x1a90 [ 42.965764][ T3964] netem_init+0x54/0xb8 [ 42.966768][ T3964] qdisc_create+0x6fc/0xf44 [ 42.967827][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 42.969024][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 42.970171][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 42.971322][ T3964] rtnetlink_rcv+0x28/0x38 [ 42.972360][ T3964] netlink_unicast+0x664/0x938 [ 42.973537][ T3964] netlink_sendmsg+0x844/0xb38 [ 42.974670][ T3964] ____sys_sendmsg+0x584/0x870 [ 42.975812][ T3964] ___sys_sendmsg+0x214/0x294 [ 42.976919][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.978071][ T3964] invoke_syscall+0x98/0x2b8 [ 42.979159][ T3964] el0_svc_common+0x138/0x258 [ 42.980367][ T3964] do_el0_svc+0x58/0x14c [ 42.981179][ T3964] el0_svc+0x7c/0x1f0 [ 42.981898][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 42.982862][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 42.983687][ T3964] [ 42.984078][ T3964] [ 42.984078][ T3964] stack backtrace: [ 42.985090][ T3964] CPU: 1 PID: 3964 Comm: syz-executor238 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 42.987265][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 42.989726][ T3964] Call trace: [ 42.990417][ T3964] dump_backtrace+0x0/0x530 [ 42.991551][ T3964] show_stack+0x2c/0x3c [ 42.992631][ T3964] dump_stack_lvl+0x108/0x170 [ 42.993755][ T3964] dump_stack+0x1c/0x58 [ 42.994883][ T3964] __lock_acquire+0x62b4/0x7620 [ 42.996057][ T3964] lock_acquire+0x240/0x77c [ 42.997104][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.998222][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.999375][ T3964] __kmalloc_node+0xbc/0x5b8 [ 43.000177][ T3964] kvmalloc_node+0x88/0x204 [ 43.000968][ T3964] get_dist_table+0x9c/0x2a4 [ 43.001766][ T3964] netem_change+0x7cc/0x1a90 [ 43.002575][ T3964] netem_init+0x54/0xb8 [ 43.003296][ T3964] qdisc_create+0x6fc/0xf44 [ 43.004084][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 43.005059][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 43.006250][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 43.007371][ T3964] rtnetlink_rcv+0x28/0x38 [ 43.008449][ T3964] netlink_unicast+0x664/0x938 [ 43.009575][ T3964] netlink_sendmsg+0x844/0xb38 [ 43.010626][ T3964] ____sys_sendmsg+0x584/0x870 [ 43.011737][ T3964] ___sys_sendmsg+0x214/0x294 [ 43.012848][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 43.013998][ T3964] invoke_syscall+0x98/0x2b8 [ 43.015064][ T3964] el0_svc_common+0x138/0x258 [ 43.016161][ T3964] do_el0_svc+0x58/0x14c [ 43.017147][ T3964] el0_svc+0x7c/0x1f0 [ 43.018058][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 43.019210][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 43.020329][ T3964] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 43.022493][ T3964] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3964, name: syz-executor238 [ 43.024637][ T3964] INFO: lockdep is turned off. [ 43.025753][ T3964] Preemption disabled at: [ 43.025764][ T3964] [] netem_change+0x22c/0x1a90 [ 43.028144][ T3964] CPU: 1 PID: 3964 Comm: syz-executor238 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 43.030514][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 43.032928][ T3964] Call trace: [ 43.033683][ T3964] dump_backtrace+0x0/0x530 [ 43.034793][ T3964] show_stack+0x2c/0x3c [ 43.035849][ T3964] dump_stack_lvl+0x108/0x170 [ 43.036993][ T3964] dump_stack+0x1c/0x58 [ 43.038002][ T3964] ___might_sleep+0x380/0x4dc [ 43.039082][ T3964] __might_sleep+0x98/0xf0 [ 43.040097][ T3964] slab_pre_alloc_hook+0x58/0xe8 [ 43.041274][ T3964] __kmalloc_node+0xbc/0x5b8 [ 43.042373][ T3964] kvmalloc_node+0x88/0x204 [ 43.043440][ T3964] get_dist_table+0x9c/0x2a4 [ 43.044545][ T3964] netem_change+0x7cc/0x1a90 [ 43.045651][ T3964] netem_init+0x54/0xb8 [ 43.046630][ T3964] qdisc_create+0x6fc/0xf44 [ 43.047712][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 43.048894][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 43.050170][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 43.051342][ T3964] rtnetlink_rcv+0x28/0x38 [ 43.052337][ T3964] netlink_unicast+0x664/0x938 [ 43.053467][ T3964] netlink_sendmsg+0x844/0xb38 [ 43.054669][ T3964] ____sys_sendmsg+0x584/0x870 [ 43.055819][ T3964] ___sys_sendmsg+0x214/0x294 [ 43.056883][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 43.058112][ T3964] invoke_syscall+0x98/0x2b8 [ 43.059168][ T3964] el0_svc_common+0x138/0x258 [ 43.060316][ T3964] do_el0_svc+0x58/0x14c [ 43.061285][ T3964] el0_svc+0x7c/0x1f0 [ 43.062234][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 43.063402][ T3964] el0t_64_sync+0x1a0/0x1a4