[ 18.753709][ T3639] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.757572][ T3639] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.805381][ T153] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.808874][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.12' (ED25519) to the list of known hosts. executing program syzkaller login: [ 37.616897][ T3964] [ 37.617509][ T3964] ===================================================== [ 37.619168][ T3964] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 37.620835][ T3964] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 37.622437][ T3964] ----------------------------------------------------- [ 37.624058][ T3964] syz-executor129/3964 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 37.625998][ T3964] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 37.628049][ T3964] [ 37.628049][ T3964] and this task is already holding: [ 37.629818][ T3964] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 37.631983][ T3964] which would create a new lock dependency: [ 37.633246][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 37.635075][ T3964] [ 37.635075][ T3964] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 37.637250][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} [ 37.637268][ T3964] [ 37.637268][ T3964] ... which became SOFTIRQ-irq-safe at: [ 37.640296][ T3964] lock_acquire+0x240/0x77c [ 37.641391][ T3964] _raw_spin_lock+0xb0/0x10c [ 37.642459][ T3964] net_tx_action+0x634/0x884 [ 37.643547][ T3964] __do_softirq+0x344/0xe20 [ 37.644589][ T3964] do_softirq+0x120/0x20c [ 37.645614][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 37.646835][ T3964] local_bh_enable+0x28/0x174 [ 37.647902][ T3964] dev_deactivate_many+0x580/0xbe4 [ 37.649127][ T3964] dev_deactivate+0x13c/0x1fc [ 37.650271][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 37.651391][ T3964] __linkwatch_run_queue+0x424/0x730 [ 37.652580][ T3964] linkwatch_event+0x58/0x68 [ 37.653645][ T3964] process_one_work+0x790/0x11b8 [ 37.654768][ T3964] worker_thread+0x910/0x1034 [ 37.655835][ T3964] kthread+0x37c/0x45c [ 37.656795][ T3964] ret_from_fork+0x10/0x20 [ 37.657837][ T3964] [ 37.657837][ T3964] to a SOFTIRQ-irq-unsafe lock: [ 37.659559][ T3964] (fs_reclaim){+.+.}-{0:0} [ 37.659584][ T3964] [ 37.659584][ T3964] ... which became SOFTIRQ-irq-unsafe at: [ 37.662402][ T3964] ... [ 37.662408][ T3964] lock_acquire+0x240/0x77c [ 37.664066][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 37.665248][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 37.666360][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 37.667778][ T3964] init_rescuer+0xa4/0x264 [ 37.668848][ T3964] workqueue_init+0x2b4/0x640 [ 37.670041][ T3964] kernel_init_freeable+0x448/0x650 [ 37.671316][ T3964] kernel_init+0x24/0x294 [ 37.672341][ T3964] ret_from_fork+0x10/0x20 [ 37.673386][ T3964] [ 37.673386][ T3964] other info that might help us debug this: [ 37.673386][ T3964] [ 37.675760][ T3964] Possible interrupt unsafe locking scenario: [ 37.675760][ T3964] [ 37.677613][ T3964] CPU0 CPU1 [ 37.678875][ T3964] ---- ---- [ 37.680080][ T3964] lock(fs_reclaim); [ 37.680999][ T3964] local_irq_disable(); [ 37.682535][ T3964] lock(noop_qdisc.q.lock); [ 37.684269][ T3964] lock(fs_reclaim); [ 37.685837][ T3964] [ 37.686620][ T3964] lock(noop_qdisc.q.lock); [ 37.687805][ T3964] [ 37.687805][ T3964] *** DEADLOCK *** [ 37.687805][ T3964] [ 37.689673][ T3964] 2 locks held by syz-executor129/3964: [ 37.691005][ T3964] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 37.693207][ T3964] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 37.695500][ T3964] [ 37.695500][ T3964] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 37.697938][ T3964] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 37.699217][ T3964] HARDIRQ-ON-W at: [ 37.700165][ T3964] lock_acquire+0x240/0x77c [ 37.701521][ T3964] _raw_spin_lock+0xb0/0x10c [ 37.703009][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 37.704621][ T3964] dev_queue_xmit+0x24/0x34 [ 37.706142][ T3964] tx+0x8c/0x130 [ 37.707361][ T3964] kthread+0x1ac/0x374 [ 37.708752][ T3964] kthread+0x37c/0x45c [ 37.710171][ T3964] ret_from_fork+0x10/0x20 [ 37.711593][ T3964] IN-SOFTIRQ-W at: [ 37.712535][ T3964] lock_acquire+0x240/0x77c [ 37.713977][ T3964] _raw_spin_lock+0xb0/0x10c [ 37.715455][ T3964] net_tx_action+0x634/0x884 [ 37.716943][ T3964] __do_softirq+0x344/0xe20 [ 37.718349][ T3964] do_softirq+0x120/0x20c [ 37.719774][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 37.721441][ T3964] local_bh_enable+0x28/0x174 [ 37.722927][ T3964] dev_deactivate_many+0x580/0xbe4 [ 37.724524][ T3964] dev_deactivate+0x13c/0x1fc [ 37.726011][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 37.727494][ T3964] __linkwatch_run_queue+0x424/0x730 [ 37.729092][ T3964] linkwatch_event+0x58/0x68 [ 37.730545][ T3964] process_one_work+0x790/0x11b8 [ 37.732155][ T3964] worker_thread+0x910/0x1034 [ 37.733708][ T3964] kthread+0x37c/0x45c [ 37.735077][ T3964] ret_from_fork+0x10/0x20 [ 37.736471][ T3964] INITIAL USE at: [ 37.737392][ T3964] lock_acquire+0x240/0x77c [ 37.738851][ T3964] _raw_spin_lock+0xb0/0x10c [ 37.740328][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 37.741873][ T3964] dev_queue_xmit+0x24/0x34 [ 37.743278][ T3964] tx+0x8c/0x130 [ 37.744482][ T3964] kthread+0x1ac/0x374 [ 37.745811][ T3964] kthread+0x37c/0x45c [ 37.747181][ T3964] ret_from_fork+0x10/0x20 [ 37.748720][ T3964] } [ 37.749356][ T3964] ... key at: [] noop_qdisc+0x108/0x320 [ 37.751120][ T3964] [ 37.751120][ T3964] the dependencies between the lock to be acquired [ 37.751127][ T3964] and SOFTIRQ-irq-unsafe lock: [ 37.754229][ T3964] -> (fs_reclaim){+.+.}-{0:0} { [ 37.755322][ T3964] HARDIRQ-ON-W at: [ 37.756269][ T3964] lock_acquire+0x240/0x77c [ 37.757650][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 37.759255][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 37.760817][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 37.762607][ T3964] init_rescuer+0xa4/0x264 [ 37.764060][ T3964] workqueue_init+0x2b4/0x640 [ 37.765575][ T3964] kernel_init_freeable+0x448/0x650 [ 37.767157][ T3964] kernel_init+0x24/0x294 [ 37.768530][ T3964] ret_from_fork+0x10/0x20 [ 37.769967][ T3964] SOFTIRQ-ON-W at: [ 37.770924][ T3964] lock_acquire+0x240/0x77c [ 37.772322][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 37.773934][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 37.775512][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 37.777264][ T3964] init_rescuer+0xa4/0x264 [ 37.778704][ T3964] workqueue_init+0x2b4/0x640 [ 37.780187][ T3964] kernel_init_freeable+0x448/0x650 [ 37.781790][ T3964] kernel_init+0x24/0x294 [ 37.783192][ T3964] ret_from_fork+0x10/0x20 [ 37.784561][ T3964] INITIAL USE at: [ 37.785463][ T3964] lock_acquire+0x240/0x77c [ 37.786902][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 37.788367][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 37.789906][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 37.791680][ T3964] init_rescuer+0xa4/0x264 [ 37.793122][ T3964] workqueue_init+0x2b4/0x640 [ 37.794618][ T3964] kernel_init_freeable+0x448/0x650 [ 37.796255][ T3964] kernel_init+0x24/0x294 [ 37.797636][ T3964] ret_from_fork+0x10/0x20 [ 37.799088][ T3964] } [ 37.799633][ T3964] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 37.801512][ T3964] ... acquired at: [ 37.802417][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 37.803599][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 37.804805][ T3964] __kmalloc_node+0xbc/0x5b8 [ 37.805969][ T3964] kvmalloc_node+0x88/0x204 [ 37.807073][ T3964] get_dist_table+0x9c/0x2a4 [ 37.808176][ T3964] netem_change+0x7cc/0x1a90 [ 37.809251][ T3964] netem_init+0x54/0xb8 [ 37.810259][ T3964] qdisc_create+0x6fc/0xf44 [ 37.811333][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 37.812488][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 37.813687][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 37.814849][ T3964] rtnetlink_rcv+0x28/0x38 [ 37.815914][ T3964] netlink_unicast+0x664/0x938 [ 37.817103][ T3964] netlink_sendmsg+0x844/0xb38 [ 37.818262][ T3964] ____sys_sendmsg+0x584/0x870 [ 37.819489][ T3964] ___sys_sendmsg+0x214/0x294 [ 37.820645][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 37.821948][ T3964] invoke_syscall+0x98/0x2b8 [ 37.823057][ T3964] el0_svc_common+0x138/0x258 [ 37.824068][ T3964] do_el0_svc+0x58/0x14c [ 37.825107][ T3964] el0_svc+0x7c/0x1f0 [ 37.826025][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 37.827295][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 37.828382][ T3964] [ 37.828888][ T3964] [ 37.828888][ T3964] stack backtrace: [ 37.830170][ T3964] CPU: 0 PID: 3964 Comm: syz-executor129 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 37.832458][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 37.834841][ T3964] Call trace: [ 37.835641][ T3964] dump_backtrace+0x0/0x530 [ 37.836654][ T3964] show_stack+0x2c/0x3c [ 37.837539][ T3964] dump_stack_lvl+0x108/0x170 [ 37.838600][ T3964] dump_stack+0x1c/0x58 [ 37.839592][ T3964] __lock_acquire+0x62b4/0x7620 [ 37.840724][ T3964] lock_acquire+0x240/0x77c [ 37.841786][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 37.842960][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 37.843989][ T3964] __kmalloc_node+0xbc/0x5b8 [ 37.845044][ T3964] kvmalloc_node+0x88/0x204 [ 37.846089][ T3964] get_dist_table+0x9c/0x2a4 [ 37.847037][ T3964] netem_change+0x7cc/0x1a90 [ 37.848090][ T3964] netem_init+0x54/0xb8 [ 37.849010][ T3964] qdisc_create+0x6fc/0xf44 [ 37.850053][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 37.851242][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 37.852397][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 37.853536][ T3964] rtnetlink_rcv+0x28/0x38 [ 37.854518][ T3964] netlink_unicast+0x664/0x938 [ 37.855502][ T3964] netlink_sendmsg+0x844/0xb38 [ 37.856602][ T3964] ____sys_sendmsg+0x584/0x870 [ 37.857644][ T3964] ___sys_sendmsg+0x214/0x294 [ 37.858731][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 37.859835][ T3964] invoke_syscall+0x98/0x2b8 [ 37.860889][ T3964] el0_svc_common+0x138/0x258 [ 37.861937][ T3964] do_el0_svc+0x58/0x14c [ 37.862915][ T3964] el0_svc+0x7c/0x1f0 [ 37.863770][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 37.864919][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 37.866007][ T3964] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 37.867986][ T3964] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3964, name: syz-executor129 [ 37.869954][ T3964] INFO: lockdep is turned off. [ 37.870949][ T3964] Preemption disabled at: [ 37.870960][ T3964] [] netem_change+0x22c/0x1a90 [ 37.873218][ T3964] CPU: 0 PID: 3964 Comm: syz-executor129 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 37.875419][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 37.877559][ T3964] Call trace: [ 37.878225][ T3964] dump_backtrace+0x0/0x530 [ 37.879183][ T3964] show_stack+0x2c/0x3c [ 37.880137][ T3964] dump_stack_lvl+0x108/0x170 [ 37.881116][ T3964] dump_stack+0x1c/0x58 [ 37.882072][ T3964] ___might_sleep+0x380/0x4dc [ 37.883065][ T3964] __might_sleep+0x98/0xf0 [ 37.883980][ T3964] slab_pre_alloc_hook+0x58/0xe8 [ 37.885032][ T3964] __kmalloc_node+0xbc/0x5b8 [ 37.886188][ T3964] kvmalloc_node+0x88/0x204 [ 37.887150][ T3964] get_dist_table+0x9c/0x2a4 [ 37.888129][ T3964] netem_change+0x7cc/0x1a90 [ 37.889143][ T3964] netem_init+0x54/0xb8 [ 37.890052][ T3964] qdisc_create+0x6fc/0xf44 [ 37.891054][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 37.892166][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 37.893193][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 37.894174][ T3964] rtnetlink_rcv+0x28/0x38 [ 37.895107][ T3964] netlink_unicast+0x664/0x938 [ 37.896207][ T3964] netlink_sendmsg+0x844/0xb38 [ 37.897248][ T3964] ____sys_sendmsg+0x584/0x870 [ 37.898282][ T3964] ___sys_sendmsg+0x214/0x294 [ 37.899290][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 37.900396][ T3964] invoke_syscall+0x98/0x2b8 [ 37.901422][ T3964] el0_svc_common+0x138/0x258 [ 37.902427][ T3964] do_el0_svc+0x58/0x14c [ 37.903319][ T3964] el0_svc+0x7c/0x1f0 [ 37.904261][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 37.905403][ T3964] el0t_64_sync+0x1a0/0x1a4