Warning: Permanently added '10.128.0.147' (ED25519) to the list of known hosts. executing program [ 46.135300][ T3964] [ 46.135965][ T3964] ===================================================== [ 46.137675][ T3964] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 46.139571][ T3964] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 46.141215][ T3964] ----------------------------------------------------- [ 46.142915][ T3964] syz-executor886/3964 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 46.144833][ T3964] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 46.147034][ T3964] [ 46.147034][ T3964] and this task is already holding: [ 46.148927][ T3964] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 46.151262][ T3964] which would create a new lock dependency: [ 46.152630][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 46.154497][ T3964] [ 46.154497][ T3964] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 46.156927][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} [ 46.156945][ T3964] [ 46.156945][ T3964] ... which became SOFTIRQ-irq-safe at: [ 46.160149][ T3964] lock_acquire+0x240/0x77c [ 46.161358][ T3964] _raw_spin_lock+0xb0/0x10c [ 46.162502][ T3964] net_tx_action+0x634/0x884 [ 46.163665][ T3964] __do_softirq+0x344/0xe20 [ 46.164798][ T3964] run_ksoftirqd+0x68/0x258 [ 46.165932][ T3964] smpboot_thread_fn+0x4b0/0x920 [ 46.167175][ T3964] kthread+0x37c/0x45c [ 46.168251][ T3964] ret_from_fork+0x10/0x20 [ 46.169394][ T3964] [ 46.169394][ T3964] to a SOFTIRQ-irq-unsafe lock: [ 46.171145][ T3964] (fs_reclaim){+.+.}-{0:0} [ 46.171163][ T3964] [ 46.171163][ T3964] ... which became SOFTIRQ-irq-unsafe at: [ 46.174101][ T3964] ... [ 46.174107][ T3964] lock_acquire+0x240/0x77c [ 46.175940][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 46.177232][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 46.178499][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 46.179965][ T3964] init_rescuer+0xa4/0x264 [ 46.181074][ T3964] workqueue_init+0x2b4/0x640 [ 46.182285][ T3964] kernel_init_freeable+0x448/0x650 [ 46.183592][ T3964] kernel_init+0x24/0x294 [ 46.184668][ T3964] ret_from_fork+0x10/0x20 [ 46.185792][ T3964] [ 46.185792][ T3964] other info that might help us debug this: [ 46.185792][ T3964] [ 46.188324][ T3964] Possible interrupt unsafe locking scenario: [ 46.188324][ T3964] [ 46.190345][ T3964] CPU0 CPU1 [ 46.191651][ T3964] ---- ---- [ 46.192963][ T3964] lock(fs_reclaim); [ 46.193958][ T3964] local_irq_disable(); [ 46.195593][ T3964] lock(noop_qdisc.q.lock); [ 46.197232][ T3964] lock(fs_reclaim); [ 46.198711][ T3964] [ 46.199460][ T3964] lock(noop_qdisc.q.lock); [ 46.200601][ T3964] [ 46.200601][ T3964] *** DEADLOCK *** [ 46.200601][ T3964] [ 46.202607][ T3964] 2 locks held by syz-executor886/3964: [ 46.203997][ T3964] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 46.206297][ T3964] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 46.208756][ T3964] [ 46.208756][ T3964] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 46.211327][ T3964] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 46.212642][ T3964] HARDIRQ-ON-W at: [ 46.213614][ T3964] lock_acquire+0x240/0x77c [ 46.215174][ T3964] _raw_spin_lock+0xb0/0x10c [ 46.216754][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 46.218416][ T3964] dev_queue_xmit+0x24/0x34 [ 46.220053][ T3964] tx+0x8c/0x130 [ 46.221401][ T3964] kthread+0x1ac/0x374 [ 46.222866][ T3964] kthread+0x37c/0x45c [ 46.224302][ T3964] ret_from_fork+0x10/0x20 [ 46.225812][ T3964] IN-SOFTIRQ-W at: [ 46.226813][ T3964] lock_acquire+0x240/0x77c [ 46.228378][ T3964] _raw_spin_lock+0xb0/0x10c [ 46.229895][ T3964] net_tx_action+0x634/0x884 [ 46.231443][ T3964] __do_softirq+0x344/0xe20 [ 46.232964][ T3964] run_ksoftirqd+0x68/0x258 [ 46.234486][ T3964] smpboot_thread_fn+0x4b0/0x920 [ 46.236248][ T3964] kthread+0x37c/0x45c [ 46.237750][ T3964] ret_from_fork+0x10/0x20 [ 46.239218][ T3964] INITIAL USE at: [ 46.240244][ T3964] lock_acquire+0x240/0x77c [ 46.241728][ T3964] _raw_spin_lock+0xb0/0x10c [ 46.243302][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 46.244926][ T3964] dev_queue_xmit+0x24/0x34 [ 46.246418][ T3964] tx+0x8c/0x130 [ 46.247669][ T3964] kthread+0x1ac/0x374 [ 46.249060][ T3964] kthread+0x37c/0x45c [ 46.250450][ T3964] ret_from_fork+0x10/0x20 [ 46.251991][ T3964] } [ 46.252645][ T3964] ... key at: [] noop_qdisc+0x108/0x320 [ 46.254580][ T3964] [ 46.254580][ T3964] the dependencies between the lock to be acquired [ 46.254587][ T3964] and SOFTIRQ-irq-unsafe lock: [ 46.257902][ T3964] -> (fs_reclaim){+.+.}-{0:0} { [ 46.259195][ T3964] HARDIRQ-ON-W at: [ 46.260241][ T3964] lock_acquire+0x240/0x77c [ 46.261683][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 46.263243][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 46.263259][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 46.263278][ T3964] init_rescuer+0xa4/0x264 [ 46.268252][ T3964] workqueue_init+0x2b4/0x640 [ 46.269911][ T3964] kernel_init_freeable+0x448/0x650 [ 46.271611][ T3964] kernel_init+0x24/0x294 [ 46.273142][ T3964] ret_from_fork+0x10/0x20 [ 46.274716][ T3964] SOFTIRQ-ON-W at: [ 46.275664][ T3964] lock_acquire+0x240/0x77c [ 46.277175][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 46.278830][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 46.280490][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 46.282265][ T3964] init_rescuer+0xa4/0x264 [ 46.283789][ T3964] workqueue_init+0x2b4/0x640 [ 46.285294][ T3964] kernel_init_freeable+0x448/0x650 [ 46.287010][ T3964] kernel_init+0x24/0x294 [ 46.288507][ T3964] ret_from_fork+0x10/0x20 [ 46.290095][ T3964] INITIAL USE at: [ 46.291084][ T3964] lock_acquire+0x240/0x77c [ 46.292514][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 46.294144][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 46.295750][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 46.297615][ T3964] init_rescuer+0xa4/0x264 [ 46.299173][ T3964] workqueue_init+0x2b4/0x640 [ 46.300699][ T3964] kernel_init_freeable+0x448/0x650 [ 46.302383][ T3964] kernel_init+0x24/0x294 [ 46.303883][ T3964] ret_from_fork+0x10/0x20 [ 46.305334][ T3964] } [ 46.305962][ T3964] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 46.308020][ T3964] ... acquired at: [ 46.308967][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 46.310211][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 46.311482][ T3964] __kmalloc_node+0xbc/0x5b8 [ 46.312622][ T3964] kvmalloc_node+0x88/0x204 [ 46.313809][ T3964] get_dist_table+0x9c/0x2a4 [ 46.315020][ T3964] netem_change+0x7cc/0x1a90 [ 46.316240][ T3964] netem_init+0x54/0xb8 [ 46.317343][ T3964] qdisc_create+0x6fc/0xf44 [ 46.318450][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 46.319731][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 46.320888][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 46.322167][ T3964] rtnetlink_rcv+0x28/0x38 [ 46.323249][ T3964] netlink_unicast+0x664/0x938 [ 46.324513][ T3964] netlink_sendmsg+0x844/0xb38 [ 46.325712][ T3964] ____sys_sendmsg+0x584/0x870 [ 46.326993][ T3964] ___sys_sendmsg+0x214/0x294 [ 46.328104][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 46.329432][ T3964] invoke_syscall+0x98/0x2b8 [ 46.330539][ T3964] el0_svc_common+0x138/0x258 [ 46.331792][ T3964] do_el0_svc+0x58/0x14c [ 46.332883][ T3964] el0_svc+0x7c/0x1f0 [ 46.333959][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 46.335214][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 46.336412][ T3964] [ 46.336965][ T3964] [ 46.336965][ T3964] stack backtrace: [ 46.338416][ T3964] CPU: 0 PID: 3964 Comm: syz-executor886 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 46.341006][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 46.343538][ T3964] Call trace: [ 46.344240][ T3964] dump_backtrace+0x0/0x530 [ 46.345303][ T3964] show_stack+0x2c/0x3c [ 46.346261][ T3964] dump_stack_lvl+0x108/0x170 [ 46.347456][ T3964] dump_stack+0x1c/0x58 [ 46.348461][ T3964] __lock_acquire+0x62b4/0x7620 [ 46.349693][ T3964] lock_acquire+0x240/0x77c [ 46.350853][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 46.352023][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 46.353318][ T3964] __kmalloc_node+0xbc/0x5b8 [ 46.354471][ T3964] kvmalloc_node+0x88/0x204 [ 46.355545][ T3964] get_dist_table+0x9c/0x2a4 [ 46.356720][ T3964] netem_change+0x7cc/0x1a90 [ 46.357876][ T3964] netem_init+0x54/0xb8 [ 46.358927][ T3964] qdisc_create+0x6fc/0xf44 [ 46.360106][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 46.361293][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 46.362423][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 46.363981][ T3964] rtnetlink_rcv+0x28/0x38 [ 46.364991][ T3964] netlink_unicast+0x664/0x938 [ 46.366235][ T3964] netlink_sendmsg+0x844/0xb38 [ 46.367425][ T3964] ____sys_sendmsg+0x584/0x870 [ 46.368572][ T3964] ___sys_sendmsg+0x214/0x294 [ 46.369797][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 46.371063][ T3964] invoke_syscall+0x98/0x2b8 [ 46.372146][ T3964] el0_svc_common+0x138/0x258 [ 46.373291][ T3964] do_el0_svc+0x58/0x14c [ 46.374394][ T3964] el0_svc+0x7c/0x1f0 [ 46.375451][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 46.376718][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 46.377931][ T3964] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 46.380163][ T3964] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3964, name: syz-executor886 [ 46.382409][ T3964] INFO: lockdep is turned off. [ 46.383522][ T3964] Preemption disabled at: [ 46.383532][ T3964] [] netem_change+0x22c/0x1a90 [ 46.386093][ T3964] CPU: 0 PID: 3964 Comm: syz-executor886 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 46.388599][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 46.390980][ T3964] Call trace: [ 46.391780][ T3964] dump_backtrace+0x0/0x530 [ 46.392798][ T3964] show_stack+0x2c/0x3c [ 46.393811][ T3964] dump_stack_lvl+0x108/0x170 [ 46.394883][ T3964] dump_stack+0x1c/0x58 [ 46.395869][ T3964] ___might_sleep+0x380/0x4dc [ 46.396935][ T3964] __might_sleep+0x98/0xf0 [ 46.398058][ T3964] slab_pre_alloc_hook+0x58/0xe8 [ 46.399301][ T3964] __kmalloc_node+0xbc/0x5b8 [ 46.400456][ T3964] kvmalloc_node+0x88/0x204 [ 46.401600][ T3964] get_dist_table+0x9c/0x2a4 [ 46.402709][ T3964] netem_change+0x7cc/0x1a90 [ 46.403795][ T3964] netem_init+0x54/0xb8 [ 46.404735][ T3964] qdisc_create+0x6fc/0xf44 [ 46.405846][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 46.407026][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 46.408124][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 46.409262][ T3964] rtnetlink_rcv+0x28/0x38 [ 46.410372][ T3964] netlink_unicast+0x664/0x938 [ 46.411547][ T3964] netlink_sendmsg+0x844/0xb38 [ 46.412623][ T3964] ____sys_sendmsg+0x584/0x870 [ 46.413805][ T3964] ___sys_sendmsg+0x214/0x294 [ 46.414876][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 46.416106][ T3964] invoke_syscall+0x98/0x2b8 [ 46.417218][ T3964] el0_svc_common+0x138/0x258 [ 46.418361][ T3964] do_el0_svc+0x58/0x14c [ 46.419368][ T3964] el0_svc+0x7c/0x1f0 [ 46.420373][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 46.421522][ T3964] el0t_64_sync+0x1a0/0x1a4