Warning: Permanently added '10.128.0.175' (ED25519) to the list of known hosts. executing program [ 39.053584][ T3963] [ 39.054186][ T3963] ===================================================== [ 39.055945][ T3963] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 39.057832][ T3963] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 39.059542][ T3963] ----------------------------------------------------- [ 39.061272][ T3963] syz-executor198/3963 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 39.063335][ T3963] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 39.065662][ T3963] [ 39.065662][ T3963] and this task is already holding: [ 39.067460][ T3963] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 39.069919][ T3963] which would create a new lock dependency: [ 39.071369][ T3963] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 39.073298][ T3963] [ 39.073298][ T3963] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 39.075712][ T3963] (noop_qdisc.q.lock){+.-.}-{2:2} [ 39.075730][ T3963] [ 39.075730][ T3963] ... which became SOFTIRQ-irq-safe at: [ 39.078940][ T3963] lock_acquire+0x240/0x77c [ 39.080103][ T3963] _raw_spin_lock+0xb0/0x10c [ 39.081246][ T3963] net_tx_action+0x634/0x884 [ 39.082418][ T3963] __do_softirq+0x344/0xe20 [ 39.083598][ T3963] run_ksoftirqd+0x68/0x258 [ 39.084733][ T3963] smpboot_thread_fn+0x4b0/0x920 [ 39.086028][ T3963] kthread+0x37c/0x45c [ 39.087093][ T3963] ret_from_fork+0x10/0x20 [ 39.088238][ T3963] [ 39.088238][ T3963] to a SOFTIRQ-irq-unsafe lock: [ 39.090088][ T3963] (fs_reclaim){+.+.}-{0:0} [ 39.090106][ T3963] [ 39.090106][ T3963] ... which became SOFTIRQ-irq-unsafe at: [ 39.093310][ T3963] ... [ 39.093316][ T3963] lock_acquire+0x240/0x77c [ 39.095104][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.096391][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.097644][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.099162][ T3963] init_rescuer+0xa4/0x264 [ 39.100329][ T3963] workqueue_init+0x2b4/0x640 [ 39.101526][ T3963] kernel_init_freeable+0x448/0x650 [ 39.102861][ T3963] kernel_init+0x24/0x294 [ 39.103969][ T3963] ret_from_fork+0x10/0x20 [ 39.105080][ T3963] [ 39.105080][ T3963] other info that might help us debug this: [ 39.105080][ T3963] [ 39.107713][ T3963] Possible interrupt unsafe locking scenario: [ 39.107713][ T3963] [ 39.109796][ T3963] CPU0 CPU1 [ 39.111149][ T3963] ---- ---- [ 39.112460][ T3963] lock(fs_reclaim); [ 39.113474][ T3963] local_irq_disable(); [ 39.115211][ T3963] lock(noop_qdisc.q.lock); [ 39.117001][ T3963] lock(fs_reclaim); [ 39.118674][ T3963] [ 39.119523][ T3963] lock(noop_qdisc.q.lock); [ 39.120749][ T3963] [ 39.120749][ T3963] *** DEADLOCK *** [ 39.120749][ T3963] [ 39.122852][ T3963] 2 locks held by syz-executor198/3963: [ 39.124290][ T3963] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 39.126671][ T3963] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 39.129161][ T3963] [ 39.129161][ T3963] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 39.131837][ T3963] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 39.133271][ T3963] HARDIRQ-ON-W at: [ 39.134268][ T3963] lock_acquire+0x240/0x77c [ 39.135808][ T3963] _raw_spin_lock+0xb0/0x10c [ 39.137468][ T3963] __dev_queue_xmit+0x8d0/0x2a6c [ 39.139096][ T3963] dev_queue_xmit+0x24/0x34 [ 39.140723][ T3963] tx+0x8c/0x130 [ 39.142059][ T3963] kthread+0x1ac/0x374 [ 39.143582][ T3963] kthread+0x37c/0x45c [ 39.145006][ T3963] ret_from_fork+0x10/0x20 [ 39.146597][ T3963] IN-SOFTIRQ-W at: [ 39.147594][ T3963] lock_acquire+0x240/0x77c [ 39.149201][ T3963] _raw_spin_lock+0xb0/0x10c [ 39.150807][ T3963] net_tx_action+0x634/0x884 [ 39.152326][ T3963] __do_softirq+0x344/0xe20 [ 39.153869][ T3963] run_ksoftirqd+0x68/0x258 [ 39.155421][ T3963] smpboot_thread_fn+0x4b0/0x920 [ 39.157054][ T3963] kthread+0x37c/0x45c [ 39.158545][ T3963] ret_from_fork+0x10/0x20 [ 39.160133][ T3963] INITIAL USE at: [ 39.161159][ T3963] lock_acquire+0x240/0x77c [ 39.162643][ T3963] _raw_spin_lock+0xb0/0x10c [ 39.164198][ T3963] __dev_queue_xmit+0x8d0/0x2a6c [ 39.165876][ T3963] dev_queue_xmit+0x24/0x34 [ 39.167450][ T3963] tx+0x8c/0x130 [ 39.168705][ T3963] kthread+0x1ac/0x374 [ 39.170166][ T3963] kthread+0x37c/0x45c [ 39.171576][ T3963] ret_from_fork+0x10/0x20 [ 39.173075][ T3963] } [ 39.173672][ T3963] ... key at: [] noop_qdisc+0x108/0x320 [ 39.175584][ T3963] [ 39.175584][ T3963] the dependencies between the lock to be acquired [ 39.175591][ T3963] and SOFTIRQ-irq-unsafe lock: [ 39.179116][ T3963] -> (fs_reclaim){+.+.}-{0:0} { [ 39.180326][ T3963] HARDIRQ-ON-W at: [ 39.181333][ T3963] lock_acquire+0x240/0x77c [ 39.182909][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.184581][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.186257][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.188160][ T3963] init_rescuer+0xa4/0x264 [ 39.189671][ T3963] workqueue_init+0x2b4/0x640 [ 39.191269][ T3963] kernel_init_freeable+0x448/0x650 [ 39.193019][ T3963] kernel_init+0x24/0x294 [ 39.194539][ T3963] ret_from_fork+0x10/0x20 [ 39.196069][ T3963] SOFTIRQ-ON-W at: [ 39.197085][ T3963] lock_acquire+0x240/0x77c [ 39.198648][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.200316][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.202030][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.203904][ T3963] init_rescuer+0xa4/0x264 [ 39.205442][ T3963] workqueue_init+0x2b4/0x640 [ 39.207014][ T3963] kernel_init_freeable+0x448/0x650 [ 39.208920][ T3963] kernel_init+0x24/0x294 [ 39.210448][ T3963] ret_from_fork+0x10/0x20 [ 39.211981][ T3963] INITIAL USE at: [ 39.212977][ T3963] lock_acquire+0x240/0x77c [ 39.214499][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.216245][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.217908][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.219762][ T3963] init_rescuer+0xa4/0x264 [ 39.221251][ T3963] workqueue_init+0x2b4/0x640 [ 39.222866][ T3963] kernel_init_freeable+0x448/0x650 [ 39.224605][ T3963] kernel_init+0x24/0x294 [ 39.226114][ T3963] ret_from_fork+0x10/0x20 [ 39.227648][ T3963] } [ 39.228272][ T3963] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 39.230329][ T3963] ... acquired at: [ 39.231277][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.232592][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.233905][ T3963] __kmalloc_node+0xbc/0x5b8 [ 39.235135][ T3963] kvmalloc_node+0x88/0x204 [ 39.236356][ T3963] get_dist_table+0x9c/0x2a4 [ 39.237563][ T3963] netem_change+0x7cc/0x1a90 [ 39.238775][ T3963] netem_init+0x54/0xb8 [ 39.239868][ T3963] qdisc_create+0x6fc/0xf44 [ 39.241031][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 39.242301][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 39.243647][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 39.244937][ T3963] rtnetlink_rcv+0x28/0x38 [ 39.246099][ T3963] netlink_unicast+0x664/0x938 [ 39.247423][ T3963] netlink_sendmsg+0x844/0xb38 [ 39.248713][ T3963] ____sys_sendmsg+0x584/0x870 [ 39.249997][ T3963] ___sys_sendmsg+0x214/0x294 [ 39.251233][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.252583][ T3963] invoke_syscall+0x98/0x2b8 [ 39.253804][ T3963] el0_svc_common+0x138/0x258 [ 39.255059][ T3963] do_el0_svc+0x58/0x14c [ 39.256157][ T3963] el0_svc+0x7c/0x1f0 [ 39.257180][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 39.258543][ T3963] el0t_64_sync+0x1a0/0x1a4 [ 39.259755][ T3963] [ 39.260312][ T3963] [ 39.260312][ T3963] stack backtrace: [ 39.261821][ T3963] CPU: 1 PID: 3963 Comm: syz-executor198 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 39.264451][ T3963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 39.266972][ T3963] Call trace: [ 39.267759][ T3963] dump_backtrace+0x0/0x530 [ 39.268928][ T3963] show_stack+0x2c/0x3c [ 39.270006][ T3963] dump_stack_lvl+0x108/0x170 [ 39.271199][ T3963] dump_stack+0x1c/0x58 [ 39.272264][ T3963] __lock_acquire+0x62b4/0x7620 [ 39.273463][ T3963] lock_acquire+0x240/0x77c [ 39.274600][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.275820][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.277092][ T3963] __kmalloc_node+0xbc/0x5b8 [ 39.278335][ T3963] kvmalloc_node+0x88/0x204 [ 39.279455][ T3963] get_dist_table+0x9c/0x2a4 [ 39.280628][ T3963] netem_change+0x7cc/0x1a90 [ 39.281794][ T3963] netem_init+0x54/0xb8 [ 39.282879][ T3963] qdisc_create+0x6fc/0xf44 [ 39.283974][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 39.285210][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 39.286597][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 39.287841][ T3963] rtnetlink_rcv+0x28/0x38 [ 39.288971][ T3963] netlink_unicast+0x664/0x938 [ 39.290171][ T3963] netlink_sendmsg+0x844/0xb38 [ 39.291341][ T3963] ____sys_sendmsg+0x584/0x870 [ 39.292621][ T3963] ___sys_sendmsg+0x214/0x294 [ 39.293816][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.295079][ T3963] invoke_syscall+0x98/0x2b8 [ 39.296191][ T3963] el0_svc_common+0x138/0x258 [ 39.297362][ T3963] do_el0_svc+0x58/0x14c [ 39.298451][ T3963] el0_svc+0x7c/0x1f0 [ 39.299444][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 39.300703][ T3963] el0t_64_sync+0x1a0/0x1a4 [ 39.301850][ T3963] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 39.304211][ T3963] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3963, name: syz-executor198 [ 39.306592][ T3963] INFO: lockdep is turned off. [ 39.307755][ T3963] Preemption disabled at: [ 39.307766][ T3963] [] netem_change+0x22c/0x1a90 [ 39.310393][ T3963] CPU: 1 PID: 3963 Comm: syz-executor198 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 39.313020][ T3963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 39.315542][ T3963] Call trace: [ 39.316367][ T3963] dump_backtrace+0x0/0x530 [ 39.317478][ T3963] show_stack+0x2c/0x3c [ 39.318439][ T3963] dump_stack_lvl+0x108/0x170 [ 39.319604][ T3963] dump_stack+0x1c/0x58 [ 39.320607][ T3963] ___might_sleep+0x380/0x4dc [ 39.321821][ T3963] __might_sleep+0x98/0xf0 [ 39.322938][ T3963] slab_pre_alloc_hook+0x58/0xe8 [ 39.324149][ T3963] __kmalloc_node+0xbc/0x5b8 [ 39.325287][ T3963] kvmalloc_node+0x88/0x204 [ 39.326424][ T3963] get_dist_table+0x9c/0x2a4 [ 39.327590][ T3963] netem_change+0x7cc/0x1a90 [ 39.328721][ T3963] netem_init+0x54/0xb8 [ 39.329775][ T3963] qdisc_create+0x6fc/0xf44 [ 39.330882][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 39.332087][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 39.333299][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 39.334503][ T3963] rtnetlink_rcv+0x28/0x38 [ 39.335617][ T3963] netlink_unicast+0x664/0x938 [ 39.336820][ T3963] netlink_sendmsg+0x844/0xb38 [ 39.338033][ T3963] ____sys_sendmsg+0x584/0x870 [ 39.339295][ T3963] ___sys_sendmsg+0x214/0x294 [ 39.340495][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.341748][ T3963] invoke_syscall+0x98/0x2b8 [ 39.342967][ T3963] el0_svc_common+0x138/0x258 [ 39.344176][ T3963] do_el0_svc+0x58/0x14c [ 39.345251][ T3963] el0_svc+0x7c/0x1f0 [ 39.346251][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 39.347539][ T3963] el0t_64_sync+0x1a0/0x1a4