Warning: Permanently added '10.128.0.46' (ED25519) to the list of known hosts. executing program [ 45.303488][ T3964] [ 45.304193][ T3964] ===================================================== [ 45.305956][ T3964] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 45.307857][ T3964] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 45.309611][ T3964] ----------------------------------------------------- [ 45.311436][ T3964] syz-executor696/3964 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 45.313637][ T3964] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 45.315992][ T3964] [ 45.315992][ T3964] and this task is already holding: [ 45.317896][ T3964] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 45.320347][ T3964] which would create a new lock dependency: [ 45.321868][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 45.323835][ T3964] [ 45.323835][ T3964] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 45.326226][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} [ 45.326243][ T3964] [ 45.326243][ T3964] ... which became SOFTIRQ-irq-safe at: [ 45.329480][ T3964] lock_acquire+0x240/0x77c [ 45.330324][ T3964] _raw_spin_lock+0xb0/0x10c [ 45.331298][ T3964] net_tx_action+0x634/0x884 [ 45.332534][ T3964] __do_softirq+0x344/0xe20 [ 45.333750][ T3964] do_softirq+0x120/0x20c [ 45.334909][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 45.336251][ T3964] local_bh_enable+0x28/0x174 [ 45.337463][ T3964] dev_deactivate_many+0x580/0xbe4 [ 45.338835][ T3964] dev_deactivate+0x13c/0x1fc [ 45.340047][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 45.341309][ T3964] __linkwatch_run_queue+0x424/0x730 [ 45.342706][ T3964] linkwatch_event+0x58/0x68 [ 45.343924][ T3964] process_one_work+0x790/0x11b8 [ 45.345244][ T3964] worker_thread+0x910/0x1034 [ 45.346483][ T3964] kthread+0x37c/0x45c [ 45.347557][ T3964] ret_from_fork+0x10/0x20 [ 45.348749][ T3964] [ 45.348749][ T3964] to a SOFTIRQ-irq-unsafe lock: [ 45.350590][ T3964] (fs_reclaim){+.+.}-{0:0} [ 45.350608][ T3964] [ 45.350608][ T3964] ... which became SOFTIRQ-irq-unsafe at: [ 45.353862][ T3964] ... [ 45.353867][ T3964] lock_acquire+0x240/0x77c [ 45.355749][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 45.357054][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 45.358345][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.359876][ T3964] init_rescuer+0xa4/0x264 [ 45.361083][ T3964] workqueue_init+0x2b4/0x640 [ 45.362326][ T3964] kernel_init_freeable+0x448/0x650 [ 45.363722][ T3964] kernel_init+0x24/0x294 [ 45.364865][ T3964] ret_from_fork+0x10/0x20 [ 45.366037][ T3964] [ 45.366037][ T3964] other info that might help us debug this: [ 45.366037][ T3964] [ 45.368766][ T3964] Possible interrupt unsafe locking scenario: [ 45.368766][ T3964] [ 45.370939][ T3964] CPU0 CPU1 [ 45.372349][ T3964] ---- ---- [ 45.373742][ T3964] lock(fs_reclaim); [ 45.374771][ T3964] local_irq_disable(); [ 45.376480][ T3964] lock(noop_qdisc.q.lock); [ 45.378289][ T3964] lock(fs_reclaim); [ 45.379990][ T3964] [ 45.380896][ T3964] lock(noop_qdisc.q.lock); [ 45.382151][ T3964] [ 45.382151][ T3964] *** DEADLOCK *** [ 45.382151][ T3964] [ 45.384206][ T3964] 2 locks held by syz-executor696/3964: [ 45.385661][ T3964] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 45.388123][ T3964] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 45.390709][ T3964] [ 45.390709][ T3964] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 45.393415][ T3964] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 45.394867][ T3964] HARDIRQ-ON-W at: [ 45.395867][ T3964] lock_acquire+0x240/0x77c [ 45.397493][ T3964] _raw_spin_lock+0xb0/0x10c [ 45.399142][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 45.400858][ T3964] dev_queue_xmit+0x24/0x34 [ 45.402447][ T3964] tx+0x8c/0x130 [ 45.403821][ T3964] kthread+0x1ac/0x374 [ 45.405299][ T3964] kthread+0x37c/0x45c [ 45.406793][ T3964] ret_from_fork+0x10/0x20 [ 45.408392][ T3964] IN-SOFTIRQ-W at: [ 45.409415][ T3964] lock_acquire+0x240/0x77c [ 45.411055][ T3964] _raw_spin_lock+0xb0/0x10c [ 45.412733][ T3964] net_tx_action+0x634/0x884 [ 45.414420][ T3964] __do_softirq+0x344/0xe20 [ 45.416103][ T3964] do_softirq+0x120/0x20c [ 45.417707][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 45.419443][ T3964] local_bh_enable+0x28/0x174 [ 45.421082][ T3964] dev_deactivate_many+0x580/0xbe4 [ 45.422831][ T3964] dev_deactivate+0x13c/0x1fc [ 45.424483][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 45.426225][ T3964] __linkwatch_run_queue+0x424/0x730 [ 45.428066][ T3964] linkwatch_event+0x58/0x68 [ 45.429675][ T3964] process_one_work+0x790/0x11b8 [ 45.431390][ T3964] worker_thread+0x910/0x1034 [ 45.433110][ T3964] kthread+0x37c/0x45c [ 45.434591][ T3964] ret_from_fork+0x10/0x20 [ 45.436183][ T3964] INITIAL USE at: [ 45.437191][ T3964] lock_acquire+0x240/0x77c [ 45.438782][ T3964] _raw_spin_lock+0xb0/0x10c [ 45.440395][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 45.442054][ T3964] dev_queue_xmit+0x24/0x34 [ 45.443672][ T3964] tx+0x8c/0x130 [ 45.445024][ T3964] kthread+0x1ac/0x374 [ 45.446489][ T3964] kthread+0x37c/0x45c [ 45.448044][ T3964] ret_from_fork+0x10/0x20 [ 45.449602][ T3964] } [ 45.450270][ T3964] ... key at: [] noop_qdisc+0x108/0x320 [ 45.452210][ T3964] [ 45.452210][ T3964] the dependencies between the lock to be acquired [ 45.452217][ T3964] and SOFTIRQ-irq-unsafe lock: [ 45.455691][ T3964] -> (fs_reclaim){+.+.}-{0:0} { [ 45.456979][ T3964] HARDIRQ-ON-W at: [ 45.457998][ T3964] lock_acquire+0x240/0x77c [ 45.459581][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 45.461301][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 45.463011][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.464946][ T3964] init_rescuer+0xa4/0x264 [ 45.466526][ T3964] workqueue_init+0x2b4/0x640 [ 45.468151][ T3964] kernel_init_freeable+0x448/0x650 [ 45.469957][ T3964] kernel_init+0x24/0x294 [ 45.471529][ T3964] ret_from_fork+0x10/0x20 [ 45.473172][ T3964] SOFTIRQ-ON-W at: [ 45.474188][ T3964] lock_acquire+0x240/0x77c [ 45.475792][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 45.477507][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 45.479238][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.481133][ T3964] init_rescuer+0xa4/0x264 [ 45.482728][ T3964] workqueue_init+0x2b4/0x640 [ 45.484374][ T3964] kernel_init_freeable+0x448/0x650 [ 45.486184][ T3964] kernel_init+0x24/0x294 [ 45.487742][ T3964] ret_from_fork+0x10/0x20 [ 45.489340][ T3964] INITIAL USE at: [ 45.490350][ T3964] lock_acquire+0x240/0x77c [ 45.491956][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 45.493648][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 45.495336][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.497268][ T3964] init_rescuer+0xa4/0x264 [ 45.498818][ T3964] workqueue_init+0x2b4/0x640 [ 45.500447][ T3964] kernel_init_freeable+0x448/0x650 [ 45.502199][ T3964] kernel_init+0x24/0x294 [ 45.503739][ T3964] ret_from_fork+0x10/0x20 [ 45.505317][ T3964] } [ 45.505953][ T3964] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 45.508041][ T3964] ... acquired at: [ 45.509022][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 45.510334][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 45.511694][ T3964] __kmalloc_node+0xbc/0x5b8 [ 45.512927][ T3964] kvmalloc_node+0x88/0x204 [ 45.514114][ T3964] get_dist_table+0x9c/0x2a4 [ 45.515375][ T3964] netem_change+0x7cc/0x1a90 [ 45.516609][ T3964] netem_init+0x54/0xb8 [ 45.517735][ T3964] qdisc_create+0x6fc/0xf44 [ 45.518988][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 45.520311][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 45.521645][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 45.522931][ T3964] rtnetlink_rcv+0x28/0x38 [ 45.524152][ T3964] netlink_unicast+0x664/0x938 [ 45.525434][ T3964] netlink_sendmsg+0x844/0xb38 [ 45.526709][ T3964] ____sys_sendmsg+0x584/0x870 [ 45.528025][ T3964] ___sys_sendmsg+0x214/0x294 [ 45.529298][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.530656][ T3964] invoke_syscall+0x98/0x2b8 [ 45.531918][ T3964] el0_svc_common+0x138/0x258 [ 45.533129][ T3964] do_el0_svc+0x58/0x14c [ 45.534301][ T3964] el0_svc+0x7c/0x1f0 [ 45.535375][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 45.536755][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 45.537980][ T3964] [ 45.538580][ T3964] [ 45.538580][ T3964] stack backtrace: [ 45.540106][ T3964] CPU: 1 PID: 3964 Comm: syz-executor696 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 45.542828][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 45.545506][ T3964] Call trace: [ 45.546332][ T3964] dump_backtrace+0x0/0x530 [ 45.547509][ T3964] show_stack+0x2c/0x3c [ 45.548574][ T3964] dump_stack_lvl+0x108/0x170 [ 45.549798][ T3964] dump_stack+0x1c/0x58 [ 45.550883][ T3964] __lock_acquire+0x62b4/0x7620 [ 45.552160][ T3964] lock_acquire+0x240/0x77c [ 45.553354][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 45.554648][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 45.555910][ T3964] __kmalloc_node+0xbc/0x5b8 [ 45.557148][ T3964] kvmalloc_node+0x88/0x204 [ 45.558316][ T3964] get_dist_table+0x9c/0x2a4 [ 45.559529][ T3964] netem_change+0x7cc/0x1a90 [ 45.560752][ T3964] netem_init+0x54/0xb8 [ 45.561860][ T3964] qdisc_create+0x6fc/0xf44 [ 45.563047][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 45.564339][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 45.565660][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 45.566904][ T3964] rtnetlink_rcv+0x28/0x38 [ 45.568046][ T3964] netlink_unicast+0x664/0x938 [ 45.569238][ T3964] netlink_sendmsg+0x844/0xb38 [ 45.570461][ T3964] ____sys_sendmsg+0x584/0x870 [ 45.571681][ T3964] ___sys_sendmsg+0x214/0x294 [ 45.572877][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.574205][ T3964] invoke_syscall+0x98/0x2b8 [ 45.575371][ T3964] el0_svc_common+0x138/0x258 [ 45.576544][ T3964] do_el0_svc+0x58/0x14c [ 45.577682][ T3964] el0_svc+0x7c/0x1f0 [ 45.578716][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 45.580057][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 45.581291][ T3964] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 45.583709][ T3964] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3964, name: syz-executor696 [ 45.586068][ T3964] INFO: lockdep is turned off. [ 45.587246][ T3964] Preemption disabled at: [ 45.587257][ T3964] [] netem_change+0x22c/0x1a90 [ 45.589854][ T3964] CPU: 1 PID: 3964 Comm: syz-executor696 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 45.592436][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 45.594959][ T3964] Call trace: [ 45.595746][ T3964] dump_backtrace+0x0/0x530 [ 45.596868][ T3964] show_stack+0x2c/0x3c [ 45.597904][ T3964] dump_stack_lvl+0x108/0x170 [ 45.599123][ T3964] dump_stack+0x1c/0x58 [ 45.600172][ T3964] ___might_sleep+0x380/0x4dc [ 45.601362][ T3964] __might_sleep+0x98/0xf0 [ 45.602502][ T3964] slab_pre_alloc_hook+0x58/0xe8 [ 45.603790][ T3964] __kmalloc_node+0xbc/0x5b8 [ 45.605010][ T3964] kvmalloc_node+0x88/0x204 [ 45.606212][ T3964] get_dist_table+0x9c/0x2a4 [ 45.607378][ T3964] netem_change+0x7cc/0x1a90 [ 45.608636][ T3964] netem_init+0x54/0xb8 [ 45.609703][ T3964] qdisc_create+0x6fc/0xf44 [ 45.610863][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 45.612103][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 45.613349][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 45.614534][ T3964] rtnetlink_rcv+0x28/0x38 [ 45.615700][ T3964] netlink_unicast+0x664/0x938 [ 45.616945][ T3964] netlink_sendmsg+0x844/0xb38 [ 45.618171][ T3964] ____sys_sendmsg+0x584/0x870 [ 45.619434][ T3964] ___sys_sendmsg+0x214/0x294 [ 45.620688][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.622077][ T3964] invoke_syscall+0x98/0x2b8 [ 45.623277][ T3964] el0_svc_common+0x138/0x258 [ 45.624537][ T3964] do_el0_svc+0x58/0x14c [ 45.625606][ T3964] el0_svc+0x7c/0x1f0 [ 45.626652][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 45.627997][ T3964] el0t_64_sync+0x1a0/0x1a4