Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.912540][ T3960] [ 42.913191][ T3960] ===================================================== [ 42.914584][ T3960] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 42.916101][ T3960] 5.15.119-syzkaller #0 Not tainted [ 42.917081][ T3960] ----------------------------------------------------- [ 42.918603][ T3960] syz-executor558/3960 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 42.920179][ T3960] ffff800014b75540 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 42.922048][ T3960] [ 42.922048][ T3960] and this task is already holding: [ 42.923593][ T3960] ffff0000cb09f108 (&sch->q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.925463][ T3960] which would create a new lock dependency: [ 42.926701][ T3960] (&sch->q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 42.928090][ T3960] [ 42.928090][ T3960] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 42.929991][ T3960] (&sch->q.lock){+.-.}-{2:2} [ 42.930009][ T3960] [ 42.930009][ T3960] ... which became SOFTIRQ-irq-safe at: [ 42.932580][ T3960] lock_acquire+0x240/0x77c [ 42.933516][ T3960] _raw_spin_lock+0xb0/0x10c [ 42.934518][ T3960] dev_requeue_skb+0x6d0/0x758 [ 42.935574][ T3960] sch_direct_xmit+0x278/0x484 [ 42.936554][ T3960] __dev_queue_xmit+0x14b4/0x2a6c [ 42.937727][ T3960] dev_queue_xmit+0x24/0x34 [ 42.938682][ T3960] lapbeth_data_transmit+0x1dc/0x294 [ 42.939772][ T3960] lapb_data_transmit+0x8c/0xb0 [ 42.940689][ T3960] lapb_transmit_buffer+0x178/0x204 [ 42.941806][ T3960] lapb_send_control+0x220/0x320 [ 42.942881][ T3960] lapb_t1timer_expiry+0x4f4/0x8bc [ 42.943957][ T3960] call_timer_fn+0x19c/0x8f0 [ 42.944937][ T3960] __run_timers+0x554/0x718 [ 42.945912][ T3960] run_timer_softirq+0x7c/0x114 [ 42.946901][ T3960] __do_softirq+0x344/0xe20 [ 42.947787][ T3960] __irq_exit_rcu+0x28c/0x534 [ 42.948779][ T3960] irq_exit+0x14/0x88 [ 42.949635][ T3960] handle_domain_irq+0xf4/0x178 [ 42.950584][ T3960] gic_handle_irq+0x78/0x1c8 [ 42.951511][ T3960] call_on_irq_stack+0x24/0x4c [ 42.952528][ T3960] do_interrupt_handler+0x74/0x94 [ 42.953566][ T3960] el1_interrupt+0x30/0x58 [ 42.954561][ T3960] el1h_64_irq_handler+0x18/0x24 [ 42.955651][ T3960] el1h_64_irq+0x78/0x7c [ 42.956556][ T3960] arch_local_irq_enable+0xc/0x18 [ 42.957632][ T3960] default_idle_call+0xcc/0x4a8 [ 42.958617][ T3960] do_idle+0x1d4/0x4dc [ 42.959445][ T3960] cpu_startup_entry+0x24/0x28 [ 42.960496][ T3960] secondary_start_kernel+0x240/0x298 [ 42.961668][ T3960] __secondary_switched+0x94/0x98 [ 42.962755][ T3960] [ 42.962755][ T3960] to a SOFTIRQ-irq-unsafe lock: [ 42.964210][ T3960] (fs_reclaim){+.+.}-{0:0} [ 42.964228][ T3960] [ 42.964228][ T3960] ... which became SOFTIRQ-irq-unsafe at: [ 42.966768][ T3960] ... [ 42.966774][ T3960] lock_acquire+0x240/0x77c [ 42.968271][ T3960] fs_reclaim_acquire+0xf0/0x1d0 [ 42.969330][ T3960] slab_pre_alloc_hook+0x38/0xe8 [ 42.970348][ T3960] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.971567][ T3960] init_rescuer+0xa4/0x264 [ 42.972425][ T3960] workqueue_init+0x2b4/0x640 [ 42.973422][ T3960] kernel_init_freeable+0x448/0x650 [ 42.974555][ T3960] kernel_init+0x24/0x294 [ 42.975471][ T3960] ret_from_fork+0x10/0x20 [ 42.976367][ T3960] [ 42.976367][ T3960] other info that might help us debug this: [ 42.976367][ T3960] [ 42.978357][ T3960] Possible interrupt unsafe locking scenario: [ 42.978357][ T3960] [ 42.980071][ T3960] CPU0 CPU1 [ 42.981173][ T3960] ---- ---- [ 42.982255][ T3960] lock(fs_reclaim); [ 42.983082][ T3960] local_irq_disable(); [ 42.984501][ T3960] lock(&sch->q.lock); [ 42.985865][ T3960] lock(fs_reclaim); [ 42.987199][ T3960] [ 42.987966][ T3960] lock(&sch->q.lock); [ 42.988859][ T3960] [ 42.988859][ T3960] *** DEADLOCK *** [ 42.988859][ T3960] [ 42.990580][ T3960] 2 locks held by syz-executor558/3960: [ 42.991693][ T3960] #0: ffff8000169d6ea8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 42.993625][ T3960] #1: ffff0000cb09f108 (&sch->q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.995572][ T3960] [ 42.995572][ T3960] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 42.997730][ T3960] -> (&sch->q.lock){+.-.}-{2:2} { [ 42.998873][ T3960] HARDIRQ-ON-W at: [ 42.999684][ T3960] lock_acquire+0x240/0x77c [ 43.000980][ T3960] _raw_spin_lock_bh+0x124/0x1c4 [ 43.002299][ T3960] dev_reset_queue+0xb4/0x190 [ 43.003554][ T3960] dev_deactivate_many+0x718/0xbe4 [ 43.004944][ T3960] dev_deactivate+0x13c/0x1fc [ 43.006352][ T3960] linkwatch_do_dev+0x2a8/0x3c8 [ 43.007687][ T3960] __linkwatch_run_queue+0x424/0x730 [ 43.009251][ T3960] linkwatch_event+0x58/0x68 [ 43.010521][ T3960] process_one_work+0x790/0x11b8 [ 43.011836][ T3960] worker_thread+0x910/0x1034 [ 43.013156][ T3960] kthread+0x37c/0x45c [ 43.014299][ T3960] ret_from_fork+0x10/0x20 [ 43.015532][ T3960] IN-SOFTIRQ-W at: [ 43.016384][ T3960] lock_acquire+0x240/0x77c [ 43.017628][ T3960] _raw_spin_lock+0xb0/0x10c [ 43.019033][ T3960] dev_requeue_skb+0x6d0/0x758 [ 43.020365][ T3960] sch_direct_xmit+0x278/0x484 [ 43.021690][ T3960] __dev_queue_xmit+0x14b4/0x2a6c [ 43.023071][ T3960] dev_queue_xmit+0x24/0x34 [ 43.024332][ T3960] lapbeth_data_transmit+0x1dc/0x294 [ 43.025783][ T3960] lapb_data_transmit+0x8c/0xb0 [ 43.027152][ T3960] lapb_transmit_buffer+0x178/0x204 [ 43.028569][ T3960] lapb_send_control+0x220/0x320 [ 43.029933][ T3960] lapb_t1timer_expiry+0x4f4/0x8bc [ 43.031408][ T3960] call_timer_fn+0x19c/0x8f0 [ 43.032703][ T3960] __run_timers+0x554/0x718 [ 43.034018][ T3960] run_timer_softirq+0x7c/0x114 [ 43.035285][ T3960] __do_softirq+0x344/0xe20 [ 43.036538][ T3960] __irq_exit_rcu+0x28c/0x534 [ 43.037873][ T3960] irq_exit+0x14/0x88 [ 43.039042][ T3960] handle_domain_irq+0xf4/0x178 [ 43.040376][ T3960] gic_handle_irq+0x78/0x1c8 [ 43.041745][ T3960] call_on_irq_stack+0x24/0x4c [ 43.043053][ T3960] do_interrupt_handler+0x74/0x94 [ 43.044589][ T3960] el1_interrupt+0x30/0x58 [ 43.045830][ T3960] el1h_64_irq_handler+0x18/0x24 [ 43.047196][ T3960] el1h_64_irq+0x78/0x7c [ 43.048446][ T3960] arch_local_irq_enable+0xc/0x18 [ 43.049816][ T3960] default_idle_call+0xcc/0x4a8 [ 43.051238][ T3960] do_idle+0x1d4/0x4dc [ 43.052379][ T3960] cpu_startup_entry+0x24/0x28 [ 43.053807][ T3960] secondary_start_kernel+0x240/0x298 [ 43.055235][ T3960] __secondary_switched+0x94/0x98 [ 43.056693][ T3960] INITIAL USE at: [ 43.057488][ T3960] lock_acquire+0x240/0x77c [ 43.058751][ T3960] _raw_spin_lock_bh+0x124/0x1c4 [ 43.060156][ T3960] dev_reset_queue+0xb4/0x190 [ 43.061451][ T3960] dev_deactivate_many+0x718/0xbe4 [ 43.062839][ T3960] dev_deactivate+0x13c/0x1fc [ 43.064115][ T3960] linkwatch_do_dev+0x2a8/0x3c8 [ 43.065530][ T3960] __linkwatch_run_queue+0x424/0x730 [ 43.066937][ T3960] linkwatch_event+0x58/0x68 [ 43.068183][ T3960] process_one_work+0x790/0x11b8 [ 43.069519][ T3960] worker_thread+0x910/0x1034 [ 43.070826][ T3960] kthread+0x37c/0x45c [ 43.071907][ T3960] ret_from_fork+0x10/0x20 [ 43.073094][ T3960] } [ 43.073626][ T3960] ... key at: [] qdisc_alloc.__key+0x0/0x20 [ 43.075190][ T3960] [ 43.075190][ T3960] the dependencies between the lock to be acquired [ 43.075197][ T3960] and SOFTIRQ-irq-unsafe lock: [ 43.077933][ T3960] -> (fs_reclaim){+.+.}-{0:0} { [ 43.078925][ T3960] HARDIRQ-ON-W at: [ 43.079751][ T3960] lock_acquire+0x240/0x77c [ 43.081028][ T3960] fs_reclaim_acquire+0xf0/0x1d0 [ 43.082353][ T3960] slab_pre_alloc_hook+0x38/0xe8 [ 43.083718][ T3960] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 43.085225][ T3960] init_rescuer+0xa4/0x264 [ 43.086414][ T3960] workqueue_init+0x2b4/0x640 [ 43.087729][ T3960] kernel_init_freeable+0x448/0x650 [ 43.089211][ T3960] kernel_init+0x24/0x294 [ 43.090483][ T3960] ret_from_fork+0x10/0x20 [ 43.091711][ T3960] SOFTIRQ-ON-W at: [ 43.092499][ T3960] lock_acquire+0x240/0x77c [ 43.093750][ T3960] fs_reclaim_acquire+0xf0/0x1d0 [ 43.095128][ T3960] slab_pre_alloc_hook+0x38/0xe8 [ 43.096590][ T3960] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 43.098086][ T3960] init_rescuer+0xa4/0x264 [ 43.099259][ T3960] workqueue_init+0x2b4/0x640 [ 43.100521][ T3960] kernel_init_freeable+0x448/0x650 [ 43.101937][ T3960] kernel_init+0x24/0x294 [ 43.103160][ T3960] ret_from_fork+0x10/0x20 [ 43.104375][ T3960] INITIAL USE at: [ 43.105157][ T3960] lock_acquire+0x240/0x77c [ 43.106444][ T3960] fs_reclaim_acquire+0xf0/0x1d0 [ 43.107811][ T3960] slab_pre_alloc_hook+0x38/0xe8 [ 43.109163][ T3960] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 43.110728][ T3960] init_rescuer+0xa4/0x264 [ 43.111899][ T3960] workqueue_init+0x2b4/0x640 [ 43.113127][ T3960] kernel_init_freeable+0x448/0x650 [ 43.114515][ T3960] kernel_init+0x24/0x294 [ 43.115675][ T3960] ret_from_fork+0x10/0x20 [ 43.116944][ T3960] } [ 43.117506][ T3960] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 43.119138][ T3960] ... acquired at: [ 43.119893][ T3960] fs_reclaim_acquire+0xf0/0x1d0 [ 43.121078][ T3960] slab_pre_alloc_hook+0x38/0xe8 [ 43.122068][ T3960] __kmalloc_node+0xbc/0x5b8 [ 43.123044][ T3960] kvmalloc_node+0x88/0x204 [ 43.124128][ T3960] get_dist_table+0x9c/0x2a4 [ 43.125160][ T3960] netem_change+0x820/0x1a90 [ 43.126212][ T3960] netem_init+0x54/0xb8 [ 43.127088][ T3960] qdisc_create+0x6fc/0xf44 [ 43.127999][ T3960] tc_modify_qdisc+0x8dc/0x1344 [ 43.128995][ T3960] rtnetlink_rcv_msg+0xa74/0xdac [ 43.130095][ T3960] netlink_rcv_skb+0x20c/0x3b8 [ 43.131121][ T3960] rtnetlink_rcv+0x28/0x38 [ 43.132152][ T3960] netlink_unicast+0x664/0x938 [ 43.133243][ T3960] netlink_sendmsg+0x844/0xb38 [ 43.134226][ T3960] ____sys_sendmsg+0x584/0x870 [ 43.135247][ T3960] ___sys_sendmsg+0x214/0x294 [ 43.136128][ T3960] __arm64_sys_sendmsg+0x1ac/0x25c [ 43.137259][ T3960] invoke_syscall+0x98/0x2b8 [ 43.138264][ T3960] el0_svc_common+0x138/0x258 [ 43.139239][ T3960] do_el0_svc+0x58/0x14c [ 43.140155][ T3960] el0_svc+0x7c/0x1f0 [ 43.141022][ T3960] el0t_64_sync_handler+0x84/0xe4 [ 43.142115][ T3960] el0t_64_sync+0x1a0/0x1a4 [ 43.143043][ T3960] [ 43.143524][ T3960] [ 43.143524][ T3960] stack backtrace: [ 43.144720][ T3960] CPU: 1 PID: 3960 Comm: syz-executor558 Not tainted 5.15.119-syzkaller #0 [ 43.146546][ T3960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 43.148669][ T3960] Call trace: [ 43.149395][ T3960] dump_backtrace+0x0/0x530 [ 43.150374][ T3960] show_stack+0x2c/0x3c [ 43.151290][ T3960] dump_stack_lvl+0x108/0x170 [ 43.152241][ T3960] dump_stack+0x1c/0x58 [ 43.153079][ T3960] __lock_acquire+0x62b4/0x7620 [ 43.154103][ T3960] lock_acquire+0x240/0x77c [ 43.155046][ T3960] fs_reclaim_acquire+0xf0/0x1d0 [ 43.155990][ T3960] slab_pre_alloc_hook+0x38/0xe8 [ 43.157026][ T3960] __kmalloc_node+0xbc/0x5b8 [ 43.157969][ T3960] kvmalloc_node+0x88/0x204 [ 43.158978][ T3960] get_dist_table+0x9c/0x2a4 [ 43.159906][ T3960] netem_change+0x820/0x1a90 [ 43.160917][ T3960] netem_init+0x54/0xb8 [ 43.161800][ T3960] qdisc_create+0x6fc/0xf44 [ 43.162687][ T3960] tc_modify_qdisc+0x8dc/0x1344 [ 43.163654][ T3960] rtnetlink_rcv_msg+0xa74/0xdac [ 43.164655][ T3960] netlink_rcv_skb+0x20c/0x3b8 [ 43.165587][ T3960] rtnetlink_rcv+0x28/0x38 [ 43.166469][ T3960] netlink_unicast+0x664/0x938 [ 43.167445][ T3960] netlink_sendmsg+0x844/0xb38 [ 43.168420][ T3960] ____sys_sendmsg+0x584/0x870 [ 43.169398][ T3960] ___sys_sendmsg+0x214/0x294 [ 43.170335][ T3960] __arm64_sys_sendmsg+0x1ac/0x25c [ 43.171370][ T3960] invoke_syscall+0x98/0x2b8 [ 43.172281][ T3960] el0_svc_common+0x138/0x258 [ 43.173247][ T3960] do_el0_svc+0x58/0x14c [ 43.174143][ T3960] el0_svc+0x7c/0x1f0 [ 43.174988][ T3960] el0t_64_sync_handler+0x84/0xe4 [ 43.176050][ T3960] el0t_64_sync+0x1a0/0x1a4 [ 43.177067][ T3960] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 43.179000][ T3960] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3960, name: syz-executor558 [ 43.181003][ T3960] INFO: lockdep is turned off. [ 43.182029][ T3960] Preemption disabled at: [ 43.182040][ T3960] [] netem_change+0x22c/0x1a90 [ 43.184159][ T3960] CPU: 1 PID: 3960 Comm: syz-executor558 Not tainted 5.15.119-syzkaller #0 [ 43.185838][ T3960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 43.187932][ T3960] Call trace: [ 43.188615][ T3960] dump_backtrace+0x0/0x530 [ 43.189476][ T3960] show_stack+0x2c/0x3c [ 43.190276][ T3960] dump_stack_lvl+0x108/0x170 [ 43.191275][ T3960] dump_stack+0x1c/0x58 [ 43.192123][ T3960] ___might_sleep+0x380/0x4dc [ 43.193076][ T3960] __might_sleep+0x98/0xf0 [ 43.194004][ T3960] slab_pre_alloc_hook+0x58/0xe8 [ 43.195024][ T3960] __kmalloc_node+0xbc/0x5b8 [ 43.196013][ T3960] kvmalloc_node+0x88/0x204 [ 43.196939][ T3960] get_dist_table+0x9c/0x2a4 [ 43.197934][ T3960] netem_change+0x820/0x1a90 [ 43.198993][ T3960] netem_init+0x54/0xb8 [ 43.199875][ T3960] qdisc_create+0x6fc/0xf44 [ 43.200779][ T3960] tc_modify_qdisc+0x8dc/0x1344 [ 43.201784][ T3960] rtnetlink_rcv_msg+0xa74/0xdac [ 43.202827][ T3960] netlink_rcv_skb+0x20c/0x3b8 [ 43.203801][ T3960] rtnetlink_rcv+0x28/0x38 [ 43.204724][ T3960] netlink_unicast+0x664/0x938 [ 43.205684][ T3960] netlink_sendmsg+0x844/0xb38 [ 43.206621][ T3960] ____sys_sendmsg+0x584/0x870 [ 43.207637][ T3960] ___sys_sendmsg+0x214/0x294 [ 43.208607][ T3960] __arm64_sys_sendmsg+0x1ac/0x25c [ 43.209714][ T3960] invoke_syscall+0x98/0x2b8 [ 43.210705][ T3960] el0_svc_common+0x138/0x258 [ 43.211680][ T3960] do_el0_svc+0x58/0x14c [ 43.212569][ T3960] el0_svc+0x7c/0x1f0 [ 43.213382][ T3960] el0t_64_sync_handler+0x84/0xe4 [ 43.214357][ T3960] el0t_64_sync+0x1a0/0x1a4