Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts. executing program [ 42.491485][ T3968] [ 42.492047][ T3968] ===================================================== [ 42.493423][ T3968] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 42.494860][ T3968] 5.15.119-syzkaller #0 Not tainted [ 42.495860][ T3968] ----------------------------------------------------- [ 42.497230][ T3968] syz-executor393/3968 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 42.498873][ T3968] ffff800014b75540 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 42.500663][ T3968] [ 42.500663][ T3968] and this task is already holding: [ 42.502175][ T3968] ffff800016a16748 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.504020][ T3968] which would create a new lock dependency: [ 42.505186][ T3968] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 42.506745][ T3968] [ 42.506745][ T3968] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 42.508643][ T3968] (noop_qdisc.q.lock){+.-.}-{2:2} [ 42.508660][ T3968] [ 42.508660][ T3968] ... which became SOFTIRQ-irq-safe at: [ 42.511306][ T3968] lock_acquire+0x240/0x77c [ 42.512251][ T3968] _raw_spin_lock+0xb0/0x10c [ 42.513280][ T3968] net_tx_action+0x634/0x884 [ 42.514204][ T3968] __do_softirq+0x344/0xe20 [ 42.515131][ T3968] run_ksoftirqd+0x68/0x258 [ 42.516043][ T3968] smpboot_thread_fn+0x4b0/0x920 [ 42.517090][ T3968] kthread+0x37c/0x45c [ 42.517951][ T3968] ret_from_fork+0x10/0x20 [ 42.518878][ T3968] [ 42.518878][ T3968] to a SOFTIRQ-irq-unsafe lock: [ 42.520310][ T3968] (fs_reclaim){+.+.}-{0:0} [ 42.520328][ T3968] [ 42.520328][ T3968] ... which became SOFTIRQ-irq-unsafe at: [ 42.522825][ T3968] ... [ 42.522831][ T3968] lock_acquire+0x240/0x77c [ 42.524325][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 42.525341][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 42.526413][ T3968] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.527591][ T3968] init_rescuer+0xa4/0x264 [ 42.528476][ T3968] workqueue_init+0x2b4/0x640 [ 42.529412][ T3968] kernel_init_freeable+0x448/0x650 [ 42.530491][ T3968] kernel_init+0x24/0x294 [ 42.531383][ T3968] ret_from_fork+0x10/0x20 [ 42.532335][ T3968] [ 42.532335][ T3968] other info that might help us debug this: [ 42.532335][ T3968] [ 42.534391][ T3968] Possible interrupt unsafe locking scenario: [ 42.534391][ T3968] [ 42.536143][ T3968] CPU0 CPU1 [ 42.537310][ T3968] ---- ---- [ 42.538423][ T3968] lock(fs_reclaim); [ 42.539330][ T3968] local_irq_disable(); [ 42.540732][ T3968] lock(noop_qdisc.q.lock); [ 42.542229][ T3968] lock(fs_reclaim); [ 42.543548][ T3968] [ 42.544283][ T3968] lock(noop_qdisc.q.lock); [ 42.545217][ T3968] [ 42.545217][ T3968] *** DEADLOCK *** [ 42.545217][ T3968] [ 42.546878][ T3968] 2 locks held by syz-executor393/3968: [ 42.547962][ T3968] #0: ffff8000169d6ea8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 42.549936][ T3968] #1: ffff800016a16748 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.551982][ T3968] [ 42.551982][ T3968] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 42.554032][ T3968] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 42.555193][ T3968] HARDIRQ-ON-W at: [ 42.556028][ T3968] lock_acquire+0x240/0x77c [ 42.557258][ T3968] _raw_spin_lock+0xb0/0x10c [ 42.558509][ T3968] __dev_queue_xmit+0x8d0/0x2a6c [ 42.559879][ T3968] dev_queue_xmit+0x24/0x34 [ 42.561081][ T3968] tx+0x8c/0x130 [ 42.562093][ T3968] kthread+0x1ac/0x374 [ 42.563297][ T3968] kthread+0x37c/0x45c [ 42.564403][ T3968] ret_from_fork+0x10/0x20 [ 42.565571][ T3968] IN-SOFTIRQ-W at: [ 42.566363][ T3968] lock_acquire+0x240/0x77c [ 42.567665][ T3968] _raw_spin_lock+0xb0/0x10c [ 42.568923][ T3968] net_tx_action+0x634/0x884 [ 42.570304][ T3968] __do_softirq+0x344/0xe20 [ 42.571574][ T3968] run_ksoftirqd+0x68/0x258 [ 42.572810][ T3968] smpboot_thread_fn+0x4b0/0x920 [ 42.574176][ T3968] kthread+0x37c/0x45c [ 42.575403][ T3968] ret_from_fork+0x10/0x20 [ 42.576650][ T3968] INITIAL USE at: [ 42.577393][ T3968] lock_acquire+0x240/0x77c [ 42.578623][ T3968] _raw_spin_lock+0xb0/0x10c [ 42.579806][ T3968] __dev_queue_xmit+0x8d0/0x2a6c [ 42.581122][ T3968] dev_queue_xmit+0x24/0x34 [ 42.582376][ T3968] tx+0x8c/0x130 [ 42.583477][ T3968] kthread+0x1ac/0x374 [ 42.584623][ T3968] kthread+0x37c/0x45c [ 42.585799][ T3968] ret_from_fork+0x10/0x20 [ 42.586981][ T3968] } [ 42.587480][ T3968] ... key at: [] noop_qdisc+0x108/0x320 [ 42.589012][ T3968] [ 42.589012][ T3968] the dependencies between the lock to be acquired [ 42.589019][ T3968] and SOFTIRQ-irq-unsafe lock: [ 42.591693][ T3968] -> (fs_reclaim){+.+.}-{0:0} { [ 42.592622][ T3968] HARDIRQ-ON-W at: [ 42.593432][ T3968] lock_acquire+0x240/0x77c [ 42.594688][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 42.596060][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 42.597387][ T3968] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.598862][ T3968] init_rescuer+0xa4/0x264 [ 42.600083][ T3968] workqueue_init+0x2b4/0x640 [ 42.601368][ T3968] kernel_init_freeable+0x448/0x650 [ 42.602779][ T3968] kernel_init+0x24/0x294 [ 42.604021][ T3968] ret_from_fork+0x10/0x20 [ 42.605262][ T3968] SOFTIRQ-ON-W at: [ 42.606039][ T3968] lock_acquire+0x240/0x77c [ 42.607339][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 42.608660][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 42.610013][ T3968] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.611452][ T3968] init_rescuer+0xa4/0x264 [ 42.612692][ T3968] workqueue_init+0x2b4/0x640 [ 42.614068][ T3968] kernel_init_freeable+0x448/0x650 [ 42.615582][ T3968] kernel_init+0x24/0x294 [ 42.616847][ T3968] ret_from_fork+0x10/0x20 [ 42.618087][ T3968] INITIAL USE at: [ 42.618894][ T3968] lock_acquire+0x240/0x77c [ 42.620155][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 42.621545][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 42.622882][ T3968] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.624407][ T3968] init_rescuer+0xa4/0x264 [ 42.625555][ T3968] workqueue_init+0x2b4/0x640 [ 42.626914][ T3968] kernel_init_freeable+0x448/0x650 [ 42.628258][ T3968] kernel_init+0x24/0x294 [ 42.629511][ T3968] ret_from_fork+0x10/0x20 [ 42.630738][ T3968] } [ 42.631294][ T3968] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 42.632974][ T3968] ... acquired at: [ 42.633786][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 42.634897][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 42.635980][ T3968] __kmalloc_node+0xbc/0x5b8 [ 42.636951][ T3968] kvmalloc_node+0x88/0x204 [ 42.637977][ T3968] get_dist_table+0x9c/0x2a4 [ 42.638993][ T3968] netem_change+0x820/0x1a90 [ 42.639916][ T3968] netem_init+0x54/0xb8 [ 42.640783][ T3968] qdisc_create+0x6fc/0xf44 [ 42.641785][ T3968] tc_modify_qdisc+0x8dc/0x1344 [ 42.642832][ T3968] rtnetlink_rcv_msg+0xa74/0xdac [ 42.643878][ T3968] netlink_rcv_skb+0x20c/0x3b8 [ 42.644903][ T3968] rtnetlink_rcv+0x28/0x38 [ 42.645870][ T3968] netlink_unicast+0x664/0x938 [ 42.646876][ T3968] netlink_sendmsg+0x844/0xb38 [ 42.647856][ T3968] ____sys_sendmsg+0x584/0x870 [ 42.648933][ T3968] ___sys_sendmsg+0x214/0x294 [ 42.649901][ T3968] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.651010][ T3968] invoke_syscall+0x98/0x2b8 [ 42.651950][ T3968] el0_svc_common+0x138/0x258 [ 42.652923][ T3968] do_el0_svc+0x58/0x14c [ 42.653811][ T3968] el0_svc+0x7c/0x1f0 [ 42.654673][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 42.655686][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 42.656636][ T3968] [ 42.657110][ T3968] [ 42.657110][ T3968] stack backtrace: [ 42.658290][ T3968] CPU: 1 PID: 3968 Comm: syz-executor393 Not tainted 5.15.119-syzkaller #0 [ 42.659971][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 42.662033][ T3968] Call trace: [ 42.662755][ T3968] dump_backtrace+0x0/0x530 [ 42.663642][ T3968] show_stack+0x2c/0x3c [ 42.664495][ T3968] dump_stack_lvl+0x108/0x170 [ 42.665469][ T3968] dump_stack+0x1c/0x58 [ 42.666332][ T3968] __lock_acquire+0x62b4/0x7620 [ 42.667333][ T3968] lock_acquire+0x240/0x77c [ 42.668194][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 42.669199][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 42.670166][ T3968] __kmalloc_node+0xbc/0x5b8 [ 42.671052][ T3968] kvmalloc_node+0x88/0x204 [ 42.671995][ T3968] get_dist_table+0x9c/0x2a4 [ 42.672946][ T3968] netem_change+0x820/0x1a90 [ 42.673874][ T3968] netem_init+0x54/0xb8 [ 42.674742][ T3968] qdisc_create+0x6fc/0xf44 [ 42.675685][ T3968] tc_modify_qdisc+0x8dc/0x1344 [ 42.676637][ T3968] rtnetlink_rcv_msg+0xa74/0xdac [ 42.677600][ T3968] netlink_rcv_skb+0x20c/0x3b8 [ 42.678597][ T3968] rtnetlink_rcv+0x28/0x38 [ 42.679478][ T3968] netlink_unicast+0x664/0x938 [ 42.680504][ T3968] netlink_sendmsg+0x844/0xb38 [ 42.681499][ T3968] ____sys_sendmsg+0x584/0x870 [ 42.682493][ T3968] ___sys_sendmsg+0x214/0x294 [ 42.683457][ T3968] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.684492][ T3968] invoke_syscall+0x98/0x2b8 [ 42.685445][ T3968] el0_svc_common+0x138/0x258 [ 42.686416][ T3968] do_el0_svc+0x58/0x14c [ 42.687352][ T3968] el0_svc+0x7c/0x1f0 [ 42.688180][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 42.689168][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 42.690149][ T3968] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 42.692031][ T3968] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3968, name: syz-executor393 [ 42.693916][ T3968] INFO: lockdep is turned off. [ 42.694881][ T3968] Preemption disabled at: [ 42.694892][ T3968] [] netem_change+0x22c/0x1a90 [ 42.697028][ T3968] CPU: 1 PID: 3968 Comm: syz-executor393 Not tainted 5.15.119-syzkaller #0 [ 42.698897][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 42.700908][ T3968] Call trace: [ 42.701594][ T3968] dump_backtrace+0x0/0x530 [ 42.702503][ T3968] show_stack+0x2c/0x3c [ 42.703378][ T3968] dump_stack_lvl+0x108/0x170 [ 42.704314][ T3968] dump_stack+0x1c/0x58 [ 42.705095][ T3968] ___might_sleep+0x380/0x4dc [ 42.706039][ T3968] __might_sleep+0x98/0xf0 [ 42.706997][ T3968] slab_pre_alloc_hook+0x58/0xe8 [ 42.708019][ T3968] __kmalloc_node+0xbc/0x5b8 [ 42.708975][ T3968] kvmalloc_node+0x88/0x204 [ 42.709939][ T3968] get_dist_table+0x9c/0x2a4 [ 42.710937][ T3968] netem_change+0x820/0x1a90 [ 42.711852][ T3968] netem_init+0x54/0xb8 [ 42.712684][ T3968] qdisc_create+0x6fc/0xf44 [ 42.713578][ T3968] tc_modify_qdisc+0x8dc/0x1344 [ 42.714573][ T3968] rtnetlink_rcv_msg+0xa74/0xdac [ 42.715592][ T3968] netlink_rcv_skb+0x20c/0x3b8 [ 42.716609][ T3968] rtnetlink_rcv+0x28/0x38 [ 42.717522][ T3968] netlink_unicast+0x664/0x938 [ 42.718532][ T3968] netlink_sendmsg+0x844/0xb38 [ 42.719521][ T3968] ____sys_sendmsg+0x584/0x870 [ 42.720552][ T3968] ___sys_sendmsg+0x214/0x294 [ 42.721476][ T3968] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.722505][ T3968] invoke_syscall+0x98/0x2b8 [ 42.723417][ T3968] el0_svc_common+0x138/0x258 [ 42.724386][ T3968] do_el0_svc+0x58/0x14c [ 42.725243][ T3968] el0_svc+0x7c/0x1f0 [ 42.726046][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 42.727071][ T3968] el0t_64_sync+0x1a0/0x1a4