[ 10.257304][ T2657] 8021q: adding VLAN 0 to HW filter on device bond0 [ 10.260338][ T2657] eql: remember to turn off Van-Jacobson compression on your slave devices [ 10.285387][ T29] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 10.287040][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.75' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.030763][ T3078] [ 28.031439][ T3078] ======================================================== [ 28.033419][ T3078] WARNING: possible irq lock inversion dependency detected [ 28.035212][ T3078] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 28.037064][ T3078] -------------------------------------------------------- [ 28.038862][ T3078] syz-executor289/3078 just changed the state of lock: [ 28.040609][ T3078] ffff0000cb3f30b8 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 28.043157][ T3078] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 28.045288][ T3078] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 28.045297][ T3078] [ 28.045297][ T3078] [ 28.045297][ T3078] and interrupts could create inverse lock ordering between them. [ 28.045297][ T3078] [ 28.050825][ T3078] [ 28.050825][ T3078] other info that might help us debug this: [ 28.052909][ T3078] Possible interrupt unsafe locking scenario: [ 28.052909][ T3078] [ 28.054990][ T3078] CPU0 CPU1 [ 28.056449][ T3078] ---- ---- [ 28.057861][ T3078] lock(clock-AF_INET6); [ 28.059019][ T3078] local_irq_disable(); [ 28.060833][ T3078] lock(&tcp_hashinfo.bhash[i].lock); [ 28.062925][ T3078] lock(clock-AF_INET6); [ 28.064724][ T3078] [ 28.065649][ T3078] lock(&tcp_hashinfo.bhash[i].lock); [ 28.067094][ T3078] [ 28.067094][ T3078] *** DEADLOCK *** [ 28.067094][ T3078] [ 28.069248][ T3078] 1 lock held by syz-executor289/3078: [ 28.070640][ T3078] #0: ffff0000cb3dc930 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 28.073230][ T3078] [ 28.073230][ T3078] the shortest dependencies between 2nd lock and 1st lock: [ 28.075532][ T3078] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 28.077207][ T3078] HARDIRQ-ON-W at: [ 28.078258][ T3078] lock_acquire+0x100/0x1f8 [ 28.079924][ T3078] _raw_spin_lock_bh+0x54/0x6c [ 28.081623][ T3078] inet_csk_get_port+0xe0/0xaf0 [ 28.083284][ T3078] __inet6_bind+0x688/0x8ac [ 28.084918][ T3078] inet6_bind+0xf4/0x150 [ 28.086525][ T3078] rds_tcp_listen_init+0x14c/0x1f0 [ 28.088347][ T3078] rds_tcp_init_net+0xcc/0x1dc [ 28.089934][ T3078] ops_init+0xe4/0x2e4 [ 28.091478][ T3078] register_pernet_operations+0x108/0x264 [ 28.093396][ T3078] register_pernet_device+0x3c/0x94 [ 28.095223][ T3078] rds_tcp_init+0x74/0xe0 [ 28.096828][ T3078] do_one_initcall+0x118/0x22c [ 28.098377][ T3078] do_initcall_level+0xac/0xe4 [ 28.100077][ T3078] do_initcalls+0x58/0xa8 [ 28.101671][ T3078] do_basic_setup+0x20/0x2c [ 28.103167][ T3078] kernel_init_freeable+0xb8/0x148 [ 28.104994][ T3078] kernel_init+0x24/0x290 [ 28.106763][ T3078] ret_from_fork+0x10/0x20 [ 28.108432][ T3078] IN-SOFTIRQ-W at: [ 28.109531][ T3078] lock_acquire+0x100/0x1f8 [ 28.111204][ T3078] _raw_spin_lock+0x54/0x6c [ 28.112852][ T3078] __inet_inherit_port+0x124/0x9ac [ 28.114651][ T3078] tcp_v4_syn_recv_sock+0x790/0x848 [ 28.116618][ T3078] tcp_check_req+0x75c/0x8e4 [ 28.118398][ T3078] tcp_v4_rcv+0xad4/0x11e8 [ 28.120135][ T3078] ip_protocol_deliver_rcu+0x224/0x414 [ 28.122134][ T3078] ip_local_deliver_finish+0x124/0x200 [ 28.124032][ T3078] ip_local_deliver+0xd0/0xf4 [ 28.125750][ T3078] ip_sublist_rcv+0x40c/0x474 [ 28.127490][ T3078] ip_list_rcv+0x184/0x1c8 [ 28.129116][ T3078] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 28.131031][ T3078] __netif_receive_skb_list+0x16c/0x1d0 [ 28.132882][ T3078] netif_receive_skb_list_internal+0x1e8/0x340 [ 28.134983][ T3078] napi_complete_done+0x140/0x354 [ 28.136794][ T3078] gve_napi_poll+0xcc/0x1b4 [ 28.138440][ T3078] __napi_poll+0x5c/0x24c [ 28.140035][ T3078] napi_poll+0x110/0x484 [ 28.141603][ T3078] net_rx_action+0x18c/0x414 [ 28.143270][ T3078] _stext+0x168/0x37c [ 28.144759][ T3078] ____do_softirq+0x14/0x20 [ 28.146563][ T3078] call_on_irq_stack+0x2c/0x54 [ 28.148284][ T3078] do_softirq_own_stack+0x20/0x2c [ 28.149973][ T3078] invoke_softirq+0x70/0xbc [ 28.151656][ T3078] __irq_exit_rcu+0xf0/0x140 [ 28.153316][ T3078] irq_exit_rcu+0x10/0x40 [ 28.154906][ T3078] el1_interrupt+0x38/0x68 [ 28.156523][ T3078] el1h_64_irq_handler+0x18/0x24 [ 28.158281][ T3078] el1h_64_irq+0x64/0x68 [ 28.159903][ T3078] arch_local_irq_enable+0xc/0x18 [ 28.161704][ T3078] default_idle_call+0x48/0xb8 [ 28.163424][ T3078] do_idle+0x110/0x2d4 [ 28.164945][ T3078] cpu_startup_entry+0x24/0x28 [ 28.166601][ T3078] kernel_init+0x0/0x290 [ 28.168184][ T3078] start_kernel+0x0/0x620 [ 28.169774][ T3078] start_kernel+0x450/0x620 [ 28.171455][ T3078] __primary_switched+0xb4/0xbc [ 28.173185][ T3078] INITIAL USE at: [ 28.174199][ T3078] lock_acquire+0x100/0x1f8 [ 28.175917][ T3078] _raw_spin_lock_bh+0x54/0x6c [ 28.177627][ T3078] inet_csk_get_port+0xe0/0xaf0 [ 28.179326][ T3078] __inet6_bind+0x688/0x8ac [ 28.180919][ T3078] inet6_bind+0xf4/0x150 [ 28.182518][ T3078] rds_tcp_listen_init+0x14c/0x1f0 [ 28.184284][ T3078] rds_tcp_init_net+0xcc/0x1dc [ 28.186032][ T3078] ops_init+0xe4/0x2e4 [ 28.187741][ T3078] register_pernet_operations+0x108/0x264 [ 28.189445][ T3078] register_pernet_device+0x3c/0x94 [ 28.191223][ T3078] rds_tcp_init+0x74/0xe0 [ 28.192651][ T3078] do_one_initcall+0x118/0x22c [ 28.194340][ T3078] do_initcall_level+0xac/0xe4 [ 28.196224][ T3078] do_initcalls+0x58/0xa8 [ 28.197750][ T3078] do_basic_setup+0x20/0x2c [ 28.199347][ T3078] kernel_init_freeable+0xb8/0x148 [ 28.201105][ T3078] kernel_init+0x24/0x290 [ 28.202670][ T3078] ret_from_fork+0x10/0x20 [ 28.204279][ T3078] } [ 28.204920][ T3078] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 28.207045][ T3078] ... acquired at: [ 28.208035][ T3078] _raw_read_lock_bh+0x64/0x7c [ 28.209299][ T3078] sock_i_uid+0x24/0x58 [ 28.210448][ T3078] inet_csk_get_port+0x674/0xaf0 [ 28.211790][ T3078] __inet6_bind+0x688/0x8ac [ 28.212971][ T3078] inet6_bind+0xf4/0x150 [ 28.214119][ T3078] __sys_bind+0x148/0x1b0 [ 28.215293][ T3078] __arm64_sys_bind+0x28/0x3c [ 28.216556][ T3078] el0_svc_common+0x138/0x220 [ 28.217811][ T3078] do_el0_svc+0x48/0x164 [ 28.218978][ T3078] el0_svc+0x58/0x150 [ 28.219900][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 28.221227][ T3078] el0t_64_sync+0x190/0x194 [ 28.222568][ T3078] [ 28.223147][ T3078] -> (clock-AF_INET6){+++.}-{2:2} { [ 28.224479][ T3078] HARDIRQ-ON-W at: [ 28.225489][ T3078] lock_acquire+0x100/0x1f8 [ 28.227146][ T3078] _raw_write_lock_bh+0x54/0x6c [ 28.228825][ T3078] sk_common_release+0x58/0x1d4 [ 28.230648][ T3078] udp_lib_close+0x20/0x30 [ 28.232214][ T3078] inet_release+0xc8/0xe4 [ 28.233751][ T3078] inet6_release+0x3c/0x58 [ 28.235336][ T3078] sock_close+0x50/0xf0 [ 28.236839][ T3078] __fput+0x198/0x3e4 [ 28.238357][ T3078] ____fput+0x20/0x30 [ 28.239787][ T3078] task_work_run+0x100/0x148 [ 28.241448][ T3078] do_notify_resume+0x174/0x1f0 [ 28.243128][ T3078] el0_svc+0x9c/0x150 [ 28.244647][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 28.246503][ T3078] el0t_64_sync+0x190/0x194 [ 28.248114][ T3078] HARDIRQ-ON-R at: [ 28.249141][ T3078] lock_acquire+0x100/0x1f8 [ 28.250877][ T3078] _raw_read_lock_bh+0x64/0x7c [ 28.252530][ T3078] sock_i_uid+0x24/0x58 [ 28.254019][ T3078] udp_lib_lport_inuse+0x44/0x268 [ 28.255802][ T3078] udp_lib_get_port+0x2bc/0x8f8 [ 28.257596][ T3078] udp_v6_get_port+0x60/0x74 [ 28.259204][ T3078] __inet6_bind+0x688/0x8ac [ 28.260897][ T3078] inet6_bind+0xf4/0x150 [ 28.262454][ T3078] __sys_bind+0x148/0x1b0 [ 28.263986][ T3078] __arm64_sys_bind+0x28/0x3c [ 28.265592][ T3078] el0_svc_common+0x138/0x220 [ 28.267211][ T3078] do_el0_svc+0x48/0x164 [ 28.268700][ T3078] el0_svc+0x58/0x150 [ 28.270179][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 28.271890][ T3078] el0t_64_sync+0x190/0x194 [ 28.273475][ T3078] SOFTIRQ-ON-W at: [ 28.274484][ T3078] lock_acquire+0x100/0x1f8 [ 28.276146][ T3078] _raw_write_lock+0x54/0x6c [ 28.277763][ T3078] l2tp_tunnel_register+0x354/0x79c [ 28.279560][ T3078] pppol2tp_connect+0x3e8/0x6c4 [ 28.281235][ T3078] __sys_connect+0x184/0x190 [ 28.282879][ T3078] __arm64_sys_connect+0x28/0x3c [ 28.284534][ T3078] el0_svc_common+0x138/0x220 [ 28.286219][ T3078] do_el0_svc+0x48/0x164 [ 28.287636][ T3078] el0_svc+0x58/0x150 [ 28.288899][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 28.290421][ T3078] el0t_64_sync+0x190/0x194 [ 28.292025][ T3078] INITIAL USE at: [ 28.292998][ T3078] lock_acquire+0x100/0x1f8 [ 28.294547][ T3078] _raw_write_lock_bh+0x54/0x6c [ 28.296239][ T3078] sk_common_release+0x58/0x1d4 [ 28.297884][ T3078] udp_lib_close+0x20/0x30 [ 28.299460][ T3078] inet_release+0xc8/0xe4 [ 28.301000][ T3078] inet6_release+0x3c/0x58 [ 28.302526][ T3078] sock_close+0x50/0xf0 [ 28.304027][ T3078] __fput+0x198/0x3e4 [ 28.305380][ T3078] ____fput+0x20/0x30 [ 28.306756][ T3078] task_work_run+0x100/0x148 [ 28.308325][ T3078] do_notify_resume+0x174/0x1f0 [ 28.309963][ T3078] el0_svc+0x9c/0x150 [ 28.311421][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 28.313127][ T3078] el0t_64_sync+0x190/0x194 [ 28.314679][ T3078] INITIAL READ USE at: [ 28.315841][ T3078] lock_acquire+0x100/0x1f8 [ 28.317572][ T3078] _raw_read_lock_bh+0x64/0x7c [ 28.319318][ T3078] sock_i_uid+0x24/0x58 [ 28.320896][ T3078] udp_lib_lport_inuse+0x44/0x268 [ 28.322790][ T3078] udp_lib_get_port+0x2bc/0x8f8 [ 28.324566][ T3078] udp_v6_get_port+0x60/0x74 [ 28.326329][ T3078] __inet6_bind+0x688/0x8ac [ 28.328086][ T3078] inet6_bind+0xf4/0x150 [ 28.329679][ T3078] __sys_bind+0x148/0x1b0 [ 28.331326][ T3078] __arm64_sys_bind+0x28/0x3c [ 28.333058][ T3078] el0_svc_common+0x138/0x220 [ 28.334941][ T3078] do_el0_svc+0x48/0x164 [ 28.336605][ T3078] el0_svc+0x58/0x150 [ 28.338091][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 28.339799][ T3078] el0t_64_sync+0x190/0x194 [ 28.341472][ T3078] } [ 28.342151][ T3078] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 28.344244][ T3078] ... acquired at: [ 28.345237][ T3078] mark_lock+0x154/0x1b4 [ 28.346412][ T3078] __lock_acquire+0x618/0x3084 [ 28.347690][ T3078] lock_acquire+0x100/0x1f8 [ 28.348898][ T3078] _raw_write_lock+0x54/0x6c [ 28.350136][ T3078] l2tp_tunnel_register+0x354/0x79c [ 28.351479][ T3078] pppol2tp_connect+0x3e8/0x6c4 [ 28.352795][ T3078] __sys_connect+0x184/0x190 [ 28.354046][ T3078] __arm64_sys_connect+0x28/0x3c [ 28.355336][ T3078] el0_svc_common+0x138/0x220 [ 28.356721][ T3078] do_el0_svc+0x48/0x164 [ 28.357876][ T3078] el0_svc+0x58/0x150 [ 28.359055][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 28.360385][ T3078] el0t_64_sync+0x190/0x194 [ 28.361565][ T3078] [ 28.362138][ T3078] [ 28.362138][ T3078] stack backtrace: [ 28.363673][ T3078] CPU: 1 PID: 3078 Comm: syz-executor289 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 28.366425][ T3078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 28.369045][ T3078] Call trace: [ 28.369883][ T3078] dump_backtrace+0x1c4/0x1f0 [ 28.371068][ T3078] show_stack+0x2c/0x54 [ 28.372153][ T3078] dump_stack_lvl+0x104/0x16c [ 28.373316][ T3078] dump_stack+0x1c/0x58 [ 28.374645][ T3078] print_irq_inversion_bug+0x2f8/0x300 [ 28.376265][ T3078] mark_lock_irq+0x3ec/0x4b4 [ 28.377457][ T3078] mark_lock+0x154/0x1b4 [ 28.378518][ T3078] __lock_acquire+0x618/0x3084 [ 28.379730][ T3078] lock_acquire+0x100/0x1f8 [ 28.380855][ T3078] _raw_write_lock+0x54/0x6c [ 28.382026][ T3078] l2tp_tunnel_register+0x354/0x79c [ 28.383503][ T3078] pppol2tp_connect+0x3e8/0x6c4 [ 28.384743][ T3078] __sys_connect+0x184/0x190 [ 28.385943][ T3078] __arm64_sys_connect+0x28/0x3c [ 28.387326][ T3078] el0_svc_common+0x138/0x220 [ 28.388479][ T3078] do_el0_svc+0x48/0x164 [ 28.389513][ T3078] el0_svc+0x58/0x150 [ 28.390460][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 28.391730][ T3078] el0t_64_sync+0x190/0x194 [ 28.392999][ T3078] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 28.395619][ T3078] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3078, name: syz-executor289 [ 28.397950][ T3078] preempt_count: 1, expected: 0 [ 28.398998][ T3078] RCU nest depth: 0, expected: 0 [ 28.400148][ T3078] INFO: lockdep is turned off. [ 28.401306][ T3078] Preemption disabled at: [ 28.401311][ T3078] [] l2tp_tunnel_register+0x354/0x79c [ 28.404104][ T3078] CPU: 1 PID: 3078 Comm: syz-executor289 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 28.406714][ T3078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 28.409219][ T3078] Call trace: [ 28.410178][ T3078] dump_backtrace+0x1c4/0x1f0 [ 28.411355][ T3078] show_stack+0x2c/0x54 [ 28.412445][ T3078] dump_stack_lvl+0x104/0x16c [ 28.413639][ T3078] dump_stack+0x1c/0x58 [ 28.414740][ T3078] __might_resched+0x208/0x218 [ 28.416037][ T3078] __might_sleep+0x48/0x78 [ 28.417177][ T3078] cpus_read_lock+0x28/0x1e0 [ 28.418283][ T3078] static_key_slow_inc+0x1c/0x38 [ 28.419525][ T3078] udpv6_encap_enable+0x1c/0x28 [ 28.420735][ T3078] setup_udp_tunnel_sock+0xec/0x124 [ 28.422120][ T3078] l2tp_tunnel_register+0x68c/0x79c [ 28.423471][ T3078] pppol2tp_connect+0x3e8/0x6c4 [ 28.424714][ T3078] __sys_connect+0x184/0x190 [ 28.425862][ T3078] __arm64_sys_connect+0x28/0x3c [ 28.427121][ T3078] el0_svc_common+0x138/0x220 [ 28.428326][ T3078] do_el0_svc+0x48/0x164 [ 28.429400][ T3078] el0_svc+0x58/0x150 [ 28.430450][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 28.431763][ T3078] el0t_64_sync+0x190/0x194