[ 9.963056][ T2659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 9.973281][ T2659] eql: remember to turn off Van-Jacobson compression on your slave devices [ 10.000765][ T49] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 10.002298][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.897597][ T3080] [ 26.898041][ T3080] ======================================================== [ 26.899743][ T3080] WARNING: possible irq lock inversion dependency detected [ 26.901192][ T3080] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 26.902817][ T3080] -------------------------------------------------------- [ 26.904472][ T3080] syz-executor297/3080 just changed the state of lock: [ 26.905944][ T3080] ffff0000cb6521b8 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 26.908173][ T3080] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 26.910030][ T3080] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 26.910040][ T3080] [ 26.910040][ T3080] [ 26.910040][ T3080] and interrupts could create inverse lock ordering between them. [ 26.910040][ T3080] [ 26.914703][ T3080] [ 26.914703][ T3080] other info that might help us debug this: [ 26.916603][ T3080] Possible interrupt unsafe locking scenario: [ 26.916603][ T3080] [ 26.918613][ T3080] CPU0 CPU1 [ 26.919834][ T3080] ---- ---- [ 26.920969][ T3080] lock(clock-AF_INET6); [ 26.921966][ T3080] local_irq_disable(); [ 26.923444][ T3080] lock(&tcp_hashinfo.bhash[i].lock); [ 26.925279][ T3080] lock(clock-AF_INET6); [ 26.926751][ T3080] [ 26.927497][ T3080] lock(&tcp_hashinfo.bhash[i].lock); [ 26.928647][ T3080] [ 26.928647][ T3080] *** DEADLOCK *** [ 26.928647][ T3080] [ 26.930322][ T3080] 1 lock held by syz-executor297/3080: [ 26.931471][ T3080] #0: ffff0000c7d27930 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 26.933767][ T3080] [ 26.933767][ T3080] the shortest dependencies between 2nd lock and 1st lock: [ 26.935926][ T3080] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 26.937333][ T3080] HARDIRQ-ON-W at: [ 26.938214][ T3080] lock_acquire+0x100/0x1f8 [ 26.939688][ T3080] _raw_spin_lock_bh+0x54/0x6c [ 26.941046][ T3080] inet_csk_get_port+0xe0/0xaf0 [ 26.942579][ T3080] __inet6_bind+0x688/0x8ac [ 26.943907][ T3080] inet6_bind+0xf4/0x150 [ 26.945211][ T3080] rds_tcp_listen_init+0x14c/0x1f0 [ 26.946780][ T3080] rds_tcp_init_net+0xcc/0x1dc [ 26.948286][ T3080] ops_init+0xe4/0x2e4 [ 26.949591][ T3080] register_pernet_operations+0x108/0x264 [ 26.951213][ T3080] register_pernet_device+0x3c/0x94 [ 26.952764][ T3080] rds_tcp_init+0x74/0xe0 [ 26.954120][ T3080] do_one_initcall+0x118/0x22c [ 26.955518][ T3080] do_initcall_level+0xac/0xe4 [ 26.956730][ T3080] do_initcalls+0x58/0xa8 [ 26.957853][ T3080] do_basic_setup+0x20/0x2c [ 26.959009][ T3080] kernel_init_freeable+0xb8/0x148 [ 26.960279][ T3080] kernel_init+0x24/0x290 [ 26.961533][ T3080] ret_from_fork+0x10/0x20 [ 26.962651][ T3080] IN-SOFTIRQ-W at: [ 26.963372][ T3080] lock_acquire+0x100/0x1f8 [ 26.964534][ T3080] _raw_spin_lock+0x54/0x6c [ 26.965779][ T3080] __inet_inherit_port+0x124/0x9ac [ 26.967093][ T3080] tcp_v4_syn_recv_sock+0x790/0x848 [ 26.968641][ T3080] tcp_check_req+0x75c/0x8e4 [ 26.970254][ T3080] tcp_v4_rcv+0xad4/0x11e8 [ 26.971650][ T3080] ip_protocol_deliver_rcu+0x224/0x414 [ 26.973445][ T3080] ip_local_deliver_finish+0x124/0x200 [ 26.974858][ T3080] ip_local_deliver+0xd0/0xf4 [ 26.976277][ T3080] ip_sublist_rcv+0x40c/0x474 [ 26.977715][ T3080] ip_list_rcv+0x184/0x1c8 [ 26.978988][ T3080] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 26.980826][ T3080] __netif_receive_skb_list+0x16c/0x1d0 [ 26.982431][ T3080] netif_receive_skb_list_internal+0x1e8/0x340 [ 26.984316][ T3080] napi_complete_done+0x140/0x354 [ 26.985842][ T3080] gve_napi_poll+0xcc/0x1b4 [ 26.987104][ T3080] __napi_poll+0x5c/0x24c [ 26.988209][ T3080] napi_poll+0x110/0x484 [ 26.989555][ T3080] net_rx_action+0x18c/0x414 [ 26.991119][ T3080] _stext+0x168/0x37c [ 26.992471][ T3080] ____do_softirq+0x14/0x20 [ 26.993598][ T3080] call_on_irq_stack+0x2c/0x54 [ 26.994990][ T3080] do_softirq_own_stack+0x20/0x2c [ 26.996234][ T3080] invoke_softirq+0x70/0xbc [ 26.997665][ T3080] __irq_exit_rcu+0xf0/0x140 [ 26.999063][ T3080] irq_exit_rcu+0x10/0x40 [ 27.000447][ T3080] el1_interrupt+0x38/0x68 [ 27.001790][ T3080] el1h_64_irq_handler+0x18/0x24 [ 27.003297][ T3080] el1h_64_irq+0x64/0x68 [ 27.004779][ T3080] arch_local_irq_enable+0xc/0x18 [ 27.006421][ T3080] default_idle_call+0x48/0xb8 [ 27.007896][ T3080] do_idle+0x110/0x2d4 [ 27.009440][ T3080] cpu_startup_entry+0x24/0x28 [ 27.010857][ T3080] kernel_init+0x0/0x290 [ 27.012190][ T3080] start_kernel+0x0/0x620 [ 27.013704][ T3080] start_kernel+0x450/0x620 [ 27.015069][ T3080] __primary_switched+0xb4/0xbc [ 27.016618][ T3080] INITIAL USE at: [ 27.017516][ T3080] lock_acquire+0x100/0x1f8 [ 27.019071][ T3080] _raw_spin_lock_bh+0x54/0x6c [ 27.020630][ T3080] inet_csk_get_port+0xe0/0xaf0 [ 27.022321][ T3080] __inet6_bind+0x688/0x8ac [ 27.023731][ T3080] inet6_bind+0xf4/0x150 [ 27.025139][ T3080] rds_tcp_listen_init+0x14c/0x1f0 [ 27.026777][ T3080] rds_tcp_init_net+0xcc/0x1dc [ 27.028280][ T3080] ops_init+0xe4/0x2e4 [ 27.029563][ T3080] register_pernet_operations+0x108/0x264 [ 27.031110][ T3080] register_pernet_device+0x3c/0x94 [ 27.032456][ T3080] rds_tcp_init+0x74/0xe0 [ 27.033607][ T3080] do_one_initcall+0x118/0x22c [ 27.034841][ T3080] do_initcall_level+0xac/0xe4 [ 27.036283][ T3080] do_initcalls+0x58/0xa8 [ 27.037482][ T3080] do_basic_setup+0x20/0x2c [ 27.038776][ T3080] kernel_init_freeable+0xb8/0x148 [ 27.040312][ T3080] kernel_init+0x24/0x290 [ 27.041448][ T3080] ret_from_fork+0x10/0x20 [ 27.042564][ T3080] } [ 27.043021][ T3080] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 27.044477][ T3080] ... acquired at: [ 27.045181][ T3080] _raw_read_lock_bh+0x64/0x7c [ 27.046065][ T3080] sock_i_uid+0x24/0x58 [ 27.046948][ T3080] inet_csk_get_port+0x674/0xaf0 [ 27.048257][ T3080] __inet6_bind+0x688/0x8ac [ 27.049246][ T3080] inet6_bind+0xf4/0x150 [ 27.050253][ T3080] __sys_bind+0x148/0x1b0 [ 27.051355][ T3080] __arm64_sys_bind+0x28/0x3c [ 27.052460][ T3080] el0_svc_common+0x138/0x220 [ 27.053711][ T3080] do_el0_svc+0x48/0x164 [ 27.054746][ T3080] el0_svc+0x58/0x150 [ 27.055655][ T3080] el0t_64_sync_handler+0x84/0xf0 [ 27.056926][ T3080] el0t_64_sync+0x190/0x194 [ 27.058071][ T3080] [ 27.058649][ T3080] -> (clock-AF_INET6){+++.}-{2:2} { [ 27.059910][ T3080] HARDIRQ-ON-W at: [ 27.060922][ T3080] lock_acquire+0x100/0x1f8 [ 27.062357][ T3080] _raw_write_lock_bh+0x54/0x6c [ 27.063547][ T3080] sk_common_release+0x58/0x1d4 [ 27.064929][ T3080] udp_lib_close+0x20/0x30 [ 27.066361][ T3080] inet_release+0xc8/0xe4 [ 27.067702][ T3080] inet6_release+0x3c/0x58 [ 27.069154][ T3080] sock_close+0x50/0xf0 [ 27.070519][ T3080] __fput+0x198/0x3e4 [ 27.071846][ T3080] ____fput+0x20/0x30 [ 27.073155][ T3080] task_work_run+0x100/0x148 [ 27.074544][ T3080] do_notify_resume+0x174/0x1f0 [ 27.075859][ T3080] el0_svc+0x9c/0x150 [ 27.076860][ T3080] el0t_64_sync_handler+0x84/0xf0 [ 27.078079][ T3080] el0t_64_sync+0x190/0x194 [ 27.079260][ T3080] HARDIRQ-ON-R at: [ 27.079974][ T3080] lock_acquire+0x100/0x1f8 [ 27.081283][ T3080] _raw_read_lock_bh+0x64/0x7c [ 27.082825][ T3080] sock_i_uid+0x24/0x58 [ 27.084194][ T3080] udp_lib_lport_inuse+0x44/0x268 [ 27.085444][ T3080] udp_lib_get_port+0x2bc/0x8f8 [ 27.086634][ T3080] udp_v6_get_port+0x60/0x74 [ 27.087940][ T3080] __inet6_bind+0x688/0x8ac [ 27.089265][ T3080] inet6_bind+0xf4/0x150 [ 27.090600][ T3080] __sys_bind+0x148/0x1b0 [ 27.091985][ T3080] __arm64_sys_bind+0x28/0x3c [ 27.093476][ T3080] el0_svc_common+0x138/0x220 [ 27.094965][ T3080] do_el0_svc+0x48/0x164 [ 27.096368][ T3080] el0_svc+0x58/0x150 [ 27.097757][ T3080] el0t_64_sync_handler+0x84/0xf0 [ 27.099226][ T3080] el0t_64_sync+0x190/0x194 [ 27.100612][ T3080] SOFTIRQ-ON-W at: [ 27.101415][ T3080] lock_acquire+0x100/0x1f8 [ 27.102843][ T3080] _raw_write_lock+0x54/0x6c [ 27.104231][ T3080] l2tp_tunnel_register+0x354/0x79c [ 27.105465][ T3080] pppol2tp_connect+0x3e8/0x6c4 [ 27.106829][ T3080] __sys_connect+0x184/0x190 [ 27.108060][ T3080] __arm64_sys_connect+0x28/0x3c [ 27.109563][ T3080] el0_svc_common+0x138/0x220 [ 27.111180][ T3080] do_el0_svc+0x48/0x164 [ 27.112320][ T3080] el0_svc+0x58/0x150 [ 27.113520][ T3080] el0t_64_sync_handler+0x84/0xf0 [ 27.114955][ T3080] el0t_64_sync+0x190/0x194 [ 27.116172][ T3080] INITIAL USE at: [ 27.117054][ T3080] lock_acquire+0x100/0x1f8 [ 27.118426][ T3080] _raw_write_lock_bh+0x54/0x6c [ 27.119828][ T3080] sk_common_release+0x58/0x1d4 [ 27.121301][ T3080] udp_lib_close+0x20/0x30 [ 27.122649][ T3080] inet_release+0xc8/0xe4 [ 27.124006][ T3080] inet6_release+0x3c/0x58 [ 27.125317][ T3080] sock_close+0x50/0xf0 [ 27.126577][ T3080] __fput+0x198/0x3e4 [ 27.127718][ T3080] ____fput+0x20/0x30 [ 27.128714][ T3080] task_work_run+0x100/0x148 [ 27.129819][ T3080] do_notify_resume+0x174/0x1f0 [ 27.130970][ T3080] el0_svc+0x9c/0x150 [ 27.132130][ T3080] el0t_64_sync_handler+0x84/0xf0 [ 27.134338][ T3080] el0t_64_sync+0x190/0x194 [ 27.135717][ T3080] INITIAL READ USE at: [ 27.136798][ T3080] lock_acquire+0x100/0x1f8 [ 27.138371][ T3080] _raw_read_lock_bh+0x64/0x7c [ 27.139844][ T3080] sock_i_uid+0x24/0x58 [ 27.141336][ T3080] udp_lib_lport_inuse+0x44/0x268 [ 27.143203][ T3080] udp_lib_get_port+0x2bc/0x8f8 [ 27.144830][ T3080] udp_v6_get_port+0x60/0x74 [ 27.146417][ T3080] __inet6_bind+0x688/0x8ac [ 27.147939][ T3080] inet6_bind+0xf4/0x150 [ 27.149460][ T3080] __sys_bind+0x148/0x1b0 [ 27.150911][ T3080] __arm64_sys_bind+0x28/0x3c [ 27.152478][ T3080] el0_svc_common+0x138/0x220 [ 27.154047][ T3080] do_el0_svc+0x48/0x164 [ 27.155391][ T3080] el0_svc+0x58/0x150 [ 27.156721][ T3080] el0t_64_sync_handler+0x84/0xf0 [ 27.158285][ T3080] el0t_64_sync+0x190/0x194 [ 27.159483][ T3080] } [ 27.159985][ T3080] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 27.161625][ T3080] ... acquired at: [ 27.162344][ T3080] mark_lock+0x154/0x1b4 [ 27.163129][ T3080] __lock_acquire+0x618/0x3084 [ 27.164249][ T3080] lock_acquire+0x100/0x1f8 [ 27.165207][ T3080] _raw_write_lock+0x54/0x6c [ 27.166087][ T3080] l2tp_tunnel_register+0x354/0x79c [ 27.167049][ T3080] pppol2tp_connect+0x3e8/0x6c4 [ 27.168154][ T3080] __sys_connect+0x184/0x190 [ 27.169253][ T3080] __arm64_sys_connect+0x28/0x3c [ 27.170440][ T3080] el0_svc_common+0x138/0x220 [ 27.171523][ T3080] do_el0_svc+0x48/0x164 [ 27.172726][ T3080] el0_svc+0x58/0x150 [ 27.173669][ T3080] el0t_64_sync_handler+0x84/0xf0 [ 27.174821][ T3080] el0t_64_sync+0x190/0x194 [ 27.175927][ T3080] [ 27.176472][ T3080] [ 27.176472][ T3080] stack backtrace: [ 27.177795][ T3080] CPU: 0 PID: 3080 Comm: syz-executor297 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 27.180064][ T3080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 27.181881][ T3080] Call trace: [ 27.182493][ T3080] dump_backtrace+0x1c4/0x1f0 [ 27.183395][ T3080] show_stack+0x2c/0x54 [ 27.184335][ T3080] dump_stack_lvl+0x104/0x16c [ 27.185489][ T3080] dump_stack+0x1c/0x58 [ 27.186449][ T3080] print_irq_inversion_bug+0x2f8/0x300 [ 27.187530][ T3080] mark_lock_irq+0x3ec/0x4b4 [ 27.188584][ T3080] mark_lock+0x154/0x1b4 [ 27.189621][ T3080] __lock_acquire+0x618/0x3084 [ 27.190769][ T3080] lock_acquire+0x100/0x1f8 [ 27.191802][ T3080] _raw_write_lock+0x54/0x6c [ 27.192927][ T3080] l2tp_tunnel_register+0x354/0x79c [ 27.194067][ T3080] pppol2tp_connect+0x3e8/0x6c4 [ 27.195170][ T3080] __sys_connect+0x184/0x190 [ 27.196333][ T3080] __arm64_sys_connect+0x28/0x3c [ 27.197467][ T3080] el0_svc_common+0x138/0x220 [ 27.198527][ T3080] do_el0_svc+0x48/0x164 [ 27.199328][ T3080] el0_svc+0x58/0x150 [ 27.200079][ T3080] el0t_64_sync_handler+0x84/0xf0 [ 27.201243][ T3080] el0t_64_sync+0x190/0x194 [ 27.202523][ T3080] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 27.204480][ T3080] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3080, name: syz-executor297 [ 27.206139][ T3080] preempt_count: 1, expected: 0 [ 27.207094][ T3080] RCU nest depth: 0, expected: 0 [ 27.207997][ T3080] INFO: lockdep is turned off. [ 27.208942][ T3080] Preemption disabled at: [ 27.208948][ T3080] [] l2tp_tunnel_register+0x354/0x79c [ 27.211494][ T3080] CPU: 0 PID: 3080 Comm: syz-executor297 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 27.214022][ T3080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 27.216259][ T3080] Call trace: [ 27.217003][ T3080] dump_backtrace+0x1c4/0x1f0 [ 27.218062][ T3080] show_stack+0x2c/0x54 [ 27.218988][ T3080] dump_stack_lvl+0x104/0x16c [ 27.220168][ T3080] dump_stack+0x1c/0x58 [ 27.221110][ T3080] __might_resched+0x208/0x218 [ 27.222219][ T3080] __might_sleep+0x48/0x78 [ 27.223208][ T3080] cpus_read_lock+0x28/0x1e0 [ 27.224316][ T3080] static_key_slow_inc+0x1c/0x38 [ 27.225388][ T3080] udpv6_encap_enable+0x1c/0x28 [ 27.226526][ T3080] setup_udp_tunnel_sock+0xec/0x124 [ 27.227720][ T3080] l2tp_tunnel_register+0x68c/0x79c [ 27.228812][ T3080] pppol2tp_connect+0x3e8/0x6c4 [ 27.229709][ T3080] __sys_connect+0x184/0x190 [ 27.230647][ T3080] __arm64_sys_connect+0x28/0x3c [ 27.231803][ T3080] el0_svc_common+0x138/0x220 [ 27.232943][ T3080] do_el0_svc+0x48/0x164 [ 27.234021][ T3080] el0_svc+0x58/0x150 [ 27.234857][ T3080] el0t_64_sync_handler+0x84/0xf0 [ 27.235841][ T3080] el0t_64_sync+0x190/0x194