[ 9.860254][ T2658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 9.865271][ T2658] eql: remember to turn off Van-Jacobson compression on your slave devices [ 9.896300][ T49] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 9.898024][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.38' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.221381][ T3079] [ 33.222074][ T3079] ======================================================== [ 33.223994][ T3079] WARNING: possible irq lock inversion dependency detected [ 33.225943][ T3079] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 33.227756][ T3079] -------------------------------------------------------- [ 33.229643][ T3079] syz-executor373/3079 just changed the state of lock: [ 33.231480][ T3079] ffff0000cab2c738 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 33.234068][ T3079] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 33.236216][ T3079] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 33.236225][ T3079] [ 33.236225][ T3079] [ 33.236225][ T3079] and interrupts could create inverse lock ordering between them. [ 33.236225][ T3079] [ 33.241668][ T3079] [ 33.241668][ T3079] other info that might help us debug this: [ 33.243818][ T3079] Possible interrupt unsafe locking scenario: [ 33.243818][ T3079] [ 33.246026][ T3079] CPU0 CPU1 [ 33.247457][ T3079] ---- ---- [ 33.248885][ T3079] lock(clock-AF_INET6); [ 33.250048][ T3079] local_irq_disable(); [ 33.251877][ T3079] lock(&tcp_hashinfo.bhash[i].lock); [ 33.253997][ T3079] lock(clock-AF_INET6); [ 33.255830][ T3079] [ 33.256740][ T3079] lock(&tcp_hashinfo.bhash[i].lock); [ 33.258213][ T3079] [ 33.258213][ T3079] *** DEADLOCK *** [ 33.258213][ T3079] [ 33.260388][ T3079] 1 lock held by syz-executor373/3079: [ 33.261861][ T3079] #0: ffff0000cb64b130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 33.264512][ T3079] [ 33.264512][ T3079] the shortest dependencies between 2nd lock and 1st lock: [ 33.267017][ T3079] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 33.268719][ T3079] HARDIRQ-ON-W at: [ 33.269794][ T3079] lock_acquire+0x100/0x1f8 [ 33.271531][ T3079] _raw_spin_lock_bh+0x54/0x6c [ 33.273323][ T3079] inet_csk_get_port+0xe0/0xaf0 [ 33.275117][ T3079] __inet6_bind+0x688/0x8ac [ 33.276781][ T3079] inet6_bind+0xf4/0x150 [ 33.278415][ T3079] rds_tcp_listen_init+0x14c/0x1f0 [ 33.280260][ T3079] rds_tcp_init_net+0xcc/0x1dc [ 33.282068][ T3079] ops_init+0xe4/0x2e4 [ 33.283664][ T3079] register_pernet_operations+0x108/0x264 [ 33.285745][ T3079] register_pernet_device+0x3c/0x94 [ 33.287634][ T3079] rds_tcp_init+0x74/0xe0 [ 33.289360][ T3079] do_one_initcall+0x118/0x22c [ 33.291060][ T3079] do_initcall_level+0xac/0xe4 [ 33.292767][ T3079] do_initcalls+0x58/0xa8 [ 33.294553][ T3079] do_basic_setup+0x20/0x2c [ 33.296265][ T3079] kernel_init_freeable+0xb8/0x148 [ 33.298136][ T3079] kernel_init+0x24/0x290 [ 33.299790][ T3079] ret_from_fork+0x10/0x20 [ 33.301458][ T3079] IN-SOFTIRQ-W at: [ 33.302555][ T3079] lock_acquire+0x100/0x1f8 [ 33.304261][ T3079] _raw_spin_lock+0x54/0x6c [ 33.305995][ T3079] __inet_inherit_port+0x124/0x9ac [ 33.307809][ T3079] tcp_v4_syn_recv_sock+0x790/0x848 [ 33.309692][ T3079] tcp_check_req+0x75c/0x8e4 [ 33.311408][ T3079] tcp_v4_rcv+0xad4/0x11e8 [ 33.313043][ T3079] ip_protocol_deliver_rcu+0x224/0x414 [ 33.314977][ T3079] ip_local_deliver_finish+0x124/0x200 [ 33.316915][ T3079] ip_local_deliver+0xd0/0xf4 [ 33.318622][ T3079] ip_sublist_rcv+0x40c/0x474 [ 33.320346][ T3079] ip_list_rcv+0x184/0x1c8 [ 33.321998][ T3079] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 33.324046][ T3079] __netif_receive_skb_list+0x16c/0x1d0 [ 33.326151][ T3079] netif_receive_skb_list_internal+0x1e8/0x340 [ 33.328264][ T3079] napi_complete_done+0x140/0x354 [ 33.330090][ T3079] gve_napi_poll+0xcc/0x1b4 [ 33.331749][ T3079] __napi_poll+0x5c/0x24c [ 33.333340][ T3079] napi_poll+0x110/0x484 [ 33.334921][ T3079] net_rx_action+0x18c/0x414 [ 33.336608][ T3079] _stext+0x168/0x37c [ 33.338147][ T3079] ____do_softirq+0x14/0x20 [ 33.339855][ T3079] call_on_irq_stack+0x2c/0x54 [ 33.341558][ T3079] do_softirq_own_stack+0x20/0x2c [ 33.343363][ T3079] invoke_softirq+0x70/0xbc [ 33.345103][ T3079] __irq_exit_rcu+0xf0/0x140 [ 33.346806][ T3079] irq_exit_rcu+0x10/0x40 [ 33.348497][ T3079] el1_interrupt+0x38/0x68 [ 33.350218][ T3079] el1h_64_irq_handler+0x18/0x24 [ 33.352027][ T3079] el1h_64_irq+0x64/0x68 [ 33.353619][ T3079] _raw_spin_unlock_irqrestore+0x58/0x8c [ 33.355651][ T3079] debug_check_no_obj_freed+0x294/0x2b0 [ 33.357651][ T3079] kmem_cache_free+0x160/0x3a4 [ 33.359402][ T3079] vm_area_free+0x38/0xe8 [ 33.361121][ T3079] exit_mmap+0x1f0/0x390 [ 33.362717][ T3079] __mmput+0x90/0x204 [ 33.364246][ T3079] mmput+0x64/0xa0 [ 33.365706][ T3079] exit_mm+0x16c/0x1c0 [ 33.367225][ T3079] do_exit+0x264/0xcac [ 33.368816][ T3079] __arm64_sys_exit_group+0x0/0x18 [ 33.370653][ T3079] __wake_up_parent+0x0/0x40 [ 33.372351][ T3079] el0_svc_common+0x138/0x220 [ 33.374067][ T3079] do_el0_svc+0x48/0x164 [ 33.375689][ T3079] el0_svc+0x58/0x150 [ 33.377215][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 33.379034][ T3079] el0t_64_sync+0x190/0x194 [ 33.380711][ T3079] INITIAL USE at: [ 33.381756][ T3079] lock_acquire+0x100/0x1f8 [ 33.383436][ T3079] _raw_spin_lock_bh+0x54/0x6c [ 33.385137][ T3079] inet_csk_get_port+0xe0/0xaf0 [ 33.386867][ T3079] __inet6_bind+0x688/0x8ac [ 33.388511][ T3079] inet6_bind+0xf4/0x150 [ 33.390086][ T3079] rds_tcp_listen_init+0x14c/0x1f0 [ 33.391964][ T3079] rds_tcp_init_net+0xcc/0x1dc [ 33.393731][ T3079] ops_init+0xe4/0x2e4 [ 33.395263][ T3079] register_pernet_operations+0x108/0x264 [ 33.397255][ T3079] register_pernet_device+0x3c/0x94 [ 33.399110][ T3079] rds_tcp_init+0x74/0xe0 [ 33.400701][ T3079] do_one_initcall+0x118/0x22c [ 33.402476][ T3079] do_initcall_level+0xac/0xe4 [ 33.404217][ T3079] do_initcalls+0x58/0xa8 [ 33.405842][ T3079] do_basic_setup+0x20/0x2c [ 33.407482][ T3079] kernel_init_freeable+0xb8/0x148 [ 33.409343][ T3079] kernel_init+0x24/0x290 [ 33.410974][ T3079] ret_from_fork+0x10/0x20 [ 33.412594][ T3079] } [ 33.413271][ T3079] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 33.415479][ T3079] ... acquired at: [ 33.416518][ T3079] _raw_read_lock_bh+0x64/0x7c [ 33.417819][ T3079] sock_i_uid+0x24/0x58 [ 33.418948][ T3079] inet_csk_get_port+0x674/0xaf0 [ 33.420288][ T3079] __inet6_bind+0x688/0x8ac [ 33.421536][ T3079] inet6_bind+0xf4/0x150 [ 33.422674][ T3079] __sys_bind+0x148/0x1b0 [ 33.423861][ T3079] __arm64_sys_bind+0x28/0x3c [ 33.425146][ T3079] el0_svc_common+0x138/0x220 [ 33.426417][ T3079] do_el0_svc+0x48/0x164 [ 33.427613][ T3079] el0_svc+0x58/0x150 [ 33.428719][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 33.430227][ T3079] el0t_64_sync+0x190/0x194 [ 33.431492][ T3079] [ 33.432097][ T3079] -> (clock-AF_INET6){+++.}-{2:2} { [ 33.433632][ T3079] HARDIRQ-ON-W at: [ 33.434692][ T3079] lock_acquire+0x100/0x1f8 [ 33.436351][ T3079] _raw_write_lock_bh+0x54/0x6c [ 33.438153][ T3079] sk_common_release+0x58/0x1d4 [ 33.439900][ T3079] udp_lib_close+0x20/0x30 [ 33.441522][ T3079] inet_release+0xc8/0xe4 [ 33.443074][ T3079] inet6_release+0x3c/0x58 [ 33.444678][ T3079] sock_close+0x50/0xf0 [ 33.446202][ T3079] __fput+0x198/0x3e4 [ 33.447736][ T3079] ____fput+0x20/0x30 [ 33.449228][ T3079] task_work_run+0x100/0x148 [ 33.450916][ T3079] do_notify_resume+0x174/0x1f0 [ 33.452612][ T3079] el0_svc+0x9c/0x150 [ 33.454127][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 33.455933][ T3079] el0t_64_sync+0x190/0x194 [ 33.457565][ T3079] HARDIRQ-ON-R at: [ 33.458631][ T3079] lock_acquire+0x100/0x1f8 [ 33.460439][ T3079] _raw_read_lock_bh+0x64/0x7c [ 33.462152][ T3079] sock_i_uid+0x24/0x58 [ 33.463767][ T3079] udp_lib_lport_inuse+0x44/0x268 [ 33.465570][ T3079] udp_lib_get_port+0x2bc/0x8f8 [ 33.467290][ T3079] udp_v6_get_port+0x60/0x74 [ 33.468950][ T3079] __inet6_bind+0x688/0x8ac [ 33.470587][ T3079] inet6_bind+0xf4/0x150 [ 33.472143][ T3079] __sys_bind+0x148/0x1b0 [ 33.473708][ T3079] __arm64_sys_bind+0x28/0x3c [ 33.475383][ T3079] el0_svc_common+0x138/0x220 [ 33.477049][ T3079] do_el0_svc+0x48/0x164 [ 33.478580][ T3079] el0_svc+0x58/0x150 [ 33.480064][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 33.481876][ T3079] el0t_64_sync+0x190/0x194 [ 33.483504][ T3079] SOFTIRQ-ON-W at: [ 33.484562][ T3079] lock_acquire+0x100/0x1f8 [ 33.486184][ T3079] _raw_write_lock+0x54/0x6c [ 33.487852][ T3079] l2tp_tunnel_register+0x354/0x79c [ 33.489692][ T3079] pppol2tp_connect+0x3e8/0x6c4 [ 33.491451][ T3079] __sys_connect+0x184/0x190 [ 33.493119][ T3079] __arm64_sys_connect+0x28/0x3c [ 33.494877][ T3079] el0_svc_common+0x138/0x220 [ 33.496533][ T3079] do_el0_svc+0x48/0x164 [ 33.498197][ T3079] el0_svc+0x58/0x150 [ 33.499694][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 33.501486][ T3079] el0t_64_sync+0x190/0x194 [ 33.503139][ T3079] INITIAL USE at: [ 33.504217][ T3079] lock_acquire+0x100/0x1f8 [ 33.505842][ T3079] _raw_write_lock_bh+0x54/0x6c [ 33.507529][ T3079] sk_common_release+0x58/0x1d4 [ 33.509222][ T3079] udp_lib_close+0x20/0x30 [ 33.510929][ T3079] inet_release+0xc8/0xe4 [ 33.512523][ T3079] inet6_release+0x3c/0x58 [ 33.514161][ T3079] sock_close+0x50/0xf0 [ 33.515716][ T3079] __fput+0x198/0x3e4 [ 33.517189][ T3079] ____fput+0x20/0x30 [ 33.518641][ T3079] task_work_run+0x100/0x148 [ 33.520319][ T3079] do_notify_resume+0x174/0x1f0 [ 33.522017][ T3079] el0_svc+0x9c/0x150 [ 33.523467][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 33.525227][ T3079] el0t_64_sync+0x190/0x194 [ 33.526813][ T3079] INITIAL READ USE at: [ 33.527988][ T3079] lock_acquire+0x100/0x1f8 [ 33.529711][ T3079] _raw_read_lock_bh+0x64/0x7c [ 33.531509][ T3079] sock_i_uid+0x24/0x58 [ 33.533147][ T3079] udp_lib_lport_inuse+0x44/0x268 [ 33.535069][ T3079] udp_lib_get_port+0x2bc/0x8f8 [ 33.536914][ T3079] udp_v6_get_port+0x60/0x74 [ 33.538680][ T3079] __inet6_bind+0x688/0x8ac [ 33.540411][ T3079] inet6_bind+0xf4/0x150 [ 33.542100][ T3079] __sys_bind+0x148/0x1b0 [ 33.543789][ T3079] __arm64_sys_bind+0x28/0x3c [ 33.545579][ T3079] el0_svc_common+0x138/0x220 [ 33.547385][ T3079] do_el0_svc+0x48/0x164 [ 33.549029][ T3079] el0_svc+0x58/0x150 [ 33.550653][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 33.552520][ T3079] el0t_64_sync+0x190/0x194 [ 33.554273][ T3079] } [ 33.554937][ T3079] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 33.557075][ T3079] ... acquired at: [ 33.558054][ T3079] mark_lock+0x154/0x1b4 [ 33.559200][ T3079] __lock_acquire+0x618/0x3084 [ 33.560492][ T3079] lock_acquire+0x100/0x1f8 [ 33.561739][ T3079] _raw_write_lock+0x54/0x6c [ 33.563055][ T3079] l2tp_tunnel_register+0x354/0x79c [ 33.564475][ T3079] pppol2tp_connect+0x3e8/0x6c4 [ 33.565809][ T3079] __sys_connect+0x184/0x190 [ 33.567051][ T3079] __arm64_sys_connect+0x28/0x3c [ 33.568424][ T3079] el0_svc_common+0x138/0x220 [ 33.569694][ T3079] do_el0_svc+0x48/0x164 [ 33.570864][ T3079] el0_svc+0x58/0x150 [ 33.571967][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 33.573345][ T3079] el0t_64_sync+0x190/0x194 [ 33.574558][ T3079] [ 33.575151][ T3079] [ 33.575151][ T3079] stack backtrace: [ 33.576763][ T3079] CPU: 0 PID: 3079 Comm: syz-executor373 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 33.579560][ T3079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 33.582386][ T3079] Call trace: [ 33.583263][ T3079] dump_backtrace+0x1c4/0x1f0 [ 33.584559][ T3079] show_stack+0x2c/0x54 [ 33.585688][ T3079] dump_stack_lvl+0x104/0x16c [ 33.586932][ T3079] dump_stack+0x1c/0x58 [ 33.588041][ T3079] print_irq_inversion_bug+0x2f8/0x300 [ 33.589528][ T3079] mark_lock_irq+0x3ec/0x4b4 [ 33.590734][ T3079] mark_lock+0x154/0x1b4 [ 33.591864][ T3079] __lock_acquire+0x618/0x3084 [ 33.593138][ T3079] lock_acquire+0x100/0x1f8 [ 33.594350][ T3079] _raw_write_lock+0x54/0x6c [ 33.595559][ T3079] l2tp_tunnel_register+0x354/0x79c [ 33.596944][ T3079] pppol2tp_connect+0x3e8/0x6c4 [ 33.598244][ T3079] __sys_connect+0x184/0x190 [ 33.599467][ T3079] __arm64_sys_connect+0x28/0x3c [ 33.600798][ T3079] el0_svc_common+0x138/0x220 [ 33.602047][ T3079] do_el0_svc+0x48/0x164 [ 33.603177][ T3079] el0_svc+0x58/0x150 [ 33.604230][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 33.605597][ T3079] el0t_64_sync+0x190/0x194 [ 33.606931][ T3079] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 33.609446][ T3079] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3079, name: syz-executor373 [ 33.611976][ T3079] preempt_count: 1, expected: 0 [ 33.613209][ T3079] RCU nest depth: 0, expected: 0 [ 33.614493][ T3079] INFO: lockdep is turned off. [ 33.615679][ T3079] Preemption disabled at: [ 33.615690][ T3079] [] l2tp_tunnel_register+0x354/0x79c [ 33.618579][ T3079] CPU: 0 PID: 3079 Comm: syz-executor373 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 33.621254][ T3079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 33.623932][ T3079] Call trace: [ 33.624769][ T3079] dump_backtrace+0x1c4/0x1f0 [ 33.626027][ T3079] show_stack+0x2c/0x54 [ 33.627099][ T3079] dump_stack_lvl+0x104/0x16c [ 33.628320][ T3079] dump_stack+0x1c/0x58 [ 33.629411][ T3079] __might_resched+0x208/0x218 [ 33.630651][ T3079] __might_sleep+0x48/0x78 [ 33.631823][ T3079] cpus_read_lock+0x28/0x1e0 [ 33.633021][ T3079] static_key_slow_inc+0x1c/0x38 [ 33.634330][ T3079] udpv6_encap_enable+0x1c/0x28 [ 33.635662][ T3079] setup_udp_tunnel_sock+0xec/0x124 [ 33.637051][ T3079] l2tp_tunnel_register+0x68c/0x79c [ 33.638457][ T3079] pppol2tp_connect+0x3e8/0x6c4 [ 33.639723][ T3079] __sys_connect+0x184/0x190 [ 33.640896][ T3079] __arm64_sys_connect+0x28/0x3c [ 33.642188][ T3079] el0_svc_common+0x138/0x220 [ 33.643438][ T3079] do_el0_svc+0x48/0x164 [ 33.644539][ T3079] el0_svc+0