[ 9.662367][ T2657] 8021q: adding VLAN 0 to HW filter on device bond0 [ 9.669752][ T2657] eql: remember to turn off Van-Jacobson compression on your slave devices [ 9.700757][ T654] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 9.703785][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.924818][ T3071] [ 35.925377][ T3071] ======================================================== [ 35.926979][ T3071] WARNING: possible irq lock inversion dependency detected [ 35.928559][ T3071] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 35.930064][ T3071] -------------------------------------------------------- [ 35.931767][ T3071] syz-executor757/3071 just changed the state of lock: [ 35.933362][ T3071] ffff0000cb364eb8 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 35.935510][ T3071] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 35.937283][ T3071] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 35.937292][ T3071] [ 35.937292][ T3071] [ 35.937292][ T3071] and interrupts could create inverse lock ordering between them. [ 35.937292][ T3071] [ 35.941963][ T3071] [ 35.941963][ T3071] other info that might help us debug this: [ 35.943774][ T3071] Possible interrupt unsafe locking scenario: [ 35.943774][ T3071] [ 35.945822][ T3071] CPU0 CPU1 [ 35.947140][ T3071] ---- ---- [ 35.948484][ T3071] lock(clock-AF_INET6); [ 35.949466][ T3071] local_irq_disable(); [ 35.950937][ T3071] lock(&tcp_hashinfo.bhash[i].lock); [ 35.952755][ T3071] lock(clock-AF_INET6); [ 35.954313][ T3071] [ 35.955071][ T3071] lock(&tcp_hashinfo.bhash[i].lock); [ 35.956302][ T3071] [ 35.956302][ T3071] *** DEADLOCK *** [ 35.956302][ T3071] [ 35.958094][ T3071] 1 lock held by syz-executor757/3071: [ 35.959277][ T3071] #0: ffff0000c789a130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 35.961459][ T3071] [ 35.961459][ T3071] the shortest dependencies between 2nd lock and 1st lock: [ 35.963600][ T3071] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 35.965115][ T3071] HARDIRQ-ON-W at: [ 35.966114][ T3071] lock_acquire+0x100/0x1f8 [ 35.967482][ T3071] _raw_spin_lock_bh+0x54/0x6c [ 35.968917][ T3071] inet_csk_get_port+0xe0/0xaf0 [ 35.970559][ T3071] __inet6_bind+0x688/0x8ac [ 35.972039][ T3071] inet6_bind+0xf4/0x150 [ 35.973408][ T3071] rds_tcp_listen_init+0x14c/0x1f0 [ 35.975051][ T3071] rds_tcp_init_net+0xcc/0x1dc [ 35.976498][ T3071] ops_init+0xe4/0x2e4 [ 35.977771][ T3071] register_pernet_operations+0x108/0x264 [ 35.979582][ T3071] register_pernet_device+0x3c/0x94 [ 35.981237][ T3071] rds_tcp_init+0x74/0xe0 [ 35.982737][ T3071] do_one_initcall+0x118/0x22c [ 35.984341][ T3071] do_initcall_level+0xac/0xe4 [ 35.985949][ T3071] do_initcalls+0x58/0xa8 [ 35.987260][ T3071] do_basic_setup+0x20/0x2c [ 35.988784][ T3071] kernel_init_freeable+0xb8/0x148 [ 35.990476][ T3071] kernel_init+0x24/0x290 [ 35.992130][ T3071] ret_from_fork+0x10/0x20 [ 35.993713][ T3071] IN-SOFTIRQ-W at: [ 35.994765][ T3071] lock_acquire+0x100/0x1f8 [ 35.996125][ T3071] _raw_spin_lock+0x54/0x6c [ 35.997682][ T3071] __inet_inherit_port+0x124/0x9ac [ 35.999449][ T3071] tcp_v4_syn_recv_sock+0x790/0x848 [ 36.000925][ T3071] tcp_check_req+0x75c/0x8e4 [ 36.002251][ T3071] tcp_v4_rcv+0xad4/0x11e8 [ 36.003482][ T3071] ip_protocol_deliver_rcu+0x224/0x414 [ 36.004930][ T3071] ip_local_deliver_finish+0x124/0x200 [ 36.006700][ T3071] ip_local_deliver+0xd0/0xf4 [ 36.008292][ T3071] ip_sublist_rcv+0x40c/0x474 [ 36.009796][ T3071] ip_list_rcv+0x184/0x1c8 [ 36.011208][ T3071] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 36.012994][ T3071] __netif_receive_skb_list+0x16c/0x1d0 [ 36.014811][ T3071] netif_receive_skb_list_internal+0x1e8/0x340 [ 36.016498][ T3071] napi_complete_done+0x140/0x354 [ 36.018164][ T3071] gve_napi_poll+0xcc/0x1b4 [ 36.019618][ T3071] __napi_poll+0x5c/0x24c [ 36.021203][ T3071] napi_poll+0x110/0x484 [ 36.022518][ T3071] net_rx_action+0x18c/0x414 [ 36.023983][ T3071] _stext+0x168/0x37c [ 36.025392][ T3071] ____do_softirq+0x14/0x20 [ 36.026757][ T3071] call_on_irq_stack+0x2c/0x54 [ 36.028445][ T3071] do_softirq_own_stack+0x20/0x2c [ 36.030091][ T3071] invoke_softirq+0x70/0xbc [ 36.031606][ T3071] __irq_exit_rcu+0xf0/0x140 [ 36.033260][ T3071] irq_exit_rcu+0x10/0x40 [ 36.034609][ T3071] el1_interrupt+0x38/0x68 [ 36.036121][ T3071] el1h_64_irq_handler+0x18/0x24 [ 36.037478][ T3071] el1h_64_irq+0x64/0x68 [ 36.038738][ T3071] arch_local_irq_enable+0xc/0x18 [ 36.040242][ T3071] default_idle_call+0x48/0xb8 [ 36.041850][ T3071] do_idle+0x110/0x2d4 [ 36.043433][ T3071] cpu_startup_entry+0x24/0x28 [ 36.045204][ T3071] kernel_init+0x0/0x290 [ 36.046928][ T3071] start_kernel+0x0/0x620 [ 36.048465][ T3071] start_kernel+0x450/0x620 [ 36.050051][ T3071] __primary_switched+0xb4/0xbc [ 36.051455][ T3071] INITIAL USE at: [ 36.052341][ T3071] lock_acquire+0x100/0x1f8 [ 36.053611][ T3071] _raw_spin_lock_bh+0x54/0x6c [ 36.054774][ T3071] inet_csk_get_port+0xe0/0xaf0 [ 36.056495][ T3071] __inet6_bind+0x688/0x8ac [ 36.058249][ T3071] inet6_bind+0xf4/0x150 [ 36.059585][ T3071] rds_tcp_listen_init+0x14c/0x1f0 [ 36.061204][ T3071] rds_tcp_init_net+0xcc/0x1dc [ 36.062641][ T3071] ops_init+0xe4/0x2e4 [ 36.063832][ T3071] register_pernet_operations+0x108/0x264 [ 36.065488][ T3071] register_pernet_device+0x3c/0x94 [ 36.067011][ T3071] rds_tcp_init+0x74/0xe0 [ 36.068638][ T3071] do_one_initcall+0x118/0x22c [ 36.070403][ T3071] do_initcall_level+0xac/0xe4 [ 36.071988][ T3071] do_initcalls+0x58/0xa8 [ 36.073425][ T3071] do_basic_setup+0x20/0x2c [ 36.074893][ T3071] kernel_init_freeable+0xb8/0x148 [ 36.076578][ T3071] kernel_init+0x24/0x290 [ 36.078020][ T3071] ret_from_fork+0x10/0x20 [ 36.079575][ T3071] } [ 36.080214][ T3071] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 36.082095][ T3071] ... acquired at: [ 36.082969][ T3071] _raw_read_lock_bh+0x64/0x7c [ 36.084267][ T3071] sock_i_uid+0x24/0x58 [ 36.085285][ T3071] inet_csk_get_port+0x674/0xaf0 [ 36.086501][ T3071] __inet6_bind+0x688/0x8ac [ 36.087618][ T3071] inet6_bind+0xf4/0x150 [ 36.088649][ T3071] __sys_bind+0x148/0x1b0 [ 36.089700][ T3071] __arm64_sys_bind+0x28/0x3c [ 36.090653][ T3071] el0_svc_common+0x138/0x220 [ 36.091826][ T3071] do_el0_svc+0x48/0x164 [ 36.092921][ T3071] el0_svc+0x58/0x150 [ 36.094021][ T3071] el0t_64_sync_handler+0x84/0xf0 [ 36.095254][ T3071] el0t_64_sync+0x190/0x194 [ 36.096392][ T3071] [ 36.096926][ T3071] -> (clock-AF_INET6){+++.}-{2:2} { [ 36.098105][ T3071] HARDIRQ-ON-W at: [ 36.099007][ T3071] lock_acquire+0x100/0x1f8 [ 36.100355][ T3071] _raw_write_lock_bh+0x54/0x6c [ 36.101676][ T3071] sk_common_release+0x58/0x1d4 [ 36.102840][ T3071] udp_lib_close+0x20/0x30 [ 36.104382][ T3071] inet_release+0xc8/0xe4 [ 36.105854][ T3071] inet6_release+0x3c/0x58 [ 36.107371][ T3071] sock_close+0x50/0xf0 [ 36.108759][ T3071] __fput+0x198/0x3e4 [ 36.110055][ T3071] ____fput+0x20/0x30 [ 36.111345][ T3071] task_work_run+0x100/0x148 [ 36.112620][ T3071] do_notify_resume+0x174/0x1f0 [ 36.114055][ T3071] el0_svc+0x9c/0x150 [ 36.115597][ T3071] el0t_64_sync_handler+0x84/0xf0 [ 36.117283][ T3071] el0t_64_sync+0x190/0x194 [ 36.118729][ T3071] HARDIRQ-ON-R at: [ 36.119710][ T3071] lock_acquire+0x100/0x1f8 [ 36.121085][ T3071] _raw_read_lock_bh+0x64/0x7c [ 36.122625][ T3071] sock_i_uid+0x24/0x58 [ 36.124019][ T3071] udp_lib_lport_inuse+0x44/0x268 [ 36.125663][ T3071] udp_lib_get_port+0x2bc/0x8f8 [ 36.127475][ T3071] udp_v6_get_port+0x60/0x74 [ 36.129161][ T3071] __inet6_bind+0x688/0x8ac [ 36.130765][ T3071] inet6_bind+0xf4/0x150 [ 36.132259][ T3071] __sys_bind+0x148/0x1b0 [ 36.133778][ T3071] __arm64_sys_bind+0x28/0x3c [ 36.135052][ T3071] el0_svc_common+0x138/0x220 [ 36.136388][ T3071] do_el0_svc+0x48/0x164 [ 36.137661][ T3071] el0_svc+0x58/0x150 [ 36.138919][ T3071] el0t_64_sync_handler+0x84/0xf0 [ 36.140614][ T3071] el0t_64_sync+0x190/0x194 [ 36.142007][ T3071] SOFTIRQ-ON-W at: [ 36.142887][ T3071] lock_acquire+0x100/0x1f8 [ 36.144283][ T3071] _raw_write_lock+0x54/0x6c [ 36.145717][ T3071] l2tp_tunnel_register+0x354/0x79c [ 36.147312][ T3071] pppol2tp_connect+0x3e8/0x6c4 [ 36.148913][ T3071] __sys_connect+0x184/0x190 [ 36.150297][ T3071] __arm64_sys_connect+0x28/0x3c [ 36.151831][ T3071] el0_svc_common+0x138/0x220 [ 36.153287][ T3071] do_el0_svc+0x48/0x164 [ 36.154758][ T3071] el0_svc+0x58/0x150 [ 36.156119][ T3071] el0t_64_sync_handler+0x84/0xf0 [ 36.157555][ T3071] el0t_64_sync+0x190/0x194 [ 36.158962][ T3071] INITIAL USE at: [ 36.159943][ T3071] lock_acquire+0x100/0x1f8 [ 36.161280][ T3071] _raw_write_lock_bh+0x54/0x6c [ 36.162873][ T3071] sk_common_release+0x58/0x1d4 [ 36.164413][ T3071] udp_lib_close+0x20/0x30 [ 36.165918][ T3071] inet_release+0xc8/0xe4 [ 36.167375][ T3071] inet6_release+0x3c/0x58 [ 36.168758][ T3071] sock_close+0x50/0xf0 [ 36.170031][ T3071] __fput+0x198/0x3e4 [ 36.171366][ T3071] ____fput+0x20/0x30 [ 36.172828][ T3071] task_work_run+0x100/0x148 [ 36.174289][ T3071] do_notify_resume+0x174/0x1f0 [ 36.175989][ T3071] el0_svc+0x9c/0x150 [ 36.177376][ T3071] el0t_64_sync_handler+0x84/0xf0 [ 36.178818][ T3071] el0t_64_sync+0x190/0x194 [ 36.180291][ T3071] INITIAL READ USE at: [ 36.181195][ T3071] lock_acquire+0x100/0x1f8 [ 36.182539][ T3071] _raw_read_lock_bh+0x64/0x7c [ 36.183964][ T3071] sock_i_uid+0x24/0x58 [ 36.185492][ T3071] udp_lib_lport_inuse+0x44/0x268 [ 36.187008][ T3071] udp_lib_get_port+0x2bc/0x8f8 [ 36.188598][ T3071] udp_v6_get_port+0x60/0x74 [ 36.190260][ T3071] __inet6_bind+0x688/0x8ac [ 36.191741][ T3071] inet6_bind+0xf4/0x150 [ 36.193165][ T3071] __sys_bind+0x148/0x1b0 [ 36.194507][ T3071] __arm64_sys_bind+0x28/0x3c [ 36.195939][ T3071] el0_svc_common+0x138/0x220 [ 36.197498][ T3071] do_el0_svc+0x48/0x164 [ 36.199018][ T3071] el0_svc+0x58/0x150 [ 36.200415][ T3071] el0t_64_sync_handler+0x84/0xf0 [ 36.202204][ T3071] el0t_64_sync+0x190/0x194 [ 36.203812][ T3071] } [ 36.204432][ T3071] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 36.206363][ T3071] ... acquired at: [ 36.207327][ T3071] mark_lock+0x154/0x1b4 [ 36.208349][ T3071] __lock_acquire+0x618/0x3084 [ 36.209557][ T3071] lock_acquire+0x100/0x1f8 [ 36.210702][ T3071] _raw_write_lock+0x54/0x6c [ 36.211860][ T3071] l2tp_tunnel_register+0x354/0x79c [ 36.213126][ T3071] pppol2tp_connect+0x3e8/0x6c4 [ 36.214284][ T3071] __sys_connect+0x184/0x190 [ 36.215353][ T3071] __arm64_sys_connect+0x28/0x3c [ 36.216481][ T3071] el0_svc_common+0x138/0x220 [ 36.217676][ T3071] do_el0_svc+0x48/0x164 [ 36.218686][ T3071] el0_svc+0x58/0x150 [ 36.219748][ T3071] el0t_64_sync_handler+0x84/0xf0 [ 36.220839][ T3071] el0t_64_sync+0x190/0x194 [ 36.221921][ T3071] [ 36.222503][ T3071] [ 36.222503][ T3071] stack backtrace: [ 36.223931][ T3071] CPU: 0 PID: 3071 Comm: syz-executor757 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 36.226443][ T3071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 36.228833][ T3071] Call trace: [ 36.229636][ T3071] dump_backtrace+0x1c4/0x1f0 [ 36.230723][ T3071] show_stack+0x2c/0x54 [ 36.231652][ T3071] dump_stack_lvl+0x104/0x16c [ 36.232676][ T3071] dump_stack+0x1c/0x58 [ 36.233853][ T3071] print_irq_inversion_bug+0x2f8/0x300 [ 36.235156][ T3071] mark_lock_irq+0x3ec/0x4b4 [ 36.236147][ T3071] mark_lock+0x154/0x1b4 [ 36.237173][ T3071] __lock_acquire+0x618/0x3084 [ 36.238236][ T3071] lock_acquire+0x100/0x1f8 [ 36.239241][ T3071] _raw_write_lock+0x54/0x6c [ 36.240375][ T3071] l2tp_tunnel_register+0x354/0x79c [ 36.241602][ T3071] pppol2tp_connect+0x3e8/0x6c4 [ 36.242745][ T3071] __sys_connect+0x184/0x190 [ 36.243855][ T3071] __arm64_sys_connect+0x28/0x3c [ 36.245214][ T3071] el0_svc_common+0x138/0x220 [ 36.246449][ T3071] do_el0_svc+0x48/0x164 [ 36.247640][ T3071] el0_svc+0x58/0x150 [ 36.248629][ T3071] el0t_64_sync_handler+0x84/0xf0 [ 36.249782][ T3071] el0t_64_sync+0x190/0x194 [ 36.250885][ T3071] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 36.252796][ T3071] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3071, name: syz-executor757 [ 36.254702][ T3071] preempt_count: 1, expected: 0 [ 36.255627][ T3071] RCU nest depth: 0, expected: 0 [ 36.256675][ T3071] INFO: lockdep is turned off. [ 36.257710][ T3071] Preemption disabled at: [ 36.257716][ T3071] [] l2tp_tunnel_register+0x354/0x79c [ 36.260077][ T3071] CPU: 0 PID: 3071 Comm: syz-executor757 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 36.262538][ T3071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 36.264851][ T3071] Call trace: [ 36.265594][ T3071] dump_backtrace+0x1c4/0x1f0 [ 36.266635][ T3071] show_stack+0x2c/0x54 [ 36.267595][ T3071] dump_stack_lvl+0x104/0x16c [ 36.268625][ T3071] dump_stack+0x1c/0x58 [ 36.269564][ T3071] __might_resched+0x208/0x218 [ 36.270716][ T3071] __might_sleep+0x48/0x78 [ 36.271784][ T3071] cpus_read_lock+0x28/0x1e0 [ 36.272834][ T3071] static_key_slow_inc+0x1c/0x38 [ 36.273982][ T3071] udpv6_encap_enable+0x1c/0x28 [ 36.275098][ T3071] setup_udp_tunnel_sock+0xec/0x124 [ 36.276459][ T3071] l2tp_tunnel_register+0x68c/0x79c [ 36.277704][ T3071] pppol2tp_connect+0x3e8/0x6c4 [ 36.279120][ T3071] __sys_connect+0x184/0x190 [ 36.280204][ T3071] __arm64_sys_connect+0x28/0x3c [ 36.281314][ T3071] el0_svc_common+0x138/0x220 [ 36.282420][ T3071] do_el0_svc+0x48/0x164 [ 36.283426][ T3071] el0_svc+0x58/0x150 [ 36.284270][ T3071] el0t_64_sync_handler+0x84/0xf0 [ 36.285362][ T3071] el0t_64_sync+0x190/0x194