[ 9.855986][ T2658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 9.858956][ T2658] eql: remember to turn off Van-Jacobson compression on your slave devices [ 9.883761][ T408] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 9.889896][ T2200] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.240' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.195064][ T3073] [ 33.195735][ T3073] ======================================================== [ 33.197662][ T3073] WARNING: possible irq lock inversion dependency detected [ 33.199655][ T3073] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 33.201526][ T3073] -------------------------------------------------------- [ 33.203452][ T3073] syz-executor515/3073 just changed the state of lock: [ 33.205253][ T3073] ffff0000cb5fbfb8 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 33.207807][ T3073] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 33.209942][ T3073] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 33.209951][ T3073] [ 33.209951][ T3073] [ 33.209951][ T3073] and interrupts could create inverse lock ordering between them. [ 33.209951][ T3073] [ 33.215474][ T3073] [ 33.215474][ T3073] other info that might help us debug this: [ 33.217755][ T3073] Possible interrupt unsafe locking scenario: [ 33.217755][ T3073] [ 33.220097][ T3073] CPU0 CPU1 [ 33.221511][ T3073] ---- ---- [ 33.222950][ T3073] lock(clock-AF_INET6); [ 33.224121][ T3073] local_irq_disable(); [ 33.225901][ T3073] lock(&tcp_hashinfo.bhash[i].lock); [ 33.228037][ T3073] lock(clock-AF_INET6); [ 33.229880][ T3073] [ 33.230831][ T3073] lock(&tcp_hashinfo.bhash[i].lock); [ 33.232318][ T3073] [ 33.232318][ T3073] *** DEADLOCK *** [ 33.232318][ T3073] [ 33.234518][ T3073] 1 lock held by syz-executor515/3073: [ 33.236005][ T3073] #0: ffff0000c9a8e930 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 33.238750][ T3073] [ 33.238750][ T3073] the shortest dependencies between 2nd lock and 1st lock: [ 33.241249][ T3073] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 33.243036][ T3073] HARDIRQ-ON-W at: [ 33.244088][ T3073] lock_acquire+0x100/0x1f8 [ 33.245767][ T3073] _raw_spin_lock_bh+0x54/0x6c [ 33.247566][ T3073] inet_csk_get_port+0xe0/0xaf0 [ 33.249349][ T3073] __inet6_bind+0x688/0x8ac [ 33.251003][ T3073] inet6_bind+0xf4/0x150 [ 33.252639][ T3073] rds_tcp_listen_init+0x14c/0x1f0 [ 33.254456][ T3073] rds_tcp_init_net+0xcc/0x1dc [ 33.256212][ T3073] ops_init+0xe4/0x2e4 [ 33.257799][ T3073] register_pernet_operations+0x108/0x264 [ 33.259830][ T3073] register_pernet_device+0x3c/0x94 [ 33.261748][ T3073] rds_tcp_init+0x74/0xe0 [ 33.263361][ T3073] do_one_initcall+0x118/0x22c [ 33.265119][ T3073] do_initcall_level+0xac/0xe4 [ 33.266879][ T3073] do_initcalls+0x58/0xa8 [ 33.268598][ T3073] do_basic_setup+0x20/0x2c [ 33.270290][ T3073] kernel_init_freeable+0xb8/0x148 [ 33.272043][ T3073] kernel_init+0x24/0x290 [ 33.273673][ T3073] ret_from_fork+0x10/0x20 [ 33.275382][ T3073] IN-SOFTIRQ-W at: [ 33.276461][ T3073] lock_acquire+0x100/0x1f8 [ 33.278169][ T3073] _raw_spin_lock+0x54/0x6c [ 33.279888][ T3073] __inet_inherit_port+0x124/0x9ac [ 33.281767][ T3073] tcp_v4_syn_recv_sock+0x790/0x848 [ 33.283647][ T3073] tcp_check_req+0x75c/0x8e4 [ 33.285365][ T3073] tcp_v4_rcv+0xad4/0x11e8 [ 33.287006][ T3073] ip_protocol_deliver_rcu+0x224/0x414 [ 33.288964][ T3073] ip_local_deliver_finish+0x124/0x200 [ 33.290896][ T3073] ip_local_deliver+0xd0/0xf4 [ 33.292660][ T3073] ip_sublist_rcv+0x40c/0x474 [ 33.294411][ T3073] ip_list_rcv+0x184/0x1c8 [ 33.296054][ T3073] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 33.298133][ T3073] __netif_receive_skb_list+0x16c/0x1d0 [ 33.300097][ T3073] netif_receive_skb_list_internal+0x1e8/0x340 [ 33.302283][ T3073] napi_complete_done+0x140/0x354 [ 33.304120][ T3073] gve_napi_poll+0xcc/0x1b4 [ 33.305806][ T3073] __napi_poll+0x5c/0x24c [ 33.307440][ T3073] napi_poll+0x110/0x484 [ 33.309081][ T3073] net_rx_action+0x18c/0x414 [ 33.310787][ T3073] _stext+0x168/0x37c [ 33.312363][ T3073] ____do_softirq+0x14/0x20 [ 33.314041][ T3073] call_on_irq_stack+0x2c/0x54 [ 33.315794][ T3073] do_softirq_own_stack+0x20/0x2c [ 33.317650][ T3073] invoke_softirq+0x70/0xbc [ 33.319421][ T3073] __irq_exit_rcu+0xf0/0x140 [ 33.321093][ T3073] irq_exit_rcu+0x10/0x40 [ 33.322860][ T3073] el1_interrupt+0x38/0x68 [ 33.324551][ T3073] el1h_64_irq_handler+0x18/0x24 [ 33.326388][ T3073] el1h_64_irq+0x64/0x68 [ 33.327988][ T3073] arch_local_irq_enable+0xc/0x18 [ 33.329827][ T3073] default_idle_call+0x48/0xb8 [ 33.331578][ T3073] do_idle+0x110/0x2d4 [ 33.333137][ T3073] cpu_startup_entry+0x24/0x28 [ 33.334845][ T3073] kernel_init+0x0/0x290 [ 33.336509][ T3073] start_kernel+0x0/0x620 [ 33.338130][ T3073] start_kernel+0x450/0x620 [ 33.339862][ T3073] __primary_switched+0xb4/0xbc [ 33.341642][ T3073] INITIAL USE at: [ 33.342724][ T3073] lock_acquire+0x100/0x1f8 [ 33.344372][ T3073] _raw_spin_lock_bh+0x54/0x6c [ 33.346095][ T3073] inet_csk_get_port+0xe0/0xaf0 [ 33.347861][ T3073] __inet6_bind+0x688/0x8ac [ 33.349542][ T3073] inet6_bind+0xf4/0x150 [ 33.351134][ T3073] rds_tcp_listen_init+0x14c/0x1f0 [ 33.352996][ T3073] rds_tcp_init_net+0xcc/0x1dc [ 33.354738][ T3073] ops_init+0xe4/0x2e4 [ 33.356301][ T3073] register_pernet_operations+0x108/0x264 [ 33.358241][ T3073] register_pernet_device+0x3c/0x94 [ 33.360092][ T3073] rds_tcp_init+0x74/0xe0 [ 33.361696][ T3073] do_one_initcall+0x118/0x22c [ 33.363478][ T3073] do_initcall_level+0xac/0xe4 [ 33.365206][ T3073] do_initcalls+0x58/0xa8 [ 33.366823][ T3073] do_basic_setup+0x20/0x2c [ 33.368484][ T3073] kernel_init_freeable+0xb8/0x148 [ 33.370368][ T3073] kernel_init+0x24/0x290 [ 33.371956][ T3073] ret_from_fork+0x10/0x20 [ 33.373601][ T3073] } [ 33.374273][ T3073] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 33.376418][ T3073] ... acquired at: [ 33.377442][ T3073] _raw_read_lock_bh+0x64/0x7c [ 33.378781][ T3073] sock_i_uid+0x24/0x58 [ 33.379913][ T3073] inet_csk_get_port+0x674/0xaf0 [ 33.381283][ T3073] __inet6_bind+0x688/0x8ac [ 33.382520][ T3073] inet6_bind+0xf4/0x150 [ 33.383661][ T3073] __sys_bind+0x148/0x1b0 [ 33.384873][ T3073] __arm64_sys_bind+0x28/0x3c [ 33.386152][ T3073] el0_svc_common+0x138/0x220 [ 33.387425][ T3073] do_el0_svc+0x48/0x164 [ 33.388589][ T3073] el0_svc+0x58/0x150 [ 33.389683][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 33.391068][ T3073] el0t_64_sync+0x190/0x194 [ 33.392298][ T3073] [ 33.392899][ T3073] -> (clock-AF_INET6){+++.}-{2:2} { [ 33.394270][ T3073] HARDIRQ-ON-W at: [ 33.395354][ T3073] lock_acquire+0x100/0x1f8 [ 33.397038][ T3073] _raw_write_lock_bh+0x54/0x6c [ 33.398800][ T3073] sk_common_release+0x58/0x1d4 [ 33.400526][ T3073] udp_lib_close+0x20/0x30 [ 33.402134][ T3073] inet_release+0xc8/0xe4 [ 33.403739][ T3073] inet6_release+0x3c/0x58 [ 33.405368][ T3073] sock_close+0x50/0xf0 [ 33.406929][ T3073] __fput+0x198/0x3e4 [ 33.408387][ T3073] ____fput+0x20/0x30 [ 33.409888][ T3073] task_work_run+0x100/0x148 [ 33.411532][ T3073] do_notify_resume+0x174/0x1f0 [ 33.413243][ T3073] el0_svc+0x9c/0x150 [ 33.414764][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 33.416534][ T3073] el0t_64_sync+0x190/0x194 [ 33.418231][ T3073] HARDIRQ-ON-R at: [ 33.419268][ T3073] lock_acquire+0x100/0x1f8 [ 33.420945][ T3073] _raw_read_lock_bh+0x64/0x7c [ 33.422758][ T3073] sock_i_uid+0x24/0x58 [ 33.424322][ T3073] udp_lib_lport_inuse+0x44/0x268 [ 33.426074][ T3073] udp_lib_get_port+0x2bc/0x8f8 [ 33.427895][ T3073] udp_v6_get_port+0x60/0x74 [ 33.429531][ T3073] __inet6_bind+0x688/0x8ac [ 33.431197][ T3073] inet6_bind+0xf4/0x150 [ 33.432803][ T3073] __sys_bind+0x148/0x1b0 [ 33.434425][ T3073] __arm64_sys_bind+0x28/0x3c [ 33.436113][ T3073] el0_svc_common+0x138/0x220 [ 33.437832][ T3073] do_el0_svc+0x48/0x164 [ 33.439450][ T3073] el0_svc+0x58/0x150 [ 33.440984][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 33.442796][ T3073] el0t_64_sync+0x190/0x194 [ 33.444433][ T3073] SOFTIRQ-ON-W at: [ 33.445520][ T3073] lock_acquire+0x100/0x1f8 [ 33.447165][ T3073] _raw_write_lock+0x54/0x6c [ 33.448834][ T3073] l2tp_tunnel_register+0x354/0x79c [ 33.450665][ T3073] pppol2tp_connect+0x3e8/0x6c4 [ 33.452396][ T3073] __sys_connect+0x184/0x190 [ 33.454110][ T3073] __arm64_sys_connect+0x28/0x3c [ 33.455859][ T3073] el0_svc_common+0x138/0x220 [ 33.457536][ T3073] do_el0_svc+0x48/0x164 [ 33.459079][ T3073] el0_svc+0x58/0x150 [ 33.460583][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 33.462402][ T3073] el0t_64_sync+0x190/0x194 [ 33.464039][ T3073] INITIAL USE at: [ 33.465087][ T3073] lock_acquire+0x100/0x1f8 [ 33.466728][ T3073] _raw_write_lock_bh+0x54/0x6c [ 33.468441][ T3073] sk_common_release+0x58/0x1d4 [ 33.470294][ T3073] udp_lib_close+0x20/0x30 [ 33.471818][ T3073] inet_release+0xc8/0xe4 [ 33.473338][ T3073] inet6_release+0x3c/0x58 [ 33.475077][ T3073] sock_close+0x50/0xf0 [ 33.476605][ T3073] __fput+0x198/0x3e4 [ 33.478048][ T3073] ____fput+0x20/0x30 [ 33.479520][ T3073] task_work_run+0x100/0x148 [ 33.481115][ T3073] do_notify_resume+0x174/0x1f0 [ 33.482804][ T3073] el0_svc+0x9c/0x150 [ 33.484295][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 33.486077][ T3073] el0t_64_sync+0x190/0x194 [ 33.487675][ T3073] INITIAL READ USE at: [ 33.488826][ T3073] lock_acquire+0x100/0x1f8 [ 33.490592][ T3073] _raw_read_lock_bh+0x64/0x7c [ 33.492389][ T3073] sock_i_uid+0x24/0x58 [ 33.494082][ T3073] udp_lib_lport_inuse+0x44/0x268 [ 33.495989][ T3073] udp_lib_get_port+0x2bc/0x8f8 [ 33.497816][ T3073] udp_v6_get_port+0x60/0x74 [ 33.499578][ T3073] __inet6_bind+0x688/0x8ac [ 33.501307][ T3073] inet6_bind+0xf4/0x150 [ 33.502991][ T3073] __sys_bind+0x148/0x1b0 [ 33.504726][ T3073] __arm64_sys_bind+0x28/0x3c [ 33.506500][ T3073] el0_svc_common+0x138/0x220 [ 33.508249][ T3073] do_el0_svc+0x48/0x164 [ 33.509907][ T3073] el0_svc+0x58/0x150 [ 33.511477][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 33.513329][ T3073] el0t_64_sync+0x190/0x194 [ 33.515106][ T3073] } [ 33.515792][ T3073] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 33.517929][ T3073] ... acquired at: [ 33.518910][ T3073] mark_lock+0x154/0x1b4 [ 33.520074][ T3073] __lock_acquire+0x618/0x3084 [ 33.521435][ T3073] lock_acquire+0x100/0x1f8 [ 33.522792][ T3073] _raw_write_lock+0x54/0x6c [ 33.524072][ T3073] l2tp_tunnel_register+0x354/0x79c [ 33.525457][ T3073] pppol2tp_connect+0x3e8/0x6c4 [ 33.526747][ T3073] __sys_connect+0x184/0x190 [ 33.528059][ T3073] __arm64_sys_connect+0x28/0x3c [ 33.529575][ T3073] el0_svc_common+0x138/0x220 [ 33.530864][ T3073] do_el0_svc+0x48/0x164 [ 33.532037][ T3073] el0_svc+0x58/0x150 [ 33.533187][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 33.534589][ T3073] el0t_64_sync+0x190/0x194 [ 33.535860][ T3073] [ 33.536466][ T3073] [ 33.536466][ T3073] stack backtrace: [ 33.538058][ T3073] CPU: 0 PID: 3073 Comm: syz-executor515 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 33.540865][ T3073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 33.543574][ T3073] Call trace: [ 33.544438][ T3073] dump_backtrace+0x1c4/0x1f0 [ 33.545694][ T3073] show_stack+0x2c/0x54 [ 33.546786][ T3073] dump_stack_lvl+0x104/0x16c [ 33.548038][ T3073] dump_stack+0x1c/0x58 [ 33.549153][ T3073] print_irq_inversion_bug+0x2f8/0x300 [ 33.550600][ T3073] mark_lock_irq+0x3ec/0x4b4 [ 33.551788][ T3073] mark_lock+0x154/0x1b4 [ 33.552918][ T3073] __lock_acquire+0x618/0x3084 [ 33.554177][ T3073] lock_acquire+0x100/0x1f8 [ 33.555434][ T3073] _raw_write_lock+0x54/0x6c [ 33.556559][ T3073] l2tp_tunnel_register+0x354/0x79c [ 33.557925][ T3073] pppol2tp_connect+0x3e8/0x6c4 [ 33.559238][ T3073] __sys_connect+0x184/0x190 [ 33.560444][ T3073] __arm64_sys_connect+0x28/0x3c [ 33.561800][ T3073] el0_svc_common+0x138/0x220 [ 33.563039][ T3073] do_el0_svc+0x48/0x164 [ 33.564177][ T3073] el0_svc+0x58/0x150 [ 33.565213][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 33.566548][ T3073] el0t_64_sync+0x190/0x194 [ 33.567889][ T3073] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 33.570468][ T3073] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3073, name: syz-executor515 [ 33.572906][ T3073] preempt_count: 1, expected: 0 [ 33.574217][ T3073] RCU nest depth: 0, expected: 0 [ 33.575438][ T3073] INFO: lockdep is turned off. [ 33.576625][ T3073] Preemption disabled at: [ 33.576630][ T3073] [] l2tp_tunnel_register+0x354/0x79c [ 33.579471][ T3073] CPU: 0 PID: 3073 Comm: syz-executor515 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 33.582272][ T3073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 33.584840][ T3073] Call trace: [ 33.585657][ T3073] dump_backtrace+0x1c4/0x1f0 [ 33.586854][ T3073] show_stack+0x2c/0x54 [ 33.587909][ T3073] dump_stack_lvl+0x104/0x16c [ 33.589088][ T3073] dump_stack+0x1c/0x58 [ 33.590134][ T3073] __might_resched+0x208/0x218 [ 33.591351][ T3073] __might_sleep+0x48/0x78 [ 33.592476][ T3073] cpus_read_lock+0x28/0x1e0 [ 33.593678][ T3073] static_key_slow_inc+0x1c/0x38 [ 33.595002][ T3073] udpv6_encap_enable+0x1c/0x28 [ 33.596277][ T3073] setup_udp_tunnel_sock+0xec/0x124 [ 33.597622][ T3073] l2tp_tunnel_register+0x68c/0x79c [ 33.598989][ T3073] pppol2tp_connect+0x3e8/0x6c4 [ 33.600237][ T3073] __sys_connect+0x184/0x190 [ 33.601446][ T3073] __arm64_sys_connect+0x28/0x3c [ 33.602803][ T3073] el0_svc_common+0x138/0x220 [ 33.603997][ T3073] do_el0_svc+0x48/0x164 [ 33.605094][ T3073] el0_svc+0x58/0x150 [ 33.606119][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 33.607413][ T3073] el0t_64_sync+0x190/0x194