[ 9.434765][ T2658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 9.437953][ T2658] eql: remember to turn off Van-Jacobson compression on your slave devices [ 9.463602][ T9] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 9.466392][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.010723][ T3072] [ 29.011294][ T3072] ======================================================== [ 29.012820][ T3072] WARNING: possible irq lock inversion dependency detected [ 29.014523][ T3072] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 29.016182][ T3072] -------------------------------------------------------- [ 29.017973][ T3072] syz-executor175/3072 just changed the state of lock: [ 29.019636][ T3072] ffff0000cadab838 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 29.021826][ T3072] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 29.023751][ T3072] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 29.023760][ T3072] [ 29.023760][ T3072] [ 29.023760][ T3072] and interrupts could create inverse lock ordering between them. [ 29.023760][ T3072] [ 29.028617][ T3072] [ 29.028617][ T3072] other info that might help us debug this: [ 29.030478][ T3072] Possible interrupt unsafe locking scenario: [ 29.030478][ T3072] [ 29.032449][ T3072] CPU0 CPU1 [ 29.033662][ T3072] ---- ---- [ 29.034881][ T3072] lock(clock-AF_INET6); [ 29.035864][ T3072] local_irq_disable(); [ 29.037415][ T3072] lock(&tcp_hashinfo.bhash[i].lock); [ 29.039133][ T3072] lock(clock-AF_INET6); [ 29.040725][ T3072] [ 29.041465][ T3072] lock(&tcp_hashinfo.bhash[i].lock); [ 29.042680][ T3072] [ 29.042680][ T3072] *** DEADLOCK *** [ 29.042680][ T3072] [ 29.044666][ T3072] 1 lock held by syz-executor175/3072: [ 29.045948][ T3072] #0: ffff0000caded930 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 29.048170][ T3072] [ 29.048170][ T3072] the shortest dependencies between 2nd lock and 1st lock: [ 29.050254][ T3072] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 29.051458][ T3072] HARDIRQ-ON-W at: [ 29.052182][ T3072] lock_acquire+0x100/0x1f8 [ 29.053321][ T3072] _raw_spin_lock_bh+0x54/0x6c [ 29.054736][ T3072] inet_csk_get_port+0xe0/0xaf0 [ 29.056192][ T3072] __inet6_bind+0x688/0x8ac [ 29.057622][ T3072] inet6_bind+0xf4/0x150 [ 29.059024][ T3072] rds_tcp_listen_init+0x14c/0x1f0 [ 29.060620][ T3072] rds_tcp_init_net+0xcc/0x1dc [ 29.062228][ T3072] ops_init+0xe4/0x2e4 [ 29.063583][ T3072] register_pernet_operations+0x108/0x264 [ 29.065242][ T3072] register_pernet_device+0x3c/0x94 [ 29.066870][ T3072] rds_tcp_init+0x74/0xe0 [ 29.068317][ T3072] do_one_initcall+0x118/0x22c [ 29.069802][ T3072] do_initcall_level+0xac/0xe4 [ 29.071321][ T3072] do_initcalls+0x58/0xa8 [ 29.072800][ T3072] do_basic_setup+0x20/0x2c [ 29.074365][ T3072] kernel_init_freeable+0xb8/0x148 [ 29.076191][ T3072] kernel_init+0x24/0x290 [ 29.077683][ T3072] ret_from_fork+0x10/0x20 [ 29.079119][ T3072] IN-SOFTIRQ-W at: [ 29.080120][ T3072] lock_acquire+0x100/0x1f8 [ 29.081616][ T3072] _raw_spin_lock+0x54/0x6c [ 29.083248][ T3072] __inet_inherit_port+0x124/0x9ac [ 29.084926][ T3072] tcp_v4_syn_recv_sock+0x790/0x848 [ 29.086583][ T3072] tcp_check_req+0x75c/0x8e4 [ 29.088204][ T3072] tcp_v4_rcv+0xad4/0x11e8 [ 29.089650][ T3072] ip_protocol_deliver_rcu+0x224/0x414 [ 29.091359][ T3072] ip_local_deliver_finish+0x124/0x200 [ 29.093161][ T3072] ip_local_deliver+0xd0/0xf4 [ 29.094799][ T3072] ip_sublist_rcv+0x40c/0x474 [ 29.096283][ T3072] ip_list_rcv+0x184/0x1c8 [ 29.097697][ T3072] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 29.099442][ T3072] __netif_receive_skb_list+0x16c/0x1d0 [ 29.101102][ T3072] netif_receive_skb_list_internal+0x1e8/0x340 [ 29.103015][ T3072] napi_complete_done+0x140/0x354 [ 29.104534][ T3072] gve_napi_poll+0xcc/0x1b4 [ 29.105949][ T3072] __napi_poll+0x5c/0x24c [ 29.107326][ T3072] napi_poll+0x110/0x484 [ 29.108658][ T3072] net_rx_action+0x18c/0x414 [ 29.110145][ T3072] _stext+0x168/0x37c [ 29.111425][ T3072] ____do_softirq+0x14/0x20 [ 29.112924][ T3072] call_on_irq_stack+0x2c/0x54 [ 29.114466][ T3072] do_softirq_own_stack+0x20/0x2c [ 29.116046][ T3072] invoke_softirq+0x70/0xbc [ 29.117508][ T3072] __irq_exit_rcu+0xf0/0x140 [ 29.118980][ T3072] irq_exit_rcu+0x10/0x40 [ 29.120395][ T3072] el1_interrupt+0x38/0x68 [ 29.121801][ T3072] el1h_64_irq_handler+0x18/0x24 [ 29.123361][ T3072] el1h_64_irq+0x64/0x68 [ 29.124700][ T3072] arch_local_irq_enable+0xc/0x18 [ 29.126332][ T3072] default_idle_call+0x48/0xb8 [ 29.127826][ T3072] do_idle+0x110/0x2d4 [ 29.129297][ T3072] cpu_startup_entry+0x24/0x28 [ 29.130936][ T3072] kernel_init+0x0/0x290 [ 29.132376][ T3072] start_kernel+0x0/0x620 [ 29.133840][ T3072] start_kernel+0x450/0x620 [ 29.135338][ T3072] __primary_switched+0xb4/0xbc [ 29.137001][ T3072] INITIAL USE at: [ 29.138013][ T3072] lock_acquire+0x100/0x1f8 [ 29.139330][ T3072] _raw_spin_lock_bh+0x54/0x6c [ 29.140814][ T3072] inet_csk_get_port+0xe0/0xaf0 [ 29.142298][ T3072] __inet6_bind+0x688/0x8ac [ 29.143662][ T3072] inet6_bind+0xf4/0x150 [ 29.145064][ T3072] rds_tcp_listen_init+0x14c/0x1f0 [ 29.146600][ T3072] rds_tcp_init_net+0xcc/0x1dc [ 29.148127][ T3072] ops_init+0xe4/0x2e4 [ 29.149531][ T3072] register_pernet_operations+0x108/0x264 [ 29.151428][ T3072] register_pernet_device+0x3c/0x94 [ 29.153140][ T3072] rds_tcp_init+0x74/0xe0 [ 29.154630][ T3072] do_one_initcall+0x118/0x22c [ 29.156281][ T3072] do_initcall_level+0xac/0xe4 [ 29.157890][ T3072] do_initcalls+0x58/0xa8 [ 29.159424][ T3072] do_basic_setup+0x20/0x2c [ 29.160947][ T3072] kernel_init_freeable+0xb8/0x148 [ 29.162660][ T3072] kernel_init+0x24/0x290 [ 29.164141][ T3072] ret_from_fork+0x10/0x20 [ 29.165673][ T3072] } [ 29.166285][ T3072] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 29.168326][ T3072] ... acquired at: [ 29.169279][ T3072] _raw_read_lock_bh+0x64/0x7c [ 29.170518][ T3072] sock_i_uid+0x24/0x58 [ 29.171549][ T3072] inet_csk_get_port+0x674/0xaf0 [ 29.172688][ T3072] __inet6_bind+0x688/0x8ac [ 29.173868][ T3072] inet6_bind+0xf4/0x150 [ 29.174852][ T3072] __sys_bind+0x148/0x1b0 [ 29.175941][ T3072] __arm64_sys_bind+0x28/0x3c [ 29.177083][ T3072] el0_svc_common+0x138/0x220 [ 29.178225][ T3072] do_el0_svc+0x48/0x164 [ 29.179255][ T3072] el0_svc+0x58/0x150 [ 29.180175][ T3072] el0t_64_sync_handler+0x84/0xf0 [ 29.181470][ T3072] el0t_64_sync+0x190/0x194 [ 29.182520][ T3072] [ 29.183028][ T3072] -> (clock-AF_INET6){+++.}-{2:2} { [ 29.184257][ T3072] HARDIRQ-ON-W at: [ 29.185219][ T3072] lock_acquire+0x100/0x1f8 [ 29.186609][ T3072] _raw_write_lock_bh+0x54/0x6c [ 29.188204][ T3072] sk_common_release+0x58/0x1d4 [ 29.189673][ T3072] udp_lib_close+0x20/0x30 [ 29.191049][ T3072] inet_release+0xc8/0xe4 [ 29.192434][ T3072] inet6_release+0x3c/0x58 [ 29.193779][ T3072] sock_close+0x50/0xf0 [ 29.195094][ T3072] __fput+0x198/0x3e4 [ 29.196364][ T3072] ____fput+0x20/0x30 [ 29.197698][ T3072] task_work_run+0x100/0x148 [ 29.199125][ T3072] do_notify_resume+0x174/0x1f0 [ 29.200645][ T3072] el0_svc+0x9c/0x150 [ 29.202064][ T3072] el0t_64_sync_handler+0x84/0xf0 [ 29.203711][ T3072] el0t_64_sync+0x190/0x194 [ 29.205162][ T3072] HARDIRQ-ON-R at: [ 29.206077][ T3072] lock_acquire+0x100/0x1f8 [ 29.207486][ T3072] _raw_read_lock_bh+0x64/0x7c [ 29.208814][ T3072] sock_i_uid+0x24/0x58 [ 29.210212][ T3072] udp_lib_lport_inuse+0x44/0x268 [ 29.211939][ T3072] udp_lib_get_port+0x2bc/0x8f8 [ 29.213427][ T3072] udp_v6_get_port+0x60/0x74 [ 29.214869][ T3072] __inet6_bind+0x688/0x8ac [ 29.216270][ T3072] inet6_bind+0xf4/0x150 [ 29.217624][ T3072] __sys_bind+0x148/0x1b0 [ 29.219064][ T3072] __arm64_sys_bind+0x28/0x3c [ 29.220452][ T3072] el0_svc_common+0x138/0x220 [ 29.221820][ T3072] do_el0_svc+0x48/0x164 [ 29.223096][ T3072] el0_svc+0x58/0x150 [ 29.224497][ T3072] el0t_64_sync_handler+0x84/0xf0 [ 29.226244][ T3072] el0t_64_sync+0x190/0x194 [ 29.227707][ T3072] SOFTIRQ-ON-W at: [ 29.228568][ T3072] lock_acquire+0x100/0x1f8 [ 29.230029][ T3072] _raw_write_lock+0x54/0x6c [ 29.231517][ T3072] l2tp_tunnel_register+0x354/0x79c [ 29.233130][ T3072] pppol2tp_connect+0x3e8/0x6c4 [ 29.234601][ T3072] __sys_connect+0x184/0x190 [ 29.236042][ T3072] __arm64_sys_connect+0x28/0x3c [ 29.237542][ T3072] el0_svc_common+0x138/0x220 [ 29.238996][ T3072] do_el0_svc+0x48/0x164 [ 29.240400][ T3072] el0_svc+0x58/0x150 [ 29.241771][ T3072] el0t_64_sync_handler+0x84/0xf0 [ 29.243323][ T3072] el0t_64_sync+0x190/0x194 [ 29.244776][ T3072] INITIAL USE at: [ 29.245598][ T3072] lock_acquire+0x100/0x1f8 [ 29.247078][ T3072] _raw_write_lock_bh+0x54/0x6c [ 29.248578][ T3072] sk_common_release+0x58/0x1d4 [ 29.249994][ T3072] udp_lib_close+0x20/0x30 [ 29.251338][ T3072] inet_release+0xc8/0xe4 [ 29.252755][ T3072] inet6_release+0x3c/0x58 [ 29.254146][ T3072] sock_close+0x50/0xf0 [ 29.255467][ T3072] __fput+0x198/0x3e4 [ 29.256739][ T3072] ____fput+0x20/0x30 [ 29.258024][ T3072] task_work_run+0x100/0x148 [ 29.259341][ T3072] do_notify_resume+0x174/0x1f0 [ 29.260720][ T3072] el0_svc+0x9c/0x150 [ 29.262013][ T3072] el0t_64_sync_handler+0x84/0xf0 [ 29.263488][ T3072] el0t_64_sync+0x190/0x194 [ 29.264874][ T3072] INITIAL READ USE at: [ 29.265876][ T3072] lock_acquire+0x100/0x1f8 [ 29.267362][ T3072] _raw_read_lock_bh+0x64/0x7c [ 29.268979][ T3072] sock_i_uid+0x24/0x58 [ 29.270338][ T3072] udp_lib_lport_inuse+0x44/0x268 [ 29.271972][ T3072] udp_lib_get_port+0x2bc/0x8f8 [ 29.273568][ T3072] udp_v6_get_port+0x60/0x74 [ 29.275136][ T3072] __inet6_bind+0x688/0x8ac [ 29.276606][ T3072] inet6_bind+0xf4/0x150 [ 29.278011][ T3072] __sys_bind+0x148/0x1b0 [ 29.279508][ T3072] __arm64_sys_bind+0x28/0x3c [ 29.280950][ T3072] el0_svc_common+0x138/0x220 [ 29.282507][ T3072] do_el0_svc+0x48/0x164 [ 29.283869][ T3072] el0_svc+0x58/0x150 [ 29.285243][ T3072] el0t_64_sync_handler+0x84/0xf0 [ 29.286866][ T3072] el0t_64_sync+0x190/0x194 [ 29.288340][ T3072] } [ 29.288944][ T3072] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 29.290790][ T3072] ... acquired at: [ 29.291673][ T3072] mark_lock+0x154/0x1b4 [ 29.292724][ T3072] __lock_acquire+0x618/0x3084 [ 29.294008][ T3072] lock_acquire+0x100/0x1f8 [ 29.295148][ T3072] _raw_write_lock+0x54/0x6c [ 29.296271][ T3072] l2tp_tunnel_register+0x354/0x79c [ 29.297605][ T3072] pppol2tp_connect+0x3e8/0x6c4 [ 29.298762][ T3072] __sys_connect+0x184/0x190 [ 29.299855][ T3072] __arm64_sys_connect+0x28/0x3c [ 29.301046][ T3072] el0_svc_common+0x138/0x220 [ 29.302212][ T3072] do_el0_svc+0x48/0x164 [ 29.303237][ T3072] el0_svc+0x58/0x150 [ 29.304235][ T3072] el0t_64_sync_handler+0x84/0xf0 [ 29.305381][ T3072] el0t_64_sync+0x190/0x194 [ 29.306453][ T3072] [ 29.306978][ T3072] [ 29.306978][ T3072] stack backtrace: [ 29.308334][ T3072] CPU: 1 PID: 3072 Comm: syz-executor175 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 29.310790][ T3072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 29.313105][ T3072] Call trace: [ 29.313836][ T3072] dump_backtrace+0x1c4/0x1f0 [ 29.314853][ T3072] show_stack+0x2c/0x54 [ 29.315834][ T3072] dump_stack_lvl+0x104/0x16c [ 29.316994][ T3072] dump_stack+0x1c/0x58 [ 29.317877][ T3072] print_irq_inversion_bug+0x2f8/0x300 [ 29.319160][ T3072] mark_lock_irq+0x3ec/0x4b4 [ 29.320221][ T3072] mark_lock+0x154/0x1b4 [ 29.321152][ T3072] __lock_acquire+0x618/0x3084 [ 29.322297][ T3072] lock_acquire+0x100/0x1f8 [ 29.323296][ T3072] _raw_write_lock+0x54/0x6c [ 29.324426][ T3072] l2tp_tunnel_register+0x354/0x79c [ 29.325646][ T3072] pppol2tp_connect+0x3e8/0x6c4 [ 29.326741][ T3072] __sys_connect+0x184/0x190 [ 29.327829][ T3072] __arm64_sys_connect+0x28/0x3c [ 29.328933][ T3072] el0_svc_common+0x138/0x220 [ 29.330006][ T3072] do_el0_svc+0x48/0x164 [ 29.331123][ T3072] el0_svc+0x58/0x150 [ 29.332121][ T3072] el0t_64_sync_handler+0x84/0xf0 [ 29.333343][ T3072] el0t_64_sync+0x190/0x194 [ 29.334408][ T3072] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 29.336549][ T3072] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3072, name: syz-executor175 [ 29.338718][ T3072] preempt_count: 1, expected: 0 [ 29.339815][ T3072] RCU nest depth: 0, expected: 0 [ 29.340826][ T3072] INFO: lockdep is turned off. [ 29.341864][ T3072] Preemption disabled at: [ 29.341869][ T3072] [] l2tp_tunnel_register+0x354/0x79c [ 29.344294][ T3072] CPU: 1 PID: 3072 Comm: syz-executor175 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 29.346797][ T3072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 29.349122][ T3072] Call trace: [ 29.349918][ T3072] dump_backtrace+0x1c4/0x1f0 [ 29.350910][ T3072] show_stack+0x2c/0x54 [ 29.351954][ T3072] dump_stack_lvl+0x104/0x16c [ 29.353027][ T3072] dump_stack+0x1c/0x58 [ 29.353938][ T3072] __might_resched+0x208/0x218 [ 29.354951][ T3072] __might_sleep+0x48/0x78 [ 29.355951][ T3072] cpus_read_lock+0x28/0x1e0 [ 29.357006][ T3072] static_key_slow_inc+0x1c/0x38 [ 29.358088][ T3072] udpv6_encap_enable+0x1c/0x28 [ 29.359305][ T3072] setup_udp_tunnel_sock+0xec/0x124 [ 29.360568][ T3072] l2tp_tunnel_register+0x68c/0x79c [ 29.361762][ T3072] pppol2tp_connect+0x3e8/0x6c4 [ 29.362868][ T3072] __sys_connect+0x184/0x190 [ 29.363886][ T3072] __arm64_sys_connect+0x28/0x3c [ 29.365078][ T3072] el0_svc_common+0x138/0x220 [ 29.366287][ T3072] do_el0_svc+0x48/0x164 [ 29.367135][ T3072] el0_svc+0x58/0x150 [ 29.367827][ T3072] el0t_64_sync_handler+0x84/0xf0 [ 29.368693][ T3072] el0t_64_sync+0x190/0x194