Warning: Permanently added '10.128.0.235' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.909494][ T3073] [ 25.910172][ T3073] ======================================================== [ 25.912015][ T3073] WARNING: possible irq lock inversion dependency detected [ 25.913670][ T3073] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 25.915458][ T3073] -------------------------------------------------------- [ 25.917465][ T3073] syz-executor110/3073 just changed the state of lock: [ 25.919215][ T3073] ffff0000cb8fb0b8 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 25.921731][ T3073] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 25.923813][ T3073] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 25.923823][ T3073] [ 25.923823][ T3073] [ 25.923823][ T3073] and interrupts could create inverse lock ordering between them. [ 25.923823][ T3073] [ 25.929045][ T3073] [ 25.929045][ T3073] other info that might help us debug this: [ 25.931121][ T3073] Possible interrupt unsafe locking scenario: [ 25.931121][ T3073] [ 25.933267][ T3073] CPU0 CPU1 [ 25.934628][ T3073] ---- ---- [ 25.936039][ T3073] lock(clock-AF_INET6); [ 25.937124][ T3073] local_irq_disable(); [ 25.938888][ T3073] lock(&tcp_hashinfo.bhash[i].lock); [ 25.940995][ T3073] lock(clock-AF_INET6); [ 25.942763][ T3073] [ 25.943659][ T3073] lock(&tcp_hashinfo.bhash[i].lock); [ 25.945203][ T3073] [ 25.945203][ T3073] *** DEADLOCK *** [ 25.945203][ T3073] [ 25.947256][ T3073] 1 lock held by syz-executor110/3073: [ 25.948659][ T3073] #0: ffff0000cb7a3130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 25.951241][ T3073] [ 25.951241][ T3073] the shortest dependencies between 2nd lock and 1st lock: [ 25.953660][ T3073] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 25.955311][ T3073] HARDIRQ-ON-W at: [ 25.956312][ T3073] lock_acquire+0x100/0x1f8 [ 25.957913][ T3073] _raw_spin_lock_bh+0x54/0x6c [ 25.959614][ T3073] inet_csk_get_port+0xe0/0xaf0 [ 25.961385][ T3073] __inet6_bind+0x688/0x8ac [ 25.963038][ T3073] inet6_bind+0xf4/0x150 [ 25.964611][ T3073] rds_tcp_listen_init+0x14c/0x1f0 [ 25.966361][ T3073] rds_tcp_init_net+0xcc/0x1dc [ 25.968012][ T3073] ops_init+0xe4/0x2e4 [ 25.969608][ T3073] register_pernet_operations+0x108/0x264 [ 25.971558][ T3073] register_pernet_device+0x3c/0x94 [ 25.973350][ T3073] rds_tcp_init+0x74/0xe0 [ 25.974854][ T3073] do_one_initcall+0x118/0x22c [ 25.976511][ T3073] do_initcall_level+0xac/0xe4 [ 25.978154][ T3073] do_initcalls+0x58/0xa8 [ 25.979793][ T3073] do_basic_setup+0x20/0x2c [ 25.981374][ T3073] kernel_init_freeable+0xb8/0x148 [ 25.983118][ T3073] kernel_init+0x24/0x290 [ 25.984696][ T3073] ret_from_fork+0x10/0x20 [ 25.986287][ T3073] IN-SOFTIRQ-W at: [ 25.987305][ T3073] lock_acquire+0x100/0x1f8 [ 25.988944][ T3073] _raw_spin_lock+0x54/0x6c [ 25.990221][ T3073] __inet_inherit_port+0x124/0x9ac [ 25.991445][ T3073] tcp_v4_syn_recv_sock+0x790/0x848 [ 25.992667][ T3073] tcp_check_req+0x75c/0x8e4 [ 25.993803][ T3073] tcp_v4_rcv+0xad4/0x11e8 [ 25.995090][ T3073] ip_protocol_deliver_rcu+0x224/0x414 [ 25.996987][ T3073] ip_local_deliver_finish+0x124/0x200 [ 25.998827][ T3073] ip_local_deliver+0xd0/0xf4 [ 26.000483][ T3073] ip_sublist_rcv+0x40c/0x474 [ 26.002177][ T3073] ip_list_rcv+0x184/0x1c8 [ 26.003772][ T3073] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 26.005715][ T3073] __netif_receive_skb_list+0x16c/0x1d0 [ 26.007600][ T3073] netif_receive_skb_list_internal+0x1e8/0x340 [ 26.009595][ T3073] napi_complete_done+0x140/0x354 [ 26.010799][ T3073] gve_napi_poll+0xcc/0x1b4 [ 26.011920][ T3073] __napi_poll+0x5c/0x24c [ 26.013515][ T3073] napi_poll+0x110/0x484 [ 26.015062][ T3073] net_rx_action+0x18c/0x414 [ 26.016666][ T3073] _stext+0x168/0x37c [ 26.018185][ T3073] ____do_softirq+0x14/0x20 [ 26.019813][ T3073] call_on_irq_stack+0x2c/0x54 [ 26.021435][ T3073] do_softirq_own_stack+0x20/0x2c [ 26.023119][ T3073] invoke_softirq+0x70/0xbc [ 26.024389][ T3073] __irq_exit_rcu+0xf0/0x140 [ 26.025572][ T3073] irq_exit_rcu+0x10/0x40 [ 26.026900][ T3073] el1_interrupt+0x38/0x68 [ 26.028141][ T3073] el1h_64_irq_handler+0x18/0x24 [ 26.029789][ T3073] el1h_64_irq+0x64/0x68 [ 26.031302][ T3073] arch_local_irq_enable+0xc/0x18 [ 26.033060][ T3073] default_idle_call+0x48/0xb8 [ 26.034767][ T3073] do_idle+0x110/0x2d4 [ 26.036218][ T3073] cpu_startup_entry+0x24/0x28 [ 26.037917][ T3073] kernel_init+0x0/0x290 [ 26.039434][ T3073] start_kernel+0x0/0x620 [ 26.040901][ T3073] start_kernel+0x450/0x620 [ 26.042006][ T3073] __primary_switched+0xb4/0xbc [ 26.043169][ T3073] INITIAL USE at: [ 26.043889][ T3073] lock_acquire+0x100/0x1f8 [ 26.045011][ T3073] _raw_spin_lock_bh+0x54/0x6c [ 26.046458][ T3073] inet_csk_get_port+0xe0/0xaf0 [ 26.048169][ T3073] __inet6_bind+0x688/0x8ac [ 26.049774][ T3073] inet6_bind+0xf4/0x150 [ 26.051253][ T3073] rds_tcp_listen_init+0x14c/0x1f0 [ 26.052946][ T3073] rds_tcp_init_net+0xcc/0x1dc [ 26.054685][ T3073] ops_init+0xe4/0x2e4 [ 26.056246][ T3073] register_pernet_operations+0x108/0x264 [ 26.058207][ T3073] register_pernet_device+0x3c/0x94 [ 26.059903][ T3073] rds_tcp_init+0x74/0xe0 [ 26.060999][ T3073] do_one_initcall+0x118/0x22c [ 26.062276][ T3073] do_initcall_level+0xac/0xe4 [ 26.063665][ T3073] do_initcalls+0x58/0xa8 [ 26.065076][ T3073] do_basic_setup+0x20/0x2c [ 26.066692][ T3073] kernel_init_freeable+0xb8/0x148 [ 26.068400][ T3073] kernel_init+0x24/0x290 [ 26.069942][ T3073] ret_from_fork+0x10/0x20 [ 26.071515][ T3073] } [ 26.072170][ T3073] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 26.074222][ T3073] ... acquired at: [ 26.075199][ T3073] _raw_read_lock_bh+0x64/0x7c [ 26.076413][ T3073] sock_i_uid+0x24/0x58 [ 26.077522][ T3073] inet_csk_get_port+0x674/0xaf0 [ 26.078763][ T3073] __inet6_bind+0x688/0x8ac [ 26.079912][ T3073] inet6_bind+0xf4/0x150 [ 26.080783][ T3073] __sys_bind+0x148/0x1b0 [ 26.081592][ T3073] __arm64_sys_bind+0x28/0x3c [ 26.082489][ T3073] el0_svc_common+0x138/0x220 [ 26.083362][ T3073] do_el0_svc+0x48/0x164 [ 26.084131][ T3073] el0_svc+0x58/0x150 [ 26.085061][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 26.086374][ T3073] el0t_64_sync+0x190/0x194 [ 26.087515][ T3073] [ 26.088159][ T3073] -> (clock-AF_INET6){+++.}-{2:2} { [ 26.089500][ T3073] HARDIRQ-ON-W at: [ 26.090269][ T3073] lock_acquire+0x100/0x1f8 [ 26.091406][ T3073] _raw_write_lock_bh+0x54/0x6c [ 26.092873][ T3073] sk_common_release+0x58/0x1d4 [ 26.094542][ T3073] udp_lib_close+0x20/0x30 [ 26.096129][ T3073] inet_release+0xc8/0xe4 [ 26.097605][ T3073] inet6_release+0x3c/0x58 [ 26.099175][ T3073] sock_close+0x50/0xf0 [ 26.100674][ T3073] __fput+0x198/0x3e4 [ 26.102197][ T3073] ____fput+0x20/0x30 [ 26.103586][ T3073] task_work_run+0x100/0x148 [ 26.105220][ T3073] do_notify_resume+0x174/0x1f0 [ 26.106896][ T3073] el0_svc+0x9c/0x150 [ 26.108321][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 26.110028][ T3073] el0t_64_sync+0x190/0x194 [ 26.111586][ T3073] HARDIRQ-ON-R at: [ 26.112619][ T3073] lock_acquire+0x100/0x1f8 [ 26.114277][ T3073] _raw_read_lock_bh+0x64/0x7c [ 26.115894][ T3073] sock_i_uid+0x24/0x58 [ 26.117400][ T3073] udp_lib_lport_inuse+0x44/0x268 [ 26.119080][ T3073] udp_lib_get_port+0x2bc/0x8f8 [ 26.120781][ T3073] udp_v6_get_port+0x60/0x74 [ 26.121920][ T3073] __inet6_bind+0x688/0x8ac [ 26.123013][ T3073] inet6_bind+0xf4/0x150 [ 26.124062][ T3073] __sys_bind+0x148/0x1b0 [ 26.125438][ T3073] __arm64_sys_bind+0x28/0x3c [ 26.127092][ T3073] el0_svc_common+0x138/0x220 [ 26.128741][ T3073] do_el0_svc+0x48/0x164 [ 26.130321][ T3073] el0_svc+0x58/0x150 [ 26.131766][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 26.132953][ T3073] el0t_64_sync+0x190/0x194 [ 26.134192][ T3073] SOFTIRQ-ON-W at: [ 26.134949][ T3073] lock_acquire+0x100/0x1f8 [ 26.136289][ T3073] _raw_write_lock+0x54/0x6c [ 26.137948][ T3073] l2tp_tunnel_register+0x354/0x79c [ 26.139843][ T3073] pppol2tp_connect+0x3e8/0x6c4 [ 26.141170][ T3073] __sys_connect+0x184/0x190 [ 26.142293][ T3073] __arm64_sys_connect+0x28/0x3c [ 26.144035][ T3073] el0_svc_common+0x138/0x220 [ 26.145627][ T3073] do_el0_svc+0x48/0x164 [ 26.147153][ T3073] el0_svc+0x58/0x150 [ 26.148584][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 26.150475][ T3073] el0t_64_sync+0x190/0x194 [ 26.152090][ T3073] INITIAL USE at: [ 26.153099][ T3073] lock_acquire+0x100/0x1f8 [ 26.154691][ T3073] _raw_write_lock_bh+0x54/0x6c [ 26.156297][ T3073] sk_common_release+0x58/0x1d4 [ 26.157931][ T3073] udp_lib_close+0x20/0x30 [ 26.159492][ T3073] inet_release+0xc8/0xe4 [ 26.161032][ T3073] inet6_release+0x3c/0x58 [ 26.162272][ T3073] sock_close+0x50/0xf0 [ 26.163333][ T3073] __fput+0x198/0x3e4 [ 26.164362][ T3073] ____fput+0x20/0x30 [ 26.165422][ T3073] task_work_run+0x100/0x148 [ 26.166550][ T3073] do_notify_resume+0x174/0x1f0 [ 26.168251][ T3073] el0_svc+0x9c/0x150 [ 26.169744][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 26.171477][ T3073] el0t_64_sync+0x190/0x194 [ 26.173009][ T3073] INITIAL READ USE at: [ 26.174065][ T3073] lock_acquire+0x100/0x1f8 [ 26.175677][ T3073] _raw_read_lock_bh+0x64/0x7c [ 26.177354][ T3073] sock_i_uid+0x24/0x58 [ 26.178918][ T3073] udp_lib_lport_inuse+0x44/0x268 [ 26.180737][ T3073] udp_lib_get_port+0x2bc/0x8f8 [ 26.182500][ T3073] udp_v6_get_port+0x60/0x74 [ 26.184032][ T3073] __inet6_bind+0x688/0x8ac [ 26.185176][ T3073] inet6_bind+0xf4/0x150 [ 26.186277][ T3073] __sys_bind+0x148/0x1b0 [ 26.187385][ T3073] __arm64_sys_bind+0x28/0x3c [ 26.189126][ T3073] el0_svc_common+0x138/0x220 [ 26.190841][ T3073] do_el0_svc+0x48/0x164 [ 26.192301][ T3073] el0_svc+0x58/0x150 [ 26.193824][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 26.195588][ T3073] el0t_64_sync+0x190/0x194 [ 26.197227][ T3073] } [ 26.197860][ T3073] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 26.199949][ T3073] ... acquired at: [ 26.200961][ T3073] mark_lock+0x154/0x1b4 [ 26.202107][ T3073] __lock_acquire+0x618/0x3084 [ 26.203392][ T3073] lock_acquire+0x100/0x1f8 [ 26.204604][ T3073] _raw_write_lock+0x54/0x6c [ 26.205798][ T3073] l2tp_tunnel_register+0x354/0x79c [ 26.207150][ T3073] pppol2tp_connect+0x3e8/0x6c4 [ 26.208425][ T3073] __sys_connect+0x184/0x190 [ 26.209683][ T3073] __arm64_sys_connect+0x28/0x3c [ 26.210965][ T3073] el0_svc_common+0x138/0x220 [ 26.212162][ T3073] do_el0_svc+0x48/0x164 [ 26.213339][ T3073] el0_svc+0x58/0x150 [ 26.214361][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 26.215681][ T3073] el0t_64_sync+0x190/0x194 [ 26.216910][ T3073] [ 26.217464][ T3073] [ 26.217464][ T3073] stack backtrace: [ 26.218955][ T3073] CPU: 1 PID: 3073 Comm: syz-executor110 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 26.221664][ T3073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 26.224316][ T3073] Call trace: [ 26.225165][ T3073] dump_backtrace+0x1c4/0x1f0 [ 26.226403][ T3073] show_stack+0x2c/0x54 [ 26.227453][ T3073] dump_stack_lvl+0x104/0x16c [ 26.228653][ T3073] dump_stack+0x1c/0x58 [ 26.229476][ T3073] print_irq_inversion_bug+0x2f8/0x300 [ 26.230439][ T3073] mark_lock_irq+0x3ec/0x4b4 [ 26.231262][ T3073] mark_lock+0x154/0x1b4 [ 26.231999][ T3073] __lock_acquire+0x618/0x3084 [ 26.232974][ T3073] lock_acquire+0x100/0x1f8 [ 26.234150][ T3073] _raw_write_lock+0x54/0x6c [ 26.235343][ T3073] l2tp_tunnel_register+0x354/0x79c [ 26.236657][ T3073] pppol2tp_connect+0x3e8/0x6c4 [ 26.237928][ T3073] __sys_connect+0x184/0x190 [ 26.239122][ T3073] __arm64_sys_connect+0x28/0x3c [ 26.240421][ T3073] el0_svc_common+0x138/0x220 [ 26.241620][ T3073] do_el0_svc+0x48/0x164 [ 26.242701][ T3073] el0_svc+0x58/0x150 [ 26.243734][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 26.244820][ T3073] el0t_64_sync+0x190/0x194 [ 26.245667][ T3073] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 26.247316][ T3073] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3073, name: syz-executor110 [ 26.249103][ T3073] preempt_count: 1, expected: 0 [ 26.250374][ T3073] RCU nest depth: 0, expected: 0 [ 26.251589][ T3073] INFO: lockdep is turned off. [ 26.252853][ T3073] Preemption disabled at: [ 26.252858][ T3073] [] l2tp_tunnel_register+0x354/0x79c [ 26.255742][ T3073] CPU: 1 PID: 3073 Comm: syz-executor110 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 26.258378][ T3073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 26.260878][ T3073] Call trace: [ 26.261665][ T3073] dump_backtrace+0x1c4/0x1f0 [ 26.262450][ T3073] show_stack+0x2c/0x54 [ 26.263204][ T3073] dump_stack_lvl+0x104/0x16c [ 26.264013][ T3073] dump_stack+0x1c/0x58 [ 26.264722][ T3073] __might_resched+0x208/0x218 [ 26.265595][ T3073] __might_sleep+0x48/0x78 [ 26.266442][ T3073] cpus_read_lock+0x28/0x1e0 [ 26.267531][ T3073] static_key_slow_inc+0x1c/0x38 [ 26.268898][ T3073] udpv6_encap_enable+0x1c/0x28 [ 26.270162][ T3073] setup_udp_tunnel_sock+0xec/0x124 [ 26.271157][ T3073] l2tp_tunnel_register+0x68c/0x79c [ 26.272074][ T3073] pppol2tp_connect+0x3e8/0x6c4 [ 26.273106][ T3073] __sys_connect+0x184/0x190 [ 26.274271][ T3073] __arm64_sys_connect+0x28/0x3c [ 26.275609][ T3073] el0_svc_common+0x138/0x220 [ 26.276791][ T3073] do_el0_svc+0x48/0x164 [ 26.277924][ T3073] el0_svc+0x58/0x150 [ 26.278910][ T3073] el0t_64_sync_handler+0x84/0xf0 [ 26.280149][ T3073] el0t_64_sync+0x190/0x194