[ 9.987483][ T2660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 9.991287][ T2660] eql: remember to turn off Van-Jacobson compression on your slave devices [ 10.018201][ T49] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 10.019796][ T2569] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.344468][ T3081] [ 26.345115][ T3081] ======================================================== [ 26.347258][ T3081] WARNING: possible irq lock inversion dependency detected [ 26.349214][ T3081] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 26.351107][ T3081] -------------------------------------------------------- [ 26.353088][ T3081] syz-executor193/3081 just changed the state of lock: [ 26.354972][ T3081] ffff0000cb9821b8 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 26.357607][ T3081] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 26.359781][ T3081] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 26.359791][ T3081] [ 26.359791][ T3081] [ 26.359791][ T3081] and interrupts could create inverse lock ordering between them. [ 26.359791][ T3081] [ 26.365443][ T3081] [ 26.365443][ T3081] other info that might help us debug this: [ 26.367618][ T3081] Possible interrupt unsafe locking scenario: [ 26.367618][ T3081] [ 26.369892][ T3081] CPU0 CPU1 [ 26.371328][ T3081] ---- ---- [ 26.372748][ T3081] lock(clock-AF_INET6); [ 26.373928][ T3081] local_irq_disable(); [ 26.375761][ T3081] lock(&tcp_hashinfo.bhash[i].lock); [ 26.377921][ T3081] lock(clock-AF_INET6); [ 26.379746][ T3081] [ 26.380643][ T3081] lock(&tcp_hashinfo.bhash[i].lock); [ 26.382153][ T3081] [ 26.382153][ T3081] *** DEADLOCK *** [ 26.382153][ T3081] [ 26.384309][ T3081] 1 lock held by syz-executor193/3081: [ 26.385860][ T3081] #0: ffff0000cb8b1930 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 26.388533][ T3081] [ 26.388533][ T3081] the shortest dependencies between 2nd lock and 1st lock: [ 26.391082][ T3081] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 26.392906][ T3081] HARDIRQ-ON-W at: [ 26.394060][ T3081] lock_acquire+0x100/0x1f8 [ 26.395792][ T3081] _raw_spin_lock_bh+0x54/0x6c [ 26.397755][ T3081] inet_csk_get_port+0xe0/0xaf0 [ 26.399788][ T3081] __inet6_bind+0x688/0x8ac [ 26.401494][ T3081] inet6_bind+0xf4/0x150 [ 26.403184][ T3081] rds_tcp_listen_init+0x14c/0x1f0 [ 26.405037][ T3081] rds_tcp_init_net+0xcc/0x1dc [ 26.406891][ T3081] ops_init+0xe4/0x2e4 [ 26.408288][ T3081] register_pernet_operations+0x108/0x264 [ 26.410317][ T3081] register_pernet_device+0x3c/0x94 [ 26.412260][ T3081] rds_tcp_init+0x74/0xe0 [ 26.414006][ T3081] do_one_initcall+0x118/0x22c [ 26.415758][ T3081] do_initcall_level+0xac/0xe4 [ 26.417515][ T3081] do_initcalls+0x58/0xa8 [ 26.419190][ T3081] do_basic_setup+0x20/0x2c [ 26.420881][ T3081] kernel_init_freeable+0xb8/0x148 [ 26.422729][ T3081] kernel_init+0x24/0x290 [ 26.424395][ T3081] ret_from_fork+0x10/0x20 [ 26.426044][ T3081] IN-SOFTIRQ-W at: [ 26.427099][ T3081] lock_acquire+0x100/0x1f8 [ 26.428781][ T3081] _raw_spin_lock+0x54/0x6c [ 26.430537][ T3081] __inet_inherit_port+0x124/0x9ac [ 26.432203][ T3081] tcp_v4_syn_recv_sock+0x790/0x848 [ 26.433991][ T3081] tcp_check_req+0x75c/0x8e4 [ 26.435818][ T3081] tcp_v4_rcv+0xad4/0x11e8 [ 26.437389][ T3081] ip_protocol_deliver_rcu+0x224/0x414 [ 26.439382][ T3081] ip_local_deliver_finish+0x124/0x200 [ 26.441314][ T3081] ip_local_deliver+0xd0/0xf4 [ 26.443099][ T3081] ip_sublist_rcv+0x40c/0x474 [ 26.444871][ T3081] ip_list_rcv+0x184/0x1c8 [ 26.446531][ T3081] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 26.448620][ T3081] __netif_receive_skb_list+0x16c/0x1d0 [ 26.450837][ T3081] netif_receive_skb_list_internal+0x1e8/0x340 [ 26.453043][ T3081] napi_complete_done+0x140/0x354 [ 26.454889][ T3081] gve_napi_poll+0xcc/0x1b4 [ 26.456560][ T3081] __napi_poll+0x5c/0x24c [ 26.458214][ T3081] napi_poll+0x110/0x484 [ 26.459852][ T3081] net_rx_action+0x18c/0x414 [ 26.461523][ T3081] _stext+0x168/0x37c [ 26.463122][ T3081] ____do_softirq+0x14/0x20 [ 26.464860][ T3081] call_on_irq_stack+0x2c/0x54 [ 26.466667][ T3081] do_softirq_own_stack+0x20/0x2c [ 26.468530][ T3081] invoke_softirq+0x70/0xbc [ 26.470200][ T3081] __irq_exit_rcu+0xf0/0x140 [ 26.471991][ T3081] irq_exit_rcu+0x10/0x40 [ 26.473614][ T3081] el1_interrupt+0x38/0x68 [ 26.475221][ T3081] el1h_64_irq_handler+0x18/0x24 [ 26.477063][ T3081] el1h_64_irq+0x64/0x68 [ 26.478691][ T3081] arch_local_irq_enable+0xc/0x18 [ 26.480547][ T3081] default_idle_call+0x48/0xb8 [ 26.482363][ T3081] do_idle+0x110/0x2d4 [ 26.484062][ T3081] cpu_startup_entry+0x24/0x28 [ 26.485747][ T3081] kernel_init+0x0/0x290 [ 26.487378][ T3081] start_kernel+0x0/0x620 [ 26.489095][ T3081] start_kernel+0x450/0x620 [ 26.490841][ T3081] __primary_switched+0xb4/0xbc [ 26.492649][ T3081] INITIAL USE at: [ 26.493708][ T3081] lock_acquire+0x100/0x1f8 [ 26.495466][ T3081] _raw_spin_lock_bh+0x54/0x6c [ 26.497233][ T3081] inet_csk_get_port+0xe0/0xaf0 [ 26.498989][ T3081] __inet6_bind+0x688/0x8ac [ 26.500709][ T3081] inet6_bind+0xf4/0x150 [ 26.502477][ T3081] rds_tcp_listen_init+0x14c/0x1f0 [ 26.504382][ T3081] rds_tcp_init_net+0xcc/0x1dc [ 26.506203][ T3081] ops_init+0xe4/0x2e4 [ 26.507631][ T3081] register_pernet_operations+0x108/0x264 [ 26.509799][ T3081] register_pernet_device+0x3c/0x94 [ 26.511721][ T3081] rds_tcp_init+0x74/0xe0 [ 26.513450][ T3081] do_one_initcall+0x118/0x22c [ 26.515197][ T3081] do_initcall_level+0xac/0xe4 [ 26.516998][ T3081] do_initcalls+0x58/0xa8 [ 26.518598][ T3081] do_basic_setup+0x20/0x2c [ 26.520296][ T3081] kernel_init_freeable+0xb8/0x148 [ 26.522166][ T3081] kernel_init+0x24/0x290 [ 26.523916][ T3081] ret_from_fork+0x10/0x20 [ 26.525424][ T3081] } [ 26.526033][ T3081] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 26.528192][ T3081] ... acquired at: [ 26.529242][ T3081] _raw_read_lock_bh+0x64/0x7c [ 26.530578][ T3081] sock_i_uid+0x24/0x58 [ 26.531696][ T3081] inet_csk_get_port+0x674/0xaf0 [ 26.533152][ T3081] __inet6_bind+0x688/0x8ac [ 26.534439][ T3081] inet6_bind+0xf4/0x150 [ 26.535580][ T3081] __sys_bind+0x148/0x1b0 [ 26.536807][ T3081] __arm64_sys_bind+0x28/0x3c [ 26.538160][ T3081] el0_svc_common+0x138/0x220 [ 26.539426][ T3081] do_el0_svc+0x48/0x164 [ 26.540570][ T3081] el0_svc+0x58/0x150 [ 26.541718][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 26.543174][ T3081] el0t_64_sync+0x190/0x194 [ 26.544400][ T3081] [ 26.545019][ T3081] -> (clock-AF_INET6){+++.}-{2:2} { [ 26.546426][ T3081] HARDIRQ-ON-W at: [ 26.547500][ T3081] lock_acquire+0x100/0x1f8 [ 26.549129][ T3081] _raw_write_lock_bh+0x54/0x6c [ 26.550963][ T3081] sk_common_release+0x58/0x1d4 [ 26.552721][ T3081] udp_lib_close+0x20/0x30 [ 26.554396][ T3081] inet_release+0xc8/0xe4 [ 26.556027][ T3081] inet6_release+0x3c/0x58 [ 26.557650][ T3081] sock_close+0x50/0xf0 [ 26.559249][ T3081] __fput+0x198/0x3e4 [ 26.560781][ T3081] ____fput+0x20/0x30 [ 26.562257][ T3081] task_work_run+0x100/0x148 [ 26.563949][ T3081] do_notify_resume+0x174/0x1f0 [ 26.565657][ T3081] el0_svc+0x9c/0x150 [ 26.567165][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 26.568950][ T3081] el0t_64_sync+0x190/0x194 [ 26.570601][ T3081] HARDIRQ-ON-R at: [ 26.571676][ T3081] lock_acquire+0x100/0x1f8 [ 26.573356][ T3081] _raw_read_lock_bh+0x64/0x7c [ 26.575113][ T3081] sock_i_uid+0x24/0x58 [ 26.576648][ T3081] udp_lib_lport_inuse+0x44/0x268 [ 26.578648][ T3081] udp_lib_get_port+0x2bc/0x8f8 [ 26.580461][ T3081] udp_v6_get_port+0x60/0x74 [ 26.581984][ T3081] __inet6_bind+0x688/0x8ac [ 26.583487][ T3081] inet6_bind+0xf4/0x150 [ 26.585093][ T3081] __sys_bind+0x148/0x1b0 [ 26.586726][ T3081] __arm64_sys_bind+0x28/0x3c [ 26.588368][ T3081] el0_svc_common+0x138/0x220 [ 26.590100][ T3081] do_el0_svc+0x48/0x164 [ 26.591740][ T3081] el0_svc+0x58/0x150 [ 26.593137][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 26.595008][ T3081] el0t_64_sync+0x190/0x194 [ 26.596695][ T3081] SOFTIRQ-ON-W at: [ 26.597730][ T3081] lock_acquire+0x100/0x1f8 [ 26.599380][ T3081] _raw_write_lock+0x54/0x6c [ 26.601058][ T3081] l2tp_tunnel_register+0x354/0x79c [ 26.602888][ T3081] pppol2tp_connect+0x3e8/0x6c4 [ 26.604706][ T3081] __sys_connect+0x184/0x190 [ 26.606446][ T3081] __arm64_sys_connect+0x28/0x3c [ 26.608254][ T3081] el0_svc_common+0x138/0x220 [ 26.609958][ T3081] do_el0_svc+0x48/0x164 [ 26.611642][ T3081] el0_svc+0x58/0x150 [ 26.613210][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 26.615015][ T3081] el0t_64_sync+0x190/0x194 [ 26.616698][ T3081] INITIAL USE at: [ 26.617743][ T3081] lock_acquire+0x100/0x1f8 [ 26.619421][ T3081] _raw_write_lock_bh+0x54/0x6c [ 26.621115][ T3081] sk_common_release+0x58/0x1d4 [ 26.622805][ T3081] udp_lib_close+0x20/0x30 [ 26.624404][ T3081] inet_release+0xc8/0xe4 [ 26.625962][ T3081] inet6_release+0x3c/0x58 [ 26.627514][ T3081] sock_close+0x50/0xf0 [ 26.629012][ T3081] __fput+0x198/0x3e4 [ 26.630498][ T3081] ____fput+0x20/0x30 [ 26.631991][ T3081] task_work_run+0x100/0x148 [ 26.633644][ T3081] do_notify_resume+0x174/0x1f0 [ 26.635363][ T3081] el0_svc+0x9c/0x150 [ 26.636839][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 26.638584][ T3081] el0t_64_sync+0x190/0x194 [ 26.640183][ T3081] INITIAL READ USE at: [ 26.641364][ T3081] lock_acquire+0x100/0x1f8 [ 26.643112][ T3081] _raw_read_lock_bh+0x64/0x7c [ 26.644927][ T3081] sock_i_uid+0x24/0x58 [ 26.646599][ T3081] udp_lib_lport_inuse+0x44/0x268 [ 26.648452][ T3081] udp_lib_get_port+0x2bc/0x8f8 [ 26.650297][ T3081] udp_v6_get_port+0x60/0x74 [ 26.652063][ T3081] __inet6_bind+0x688/0x8ac [ 26.653834][ T3081] inet6_bind+0xf4/0x150 [ 26.655488][ T3081] __sys_bind+0x148/0x1b0 [ 26.657227][ T3081] __arm64_sys_bind+0x28/0x3c [ 26.659033][ T3081] el0_svc_common+0x138/0x220 [ 26.660836][ T3081] do_el0_svc+0x48/0x164 [ 26.662580][ T3081] el0_svc+0x58/0x150 [ 26.664194][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 26.666050][ T3081] el0t_64_sync+0x190/0x194 [ 26.667764][ T3081] } [ 26.668407][ T3081] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 26.670566][ T3081] ... acquired at: [ 26.671601][ T3081] mark_lock+0x154/0x1b4 [ 26.672832][ T3081] __lock_acquire+0x618/0x3084 [ 26.674152][ T3081] lock_acquire+0x100/0x1f8 [ 26.675400][ T3081] _raw_write_lock+0x54/0x6c [ 26.676728][ T3081] l2tp_tunnel_register+0x354/0x79c [ 26.678229][ T3081] pppol2tp_connect+0x3e8/0x6c4 [ 26.679602][ T3081] __sys_connect+0x184/0x190 [ 26.680916][ T3081] __arm64_sys_connect+0x28/0x3c [ 26.682253][ T3081] el0_svc_common+0x138/0x220 [ 26.683565][ T3081] do_el0_svc+0x48/0x164 [ 26.684855][ T3081] el0_svc+0x58/0x150 [ 26.685869][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 26.687144][ T3081] el0t_64_sync+0x190/0x194 [ 26.688294][ T3081] [ 26.688851][ T3081] [ 26.688851][ T3081] stack backtrace: [ 26.690484][ T3081] CPU: 0 PID: 3081 Comm: syz-executor193 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 26.693339][ T3081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 26.696098][ T3081] Call trace: [ 26.696877][ T3081] dump_backtrace+0x1c4/0x1f0 [ 26.698029][ T3081] show_stack+0x2c/0x54 [ 26.699064][ T3081] dump_stack_lvl+0x104/0x16c [ 26.700319][ T3081] dump_stack+0x1c/0x58 [ 26.701634][ T3081] print_irq_inversion_bug+0x2f8/0x300 [ 26.703133][ T3081] mark_lock_irq+0x3ec/0x4b4 [ 26.704376][ T3081] mark_lock+0x154/0x1b4 [ 26.705519][ T3081] __lock_acquire+0x618/0x3084 [ 26.706805][ T3081] lock_acquire+0x100/0x1f8 [ 26.708040][ T3081] _raw_write_lock+0x54/0x6c [ 26.709290][ T3081] l2tp_tunnel_register+0x354/0x79c [ 26.710680][ T3081] pppol2tp_connect+0x3e8/0x6c4 [ 26.711979][ T3081] __sys_connect+0x184/0x190 [ 26.713258][ T3081] __arm64_sys_connect+0x28/0x3c [ 26.714583][ T3081] el0_svc_common+0x138/0x220 [ 26.715874][ T3081] do_el0_svc+0x48/0x164 [ 26.716999][ T3081] el0_svc+0x58/0x150 [ 26.718077][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 26.719447][ T3081] el0t_64_sync+0x190/0x194 [ 26.720838][ T3081] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 26.723412][ T3081] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3081, name: syz-executor193 [ 26.725807][ T3081] preempt_count: 1, expected: 0 [ 26.727047][ T3081] RCU nest depth: 0, expected: 0 [ 26.728293][ T3081] INFO: lockdep is turned off. [ 26.729493][ T3081] Preemption disabled at: [ 26.729499][ T3081] [] l2tp_tunnel_register+0x354/0x79c [ 26.732324][ T3081] CPU: 0 PID: 3081 Comm: syz-executor193 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 26.735066][ T3081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 26.737686][ T3081] Call trace: [ 26.738510][ T3081] dump_backtrace+0x1c4/0x1f0 [ 26.739722][ T3081] show_stack+0x2c/0x54 [ 26.740792][ T3081] dump_stack_lvl+0x104/0x16c [ 26.741982][ T3081] dump_stack+0x1c/0x58 [ 26.743061][ T3081] __might_resched+0x208/0x218 [ 26.744360][ T3081] __might_sleep+0x48/0x78 [ 26.745411][ T3081] cpus_read_lock+0x28/0x1e0 [ 26.746491][ T3081] static_key_slow_inc+0x1c/0x38 [ 26.747649][ T3081] udpv6_encap_enable+0x1c/0x28 [ 26.748958][ T3081] setup_udp_tunnel_sock+0xec/0x124 [ 26.750373][ T3081] l2tp_tunnel_register+0x68c/0x79c [ 26.751752][ T3081] pppol2tp_connect+0x3e8/0x6c4 [ 26.753020][ T3081] __sys_connect+0x184/0x190 [ 26.754298][ T3081] __arm64_sys_connect+0x28/0x3c [ 26.755599][ T3