Warning: Permanently added '10.128.10.57' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.700114][ T3074] [ 33.700747][ T3074] ======================================================== [ 33.702653][ T3074] WARNING: possible irq lock inversion dependency detected [ 33.704722][ T3074] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 33.706587][ T3074] -------------------------------------------------------- [ 33.708489][ T3074] syz-executor602/3074 just changed the state of lock: [ 33.710502][ T3074] ffff0000cadeceb8 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 33.713081][ T3074] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 33.715239][ T3074] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 33.715248][ T3074] [ 33.715248][ T3074] [ 33.715248][ T3074] and interrupts could create inverse lock ordering between them. [ 33.715248][ T3074] [ 33.720866][ T3074] [ 33.720866][ T3074] other info that might help us debug this: [ 33.723052][ T3074] Possible interrupt unsafe locking scenario: [ 33.723052][ T3074] [ 33.725294][ T3074] CPU0 CPU1 [ 33.726781][ T3074] ---- ---- [ 33.728209][ T3074] lock(clock-AF_INET6); [ 33.729389][ T3074] local_irq_disable(); [ 33.731242][ T3074] lock(&tcp_hashinfo.bhash[i].lock); [ 33.733508][ T3074] lock(clock-AF_INET6); [ 33.735309][ T3074] [ 33.736207][ T3074] lock(&tcp_hashinfo.bhash[i].lock); [ 33.737679][ T3074] [ 33.737679][ T3074] *** DEADLOCK *** [ 33.737679][ T3074] [ 33.740057][ T3074] 1 lock held by syz-executor602/3074: [ 33.741556][ T3074] #0: ffff0000cade0930 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 33.744235][ T3074] [ 33.744235][ T3074] the shortest dependencies between 2nd lock and 1st lock: [ 33.746843][ T3074] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 33.748589][ T3074] HARDIRQ-ON-W at: [ 33.749677][ T3074] lock_acquire+0x100/0x1f8 [ 33.751363][ T3074] _raw_spin_lock_bh+0x54/0x6c [ 33.753114][ T3074] inet_csk_get_port+0xe0/0xaf0 [ 33.754900][ T3074] __inet6_bind+0x688/0x8ac [ 33.756614][ T3074] inet6_bind+0xf4/0x150 [ 33.758209][ T3074] rds_tcp_listen_init+0x14c/0x1f0 [ 33.760077][ T3074] rds_tcp_init_net+0xcc/0x1dc [ 33.761829][ T3074] ops_init+0xe4/0x2e4 [ 33.763436][ T3074] register_pernet_operations+0x108/0x264 [ 33.765443][ T3074] register_pernet_device+0x3c/0x94 [ 33.767334][ T3074] rds_tcp_init+0x74/0xe0 [ 33.769009][ T3074] do_one_initcall+0x118/0x22c [ 33.770726][ T3074] do_initcall_level+0xac/0xe4 [ 33.772424][ T3074] do_initcalls+0x58/0xa8 [ 33.774077][ T3074] do_basic_setup+0x20/0x2c [ 33.775753][ T3074] kernel_init_freeable+0xb8/0x148 [ 33.777543][ T3074] kernel_init+0x24/0x290 [ 33.779171][ T3074] ret_from_fork+0x10/0x20 [ 33.780831][ T3074] IN-SOFTIRQ-W at: [ 33.781783][ T3074] lock_acquire+0x100/0x1f8 [ 33.783410][ T3074] _raw_spin_lock+0x54/0x6c [ 33.785144][ T3074] __inet_inherit_port+0x124/0x9ac [ 33.787039][ T3074] tcp_v4_syn_recv_sock+0x790/0x848 [ 33.788908][ T3074] tcp_check_req+0x75c/0x8e4 [ 33.790730][ T3074] tcp_v4_rcv+0xad4/0x11e8 [ 33.792376][ T3074] ip_protocol_deliver_rcu+0x224/0x414 [ 33.794332][ T3074] ip_local_deliver_finish+0x124/0x200 [ 33.796258][ T3074] ip_local_deliver+0xd0/0xf4 [ 33.798000][ T3074] ip_sublist_rcv+0x40c/0x474 [ 33.799773][ T3074] ip_list_rcv+0x184/0x1c8 [ 33.801433][ T3074] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 33.803550][ T3074] __netif_receive_skb_list+0x16c/0x1d0 [ 33.805512][ T3074] netif_receive_skb_list_internal+0x1e8/0x340 [ 33.807570][ T3074] napi_complete_done+0x140/0x354 [ 33.809301][ T3074] gve_napi_poll+0xcc/0x1b4 [ 33.810812][ T3074] __napi_poll+0x5c/0x24c [ 33.812471][ T3074] napi_poll+0x110/0x484 [ 33.814097][ T3074] net_rx_action+0x18c/0x414 [ 33.815910][ T3074] _stext+0x168/0x37c [ 33.817271][ T3074] ____do_softirq+0x14/0x20 [ 33.818930][ T3074] call_on_irq_stack+0x2c/0x54 [ 33.820711][ T3074] do_softirq_own_stack+0x20/0x2c [ 33.822551][ T3074] invoke_softirq+0x70/0xbc [ 33.824403][ T3074] __irq_exit_rcu+0xf0/0x140 [ 33.826154][ T3074] irq_exit_rcu+0x10/0x40 [ 33.827809][ T3074] el1_interrupt+0x38/0x68 [ 33.829447][ T3074] el1h_64_irq_handler+0x18/0x24 [ 33.831230][ T3074] el1h_64_irq+0x64/0x68 [ 33.832822][ T3074] arch_local_irq_enable+0xc/0x18 [ 33.834585][ T3074] default_idle_call+0x48/0xb8 [ 33.836486][ T3074] do_idle+0x110/0x2d4 [ 33.838066][ T3074] cpu_startup_entry+0x24/0x28 [ 33.839851][ T3074] kernel_init+0x0/0x290 [ 33.841500][ T3074] start_kernel+0x0/0x620 [ 33.843126][ T3074] start_kernel+0x450/0x620 [ 33.844798][ T3074] __primary_switched+0xb4/0xbc [ 33.846577][ T3074] INITIAL USE at: [ 33.847646][ T3074] lock_acquire+0x100/0x1f8 [ 33.849193][ T3074] _raw_spin_lock_bh+0x54/0x6c [ 33.850715][ T3074] inet_csk_get_port+0xe0/0xaf0 [ 33.852544][ T3074] __inet6_bind+0x688/0x8ac [ 33.854180][ T3074] inet6_bind+0xf4/0x150 [ 33.855809][ T3074] rds_tcp_listen_init+0x14c/0x1f0 [ 33.857656][ T3074] rds_tcp_init_net+0xcc/0x1dc [ 33.859400][ T3074] ops_init+0xe4/0x2e4 [ 33.860956][ T3074] register_pernet_operations+0x108/0x264 [ 33.862934][ T3074] register_pernet_device+0x3c/0x94 [ 33.864804][ T3074] rds_tcp_init+0x74/0xe0 [ 33.866412][ T3074] do_one_initcall+0x118/0x22c [ 33.868131][ T3074] do_initcall_level+0xac/0xe4 [ 33.870021][ T3074] do_initcalls+0x58/0xa8 [ 33.871670][ T3074] do_basic_setup+0x20/0x2c [ 33.873325][ T3074] kernel_init_freeable+0xb8/0x148 [ 33.875159][ T3074] kernel_init+0x24/0x290 [ 33.876787][ T3074] ret_from_fork+0x10/0x20 [ 33.878462][ T3074] } [ 33.879159][ T3074] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 33.881562][ T3074] ... acquired at: [ 33.882596][ T3074] _raw_read_lock_bh+0x64/0x7c [ 33.883918][ T3074] sock_i_uid+0x24/0x58 [ 33.885226][ T3074] inet_csk_get_port+0x674/0xaf0 [ 33.886562][ T3074] __inet6_bind+0x688/0x8ac [ 33.887799][ T3074] inet6_bind+0xf4/0x150 [ 33.888953][ T3074] __sys_bind+0x148/0x1b0 [ 33.890166][ T3074] __arm64_sys_bind+0x28/0x3c [ 33.891522][ T3074] el0_svc_common+0x138/0x220 [ 33.892810][ T3074] do_el0_svc+0x48/0x164 [ 33.893955][ T3074] el0_svc+0x58/0x150 [ 33.895034][ T3074] el0t_64_sync_handler+0x84/0xf0 [ 33.896426][ T3074] el0t_64_sync+0x190/0x194 [ 33.897665][ T3074] [ 33.898192][ T3074] -> (clock-AF_INET6){+++.}-{2:2} { [ 33.899465][ T3074] HARDIRQ-ON-W at: [ 33.900420][ T3074] lock_acquire+0x100/0x1f8 [ 33.901976][ T3074] _raw_write_lock_bh+0x54/0x6c [ 33.903705][ T3074] sk_common_release+0x58/0x1d4 [ 33.905467][ T3074] udp_lib_close+0x20/0x30 [ 33.907082][ T3074] inet_release+0xc8/0xe4 [ 33.908784][ T3074] inet6_release+0x3c/0x58 [ 33.910403][ T3074] sock_close+0x50/0xf0 [ 33.911955][ T3074] __fput+0x198/0x3e4 [ 33.913436][ T3074] ____fput+0x20/0x30 [ 33.915068][ T3074] task_work_run+0x100/0x148 [ 33.916851][ T3074] do_notify_resume+0x174/0x1f0 [ 33.918642][ T3074] el0_svc+0x9c/0x150 [ 33.920141][ T3074] el0t_64_sync_handler+0x84/0xf0 [ 33.921901][ T3074] el0t_64_sync+0x190/0x194 [ 33.923514][ T3074] HARDIRQ-ON-R at: [ 33.924559][ T3074] lock_acquire+0x100/0x1f8 [ 33.926252][ T3074] _raw_read_lock_bh+0x64/0x7c [ 33.927936][ T3074] sock_i_uid+0x24/0x58 [ 33.929474][ T3074] udp_lib_lport_inuse+0x44/0x268 [ 33.931278][ T3074] udp_lib_get_port+0x2bc/0x8f8 [ 33.933029][ T3074] udp_v6_get_port+0x60/0x74 [ 33.934715][ T3074] __inet6_bind+0x688/0x8ac [ 33.936494][ T3074] inet6_bind+0xf4/0x150 [ 33.938046][ T3074] __sys_bind+0x148/0x1b0 [ 33.939673][ T3074] __arm64_sys_bind+0x28/0x3c [ 33.941378][ T3074] el0_svc_common+0x138/0x220 [ 33.943085][ T3074] do_el0_svc+0x48/0x164 [ 33.944626][ T3074] el0_svc+0x58/0x150 [ 33.946104][ T3074] el0t_64_sync_handler+0x84/0xf0 [ 33.947839][ T3074] el0t_64_sync+0x190/0x194 [ 33.949421][ T3074] SOFTIRQ-ON-W at: [ 33.950449][ T3074] lock_acquire+0x100/0x1f8 [ 33.952003][ T3074] _raw_write_lock+0x54/0x6c [ 33.953676][ T3074] l2tp_tunnel_register+0x354/0x79c [ 33.955527][ T3074] pppol2tp_connect+0x3e8/0x6c4 [ 33.957249][ T3074] __sys_connect+0x184/0x190 [ 33.958922][ T3074] __arm64_sys_connect+0x28/0x3c [ 33.960711][ T3074] el0_svc_common+0x138/0x220 [ 33.962434][ T3074] do_el0_svc+0x48/0x164 [ 33.964155][ T3074] el0_svc+0x58/0x150 [ 33.965645][ T3074] el0t_64_sync_handler+0x84/0xf0 [ 33.967410][ T3074] el0t_64_sync+0x190/0x194 [ 33.969024][ T3074] INITIAL USE at: [ 33.970173][ T3074] lock_acquire+0x100/0x1f8 [ 33.971786][ T3074] _raw_write_lock_bh+0x54/0x6c [ 33.973462][ T3074] sk_common_release+0x58/0x1d4 [ 33.975162][ T3074] udp_lib_close+0x20/0x30 [ 33.976718][ T3074] inet_release+0xc8/0xe4 [ 33.978301][ T3074] inet6_release+0x3c/0x58 [ 33.979903][ T3074] sock_close+0x50/0xf0 [ 33.981408][ T3074] __fput+0x198/0x3e4 [ 33.982870][ T3074] ____fput+0x20/0x30 [ 33.984352][ T3074] task_work_run+0x100/0x148 [ 33.986153][ T3074] do_notify_resume+0x174/0x1f0 [ 33.988024][ T3074] el0_svc+0x9c/0x150 [ 33.989552][ T3074] el0t_64_sync_handler+0x84/0xf0 [ 33.991282][ T3074] el0t_64_sync+0x190/0x194 [ 33.992923][ T3074] INITIAL READ USE at: [ 33.994053][ T3074] lock_acquire+0x100/0x1f8 [ 33.995822][ T3074] _raw_read_lock_bh+0x64/0x7c [ 33.997603][ T3074] sock_i_uid+0x24/0x58 [ 33.999292][ T3074] udp_lib_lport_inuse+0x44/0x268 [ 34.001299][ T3074] udp_lib_get_port+0x2bc/0x8f8 [ 34.003097][ T3074] udp_v6_get_port+0x60/0x74 [ 34.004864][ T3074] __inet6_bind+0x688/0x8ac [ 34.006589][ T3074] inet6_bind+0xf4/0x150 [ 34.008269][ T3074] __sys_bind+0x148/0x1b0 [ 34.010069][ T3074] __arm64_sys_bind+0x28/0x3c [ 34.011831][ T3074] el0_svc_common+0x138/0x220 [ 34.013606][ T3074] do_el0_svc+0x48/0x164 [ 34.015169][ T3074] el0_svc+0x58/0x150 [ 34.016606][ T3074] el0t_64_sync_handler+0x84/0xf0 [ 34.018401][ T3074] el0t_64_sync+0x190/0x194 [ 34.020126][ T3074] } [ 34.020774][ T3074] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 34.022981][ T3074] ... acquired at: [ 34.023988][ T3074] mark_lock+0x154/0x1b4 [ 34.025188][ T3074] __lock_acquire+0x618/0x3084 [ 34.026511][ T3074] lock_acquire+0x100/0x1f8 [ 34.027771][ T3074] _raw_write_lock+0x54/0x6c [ 34.029059][ T3074] l2tp_tunnel_register+0x354/0x79c [ 34.030450][ T3074] pppol2tp_connect+0x3e8/0x6c4 [ 34.031790][ T3074] __sys_connect+0x184/0x190 [ 34.033024][ T3074] __arm64_sys_connect+0x28/0x3c [ 34.034377][ T3074] el0_svc_common+0x138/0x220 [ 34.035690][ T3074] do_el0_svc+0x48/0x164 [ 34.036865][ T3074] el0_svc+0x58/0x150 [ 34.037990][ T3074] el0t_64_sync_handler+0x84/0xf0 [ 34.039353][ T3074] el0t_64_sync+0x190/0x194 [ 34.040534][ T3074] [ 34.041167][ T3074] [ 34.041167][ T3074] stack backtrace: [ 34.042809][ T3074] CPU: 0 PID: 3074 Comm: syz-executor602 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 34.045561][ T3074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 34.048380][ T3074] Call trace: [ 34.049256][ T3074] dump_backtrace+0x1c4/0x1f0 [ 34.050516][ T3074] show_stack+0x2c/0x54 [ 34.051605][ T3074] dump_stack_lvl+0x104/0x16c [ 34.052869][ T3074] dump_stack+0x1c/0x58 [ 34.053941][ T3074] print_irq_inversion_bug+0x2f8/0x300 [ 34.055372][ T3074] mark_lock_irq+0x3ec/0x4b4 [ 34.056588][ T3074] mark_lock+0x154/0x1b4 [ 34.057705][ T3074] __lock_acquire+0x618/0x3084 [ 34.058962][ T3074] lock_acquire+0x100/0x1f8 [ 34.060297][ T3074] _raw_write_lock+0x54/0x6c [ 34.061491][ T3074] l2tp_tunnel_register+0x354/0x79c [ 34.062924][ T3074] pppol2tp_connect+0x3e8/0x6c4 [ 34.064208][ T3074] __sys_connect+0x184/0x190 [ 34.065392][ T3074] __arm64_sys_connect+0x28/0x3c [ 34.066714][ T3074] el0_svc_common+0x138/0x220 [ 34.067937][ T3074] do_el0_svc+0x48/0x164 [ 34.069041][ T3074] el0_svc+0x58/0x150 [ 34.070261][ T3074] el0t_64_sync_handler+0x84/0xf0 [ 34.071592][ T3074] el0t_64_sync+0x190/0x194 [ 34.072917][ T3074] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 34.075337][ T3074] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3074, name: syz-executor602 [ 34.077720][ T3074] preempt_count: 1, expected: 0 [ 34.078988][ T3074] RCU nest depth: 0, expected: 0 [ 34.080266][ T3074] INFO: lockdep is turned off. [ 34.081458][ T3074] Preemption disabled at: [ 34.081464][ T3074] [] l2tp_tunnel_register+0x354/0x79c [ 34.084228][ T3074] CPU: 0 PID: 3074 Comm: syz-executor602 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 34.086831][ T3074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 34.089348][ T3074] Call trace: [ 34.090159][ T3074] dump_backtrace+0x1c4/0x1f0 [ 34.091341][ T3074] show_stack+0x2c/0x54 [ 34.092375][ T3074] dump_stack_lvl+0x104/0x16c [ 34.093563][ T3074] dump_stack+0x1c/0x58 [ 34.094617][ T3074] __might_resched+0x208/0x218 [ 34.095854][ T3074] __might_sleep+0x48/0x78 [ 34.096984][ T3074] cpus_read_lock+0x28/0x1e0 [ 34.098175][ T3074] static_key_slow_inc+0x1c/0x38 [ 34.099477][ T3074] udpv6_encap_enable+0x1c/0x28 [ 34.100892][ T3074] setup_udp_tunnel_sock+0xec/0x124 [ 34.102304][ T3074] l2tp_tunnel_register+0x68c/0x79c [ 34.103702][ T3074] pppol2tp_connect+0x3e8/0x6c4 [ 34.104919][ T3074] __sys_connect+0x184/0x190 [ 34.106073][ T3074] __arm64_sys_connect+0x28/0x3c [ 34.107308][ T3074] el0_svc_common+0x138/0x220 [ 34.108711][ T3074] do_el0_svc+0x48/0x164 [ 34.109880][ T3074] el0_svc+0x58/0x150 [ 34.111004][ T3074] el0t_64_sync_handler+0x84/0xf0 [ 34.112398][ T3074] el0t_64_sync+0x190/0x194