[ 9.394773][ T2660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 9.400155][ T2660] eql: remember to turn off Van-Jacobson compression on your slave devices [ 9.426205][ T1250] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 9.430361][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.167' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.248568][ T3081] [ 28.249083][ T3081] ======================================================== [ 28.250831][ T3081] WARNING: possible irq lock inversion dependency detected [ 28.252580][ T3081] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 28.254182][ T3081] -------------------------------------------------------- [ 28.256086][ T3081] syz-executor207/3081 just changed the state of lock: [ 28.257651][ T3081] ffff0000cb68ceb8 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 28.259925][ T3081] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 28.261913][ T3081] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 28.261923][ T3081] [ 28.261923][ T3081] [ 28.261923][ T3081] and interrupts could create inverse lock ordering between them. [ 28.261923][ T3081] [ 28.266625][ T3081] [ 28.266625][ T3081] other info that might help us debug this: [ 28.268532][ T3081] Possible interrupt unsafe locking scenario: [ 28.268532][ T3081] [ 28.270471][ T3081] CPU0 CPU1 [ 28.271661][ T3081] ---- ---- [ 28.272907][ T3081] lock(clock-AF_INET6); [ 28.274099][ T3081] local_irq_disable(); [ 28.275588][ T3081] lock(&tcp_hashinfo.bhash[i].lock); [ 28.277049][ T3081] lock(clock-AF_INET6); [ 28.278586][ T3081] [ 28.279420][ T3081] lock(&tcp_hashinfo.bhash[i].lock); [ 28.280763][ T3081] [ 28.280763][ T3081] *** DEADLOCK *** [ 28.280763][ T3081] [ 28.282425][ T3081] 1 lock held by syz-executor207/3081: [ 28.283512][ T3081] #0: ffff0000cb600930 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 28.286154][ T3081] [ 28.286154][ T3081] the shortest dependencies between 2nd lock and 1st lock: [ 28.288816][ T3081] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 28.290528][ T3081] HARDIRQ-ON-W at: [ 28.291515][ T3081] lock_acquire+0x100/0x1f8 [ 28.292884][ T3081] _raw_spin_lock_bh+0x54/0x6c [ 28.294391][ T3081] inet_csk_get_port+0xe0/0xaf0 [ 28.295908][ T3081] __inet6_bind+0x688/0x8ac [ 28.297526][ T3081] inet6_bind+0xf4/0x150 [ 28.299219][ T3081] rds_tcp_listen_init+0x14c/0x1f0 [ 28.300906][ T3081] rds_tcp_init_net+0xcc/0x1dc [ 28.302666][ T3081] ops_init+0xe4/0x2e4 [ 28.304256][ T3081] register_pernet_operations+0x108/0x264 [ 28.306522][ T3081] register_pernet_device+0x3c/0x94 [ 28.308257][ T3081] rds_tcp_init+0x74/0xe0 [ 28.309930][ T3081] do_one_initcall+0x118/0x22c [ 28.312037][ T3081] do_initcall_level+0xac/0xe4 [ 28.313765][ T3081] do_initcalls+0x58/0xa8 [ 28.315137][ T3081] do_basic_setup+0x20/0x2c [ 28.316488][ T3081] kernel_init_freeable+0xb8/0x148 [ 28.318100][ T3081] kernel_init+0x24/0x290 [ 28.319791][ T3081] ret_from_fork+0x10/0x20 [ 28.321426][ T3081] IN-SOFTIRQ-W at: [ 28.322340][ T3081] lock_acquire+0x100/0x1f8 [ 28.324002][ T3081] _raw_spin_lock+0x54/0x6c [ 28.325704][ T3081] __inet_inherit_port+0x124/0x9ac [ 28.327924][ T3081] tcp_v4_syn_recv_sock+0x790/0x848 [ 28.329709][ T3081] tcp_check_req+0x75c/0x8e4 [ 28.330892][ T3081] tcp_v4_rcv+0xad4/0x11e8 [ 28.332051][ T3081] ip_protocol_deliver_rcu+0x224/0x414 [ 28.333374][ T3081] ip_local_deliver_finish+0x124/0x200 [ 28.335770][ T3081] ip_local_deliver+0xd0/0xf4 [ 28.337913][ T3081] ip_sublist_rcv+0x40c/0x474 [ 28.339405][ T3081] ip_list_rcv+0x184/0x1c8 [ 28.340886][ T3081] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 28.342623][ T3081] __netif_receive_skb_list+0x16c/0x1d0 [ 28.344332][ T3081] netif_receive_skb_list_internal+0x1e8/0x340 [ 28.346533][ T3081] napi_complete_done+0x140/0x354 [ 28.348281][ T3081] gve_napi_poll+0xcc/0x1b4 [ 28.349732][ T3081] __napi_poll+0x5c/0x24c [ 28.351154][ T3081] napi_poll+0x110/0x484 [ 28.352631][ T3081] net_rx_action+0x18c/0x414 [ 28.354346][ T3081] _stext+0x168/0x37c [ 28.355859][ T3081] ____do_softirq+0x14/0x20 [ 28.357276][ T3081] call_on_irq_stack+0x2c/0x54 [ 28.358871][ T3081] do_softirq_own_stack+0x20/0x2c [ 28.360401][ T3081] invoke_softirq+0x70/0xbc [ 28.362039][ T3081] __irq_exit_rcu+0xf0/0x140 [ 28.363715][ T3081] irq_exit_rcu+0x10/0x40 [ 28.365417][ T3081] el1_interrupt+0x38/0x68 [ 28.367096][ T3081] el1h_64_irq_handler+0x18/0x24 [ 28.369177][ T3081] el1h_64_irq+0x64/0x68 [ 28.370813][ T3081] arch_local_irq_enable+0xc/0x18 [ 28.372663][ T3081] default_idle_call+0x48/0xb8 [ 28.374441][ T3081] do_idle+0x110/0x2d4 [ 28.376073][ T3081] cpu_startup_entry+0x24/0x28 [ 28.377556][ T3081] kernel_init+0x0/0x290 [ 28.379069][ T3081] start_kernel+0x0/0x620 [ 28.380435][ T3081] start_kernel+0x450/0x620 [ 28.382012][ T3081] __primary_switched+0xb4/0xbc [ 28.383550][ T3081] INITIAL USE at: [ 28.384427][ T3081] lock_acquire+0x100/0x1f8 [ 28.385896][ T3081] _raw_spin_lock_bh+0x54/0x6c [ 28.387618][ T3081] inet_csk_get_port+0xe0/0xaf0 [ 28.389537][ T3081] __inet6_bind+0x688/0x8ac [ 28.391205][ T3081] inet6_bind+0xf4/0x150 [ 28.392811][ T3081] rds_tcp_listen_init+0x14c/0x1f0 [ 28.394599][ T3081] rds_tcp_init_net+0xcc/0x1dc [ 28.396433][ T3081] ops_init+0xe4/0x2e4 [ 28.397754][ T3081] register_pernet_operations+0x108/0x264 [ 28.399453][ T3081] register_pernet_device+0x3c/0x94 [ 28.401082][ T3081] rds_tcp_init+0x74/0xe0 [ 28.402713][ T3081] do_one_initcall+0x118/0x22c [ 28.404228][ T3081] do_initcall_level+0xac/0xe4 [ 28.405731][ T3081] do_initcalls+0x58/0xa8 [ 28.407051][ T3081] do_basic_setup+0x20/0x2c [ 28.408559][ T3081] kernel_init_freeable+0xb8/0x148 [ 28.410180][ T3081] kernel_init+0x24/0x290 [ 28.411538][ T3081] ret_from_fork+0x10/0x20 [ 28.412889][ T3081] } [ 28.413481][ T3081] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 28.415589][ T3081] ... acquired at: [ 28.416473][ T3081] _raw_read_lock_bh+0x64/0x7c [ 28.417584][ T3081] sock_i_uid+0x24/0x58 [ 28.418562][ T3081] inet_csk_get_port+0x674/0xaf0 [ 28.419806][ T3081] __inet6_bind+0x688/0x8ac [ 28.420846][ T3081] inet6_bind+0xf4/0x150 [ 28.422032][ T3081] __sys_bind+0x148/0x1b0 [ 28.423238][ T3081] __arm64_sys_bind+0x28/0x3c [ 28.424444][ T3081] el0_svc_common+0x138/0x220 [ 28.425563][ T3081] do_el0_svc+0x48/0x164 [ 28.426611][ T3081] el0_svc+0x58/0x150 [ 28.427553][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 28.428722][ T3081] el0t_64_sync+0x190/0x194 [ 28.429937][ T3081] [ 28.430500][ T3081] -> (clock-AF_INET6){+++.}-{2:2} { [ 28.432000][ T3081] HARDIRQ-ON-W at: [ 28.432883][ T3081] lock_acquire+0x100/0x1f8 [ 28.434296][ T3081] _raw_write_lock_bh+0x54/0x6c [ 28.435986][ T3081] sk_common_release+0x58/0x1d4 [ 28.437874][ T3081] udp_lib_close+0x20/0x30 [ 28.439563][ T3081] inet_release+0xc8/0xe4 [ 28.440937][ T3081] inet6_release+0x3c/0x58 [ 28.442049][ T3081] sock_close+0x50/0xf0 [ 28.443121][ T3081] __fput+0x198/0x3e4 [ 28.444147][ T3081] ____fput+0x20/0x30 [ 28.445172][ T3081] task_work_run+0x100/0x148 [ 28.446862][ T3081] do_notify_resume+0x174/0x1f0 [ 28.448506][ T3081] el0_svc+0x9c/0x150 [ 28.449827][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 28.451564][ T3081] el0t_64_sync+0x190/0x194 [ 28.452976][ T3081] HARDIRQ-ON-R at: [ 28.453805][ T3081] lock_acquire+0x100/0x1f8 [ 28.455412][ T3081] _raw_read_lock_bh+0x64/0x7c [ 28.457083][ T3081] sock_i_uid+0x24/0x58 [ 28.458155][ T3081] udp_lib_lport_inuse+0x44/0x268 [ 28.459370][ T3081] udp_lib_get_port+0x2bc/0x8f8 [ 28.460545][ T3081] udp_v6_get_port+0x60/0x74 [ 28.461867][ T3081] __inet6_bind+0x688/0x8ac [ 28.463411][ T3081] inet6_bind+0xf4/0x150 [ 28.465156][ T3081] __sys_bind+0x148/0x1b0 [ 28.466722][ T3081] __arm64_sys_bind+0x28/0x3c [ 28.468310][ T3081] el0_svc_common+0x138/0x220 [ 28.469848][ T3081] do_el0_svc+0x48/0x164 [ 28.471391][ T3081] el0_svc+0x58/0x150 [ 28.473052][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 28.474676][ T3081] el0t_64_sync+0x190/0x194 [ 28.475874][ T3081] SOFTIRQ-ON-W at: [ 28.476590][ T3081] lock_acquire+0x100/0x1f8 [ 28.477908][ T3081] _raw_write_lock+0x54/0x6c [ 28.479313][ T3081] l2tp_tunnel_register+0x354/0x79c [ 28.480941][ T3081] pppol2tp_connect+0x3e8/0x6c4 [ 28.482462][ T3081] __sys_connect+0x184/0x190 [ 28.483888][ T3081] __arm64_sys_connect+0x28/0x3c [ 28.485382][ T3081] el0_svc_common+0x138/0x220 [ 28.486970][ T3081] do_el0_svc+0x48/0x164 [ 28.488324][ T3081] el0_svc+0x58/0x150 [ 28.489517][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 28.491022][ T3081] el0t_64_sync+0x190/0x194 [ 28.492442][ T3081] INITIAL USE at: [ 28.493329][ T3081] lock_acquire+0x100/0x1f8 [ 28.494853][ T3081] _raw_write_lock_bh+0x54/0x6c [ 28.496320][ T3081] sk_common_release+0x58/0x1d4 [ 28.497766][ T3081] udp_lib_close+0x20/0x30 [ 28.499099][ T3081] inet_release+0xc8/0xe4 [ 28.500452][ T3081] inet6_release+0x3c/0x58 [ 28.501858][ T3081] sock_close+0x50/0xf0 [ 28.503282][ T3081] __fput+0x198/0x3e4 [ 28.504796][ T3081] ____fput+0x20/0x30 [ 28.505986][ T3081] task_work_run+0x100/0x148 [ 28.507439][ T3081] do_notify_resume+0x174/0x1f0 [ 28.508894][ T3081] el0_svc+0x9c/0x150 [ 28.510166][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 28.511726][ T3081] el0t_64_sync+0x190/0x194 [ 28.513112][ T3081] INITIAL READ USE at: [ 28.514071][ T3081] lock_acquire+0x100/0x1f8 [ 28.515443][ T3081] _raw_read_lock_bh+0x64/0x7c [ 28.517102][ T3081] sock_i_uid+0x24/0x58 [ 28.518584][ T3081] udp_lib_lport_inuse+0x44/0x268 [ 28.520317][ T3081] udp_lib_get_port+0x2bc/0x8f8 [ 28.521918][ T3081] udp_v6_get_port+0x60/0x74 [ 28.523670][ T3081] __inet6_bind+0x688/0x8ac [ 28.525169][ T3081] inet6_bind+0xf4/0x150 [ 28.526651][ T3081] __sys_bind+0x148/0x1b0 [ 28.528082][ T3081] __arm64_sys_bind+0x28/0x3c [ 28.529747][ T3081] el0_svc_common+0x138/0x220 [ 28.531141][ T3081] do_el0_svc+0x48/0x164 [ 28.532724][ T3081] el0_svc+0x58/0x150 [ 28.534108][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 28.535697][ T3081] el0t_64_sync+0x190/0x194 [ 28.537232][ T3081] } [ 28.537786][ T3081] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 28.539256][ T3081] ... acquired at: [ 28.539945][ T3081] mark_lock+0x154/0x1b4 [ 28.540841][ T3081] __lock_acquire+0x618/0x3084 [ 28.541926][ T3081] lock_acquire+0x100/0x1f8 [ 28.542912][ T3081] _raw_write_lock+0x54/0x6c [ 28.544061][ T3081] l2tp_tunnel_register+0x354/0x79c [ 28.545325][ T3081] pppol2tp_connect+0x3e8/0x6c4 [ 28.546466][ T3081] __sys_connect+0x184/0x190 [ 28.547558][ T3081] __arm64_sys_connect+0x28/0x3c [ 28.548860][ T3081] el0_svc_common+0x138/0x220 [ 28.549964][ T3081] do_el0_svc+0x48/0x164 [ 28.550948][ T3081] el0_svc+0x58/0x150 [ 28.551822][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 28.552983][ T3081] el0t_64_sync+0x190/0x194 [ 28.554128][ T3081] [ 28.554640][ T3081] [ 28.554640][ T3081] stack backtrace: [ 28.556129][ T3081] CPU: 0 PID: 3081 Comm: syz-executor207 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 28.558470][ T3081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 28.560742][ T3081] Call trace: [ 28.561621][ T3081] dump_backtrace+0x1c4/0x1f0 [ 28.562719][ T3081] show_stack+0x2c/0x54 [ 28.563611][ T3081] dump_stack_lvl+0x104/0x16c [ 28.564632][ T3081] dump_stack+0x1c/0x58 [ 28.565612][ T3081] print_irq_inversion_bug+0x2f8/0x300 [ 28.566762][ T3081] mark_lock_irq+0x3ec/0x4b4 [ 28.567885][ T3081] mark_lock+0x154/0x1b4 [ 28.569074][ T3081] __lock_acquire+0x618/0x3084 [ 28.570257][ T3081] lock_acquire+0x100/0x1f8 [ 28.571304][ T3081] _raw_write_lock+0x54/0x6c [ 28.572440][ T3081] l2tp_tunnel_register+0x354/0x79c [ 28.573581][ T3081] pppol2tp_connect+0x3e8/0x6c4 [ 28.574744][ T3081] __sys_connect+0x184/0x190 [ 28.575968][ T3081] __arm64_sys_connect+0x28/0x3c [ 28.577042][ T3081] el0_svc_common+0x138/0x220 [ 28.578003][ T3081] do_el0_svc+0x48/0x164 [ 28.579000][ T3081] el0_svc+0x58/0x150 [ 28.579922][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 28.581041][ T3081] el0t_64_sync+0x190/0x194 [ 28.582184][ T3081] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 28.584326][ T3081] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3081, name: syz-executor207 [ 28.586385][ T3081] preempt_count: 1, expected: 0 [ 28.587510][ T3081] RCU nest depth: 0, expected: 0 [ 28.588542][ T3081] INFO: lockdep is turned off. [ 28.589593][ T3081] Preemption disabled at: [ 28.589599][ T3081] [] l2tp_tunnel_register+0x354/0x79c [ 28.591687][ T3081] CPU: 0 PID: 3081 Comm: syz-executor207 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 28.593509][ T3081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 28.595196][ T3081] Call trace: [ 28.595854][ T3081] dump_backtrace+0x1c4/0x1f0 [ 28.596921][ T3081] show_stack+0x2c/0x54 [ 28.597930][ T3081] dump_stack_lvl+0x104/0x16c [ 28.599004][ T3081] dump_stack+0x1c/0x58 [ 28.599960][ T3081] __might_resched+0x208/0x218 [ 28.601211][ T3081] __might_sleep+0x48/0x78 [ 28.602302][ T3081] cpus_read_lock+0x28/0x1e0 [ 28.603112][ T3081] static_key_slow_inc+0x1c/0x38 [ 28.603976][ T3081] udpv6_encap_enable+0x1c/0x28 [ 28.604833][ T3081] setup_udp_tunnel_sock+0xec/0x124 [ 28.605870][ T3081] l2tp_tunnel_register+0x68c/0x79c [ 28.606968][ T3081] pppol2tp_connect+0x3e8/0x6c4 [ 28.608010][ T3081] __sys_connect+0x184/0x190 [ 28.609264][ T3081] __arm64_sys_connect+0x28/0x3c [ 28.610598][ T3081] el0_svc_common+0x138/0x220 [ 28.611787][ T3081] do_el0_svc+0x48/0x164 [ 28.612688][ T3081] el0_svc+0x58/0x150 [ 28.613631][ T3081] el0t_64_sync_handler+0x84/0xf0 [ 28.614804][ T3081] el0t_64_sync+0x190/0x194