[ 9.940335][ T2658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 9.942844][ T2658] eql: remember to turn off Van-Jacobson compression on your slave devices [ 9.973351][ T9] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 9.977971][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.161' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.796098][ T3079] [ 26.796689][ T3079] ======================================================== [ 26.798360][ T3079] WARNING: possible irq lock inversion dependency detected [ 26.800163][ T3079] 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Not tainted [ 26.801890][ T3079] -------------------------------------------------------- [ 26.803681][ T3079] syz-executor422/3079 just changed the state of lock: [ 26.805395][ T3079] ffff0000cb9392b8 (clock-AF_INET6){+++.}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c [ 26.807735][ T3079] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 26.809652][ T3079] (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} [ 26.809661][ T3079] [ 26.809661][ T3079] [ 26.809661][ T3079] and interrupts could create inverse lock ordering between them. [ 26.809661][ T3079] [ 26.814237][ T3079] [ 26.814237][ T3079] other info that might help us debug this: [ 26.816039][ T3079] Possible interrupt unsafe locking scenario: [ 26.816039][ T3079] [ 26.817894][ T3079] CPU0 CPU1 [ 26.819115][ T3079] ---- ---- [ 26.820327][ T3079] lock(clock-AF_INET6); [ 26.821298][ T3079] local_irq_disable(); [ 26.822897][ T3079] lock(&tcp_hashinfo.bhash[i].lock); [ 26.824778][ T3079] lock(clock-AF_INET6); [ 26.826362][ T3079] [ 26.827201][ T3079] lock(&tcp_hashinfo.bhash[i].lock); [ 26.828557][ T3079] [ 26.828557][ T3079] *** DEADLOCK *** [ 26.828557][ T3079] [ 26.830621][ T3079] 1 lock held by syz-executor422/3079: [ 26.831993][ T3079] #0: ffff0000caec1130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 [ 26.834332][ T3079] [ 26.834332][ T3079] the shortest dependencies between 2nd lock and 1st lock: [ 26.836589][ T3079] -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { [ 26.838025][ T3079] HARDIRQ-ON-W at: [ 26.838905][ T3079] lock_acquire+0x100/0x1f8 [ 26.840422][ T3079] _raw_spin_lock_bh+0x54/0x6c [ 26.842201][ T3079] inet_csk_get_port+0xe0/0xaf0 [ 26.843913][ T3079] __inet6_bind+0x688/0x8ac [ 26.845558][ T3079] inet6_bind+0xf4/0x150 [ 26.847129][ T3079] rds_tcp_listen_init+0x14c/0x1f0 [ 26.848959][ T3079] rds_tcp_init_net+0xcc/0x1dc [ 26.850712][ T3079] ops_init+0xe4/0x2e4 [ 26.852067][ T3079] register_pernet_operations+0x108/0x264 [ 26.853734][ T3079] register_pernet_device+0x3c/0x94 [ 26.855413][ T3079] rds_tcp_init+0x74/0xe0 [ 26.856971][ T3079] do_one_initcall+0x118/0x22c [ 26.858475][ T3079] do_initcall_level+0xac/0xe4 [ 26.860019][ T3079] do_initcalls+0x58/0xa8 [ 26.861478][ T3079] do_basic_setup+0x20/0x2c [ 26.862861][ T3079] kernel_init_freeable+0xb8/0x148 [ 26.864474][ T3079] kernel_init+0x24/0x290 [ 26.865935][ T3079] ret_from_fork+0x10/0x20 [ 26.867435][ T3079] IN-SOFTIRQ-W at: [ 26.868372][ T3079] lock_acquire+0x100/0x1f8 [ 26.869846][ T3079] _raw_spin_lock+0x54/0x6c [ 26.871350][ T3079] __inet_inherit_port+0x124/0x9ac [ 26.873035][ T3079] tcp_v4_syn_recv_sock+0x790/0x848 [ 26.874563][ T3079] tcp_check_req+0x75c/0x8e4 [ 26.875962][ T3079] tcp_v4_rcv+0xad4/0x11e8 [ 26.877372][ T3079] ip_protocol_deliver_rcu+0x224/0x414 [ 26.878932][ T3079] ip_local_deliver_finish+0x124/0x200 [ 26.880791][ T3079] ip_local_deliver+0xd0/0xf4 [ 26.882209][ T3079] ip_sublist_rcv+0x40c/0x474 [ 26.883707][ T3079] ip_list_rcv+0x184/0x1c8 [ 26.885100][ T3079] __netif_receive_skb_list_core+0x1f8/0x2b0 [ 26.886901][ T3079] __netif_receive_skb_list+0x16c/0x1d0 [ 26.888602][ T3079] netif_receive_skb_list_internal+0x1e8/0x340 [ 26.890646][ T3079] napi_complete_done+0x140/0x354 [ 26.892393][ T3079] gve_napi_poll+0xcc/0x1b4 [ 26.893976][ T3079] __napi_poll+0x5c/0x24c [ 26.895547][ T3079] napi_poll+0x110/0x484 [ 26.896863][ T3079] net_rx_action+0x18c/0x414 [ 26.898321][ T3079] _stext+0x168/0x37c [ 26.899710][ T3079] ____do_softirq+0x14/0x20 [ 26.901328][ T3079] call_on_irq_stack+0x2c/0x54 [ 26.903030][ T3079] do_softirq_own_stack+0x20/0x2c [ 26.904784][ T3079] invoke_softirq+0x70/0xbc [ 26.906372][ T3079] __irq_exit_rcu+0xf0/0x140 [ 26.908012][ T3079] irq_exit_rcu+0x10/0x40 [ 26.909529][ T3079] el1_interrupt+0x38/0x68 [ 26.911142][ T3079] el1h_64_irq_handler+0x18/0x24 [ 26.912850][ T3079] el1h_64_irq+0x64/0x68 [ 26.914456][ T3079] folio_memcg_lock+0xf4/0x188 [ 26.916074][ T3079] lock_page_memcg+0x1c/0x4c [ 26.917640][ T3079] page_remove_rmap+0x2c/0x2c0 [ 26.919342][ T3079] zap_pte_range+0x3e8/0x1010 [ 26.921009][ T3079] zap_pmd_range+0x29c/0x460 [ 26.922674][ T3079] unmap_page_range+0x1d8/0x488 [ 26.924464][ T3079] unmap_vmas+0x14c/0x224 [ 26.926053][ T3079] exit_mmap+0xdc/0x390 [ 26.927559][ T3079] __mmput+0x90/0x204 [ 26.929105][ T3079] mmput+0x64/0xa0 [ 26.930533][ T3079] exit_mm+0x16c/0x1c0 [ 26.932082][ T3079] do_exit+0x264/0xcac [ 26.933655][ T3079] __arm64_sys_exit_group+0x0/0x18 [ 26.935260][ T3079] __wake_up_parent+0x0/0x40 [ 26.936830][ T3079] el0_svc_common+0x138/0x220 [ 26.938451][ T3079] do_el0_svc+0x48/0x164 [ 26.939825][ T3079] el0_svc+0x58/0x150 [ 26.941175][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 26.942781][ T3079] el0t_64_sync+0x190/0x194 [ 26.944297][ T3079] INITIAL USE at: [ 26.945232][ T3079] lock_acquire+0x100/0x1f8 [ 26.946653][ T3079] _raw_spin_lock_bh+0x54/0x6c [ 26.948236][ T3079] inet_csk_get_port+0xe0/0xaf0 [ 26.949921][ T3079] __inet6_bind+0x688/0x8ac [ 26.951530][ T3079] inet6_bind+0xf4/0x150 [ 26.952976][ T3079] rds_tcp_listen_init+0x14c/0x1f0 [ 26.954534][ T3079] rds_tcp_init_net+0xcc/0x1dc [ 26.956046][ T3079] ops_init+0xe4/0x2e4 [ 26.957384][ T3079] register_pernet_operations+0x108/0x264 [ 26.959194][ T3079] register_pernet_device+0x3c/0x94 [ 26.960933][ T3079] rds_tcp_init+0x74/0xe0 [ 26.962548][ T3079] do_one_initcall+0x118/0x22c [ 26.964212][ T3079] do_initcall_level+0xac/0xe4 [ 26.965837][ T3079] do_initcalls+0x58/0xa8 [ 26.967395][ T3079] do_basic_setup+0x20/0x2c [ 26.969010][ T3079] kernel_init_freeable+0xb8/0x148 [ 26.970722][ T3079] kernel_init+0x24/0x290 [ 26.972098][ T3079] ret_from_fork+0x10/0x20 [ 26.973490][ T3079] } [ 26.974075][ T3079] ... key at: [] tcp_init.__key.22+0x0/0x10 [ 26.976163][ T3079] ... acquired at: [ 26.977112][ T3079] _raw_read_lock_bh+0x64/0x7c [ 26.978374][ T3079] sock_i_uid+0x24/0x58 [ 26.979450][ T3079] inet_csk_get_port+0x674/0xaf0 [ 26.980727][ T3079] __inet6_bind+0x688/0x8ac [ 26.981920][ T3079] inet6_bind+0xf4/0x150 [ 26.983017][ T3079] __sys_bind+0x148/0x1b0 [ 26.984245][ T3079] __arm64_sys_bind+0x28/0x3c [ 26.985378][ T3079] el0_svc_common+0x138/0x220 [ 26.986469][ T3079] do_el0_svc+0x48/0x164 [ 26.987529][ T3079] el0_svc+0x58/0x150 [ 26.988458][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 26.989670][ T3079] el0t_64_sync+0x190/0x194 [ 26.990875][ T3079] [ 26.991406][ T3079] -> (clock-AF_INET6){+++.}-{2:2} { [ 26.992604][ T3079] HARDIRQ-ON-W at: [ 26.993515][ T3079] lock_acquire+0x100/0x1f8 [ 26.994964][ T3079] _raw_write_lock_bh+0x54/0x6c [ 26.996492][ T3079] sk_common_release+0x58/0x1d4 [ 26.998085][ T3079] udp_lib_close+0x20/0x30 [ 26.999514][ T3079] inet_release+0xc8/0xe4 [ 27.000898][ T3079] inet6_release+0x3c/0x58 [ 27.002269][ T3079] sock_close+0x50/0xf0 [ 27.003643][ T3079] __fput+0x198/0x3e4 [ 27.005131][ T3079] ____fput+0x20/0x30 [ 27.006570][ T3079] task_work_run+0x100/0x148 [ 27.008141][ T3079] do_notify_resume+0x174/0x1f0 [ 27.009792][ T3079] el0_svc+0x9c/0x150 [ 27.011249][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 27.012956][ T3079] el0t_64_sync+0x190/0x194 [ 27.014530][ T3079] HARDIRQ-ON-R at: [ 27.015552][ T3079] lock_acquire+0x100/0x1f8 [ 27.017096][ T3079] _raw_read_lock_bh+0x64/0x7c [ 27.018774][ T3079] sock_i_uid+0x24/0x58 [ 27.020296][ T3079] udp_lib_lport_inuse+0x44/0x268 [ 27.022023][ T3079] udp_lib_get_port+0x2bc/0x8f8 [ 27.023583][ T3079] udp_v6_get_port+0x60/0x74 [ 27.025037][ T3079] __inet6_bind+0x688/0x8ac [ 27.026407][ T3079] inet6_bind+0xf4/0x150 [ 27.027783][ T3079] __sys_bind+0x148/0x1b0 [ 27.029168][ T3079] __arm64_sys_bind+0x28/0x3c [ 27.030662][ T3079] el0_svc_common+0x138/0x220 [ 27.032191][ T3079] do_el0_svc+0x48/0x164 [ 27.033636][ T3079] el0_svc+0x58/0x150 [ 27.035012][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 27.036463][ T3079] el0t_64_sync+0x190/0x194 [ 27.038080][ T3079] SOFTIRQ-ON-W at: [ 27.039131][ T3079] lock_acquire+0x100/0x1f8 [ 27.040689][ T3079] _raw_write_lock+0x54/0x6c [ 27.042316][ T3079] l2tp_tunnel_register+0x354/0x79c [ 27.044113][ T3079] pppol2tp_connect+0x3e8/0x6c4 [ 27.045661][ T3079] __sys_connect+0x184/0x190 [ 27.047129][ T3079] __arm64_sys_connect+0x28/0x3c [ 27.048721][ T3079] el0_svc_common+0x138/0x220 [ 27.050161][ T3079] do_el0_svc+0x48/0x164 [ 27.051644][ T3079] el0_svc+0x58/0x150 [ 27.053070][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 27.054832][ T3079] el0t_64_sync+0x190/0x194 [ 27.056444][ T3079] INITIAL USE at: [ 27.057421][ T3079] lock_acquire+0x100/0x1f8 [ 27.059036][ T3079] _raw_write_lock_bh+0x54/0x6c [ 27.060701][ T3079] sk_common_release+0x58/0x1d4 [ 27.062376][ T3079] udp_lib_close+0x20/0x30 [ 27.063918][ T3079] inet_release+0xc8/0xe4 [ 27.065446][ T3079] inet6_release+0x3c/0x58 [ 27.066986][ T3079] sock_close+0x50/0xf0 [ 27.068298][ T3079] __fput+0x198/0x3e4 [ 27.069588][ T3079] ____fput+0x20/0x30 [ 27.070836][ T3079] task_work_run+0x100/0x148 [ 27.072235][ T3079] do_notify_resume+0x174/0x1f0 [ 27.073682][ T3079] el0_svc+0x9c/0x150 [ 27.074981][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 27.076577][ T3079] el0t_64_sync+0x190/0x194 [ 27.078100][ T3079] INITIAL READ USE at: [ 27.079175][ T3079] lock_acquire+0x100/0x1f8 [ 27.080787][ T3079] _raw_read_lock_bh+0x64/0x7c [ 27.082550][ T3079] sock_i_uid+0x24/0x58 [ 27.084136][ T3079] udp_lib_lport_inuse+0x44/0x268 [ 27.085961][ T3079] udp_lib_get_port+0x2bc/0x8f8 [ 27.087762][ T3079] udp_v6_get_port+0x60/0x74 [ 27.089411][ T3079] __inet6_bind+0x688/0x8ac [ 27.091057][ T3079] inet6_bind+0xf4/0x150 [ 27.092745][ T3079] __sys_bind+0x148/0x1b0 [ 27.094248][ T3079] __arm64_sys_bind+0x28/0x3c [ 27.095801][ T3079] el0_svc_common+0x138/0x220 [ 27.097443][ T3079] do_el0_svc+0x48/0x164 [ 27.098929][ T3079] el0_svc+0x58/0x150 [ 27.100385][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 27.102146][ T3079] el0t_64_sync+0x190/0x194 [ 27.103813][ T3079] } [ 27.104474][ T3079] ... key at: [] af_callback_keys+0xa0/0x2e0 [ 27.106188][ T3079] ... acquired at: [ 27.106922][ T3079] mark_lock+0x154/0x1b4 [ 27.107765][ T3079] __lock_acquire+0x618/0x3084 [ 27.108780][ T3079] lock_acquire+0x100/0x1f8 [ 27.109799][ T3079] _raw_write_lock+0x54/0x6c [ 27.110959][ T3079] l2tp_tunnel_register+0x354/0x79c [ 27.112110][ T3079] pppol2tp_connect+0x3e8/0x6c4 [ 27.113279][ T3079] __sys_connect+0x184/0x190 [ 27.114347][ T3079] __arm64_sys_connect+0x28/0x3c [ 27.115534][ T3079] el0_svc_common+0x138/0x220 [ 27.116607][ T3079] do_el0_svc+0x48/0x164 [ 27.117761][ T3079] el0_svc+0x58/0x150 [ 27.118796][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 27.120178][ T3079] el0t_64_sync+0x190/0x194 [ 27.121443][ T3079] [ 27.122006][ T3079] [ 27.122006][ T3079] stack backtrace: [ 27.123363][ T3079] CPU: 1 PID: 3079 Comm: syz-executor422 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 27.125716][ T3079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 27.127981][ T3079] Call trace: [ 27.128765][ T3079] dump_backtrace+0x1c4/0x1f0 [ 27.129838][ T3079] show_stack+0x2c/0x54 [ 27.130836][ T3079] dump_stack_lvl+0x104/0x16c [ 27.131929][ T3079] dump_stack+0x1c/0x58 [ 27.133000][ T3079] print_irq_inversion_bug+0x2f8/0x300 [ 27.134353][ T3079] mark_lock_irq+0x3ec/0x4b4 [ 27.135347][ T3079] mark_lock+0x154/0x1b4 [ 27.136322][ T3079] __lock_acquire+0x618/0x3084 [ 27.137467][ T3079] lock_acquire+0x100/0x1f8 [ 27.138536][ T3079] _raw_write_lock+0x54/0x6c [ 27.139582][ T3079] l2tp_tunnel_register+0x354/0x79c [ 27.140762][ T3079] pppol2tp_connect+0x3e8/0x6c4 [ 27.141829][ T3079] __sys_connect+0x184/0x190 [ 27.142928][ T3079] __arm64_sys_connect+0x28/0x3c [ 27.144050][ T3079] el0_svc_common+0x138/0x220 [ 27.145159][ T3079] do_el0_svc+0x48/0x164 [ 27.146189][ T3079] el0_svc+0x58/0x150 [ 27.147110][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 27.148331][ T3079] el0t_64_sync+0x190/0x194 [ 27.149368][ T3079] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 27.151576][ T3079] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3079, name: syz-executor422 [ 27.153697][ T3079] preempt_count: 1, expected: 0 [ 27.154786][ T3079] RCU nest depth: 0, expected: 0 [ 27.156027][ T3079] INFO: lockdep is turned off. [ 27.157077][ T3079] Preemption disabled at: [ 27.157082][ T3079] [] l2tp_tunnel_register+0x354/0x79c [ 27.159677][ T3079] CPU: 1 PID: 3079 Comm: syz-executor422 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 [ 27.162078][ T3079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 27.164388][ T3079] Call trace: [ 27.165171][ T3079] dump_backtrace+0x1c4/0x1f0 [ 27.166297][ T3079] show_stack+0x2c/0x54 [ 27.167270][ T3079] dump_stack_lvl+0x104/0x16c [ 27.168352][ T3079] dump_stack+0x1c/0x58 [ 27.169347][ T3079] __might_resched+0x208/0x218 [ 27.170420][ T3079] __might_sleep+0x48/0x78 [ 27.171417][ T3079] cpus_read_lock+0x28/0x1e0 [ 27.172470][ T3079] static_key_slow_inc+0x1c/0x38 [ 27.173649][ T3079] udpv6_encap_enable+0x1c/0x28 [ 27.174753][ T3079] setup_udp_tunnel_sock+0xec/0x124 [ 27.175961][ T3079] l2tp_tunnel_register+0x68c/0x79c [ 27.177110][ T3079] pppol2tp_connect+0x3e8/0x6c4 [ 27.178243][ T3079] __sys_connect+0x184/0x190 [ 27.179432][ T3079] __arm64_sys_connect+0x28/0x3c [ 27.180702][ T3079] el0_svc_common+0x138/0x220 [ 27.181895][ T3079] do_el0_svc+0x48/0x164 [ 27.182974][ T3079] el0_svc+0x58/0x150 [ 27.183969][ T3079] el0t_64_sync_handler+0x84/0xf0 [ 27.185277][ T3079] el0t_64_sync+0x190/0x194