================================ WARNING: inconsistent lock state 6.1.0-rc6-syzkaller-32662-g6d464646530f #0 Not tainted -------------------------------- inconsistent {IN-SOFTIRQ-R} -> {SOFTIRQ-ON-W} usage. syz-executor.5/13193 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff0001094e5638 (clock-AF_INET6){+++-}-{2:2}, at: l2tp_tunnel_register+0x354/0x79c net/l2tp/l2tp_core.c:1477 {IN-SOFTIRQ-R} state was registered at: lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668 __raw_read_lock_bh include/linux/rwlock_api_smp.h:176 [inline] _raw_read_lock_bh+0x64/0x7c kernel/locking/spinlock.c:252 rds_tcp_listen_data_ready+0x28/0xb0 net/rds/tcp_listen.c:239 tcp_data_ready+0x124/0x1b8 net/ipv4/tcp_input.c:5005 tcp_data_queue+0xe48/0x1148 net/ipv4/tcp_input.c:5079 tcp_rcv_established+0x6a0/0xa64 net/ipv4/tcp_input.c:6005 tcp_v6_do_rcv+0x54c/0x788 net/ipv6/tcp_ipv6.c:1502 tcp_v6_rcv+0xea8/0x1008 net/ipv6/tcp_ipv6.c:1761 ip6_protocol_deliver_rcu+0x4d0/0x83c net/ipv6/ip6_input.c:439 ip6_input_finish+0xe0/0x188 net/ipv6/ip6_input.c:484 NF_HOOK include/linux/netfilter.h:302 [inline] ip6_input+0x68/0x8c net/ipv6/ip6_input.c:493 dst_input include/net/dst.h:455 [inline] ip6_rcv_finish+0x138/0x158 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:302 [inline] ipv6_rcv+0x88/0xb8 net/ipv6/ip6_input.c:309 __netif_receive_skb_one_core net/core/dev.c:5489 [inline] __netif_receive_skb+0x70/0x14c net/core/dev.c:5603 process_backlog+0x240/0x388 net/core/dev.c:5931 __napi_poll+0x5c/0x24c net/core/dev.c:6498 napi_poll+0x110/0x484 net/core/dev.c:6565 net_rx_action+0x18c/0x414 net/core/dev.c:6676 _stext+0x168/0x37c ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80 call_on_irq_stack+0x2c/0x54 arch/arm64/kernel/entry.S:892 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:85 do_softirq+0xac/0x108 kernel/softirq.c:472 __local_bh_enable_ip+0x18c/0x1a4 kernel/softirq.c:396 local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33 rcu_read_unlock_bh include/linux/rcupdate.h:808 [inline] ip6_finish_output2+0xa1c/0xbec net/ipv6/ip6_output.c:135 __ip6_finish_output net/ipv6/ip6_output.c:195 [inline] ip6_finish_output+0x448/0x4c4 net/ipv6/ip6_output.c:206 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip6_output+0x180/0x2dc net/ipv6/ip6_output.c:227 dst_output include/net/dst.h:445 [inline] NF_HOOK include/linux/netfilter.h:302 [inline] ip6_xmit+0x888/0xb88 net/ipv6/ip6_output.c:343 inet6_csk_xmit+0x1e8/0x30c net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0xaf4/0xe60 net/ipv4/tcp_output.c:1402 tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline] tcp_write_xmit+0x84c/0x1938 net/ipv4/tcp_output.c:2696 __tcp_push_pending_frames+0x60/0x128 net/ipv4/tcp_output.c:2880 tcp_push+0x240/0x298 net/ipv4/tcp.c:729 __mptcp_push_pending+0x21c/0x2ec mptcp_sendmsg+0x5f4/0x8d4 net/mptcp/protocol.c:1817 inet6_sendmsg+0x60/0x80 net/ipv6/af_inet6.c:665 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] sock_write_iter+0x140/0x1bc net/socket.c:1108 call_write_iter include/linux/fs.h:2191 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x2dc/0x46c fs/read_write.c:584 ksys_write+0xb4/0x160 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __arm64_sys_write+0x24/0x34 fs/read_write.c:646 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 irq event stamp: 169 hardirqs last enabled at (169): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] hardirqs last enabled at (169): [] _raw_spin_unlock_irqrestore+0x48/0x8c kernel/locking/spinlock.c:194 hardirqs last disabled at (168): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (168): [] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162 softirqs last enabled at (166): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32 softirqs last disabled at (164): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(clock-AF_INET6); lock(clock-AF_INET6); *** DEADLOCK *** 1 lock held by syz-executor.5/13193: #0: ffff0001120ab130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1721 [inline] #0: ffff0001120ab130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x184/0x6c4 net/l2tp/l2tp_ppp.c:675 stack backtrace: CPU: 0 PID: 13193 Comm: syz-executor.5 Not tainted 6.1.0-rc6-syzkaller-32662-g6d464646530f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 Call trace: dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 print_usage_bug+0x39c/0x3cc kernel/locking/lockdep.c:3963 mark_lock_irq+0x4a8/0x4b4 mark_lock+0x154/0x1b4 kernel/locking/lockdep.c:4634 __lock_acquire+0x618/0x3084 kernel/locking/lockdep.c:5009 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668 __raw_write_lock include/linux/rwlock_api_smp.h:209 [inline] _raw_write_lock+0x54/0x6c kernel/locking/spinlock.c:300 l2tp_tunnel_register+0x354/0x79c net/l2tp/l2tp_core.c:1477 pppol2tp_connect+0x3e8/0x6c4 net/l2tp/l2tp_ppp.c:723 __sys_connect_file net/socket.c:1976 [inline] __sys_connect+0x184/0x190 net/socket.c:1993 __do_sys_connect net/socket.c:2003 [inline] __se_sys_connect net/socket.c:2000 [inline] __arm64_sys_connect+0x28/0x3c net/socket.c:2000 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 13193, name: syz-executor.5 preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [] l2tp_tunnel_register+0x354/0x79c net/l2tp/l2tp_core.c:1477 CPU: 0 PID: 13193 Comm: syz-executor.5 Not tainted 6.1.0-rc6-syzkaller-32662-g6d464646530f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 Call trace: dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 __might_resched+0x208/0x218 kernel/sched/core.c:9908 __might_sleep+0x48/0x78 kernel/sched/core.c:9837 percpu_down_read include/linux/percpu-rwsem.h:49 [inline] cpus_read_lock+0x28/0x1e0 kernel/cpu.c:310 static_key_slow_inc+0x1c/0x38 kernel/jump_label.c:158 udpv6_encap_enable+0x1c/0x28 net/ipv6/udp.c:473 udp_tunnel_encap_enable include/net/udp_tunnel.h:187 [inline] setup_udp_tunnel_sock+0xec/0x124 net/ipv4/udp_tunnel_core.c:81 l2tp_tunnel_register+0x68c/0x79c net/l2tp/l2tp_core.c:1509 pppol2tp_connect+0x3e8/0x6c4 net/l2tp/l2tp_ppp.c:723 __sys_connect_file net/socket.c:1976 [inline] __sys_connect+0x184/0x190 net/socket.c:1993 __do_sys_connect net/socket.c:2003 [inline] __se_sys_connect net/socket.c:2000 [inline] __arm64_sys_connect+0x28/0x3c net/socket.c:2000 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584