./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor226718009 <...> DUID 00:04:53:46:a9:9d:03:7a:46:b2:48:ff:4a:ea:3f:46:f2:43 forked to background, child pid 3187 [ 26.620801][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.631966][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.238' (ECDSA) to the list of known hosts. execve("./syz-executor226718009", ["./syz-executor226718009"], 0x7fff3bb38440 /* 10 vars */) = 0 brk(NULL) = 0x555556fb9000 brk(0x555556fb9c40) = 0x555556fb9c40 arch_prctl(ARCH_SET_FS, 0x555556fb9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor226718009", 4096) = 27 brk(0x555556fdac40) = 0x555556fdac40 brk(0x555556fdb000) = 0x555556fdb000 mprotect(0x7f0862682000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_REUSEPORT, insn_cnt=3, insns=0x20000040, license="syzkaller", log_level=1, log_size=195, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 3 socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 setsockopt(4, SOL_SOCKET, SO_REUSEPORT, "\xbb\x57\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 60) = 0 setsockopt(4, SOL_SOCKET, SO_ATTACH_REUSEPORT_EBPF, [3], 4) = 0 exit_group(0) = ? syzkaller login: [ 49.957238][ T3615] [ 49.959690][ T3615] ============================= [ 49.964573][ T3615] WARNING: suspicious RCU usage [ 49.969422][ T3615] 6.0.0-rc1-next-20220818-syzkaller #0 Not tainted [ 49.975957][ T3615] ----------------------------- [ 49.980788][ T3615] include/net/sock.h:592 suspicious rcu_dereference_check() usage! [ 49.988742][ T3615] [ 49.988742][ T3615] other info that might help us debug this: [ 49.988742][ T3615] [ 49.998995][ T3615] [ 49.998995][ T3615] rcu_scheduler_active = 2, debug_locks = 1 [ 50.007082][ T3615] 3 locks held by syz-executor226/3615: [ 50.012631][ T3615] #0: ffff888073f00e10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 [ 50.023215][ T3615] #1: ffffffff8d7beb78 (reuseport_lock){+...}-{2:2}, at: reuseport_detach_sock+0x22/0x4a0 [ 50.033338][ T3615] #2: ffff88807d5683b8 (clock-AF_INET){++..}-{2:2}, at: bpf_sk_reuseport_detach+0x26/0x190 [ 50.043479][ T3615] [ 50.043479][ T3615] stack backtrace: [ 50.049368][ T3615] CPU: 1 PID: 3615 Comm: syz-executor226 Not tainted 6.0.0-rc1-next-20220818-syzkaller #0 [ 50.059246][ T3615] syz-executor226[3615] cmdline: a [ 50.065035][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.075077][ T3615] Call Trace: [ 50.078346][ T3615] [ 50.081283][ T3615] dump_stack_lvl+0xcd/0x134 [ 50.085874][ T3615] bpf_sk_reuseport_detach+0x156/0x190 [ 50.091347][ T3615] reuseport_detach_sock+0x8c/0x4a0 [ 50.096558][ T3615] ? netlink_has_listeners+0x21c/0x3d0 [ 50.102013][ T3615] __sk_free+0x130/0x460 [ 50.106246][ T3615] sk_common_release+0x292/0x390 [ 50.111176][ T3615] inet_release+0x12e/0x270 [ 50.115680][ T3615] __sock_release+0xcd/0x280 [ 50.120350][ T3615] sock_close+0x18/0x20 [ 50.124497][ T3615] __fput+0x27c/0xa90 [ 50.128478][ T3615] ? __sock_release+0x280/0x280 [ 50.133338][ T3615] task_work_run+0xdd/0x1a0 [ 50.137848][ T3615] do_exit+0xc39/0x2b60 [ 50.141998][ T3615] ? lock_downgrade+0x6e0/0x6e0 [ 50.146853][ T3615] ? do_raw_spin_lock+0x120/0x2a0 [ 50.151870][ T3615] ? mm_update_next_owner+0x7a0/0x7a0 [ 50.157252][ T3615] ? rwlock_bug.part.0+0x90/0x90 [ 50.162183][ T3615] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.167372][ T3615] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.172563][ T3615] do_group_exit+0xd0/0x2a0 [ 50.177092][ T3615] __x64_sys_exit_group+0x3a/0x50 [ 50.182117][ T3615] do_syscall_64+0x35/0xb0 [ 50.186531][ T3615] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.192418][ T3615] RIP: 0033:0x7f0862614849 [ 50.196911][ T3615] Code: Unable to access opcode bytes at RIP 0x7f086261481f. +++ exited with 0 +++ [ 50.204270][ T3615] RSP: 002b:00007ffc52359a4