./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4145430860 <...> DUID 00:04:9f:e8:07:f9:ba:36:1f:d4:05:68:5a:d1:6a:7f:90:cd forked to background, child pid 3185 [ 20.557926][ T3186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 20.574928][ T3186] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts. execve("./syz-executor4145430860", ["./syz-executor4145430860"], 0x7ffdf00bde40 /* 10 vars */) = 0 brk(NULL) = 0x555556af7000 brk(0x555556af7c40) = 0x555556af7c40 arch_prctl(ARCH_SET_FS, 0x555556af7300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4145430860", 4096) = 28 brk(0x555556b18c40) = 0x555556b18c40 brk(0x555556b19000) = 0x555556b19000 mprotect(0x7f5e85094000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3 bind(3, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("224.0.0.1")}, 16) = 0 sendto(3, NULL, 0, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_SENDPAGE_NOTLAST|MSG_FASTOPEN, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20000600, license="GPL", log_level=4, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4 bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 bpf(BPF_PROG_ATTACH, {target_fd=5, attach_bpf_fd=4, attach_type=BPF_SK_SKB_STREAM_VERDICT, attach_flags=0}, 16) = 0 bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000340, value=0x20000040, flags=BPF_ANY}, 32) = 0 syzkaller login: [ 37.733293][ T3613] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 [ 37.742971][ T3613] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3613, name: syz-executor414 [ 37.752806][ T3613] preempt_count: 0, expected: 0 [ 37.757659][ T3613] RCU nest depth: 1, expected: 0 [ 37.762886][ T3613] INFO: lockdep is turned off. [ 37.767640][ T3613] CPU: 0 PID: 3613 Comm: syz-executor414 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 [ 37.777690][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 37.787743][ T3613] Call Trace: [ 37.791014][ T3613] [ 37.793954][ T3613] dump_stack_lvl+0x1e3/0x2cb [ 37.798635][ T3613] ? io_alloc_page_table+0x110/0x110 [ 37.803911][ T3613] ? panic+0x766/0x766 [ 37.807972][ T3613] ? trace_lock_release+0x7b/0x1a0 [ 37.813067][ T3613] __might_resched+0x538/0x6a0 [ 37.817820][ T3613] ? migrate_enable+0xc2/0x280 [ 37.822654][ T3613] ? __might_sleep+0xc0/0xc0 [ 37.827240][ T3613] ? trace_lock_acquire+0x7f/0x1d0 [ 37.832345][ T3613] ? lock_acquire+0xa5/0x400 [ 37.836930][ T3613] ? sk_psock_skb_ingress_self+0x5c/0x330 [ 37.842641][ T3613] ? sk_psock_skb_ingress_self+0x5c/0x330 [ 37.848349][ T3613] kmem_cache_alloc_trace+0x59/0x310 [ 37.853631][ T3613] ? read_lock_is_recursive+0x10/0x10 [ 37.859000][ T3613] sk_psock_skb_ingress_self+0x5c/0x330 [ 37.864551][ T3613] ? migrate_enable+0x19f/0x280 [ 37.869392][ T3613] ? migrate_disable+0x170/0x170 [ 37.874557][ T3613] sk_psock_verdict_apply+0x395/0x440 [ 37.880381][ T3613] sk_psock_verdict_recv+0x34d/0x560 [ 37.885679][ T3613] tcp_read_skb+0x4a1/0x790 [ 37.890182][ T3613] ? sk_psock_verdict_apply+0x440/0x440 [ 37.895719][ T3613] ? tcp_read_sock+0xa90/0xa90 [ 37.900478][ T3613] ? __tcp_send_ack+0x170/0x5f0 [ 37.905331][ T3613] ? tcp_data_ready+0x145/0x4c0 [ 37.910174][ T3613] tcp_rcv_established+0x129d/0x1a10 [ 37.915458][ T3613] ? tcp_check_space+0x4f0/0x4f0 [ 37.920387][ T3613] ? __local_bh_enable_ip+0x163/0x1f0 [ 37.925757][ T3613] ? read_lock_is_recursive+0x10/0x10 [ 37.931119][ T3613] ? __release_sock+0xab/0x4c0 [ 37.935881][ T3613] tcp_v4_do_rcv+0x479/0xac0 [ 37.940463][ T3613] __release_sock+0x1d8/0x4c0 [ 37.945137][ T3613] release_sock+0x5d/0x1c0 [ 37.949546][ T3613] ? inet_send_prepare+0x250/0x250 [ 37.954649][ T3613] tcp_sendmsg+0x36/0x40 [ 37.958882][ T3613] __sys_sendto+0x46d/0x5f0 [ 37.963566][ T3613] ? do_raw_spin_unlock+0x134/0x8a0 [ 37.968762][ T3613] ? __ia32_sys_getpeername+0x80/0x80 [ 37.974132][ T3613] ? memset+0x1f/0x40 [ 37.978124][ T3613] ? __ct_user_exit+0x81/0xe0 [ 37.982799][ T3613] __x64_sys_sendto+0xda/0xf0 [ 37.987475][ T3613] do_syscall_64+0x2b/0x70 [ 37.991911][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 37.997800][ T3613] RIP: 0033:0x7f5e85027e79 [ 38.002204][ T3613] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 38.021887][ T3613] RSP: 002b:00007ffd4703cfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c sendto(3, "+", 1, 0, NULL, 0) = 1 exit_group(0) = ? +++ exited with 0 +++ [ 38.030291][ T3613] RAX: ffffffffffffffda RBX: 0