./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2868936659 <...> forked to background, child pid 3184 [ 26.817229][ T3185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.828541][ T3185] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: [ 27.056153][ T3269] ssh-keygen (3269) used greatest stack depth: 22384 bytes left OK syzkaller Warning: Permanently added '10.128.0.237' (ECDSA) to the list of known hosts. execve("./syz-executor2868936659", ["./syz-executor2868936659"], 0x7fffadb47cc0 /* 10 vars */) = 0 brk(NULL) = 0x5555564d8000 brk(0x5555564d8c40) = 0x5555564d8c40 arch_prctl(ARCH_SET_FS, 0x5555564d8300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2868936659", 4096) = 28 brk(0x5555564f9c40) = 0x5555564f9c40 brk(0x5555564fa000) = 0x5555564fa000 mprotect(0x7f10fecaf000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3 setsockopt(3, SOL_SOCKET, SO_REUSEPORT, [6], 4) = 0 bind(3, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:255.255.255.255", &sin6_addr), sin6_scope_id=0}, 28) = 0 exit_group(0) = ? syzkaller login: [ 47.853792][ T3605] [ 47.856344][ T3605] ============================= [ 47.861247][ T3605] WARNING: suspicious RCU usage [ 47.866088][ T3605] 5.19.0-syzkaller-11980-ge34cfee65ec8 #0 Not tainted [ 47.872879][ T3605] ----------------------------- [ 47.877763][ T3605] include/net/sock.h:592 suspicious rcu_dereference_check() usage! [ 47.885671][ T3605] [ 47.885671][ T3605] other info that might help us debug this: [ 47.885671][ T3605] [ 47.895947][ T3605] [ 47.895947][ T3605] rcu_scheduler_active = 2, debug_locks = 1 [ 47.904130][ T3605] 4 locks held by syz-executor286/3605: [ 47.909702][ T3605] #0: ffff888074d3ac10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 [ 47.920338][ T3605] #1: ffffc900014c50b8 (&table->hash[i].lock){+...}-{2:2}, at: udp_lib_unhash+0x1d5/0x730 [ 47.930394][ T3605] #2: ffffffff8d7bb7b8 (reuseport_lock){+...}-{2:2}, at: reuseport_detach_sock+0x22/0x4a0 [ 47.940494][ T3605] #3: ffff88814b693bb8 (clock-AF_INET6){++..}-{2:2}, at: bpf_sk_reuseport_detach+0x26/0x190 [ 47.950798][ T3605] [ 47.950798][ T3605] stack backtrace: [ 47.956777][ T3605] CPU: 1 PID: 3605 Comm: syz-executor286 Not tainted 5.19.0-syzkaller-11980-ge34cfee65ec8 #0 [ 47.966940][ T3605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 47.977113][ T3605] Call Trace: [ 47.980394][ T3605] [ 47.983332][ T3605] dump_stack_lvl+0xcd/0x134 [ 47.987936][ T3605] bpf_sk_reuseport_detach+0x156/0x190 [ 47.993423][ T3605] reuseport_detach_sock+0x8c/0x4a0 [ 47.998809][ T3605] udp_lib_unhash+0x210/0x730 [ 48.003526][ T3605] ? udpv6_pre_connect+0x180/0x180 [ 48.008758][ T3605] sk_common_release+0xba/0x390 [ 48.013649][ T3605] inet_release+0x12e/0x270 [ 48.018176][ T3605] inet6_release+0x4c/0x70 [ 48.022620][ T3605] __sock_release+0xcd/0x280 [ 48.027263][ T3605] sock_close+0x18/0x20 [ 48.031427][ T3605] __fput+0x277/0x9d0 [ 48.035592][ T3605] ? __sock_release+0x280/0x280 [ 48.040453][ T3605] task_work_run+0xdd/0x1a0 [ 48.045139][ T3605] do_exit+0xad5/0x29b0 [ 48.049311][ T3605] ? mm_update_next_owner+0x7a0/0x7a0 [ 48.054699][ T3605] ? _raw_spin_unlock_irq+0x1f/0x40 [ 48.059912][ T3605] ? _raw_spin_unlock_irq+0x1f/0x40 [ 48.065157][ T3605] do_group_exit+0xd2/0x2f0 [ 48.069694][ T3605] __x64_sys_exit_group+0x3a/0x50 [ 48.074818][ T3605] do_syscall_64+0x35/0xb0 [ 48.079244][ T3605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.085255][ T3605] RIP: 0033:0x7f10fec41699 [ 48.089675][ T3605] Code: Unable to access opcode bytes at RIP 0x7f10fec4166f. +++ exited with 0 +++ [ 48.097042][ T3605] RSP: 002b:00007ffca16f3b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000