./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3343860927 <...> forked to background, child pid 3182 no interfaces have a carrier [ 26.106761][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.122418][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.122' (ECDSA) to the list of known hosts. execve("./syz-executor3343860927", ["./syz-executor3343860927"], 0x7ffd5a0d23d0 /* 10 vars */) = 0 brk(NULL) = 0x55555592a000 brk(0x55555592ac40) = 0x55555592ac40 arch_prctl(ARCH_SET_FS, 0x55555592a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3343860927", 4096) = 28 brk(0x55555594bc40) = 0x55555594bc40 brk(0x55555594c000) = 0x55555594c000 mprotect(0x7fe407d77000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 3 setsockopt(3, SOL_SOCKET, SO_REUSEPORT, "\xff\xff\xff\xff\x00\x00\x00\x00", 8) = 0 sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, 0) = -1 EDESTADDRREQ (Destination address required) exit_group(0) = ? syzkaller login: [ 49.945939][ T3611] [ 49.948439][ T3611] ============================= [ 49.953301][ T3611] WARNING: suspicious RCU usage [ 49.958133][ T3611] 5.19.0-syzkaller-05408-g94ce3b64c62d #0 Not tainted [ 49.964921][ T3611] ----------------------------- [ 49.969783][ T3611] include/net/sock.h:592 suspicious rcu_dereference_check() usage! [ 49.977658][ T3611] [ 49.977658][ T3611] other info that might help us debug this: [ 49.977658][ T3611] [ 49.987909][ T3611] [ 49.987909][ T3611] rcu_scheduler_active = 2, debug_locks = 1 [ 49.995994][ T3611] 4 locks held by syz-executor334/3611: [ 50.001566][ T3611] #0: ffff888073b7be10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 [ 50.012196][ T3611] #1: ffffc900014e5c28 (&table->hash[i].lock){+...}-{2:2}, at: udp_lib_unhash+0x1d5/0x730 [ 50.022255][ T3611] #2: ffffffff8d7a9a78 (reuseport_lock){+...}-{2:2}, at: reuseport_detach_sock+0x22/0x4a0 [ 50.032316][ T3611] #3: ffff888145f9a0b8 (clock-AF_INET){++..}-{2:2}, at: bpf_sk_reuseport_detach+0x26/0x190 [ 50.042968][ T3611] [ 50.042968][ T3611] stack backtrace: [ 50.048876][ T3611] CPU: 1 PID: 3611 Comm: syz-executor334 Not tainted 5.19.0-syzkaller-05408-g94ce3b64c62d #0 [ 50.059014][ T3611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.069071][ T3611] Call Trace: [ 50.072337][ T3611] [ 50.075256][ T3611] dump_stack_lvl+0xcd/0x134 [ 50.079930][ T3611] bpf_sk_reuseport_detach+0x156/0x190 [ 50.085388][ T3611] reuseport_detach_sock+0x8c/0x4a0 [ 50.090581][ T3611] udp_lib_unhash+0x210/0x730 [ 50.095248][ T3611] ? raw_sendmsg+0x11b4/0x2e50 [ 50.100013][ T3611] ? udp_flush_pending_frames+0xb0/0xb0 [ 50.105557][ T3611] sk_common_release+0xba/0x390 [ 50.110415][ T3611] inet_release+0x12e/0x280 [ 50.114912][ T3611] __sock_release+0xcd/0x280 [ 50.119503][ T3611] sock_close+0x18/0x20 [ 50.123661][ T3611] __fput+0x277/0x9d0 [ 50.127632][ T3611] ? __sock_release+0x280/0x280 [ 50.132478][ T3611] task_work_run+0xdd/0x1a0 [ 50.136979][ T3611] do_exit+0xade/0x29d0 [ 50.141135][ T3611] ? mm_update_next_owner+0x7a0/0x7a0 [ 50.146501][ T3611] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.151695][ T3611] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.156887][ T3611] do_group_exit+0xd2/0x2f0 [ 50.161387][ T3611] __x64_sys_exit_group+0x3a/0x50 [ 50.166430][ T3611] do_syscall_64+0x35/0xb0 [ 50.170841][ T3611] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.176725][ T3611] RIP: 0033:0x7fe407d09699 [ 50.181125][ T3611] Code: Unable to access opcode bytes at RIP 0x7fe407d0966f. [ 50.188474][ T3611] RSP: 002b:00007ffc0ff152a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 +++ exited with 0 +++ [