./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3211370337 <...> DUID 00:04:bb:a2:40:ae:48:ac:17:b5:4c:fd:37:63:df:39:12:a9 forked to background, child pid 3212 [ 33.002381][ T3213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.015166][ T3213] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.40' (ECDSA) to the list of known hosts. execve("./syz-executor3211370337", ["./syz-executor3211370337"], 0x7ffc215a3bc0 /* 10 vars */) = 0 brk(NULL) = 0x555556087000 brk(0x555556087c40) = 0x555556087c40 arch_prctl(ARCH_SET_FS, 0x555556087300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3211370337", 4096) = 28 brk(0x5555560a8c40) = 0x5555560a8c40 brk(0x5555560a9000) = 0x5555560a9000 mprotect(0x7f30e8268000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x09\x00\x02\x00\x6c\x32\x74\x70\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 recvfrom(4, [{nlmsg_len=276, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3639}, "\x01\x02\x00\x00\x09\x00\x02\x00\x6c\x32\x74\x70\x00\x00\x00\x00\x06\x00\x01\x00\x30\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x23\x00\x00\x00\xb8\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x00\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 276 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3639}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(4) = 0 syzkaller login: [ 54.310234][ T3639] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49 [ 54.320133][ T3639] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3639, name: syz-executor321 [ 54.329660][ T3639] preempt_count: 1, expected: 0 [ 54.334497][ T3639] RCU nest depth: 0, expected: 0 [ 54.339451][ T3639] 3 locks held by syz-executor321/3639: [ 54.344981][ T3639] #0: ffffffff8df6b570 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 54.353246][ T3639] #1: ffffffff8df6b628 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x50d/0x780 [ 54.362283][ T3639] #2: ffff888077b11238 (k-clock-AF_INET){+++.}-{2:2}, at: l2tp_tunnel_register+0x126/0x1210 [ 54.372551][ T3639] Preemption disabled at: [ 54.372561][ T3639] [<0000000000000000>] 0x0 [ 54.381367][ T3639] CPU: 0 PID: 3639 Comm: syz-executor321 Not tainted 6.1.0-rc5-syzkaller-00307-gfe24a97cf254 #0 [ 54.391779][ T3639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.401852][ T3639] Call Trace: [ 54.405144][ T3639] [ 54.408082][ T3639] dump_stack_lvl+0xd1/0x138 [ 54.412698][ T3639] __might_resched.cold+0x222/0x26b [ 54.417920][ T3639] cpus_read_lock+0x1b/0x140 [ 54.422530][ T3639] static_key_slow_inc+0x12/0x20 [ 54.427488][ T3639] setup_udp_tunnel_sock+0x3e1/0x550 [ 54.432806][ T3639] l2tp_tunnel_register+0xc51/0x1210 [ 54.438123][ T3639] ? l2tp_tunnel_del_work+0x780/0x780 [ 54.443521][ T3639] ? debug_object_free+0x360/0x360 [ 54.448667][ T3639] ? l2tp_recv_common+0x3100/0x3100 [ 54.453885][ T3639] ? l2tp_tunnel_delete+0x50/0x50 [ 54.458940][ T3639] ? l2tp_tunnel_create+0x2bf/0x4b0 [ 54.464157][ T3639] ? l2tp_tunnel_create+0x3c6/0x4b0 [ 54.469383][ T3639] l2tp_nl_cmd_tunnel_create+0x3d6/0x8b0 [ 54.475047][ T3639] ? l2tp_tunnel_notify.constprop.0+0x160/0x160 [ 54.481331][ T3639] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 54.488718][ T3639] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 54.496025][ T3639] genl_family_rcv_msg_doit+0x228/0x320 [ 54.501596][ T3639] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 54.508999][ T3639] ? ns_capable+0xdd/0x100 [ 54.513438][ T3639] genl_rcv_msg+0x445/0x780 [ 54.517963][ T3639] ? genl_start+0x670/0x670 [ 54.522568][ T3639] ? l2tp_tunnel_notify.constprop.0+0x160/0x160 [ 54.529387][ T3639] ? lock_release+0x810/0x810 [ 54.534114][ T3639] netlink_rcv_skb+0x157/0x430 [ 54.538900][ T3639] ? genl_start+0x670/0x670 [ 54.543430][ T3639] ? netlink_ack+0xd60/0xd60 [ 54.548048][ T3639] ? netlink_deliver_tap+0x1b1/0xc50 [ 54.553358][ T3639] genl_rcv+0x28/0x40 [ 54.557358][ T3639] netlink_unicast+0x547/0x7f0 [ 54.562140][ T3639] ? netlink_attachskb+0x890/0x890 [ 54.567277][ T3639] ? __virt_addr_valid+0x61/0x2e0 [ 54.572321][ T3639] ? __phys_addr_symbol+0x30/0x70 [ 54.577372][ T3639] ? __check_object_size+0x2e2/0x5a0 [ 54.582685][ T3639] netlink_sendmsg+0x91b/0xe10 [ 54.587471][ T3639] ? netlink_unicast+0x7f0/0x7f0 [ 54.592428][ T3639] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 54.597817][ T3639] ? netlink_unicast+0x7f0/0x7f0 [ 54.602768][ T3639] sock_sendmsg+0xd3/0x120 [ 54.607212][ T3639] ____sys_sendmsg+0x712/0x8c0 [ 54.612002][ T3639] ? copy_msghdr_from_user+0xfc/0x150 [ 54.617393][ T3639] ? kernel_sendmsg+0x50/0x50 [ 54.622213][ T3639] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 54.628310][ T3639] ___sys_sendmsg+0x110/0x1b0 [ 54.633001][ T3639] ? do_recvmmsg+0x6e0/0x6e0 [ 54.637617][ T3639] ? lock_release+0x810/0x810 [ 54.642322][ T3639] ? ptrace_stop.part.0+0x49a/0x8c0 [ 54.647551][ T3639] ? do_raw_spin_lock+0x124/0x2b0 [ 54.652585][ T3639] ? rwlock_bug.part.0+0x90/0x90 [ 54.657545][ T3639] ? _raw_spin_lock_irq+0x45/0x50 [ 54.662621][ T3639] ? __fget_light+0x20a/0x270 [ 54.667337][ T3639] __sys_sendmsg+0xf7/0x1c0 [ 54.671867][ T3639] ? __sys_sendmsg_sock+0x40/0x40 [ 54.676911][ T3639] ? lock_downgrade+0x6e0/0x6e0 [ 54.681812][ T3639] ? lockdep_hardirqs_on+0x7d/0x100 [ 54.687025][ T3639] ? _raw_spin_unlock_irq+0x2e/0x50 [ 54.692240][ T3639] ? ptrace_notify+0xfe/0x140 [ 54.696953][ T3639] do_syscall_64+0x39/0xb0 [ 54.701394][ T3639] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.707307][ T3639] RIP: 0033:0x7f30e81fbba9 [ 54.711729][ T3639] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.731541][ T3639] RSP: 002b:00007fff25ec83c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.739996][ T3639] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f30e81fbba9 [ 54.748074][ T3639] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x30\x00\x23\x09\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x07\x00\x00\x00\x00\x00\x08\x00\x09\x00\x00\x00\x00\x00\x06\x00\x02\x00\x00\x00\x00\x00\x08\x00\x0a\x00\x00\x00\x00\x00\x08\x00\x17\x00\xff\xff\xff\xff", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 exit_group(0) = ? +++ exited with 0 +++ [ 54.756058][ T3639] RBP: 00007f30e81bf570 R08: 0000000000000006 R09: