Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.120' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.235382][ T8448] netlink: 'syz-executor608': attribute type 1 has an invalid length. [ 71.365854][ T8448] 8021q: adding VLAN 0 to HW filter on device bond1 [ 71.513534][ T8448] [ 71.524128][ T8448] ============================= [ 71.546126][ T8448] WARNING: suspicious RCU usage [ 71.551031][ T8448] 5.12.0-next-20210504-syzkaller #0 Not tainted [ 71.563059][ T8448] ----------------------------- [ 71.568724][ T8448] drivers/net/bonding/bond_main.c:411 suspicious rcu_dereference_check() usage! [ 71.584480][ T8448] [ 71.584480][ T8448] other info that might help us debug this: [ 71.584480][ T8448] [ 71.609350][ T8448] [ 71.609350][ T8448] rcu_scheduler_active = 2, debug_locks = 1 [ 71.618712][ T8448] 1 lock held by syz-executor608/8448: [ 71.624204][ T8448] #0: ffffffff8d693aa0 (&net->xfrm.xfrm_cfg_mutex){+.+.}-{3:3}, at: xfrm_netlink_rcv+0x5c/0x90 [ 71.656092][ T8448] [ 71.656092][ T8448] stack backtrace: [ 71.662073][ T8448] CPU: 1 PID: 8448 Comm: syz-executor608 Not tainted 5.12.0-next-20210504-syzkaller #0 [ 71.671727][ T8448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.681806][ T8448] Call Trace: [ 71.685104][ T8448] dump_stack+0x141/0x1d7 [ 71.689465][ T8448] bond_ipsec_add_sa+0x1dc/0x240 [ 71.694433][ T8448] xfrm_dev_state_add+0x2da/0x850 [ 71.699503][ T8448] xfrm_add_sa+0x229e/0x35f0 [ 71.704130][ T8448] ? xfrm_send_mapping+0x800/0x800 [ 71.709269][ T8448] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.715583][ T8448] ? security_capable+0x8f/0xc0 [ 71.720472][ T8448] ? __nla_parse+0x3d/0x50 [ 71.724920][ T8448] ? xfrm_send_mapping+0x800/0x800 [ 71.730091][ T8448] xfrm_user_rcv_msg+0x42c/0x8b0 [ 71.735063][ T8448] ? xfrm_do_migrate+0x7f0/0x7f0 [ 71.740029][ T8448] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.746089][ T8448] ? __mutex_lock+0x620/0x1120 [ 71.750891][ T8448] netlink_rcv_skb+0x153/0x420 [ 71.755681][ T8448] ? xfrm_do_migrate+0x7f0/0x7f0 [ 71.760656][ T8448] ? netlink_ack+0xaa0/0xaa0 [ 71.765291][ T8448] xfrm_netlink_rcv+0x6b/0x90 [ 71.769992][ T8448] netlink_unicast+0x533/0x7d0 [ 71.774795][ T8448] ? netlink_attachskb+0x870/0x870 [ 71.779932][ T8448] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.786226][ T8448] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.792500][ T8448] ? __phys_addr_symbol+0x2c/0x70 [ 71.797555][ T8448] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 71.803306][ T8448] ? __check_object_size+0x171/0x3f0 [ 71.808628][ T8448] netlink_sendmsg+0x856/0xd90 [ 71.813443][ T8448] ? netlink_unicast+0x7d0/0x7d0 [ 71.818411][ T8448] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.824681][ T8448] ? netlink_unicast+0x7d0/0x7d0 [ 71.829666][ T8448] sock_sendmsg+0xcf/0x120 [ 71.834108][ T8448] ____sys_sendmsg+0x6e8/0x810 [ 71.838981][ T8448] ? kernel_sendmsg+0x50/0x50 [ 71.843674][ T8448] ? do_recvmmsg+0x6d0/0x6d0 [ 71.848288][ T8448] ? lock_chain_count+0x20/0x20 [ 71.853174][ T8448] ___sys_sendmsg+0xf3/0x170 [ 71.857797][ T8448] ? sendmsg_copy_msghdr+0x160/0x160 [ 71.863121][ T8448] ? __lock_acquire+0x16a7/0x5230 [ 71.868215][ T8448] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.874229][ T8448] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.880417][ T8448] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.886689][ T8448] ? __fget_light+0x215/0x280 [ 71.891388][ T8448] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.897664][ T8448] __sys_sendmsg+0xe5/0x1b0 [ 71.902192][ T8448] ? __sys_sendmsg_sock+0x30/0x30 [ 71.907250][ T8448] ? syscall_enter_from_user_mode+0x27/0x70 [ 71.913174][ T8448] do_syscall_64+0x3a/0xb0 [ 71.917628][ T8448] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.923630][ T8448] RIP: 0033:0x43f0b9 [ 71.927535][ T8448] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 71.948307][ T8448] RSP: 002b:00007ffd51961058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 71.956765][ T8448] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f0b9 [ 71.964763][ T8448] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 71.972753][ T8448] RBP: 00000000004030a0 R08: 0000000000400488 R09: 0000000000400488 [ 71.980742][ T8448] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000403130 [ 71.988747][ T8448] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 72.129062][ T8448] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 72.140831][ T8448] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 72.149255][ T8448] CPU: 0 PID: 8448 Comm: syz-executor608 Not tainted 5.12.0-next-20210504-syzkaller #0 [ 72.159038][ T8448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.169096][ T8448] RIP: 0010:bond_ipsec_add_sa+0x9e/0x240 [ 72.174725][ T8448] Code: 04 31 ff 89 c3 89 c6 e8 b0 c9 c4 fc 85 db 0f 85 f6 00 00 00 e8 f3 c1 c4 fc 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 5f 01 00 00 48 8d bd d0 02 00 00 49 8b 5d 00 48 [ 72.194326][ T8448] RSP: 0018:ffffc90001b0f490 EFLAGS: 00010246 [ 72.200386][ T8448] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 72.208353][ T8448] RDX: 0000000000000000 RSI: ffffffff84b0110d RDI: 0000000000000003 [ 72.216486][ T8448] RBP: ffff888021a94000 R08: 0000000000000000 R09: ffffffff9022696f [ 72.224451][ T8448] R10: ffffffff88e3ae4e R11: 0000000000000000 R12: ffff88801de58000 [ 72.232417][ T8448] R13: 0000000000000000 R14: ffff888021a942e0 R15: ffff888021a942e4 [ 72.240395][ T8448] FS: 0000000001263300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 72.249314][ T8448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.255896][ T8448] CR2: 00007fc830d4aab4 CR3: 000000001d7d6000 CR4: 00000000001506f0 [ 72.263902][ T8448] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.271889][ T8448] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.279951][ T8448] Call Trace: [ 72.283221][ T8448] xfrm_dev_state_add+0x2da/0x850 [ 72.288243][ T8448] xfrm_add_sa+0x229e/0x35f0 [ 72.292839][ T8448] ? xfrm_send_mapping+0x800/0x800 [ 72.298217][ T8448] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.304475][ T8448] ? security_capable+0x8f/0xc0 [ 72.309337][ T8448] ? __nla_parse+0x3d/0x50 [ 72.313745][ T8448] ? xfrm_send_mapping+0x800/0x800 [ 72.318855][ T8448] xfrm_user_rcv_msg+0x42c/0x8b0 [ 72.323805][ T8448] ? xfrm_do_migrate+0x7f0/0x7f0 [ 72.328735][ T8448] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.334739][ T8448] ? __mutex_lock+0x620/0x1120 [ 72.339532][ T8448] netlink_rcv_skb+0x153/0x420 [ 72.344446][ T8448] ? xfrm_do_migrate+0x7f0/0x7f0 [ 72.349389][ T8448] ? netlink_ack+0xaa0/0xaa0 [ 72.354009][ T8448] xfrm_netlink_rcv+0x6b/0x90 [ 72.358772][ T8448] netlink_unicast+0x533/0x7d0 [ 72.363534][ T8448] ? netlink_attachskb+0x870/0x870 [ 72.368655][ T8448] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.374892][ T8448] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.381126][ T8448] ? __phys_addr_symbol+0x2c/0x70 [ 72.386156][ T8448] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.391886][ T8448] ? __check_object_size+0x171/0x3f0 [ 72.397251][ T8448] netlink_sendmsg+0x856/0xd90 [ 72.402009][ T8448] ? netlink_unicast+0x7d0/0x7d0 [ 72.406939][ T8448] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.413174][ T8448] ? netlink_unicast+0x7d0/0x7d0 [ 72.418121][ T8448] sock_sendmsg+0xcf/0x120 [ 72.422528][ T8448] ____sys_sendmsg+0x6e8/0x810 [ 72.427281][ T8448] ? kernel_sendmsg+0x50/0x50 [ 72.431967][ T8448] ? do_recvmmsg+0x6d0/0x6d0 [ 72.436548][ T8448] ? lock_chain_count+0x20/0x20 [ 72.441409][ T8448] ___sys_sendmsg+0xf3/0x170 [ 72.446014][ T8448] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.451314][ T8448] ? __lock_acquire+0x16a7/0x5230 [ 72.456354][ T8448] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.462346][ T8448] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.468325][ T8448] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.474571][ T8448] ? __fget_light+0x215/0x280 [ 72.479241][ T8448] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.485483][ T8448] __sys_sendmsg+0xe5/0x1b0 [ 72.489993][ T8448] ? __sys_sendmsg_sock+0x30/0x30 [ 72.495300][ T8448] ? syscall_enter_from_user_mode+0x27/0x70 [ 72.501302][ T8448] do_syscall_64+0x3a/0xb0 [ 72.505825][ T8448] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.511870][ T8448] RIP: 0033:0x43f0b9 [ 72.516296][ T8448] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.535920][ T8448] RSP: 002b:00007ffd51961058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.544350][ T8448] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f0b9 [ 72.552370][ T8448] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 72.560339][ T8448] RBP: 00000000004030a0 R08: 0000000000400488 R09: 0000000000400488 [ 72.568328][ T8448] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000403130 [ 72.576288][ T8448] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 72.584273][ T8448] Modules linked in: [ 72.589239][ T8448] ---[ end trace b4829794b7519626 ]--- [ 72.594877][ T8448] RIP: 0010:bond_ipsec_add_sa+0x9e/0x240 [ 72.600619][ T8448] Code: 04 31 ff 89 c3 89 c6 e8 b0 c9 c4 fc 85 db 0f 85 f6 00 00 00 e8 f3 c1 c4 fc 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 5f 01 00 00 48 8d bd d0 02 00 00 49 8b 5d 00 48 [ 72.620496][ T8448] RSP: 0018:ffffc90001b0f490 EFLAGS: 00010246 [ 72.626607][ T8448] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 72.634609][ T8448] RDX: 0000000000000000 RSI: ffffffff84b0110d RDI: 0000000000000003 [ 72.642670][ T8448] RBP: ffff888021a94000 R08: 0000000000000000 R09: ffffffff9022696f [ 72.650736][ T8448] R10: ffffffff88e3ae4e R11: 0000000000000000 R12: ffff88801de58000 [ 72.658828][ T8448] R13: 0000000000000000 R14: ffff888021a942e0 R15: ffff888021a942e4 [ 72.666992][ T8448] FS: 0000000001263300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 72.676176][ T8448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.682793][ T8448] CR2: 00007fc830d4aab4 CR3: 000000001d7d6000 CR4: 00000000001506f0 [ 72.690948][ T8448] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.699120][ T8448] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.707681][ T8448] Kernel panic - not syncing: Fatal exception [ 72.714167][ T8448] Kernel Offset: disabled [ 72.718674][ T8448] Rebooting in 86400 seconds..