[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 88.268902][ T38] audit: type=1400 audit(1619616177.452:8): avc: denied { execmem } for pid=8371 comm="syz-executor076" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 88.271504][ T8371] netlink: 'syz-executor076': attribute type 1 has an invalid length. [ 88.384617][ T8371] 8021q: adding VLAN 0 to HW filter on device bond1 [ 88.508806][ T8371] [ 88.511366][ T8371] ============================= [ 88.516851][ T8371] WARNING: suspicious RCU usage [ 88.529484][ T8371] 5.12.0-syzkaller #0 Not tainted [ 88.548790][ T8371] ----------------------------- [ 88.553679][ T8371] drivers/net/bonding/bond_main.c:411 suspicious rcu_dereference_check() usage! [ 88.584186][ T8371] [ 88.584186][ T8371] other info that might help us debug this: [ 88.584186][ T8371] [ 88.599850][ T8371] [ 88.599850][ T8371] rcu_scheduler_active = 2, debug_locks = 1 [ 88.626690][ T8371] 1 lock held by syz-executor076/8371: [ 88.632817][ T8371] #0: ffffffff8d6666e0 (&net->xfrm.xfrm_cfg_mutex){+.+.}-{3:3}, at: xfrm_netlink_rcv+0x5c/0x90 [ 88.648633][ T8371] [ 88.648633][ T8371] stack backtrace: [ 88.654572][ T8371] CPU: 0 PID: 8371 Comm: syz-executor076 Not tainted 5.12.0-syzkaller #0 [ 88.663008][ T8371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 88.673087][ T8371] Call Trace: [ 88.676380][ T8371] dump_stack+0x141/0x1d7 [ 88.680752][ T8371] bond_ipsec_add_sa+0x1dc/0x240 [ 88.685715][ T8371] xfrm_dev_state_add+0x2da/0x7b0 [ 88.690771][ T8371] xfrm_add_sa+0x229e/0x35f0 [ 88.695391][ T8371] ? xfrm_alloc_userspi+0xa30/0xa30 [ 88.700619][ T8371] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 88.706887][ T8371] ? security_capable+0x8f/0xc0 [ 88.711762][ T8371] ? __nla_parse+0x3d/0x50 [ 88.716196][ T8371] ? xfrm_alloc_userspi+0xa30/0xa30 [ 88.721427][ T8371] xfrm_user_rcv_msg+0x42c/0x8b0 [ 88.726391][ T8371] ? xfrm_do_migrate+0x7f0/0x7f0 [ 88.731355][ T8371] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 88.737363][ T8371] ? lock_chain_count+0x20/0x20 [ 88.742237][ T8371] ? __mutex_lock+0x620/0x1120 [ 88.747022][ T8371] netlink_rcv_skb+0x153/0x420 [ 88.751813][ T8371] ? xfrm_do_migrate+0x7f0/0x7f0 [ 88.756778][ T8371] ? netlink_ack+0xaa0/0xaa0 [ 88.761394][ T8371] xfrm_netlink_rcv+0x6b/0x90 [ 88.766094][ T8371] netlink_unicast+0x533/0x7d0 [ 88.770880][ T8371] ? netlink_attachskb+0x870/0x870 [ 88.776009][ T8371] netlink_sendmsg+0x856/0xd90 [ 88.780796][ T8371] ? netlink_unicast+0x7d0/0x7d0 [ 88.785762][ T8371] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 88.792032][ T8371] ? netlink_unicast+0x7d0/0x7d0 [ 88.796997][ T8371] sock_sendmsg+0xcf/0x120 [ 88.801434][ T8371] ____sys_sendmsg+0x6e8/0x810 [ 88.806218][ T8371] ? kernel_sendmsg+0x50/0x50 [ 88.810913][ T8371] ? do_recvmmsg+0x6d0/0x6d0 [ 88.815525][ T8371] ? lock_chain_count+0x20/0x20 [ 88.820400][ T8371] ___sys_sendmsg+0xf3/0x170 [ 88.825022][ T8371] ? sendmsg_copy_msghdr+0x160/0x160 [ 88.830329][ T8371] ? __lock_acquire+0x16a7/0x5230 [ 88.835387][ T8371] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 88.841390][ T8371] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 88.847392][ T8371] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 88.853657][ T8371] ? __fget_light+0x215/0x280 [ 88.858350][ T8371] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 88.864616][ T8371] __sys_sendmsg+0xe5/0x1b0 [ 88.869144][ T8371] ? __sys_sendmsg_sock+0x30/0x30 [ 88.874190][ T8371] ? syscall_enter_from_user_mode+0x27/0x70 [ 88.880102][ T8371] do_syscall_64+0x3a/0xb0 [ 88.884540][ T8371] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 88.890453][ T8371] RIP: 0033:0x43f0b9 [ 88.894357][ T8371] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 88.915111][ T8371] RSP: 002b:00007ffc98392028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 88.923556][ T8371] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f0b9 [ 88.931544][ T8371] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 88.939509][ T8371] RBP: 00000000004030a0 R08: 0000000000400488 R09: 0000000000400488 [ 88.947467][ T8371] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000403130 [ 88.955428][ T8371] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 88.965731][ T8371] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 88.977474][ T8371] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 88.985892][ T8371] CPU: 1 PID: 8371 Comm: syz-executor076 Not tainted 5.12.0-syzkaller #0 [ 88.994296][ T8371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.004337][ T8371] RIP: 0010:bond_ipsec_add_sa+0x9e/0x240 [ 89.009965][ T8371] Code: 04 31 ff 89 c3 89 c6 e8 60 2d cb fc 85 db 0f 85 f6 00 00 00 e8 03 27 cb fc 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 5f 01 00 00 48 8d bd d0 02 00 00 49 8b 5d 00 48 [ 89.029570][ T8371] RSP: 0018:ffffc90001b17490 EFLAGS: 00010246 [ 89.035634][ T8371] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 89.043592][ T8371] RDX: 0000000000000000 RSI: ffffffff84a7f5bd RDI: 0000000000000003 [ 89.051548][ T8371] RBP: ffff8880289b6b80 R08: 0000000000000000 R09: ffffffff9019996f [ 89.059508][ T8371] R10: ffffffff88d38f58 R11: 0000000000000000 R12: ffff88801f87c000 [ 89.067464][ T8371] R13: 0000000000000000 R14: ffff8880289b6e60 R15: ffff8880289b6e64 [ 89.075423][ T8371] FS: 0000000001def300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 89.084340][ T8371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.090909][ T8371] CR2: 00007f8aa40420f8 CR3: 0000000015a93000 CR4: 00000000001506e0 [ 89.098884][ T8371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.106964][ T8371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.114929][ T8371] Call Trace: [ 89.118197][ T8371] xfrm_dev_state_add+0x2da/0x7b0 [ 89.123215][ T8371] xfrm_add_sa+0x229e/0x35f0 [ 89.127794][ T8371] ? xfrm_alloc_userspi+0xa30/0xa30 [ 89.132995][ T8371] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 89.139250][ T8371] ? security_capable+0x8f/0xc0 [ 89.144093][ T8371] ? __nla_parse+0x3d/0x50 [ 89.148494][ T8371] ? xfrm_alloc_userspi+0xa30/0xa30 [ 89.153679][ T8371] xfrm_user_rcv_msg+0x42c/0x8b0 [ 89.158611][ T8371] ? xfrm_do_migrate+0x7f0/0x7f0 [ 89.163551][ T8371] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 89.169524][ T8371] ? lock_chain_count+0x20/0x20 [ 89.174371][ T8371] ? __mutex_lock+0x620/0x1120 [ 89.179134][ T8371] netlink_rcv_skb+0x153/0x420 [ 89.183894][ T8371] ? xfrm_do_migrate+0x7f0/0x7f0 [ 89.188838][ T8371] ? netlink_ack+0xaa0/0xaa0 [ 89.193418][ T8371] xfrm_netlink_rcv+0x6b/0x90 [ 89.198082][ T8371] netlink_unicast+0x533/0x7d0 [ 89.202851][ T8371] ? netlink_attachskb+0x870/0x870 [ 89.207950][ T8371] netlink_sendmsg+0x856/0xd90 [ 89.212702][ T8371] ? netlink_unicast+0x7d0/0x7d0 [ 89.217632][ T8371] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 89.223876][ T8371] ? netlink_unicast+0x7d0/0x7d0 [ 89.228804][ T8371] sock_sendmsg+0xcf/0x120 [ 89.233210][ T8371] ____sys_sendmsg+0x6e8/0x810 [ 89.237959][ T8371] ? kernel_sendmsg+0x50/0x50 [ 89.242639][ T8371] ? do_recvmmsg+0x6d0/0x6d0 [ 89.247214][ T8371] ? lock_chain_count+0x20/0x20 [ 89.252052][ T8371] ___sys_sendmsg+0xf3/0x170 [ 89.256630][ T8371] ? sendmsg_copy_msghdr+0x160/0x160 [ 89.261906][ T8371] ? __lock_acquire+0x16a7/0x5230 [ 89.266918][ T8371] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 89.272884][ T8371] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 89.278849][ T8371] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 89.285078][ T8371] ? __fget_light+0x215/0x280 [ 89.289741][ T8371] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 89.295970][ T8371] __sys_sendmsg+0xe5/0x1b0 [ 89.300475][ T8371] ? __sys_sendmsg_sock+0x30/0x30 [ 89.305494][ T8371] ? syscall_enter_from_user_mode+0x27/0x70 [ 89.311374][ T8371] do_syscall_64+0x3a/0xb0 [ 89.315797][ T8371] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 89.321678][ T8371] RIP: 0033:0x43f0b9 [ 89.325558][ T8371] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 89.345149][ T8371] RSP: 002b:00007ffc98392028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 89.353564][ T8371] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f0b9 [ 89.361522][ T8371] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 89.369496][ T8371] RBP: 00000000004030a0 R08: 0000000000400488 R09: 0000000000400488 [ 89.377452][ T8371] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000403130 [ 89.385410][ T8371] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 89.393367][ T8371] Modules linked in: [ 89.403943][ T8371] ---[ end trace 09352077ec7e6a51 ]--- [ 89.414316][ T8371] RIP: 0010:bond_ipsec_add_sa+0x9e/0x240 [ 89.421163][ T8371] Code: 04 31 ff 89 c3 89 c6 e8 60 2d cb fc 85 db 0f 85 f6 00 00 00 e8 03 27 cb fc 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 5f 01 00 00 48 8d bd d0 02 00 00 49 8b 5d 00 48 [ 89.440911][ T8371] RSP: 0018:ffffc90001b17490 EFLAGS: 00010246 [ 89.447042][ T8371] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 89.455036][ T8371] RDX: 0000000000000000 RSI: ffffffff84a7f5bd RDI: 0000000000000003 [ 89.463042][ T8371] RBP: ffff8880289b6b80 R08: 0000000000000000 R09: ffffffff9019996f [ 89.471197][ T8371] R10: ffffffff88d38f58 R11: 0000000000000000 R12: ffff88801f87c000 [ 89.479214][ T8371] R13: 0000000000000000 R14: ffff8880289b6e60 R15: ffff8880289b6e64 [ 89.487236][ T8371] FS: 0000000001def300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 89.496208][ T8371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.502795][ T8371] CR2: 00007f8aa40420f8 CR3: 0000000015a93000 CR4: 00000000001506e0 [ 89.510806][ T8371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.518856][ T8371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.526890][ T8371] Kernel panic - not syncing: Fatal exception [ 89.533494][ T8371] Kernel Offset: disabled [ 89.537807][ T8371] Rebooting in 86400 seconds..