Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.761072][ T8366] netlink: 'syz-executor561': attribute type 1 has an invalid length. [ 55.825966][ T8366] 8021q: adding VLAN 0 to HW filter on device bond1 [ 55.915239][ T8366] [ 55.917785][ T8366] ============================= [ 55.928101][ T8366] WARNING: suspicious RCU usage [ 55.932996][ T8366] 5.12.0-rc4-syzkaller #0 Not tainted [ 55.941120][ T8366] ----------------------------- [ 55.947068][ T8366] drivers/net/bonding/bond_main.c:411 suspicious rcu_dereference_check() usage! [ 55.973703][ T8366] [ 55.973703][ T8366] other info that might help us debug this: [ 55.973703][ T8366] [ 56.001155][ T8366] [ 56.001155][ T8366] rcu_scheduler_active = 2, debug_locks = 1 [ 56.011771][ T8366] 1 lock held by syz-executor561/8366: [ 56.017732][ T8366] #0: ffffffff8d659468 (&net->xfrm.xfrm_cfg_mutex){+.+.}-{3:3}, at: xfrm_netlink_rcv+0x5c/0x90 [ 56.040077][ T8366] [ 56.040077][ T8366] stack backtrace: [ 56.056225][ T8366] CPU: 1 PID: 8366 Comm: syz-executor561 Not tainted 5.12.0-rc4-syzkaller #0 [ 56.065091][ T8366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.075143][ T8366] Call Trace: [ 56.078428][ T8366] dump_stack+0x141/0x1d7 [ 56.082792][ T8366] bond_ipsec_add_sa+0x1dc/0x240 [ 56.087739][ T8366] xfrm_dev_state_add+0x2da/0x7b0 [ 56.092878][ T8366] xfrm_add_sa+0x229e/0x35f0 [ 56.097507][ T8366] ? xfrm_send_mapping+0x800/0x800 [ 56.102729][ T8366] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.108999][ T8366] ? security_capable+0x8f/0xc0 [ 56.113899][ T8366] ? __nla_parse+0x3d/0x50 [ 56.118324][ T8366] ? xfrm_send_mapping+0x800/0x800 [ 56.123452][ T8366] xfrm_user_rcv_msg+0x42c/0x8b0 [ 56.128404][ T8366] ? xfrm_do_migrate+0x7f0/0x7f0 [ 56.133362][ T8366] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.139354][ T8366] ? lock_chain_count+0x20/0x20 [ 56.144261][ T8366] ? __mutex_lock+0x620/0x1120 [ 56.149028][ T8366] netlink_rcv_skb+0x153/0x420 [ 56.153790][ T8366] ? xfrm_do_migrate+0x7f0/0x7f0 [ 56.158729][ T8366] ? netlink_ack+0xaa0/0xaa0 [ 56.163330][ T8366] xfrm_netlink_rcv+0x6b/0x90 [ 56.168016][ T8366] netlink_unicast+0x533/0x7d0 [ 56.172871][ T8366] ? netlink_attachskb+0x870/0x870 [ 56.177982][ T8366] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 56.184234][ T8366] ? __phys_addr_symbol+0x2c/0x70 [ 56.189266][ T8366] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 56.194989][ T8366] ? __check_object_size+0x171/0x3f0 [ 56.200282][ T8366] netlink_sendmsg+0x856/0xd90 [ 56.205049][ T8366] ? netlink_unicast+0x7d0/0x7d0 [ 56.210078][ T8366] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.216418][ T8366] ? netlink_unicast+0x7d0/0x7d0 [ 56.221362][ T8366] sock_sendmsg+0xcf/0x120 [ 56.225788][ T8366] ____sys_sendmsg+0x6e8/0x810 [ 56.230564][ T8366] ? kernel_sendmsg+0x50/0x50 [ 56.235233][ T8366] ? do_recvmmsg+0x6d0/0x6d0 [ 56.239882][ T8366] ? fs_reclaim_release+0x9c/0xe0 [ 56.244908][ T8366] ? lock_chain_count+0x20/0x20 [ 56.249759][ T8366] ___sys_sendmsg+0xf3/0x170 [ 56.254430][ T8366] ? sendmsg_copy_msghdr+0x160/0x160 [ 56.259724][ T8366] ? __lock_acquire+0x16b3/0x54c0 [ 56.264767][ T8366] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.270752][ T8366] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.276987][ T8366] ? __fget_light+0x215/0x280 [ 56.281658][ T8366] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 56.287898][ T8366] __sys_sendmsg+0xe5/0x1b0 [ 56.292398][ T8366] ? __sys_sendmsg_sock+0x30/0x30 [ 56.297596][ T8366] ? syscall_enter_from_user_mode+0x27/0x70 [ 56.303489][ T8366] do_syscall_64+0x2d/0x70 [ 56.307939][ T8366] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.313830][ T8366] RIP: 0033:0x43f0b9 [ 56.317714][ T8366] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.337412][ T8366] RSP: 002b:00007ffebb9cbef8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.345833][ T8366] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f0b9 [ 56.353795][ T8366] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 56.361764][ T8366] RBP: 00000000004030a0 R08: 0000000000400488 R09: 0000000000400488 [ 56.369726][ T8366] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000403130 [ 56.377794][ T8366] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 56.391755][ T8366] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 56.403468][ T8366] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 56.411869][ T8366] CPU: 0 PID: 8366 Comm: syz-executor561 Not tainted 5.12.0-rc4-syzkaller #0 [ 56.420652][ T8366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.430709][ T8366] RIP: 0010:bond_ipsec_add_sa+0x9e/0x240 [ 56.436351][ T8366] Code: 04 31 ff 89 c3 89 c6 e8 50 11 cd fc 85 db 0f 85 f6 00 00 00 e8 93 09 cd fc 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 5f 01 00 00 48 8d bd d0 02 00 00 49 8b 5d 00 48 [ 56.456043][ T8366] RSP: 0018:ffffc9000171f498 EFLAGS: 00010256 [ 56.462113][ T8366] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 56.471275][ T8366] RDX: 0000000000000000 RSI: ffffffff84a6e7bd RDI: 0000000000000003 [ 56.479423][ T8366] RBP: ffff888021258000 R08: 0000000000000000 R09: ffffffff8fa9796f [ 56.487392][ T8366] R10: ffffffff88d0d85f R11: 0000000000000000 R12: ffff888021b6c000 [ 56.495344][ T8366] R13: 0000000000000000 R14: ffff8880212582e0 R15: ffff8880212582e4 [ 56.503295][ T8366] FS: 00000000008e5300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 56.512292][ T8366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.518870][ T8366] CR2: 000055afd943ea30 CR3: 000000001b86f000 CR4: 0000000000350ef0 [ 56.526934][ T8366] Call Trace: [ 56.530200][ T8366] xfrm_dev_state_add+0x2da/0x7b0 [ 56.535213][ T8366] xfrm_add_sa+0x229e/0x35f0 [ 56.540238][ T8366] ? xfrm_send_mapping+0x800/0x800 [ 56.545588][ T8366] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.551812][ T8366] ? security_capable+0x8f/0xc0 [ 56.556644][ T8366] ? __nla_parse+0x3d/0x50 [ 56.561040][ T8366] ? xfrm_send_mapping+0x800/0x800 [ 56.566319][ T8366] xfrm_user_rcv_msg+0x42c/0x8b0 [ 56.571236][ T8366] ? xfrm_do_migrate+0x7f0/0x7f0 [ 56.576165][ T8366] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.582129][ T8366] ? lock_chain_count+0x20/0x20 [ 56.586962][ T8366] ? __mutex_lock+0x620/0x1120 [ 56.591720][ T8366] netlink_rcv_skb+0x153/0x420 [ 56.596638][ T8366] ? xfrm_do_migrate+0x7f0/0x7f0 [ 56.601553][ T8366] ? netlink_ack+0xaa0/0xaa0 [ 56.606122][ T8366] xfrm_netlink_rcv+0x6b/0x90 [ 56.610780][ T8366] netlink_unicast+0x533/0x7d0 [ 56.615523][ T8366] ? netlink_attachskb+0x870/0x870 [ 56.620623][ T8366] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 56.626841][ T8366] ? __phys_addr_symbol+0x2c/0x70 [ 56.631847][ T8366] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 56.637560][ T8366] ? __check_object_size+0x171/0x3f0 [ 56.642838][ T8366] netlink_sendmsg+0x856/0xd90 [ 56.647589][ T8366] ? netlink_unicast+0x7d0/0x7d0 [ 56.652504][ T8366] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.658733][ T8366] ? netlink_unicast+0x7d0/0x7d0 [ 56.663645][ T8366] sock_sendmsg+0xcf/0x120 [ 56.668040][ T8366] ____sys_sendmsg+0x6e8/0x810 [ 56.672781][ T8366] ? kernel_sendmsg+0x50/0x50 [ 56.677447][ T8366] ? do_recvmmsg+0x6d0/0x6d0 [ 56.682037][ T8366] ? fs_reclaim_release+0x9c/0xe0 [ 56.687323][ T8366] ? lock_chain_count+0x20/0x20 [ 56.692159][ T8366] ___sys_sendmsg+0xf3/0x170 [ 56.696730][ T8366] ? sendmsg_copy_msghdr+0x160/0x160 [ 56.702010][ T8366] ? __lock_acquire+0x16b3/0x54c0 [ 56.707044][ T8366] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.713014][ T8366] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.719251][ T8366] ? __fget_light+0x215/0x280 [ 56.723908][ T8366] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 56.730303][ T8366] __sys_sendmsg+0xe5/0x1b0 [ 56.734803][ T8366] ? __sys_sendmsg_sock+0x30/0x30 [ 56.739807][ T8366] ? syscall_enter_from_user_mode+0x27/0x70 [ 56.745682][ T8366] do_syscall_64+0x2d/0x70 [ 56.750095][ T8366] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.755985][ T8366] RIP: 0033:0x43f0b9 [ 56.759859][ T8366] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.779448][ T8366] RSP: 002b:00007ffebb9cbef8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.787928][ T8366] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f0b9 [ 56.796055][ T8366] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 56.804009][ T8366] RBP: 00000000004030a0 R08: 0000000000400488 R09: 0000000000400488 [ 56.811974][ T8366] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000403130 [ 56.820045][ T8366] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 56.828013][ T8366] Modules linked in: [ 56.832813][ T8366] ---[ end trace 05504c0fc335d152 ]--- [ 56.838310][ T8366] RIP: 0010:bond_ipsec_add_sa+0x9e/0x240 [ 56.844160][ T8366] Code: 04 31 ff 89 c3 89 c6 e8 50 11 cd fc 85 db 0f 85 f6 00 00 00 e8 93 09 cd fc 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 5f 01 00 00 48 8d bd d0 02 00 00 49 8b 5d 00 48 [ 56.864305][ T8366] RSP: 0018:ffffc9000171f498 EFLAGS: 00010256 [ 56.870556][ T8366] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 56.879483][ T8366] RDX: 0000000000000000 RSI: ffffffff84a6e7bd RDI: 0000000000000003 [ 56.888177][ T8366] RBP: ffff888021258000 R08: 0000000000000000 R09: ffffffff8fa9796f [ 56.896486][ T8366] R10: ffffffff88d0d85f R11: 0000000000000000 R12: ffff888021b6c000 [ 56.904524][ T8366] R13: 0000000000000000 R14: ffff8880212582e0 R15: ffff8880212582e4 [ 56.912534][ T8366] FS: 00000000008e5300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 56.921588][ T8366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.928234][ T8366] CR2: 000055afd943ea30 CR3: 000000001b86f000 CR4: 0000000000350ef0 [ 56.936302][ T8366] Kernel panic - not syncing: Fatal exception [ 56.946460][ T8366] Kernel Offset: disabled [ 56.950791][ T8366] Rebooting in 86400 seconds..