syzkaller login: [ 99.780905][ T2052] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 108.462530][ T2052] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 108.493450][ T2052] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:54769' (ECDSA) to the list of known hosts. 1970/01/01 00:02:19 fuzzer started 1970/01/01 00:02:23 connecting to host at localhost:44681 1970/01/01 00:02:23 checking machine... 1970/01/01 00:02:23 checking revisions... 1970/01/01 00:02:26 testing simple program... executing program [ 147.648100][ T2212] cgroup: Unknown subsys name 'net' [ 148.209360][ T2212] cgroup: Unknown subsys name 'rlimit' executing program executing program [ 155.423587][ T2215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.476983][ T2215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program [ 158.824738][ T2215] device hsr_slave_0 entered promiscuous mode [ 158.910801][ T2215] device hsr_slave_1 entered promiscuous mode executing program [ 161.450716][ T2215] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 161.553584][ T2215] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 161.627008][ T2215] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 161.708880][ T2215] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 164.543292][ T2215] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.704242][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 164.744984][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program [ 166.584365][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.622657][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.738680][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.763684][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.847802][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.920347][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.180780][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.190282][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.309689][ T93] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.328506][ T93] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.388804][ T2215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 168.871428][ T93] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 168.882134][ T93] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 172.038244][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.058982][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 173.740911][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.798514][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.821411][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.853351][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.951196][ T2215] device veth0_vlan entered promiscuous mode [ 174.121676][ T2215] device veth1_vlan entered promiscuous mode [ 174.438242][ T93] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 174.463917][ T93] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 174.531254][ T2215] device veth0_macvtap entered promiscuous mode executing program [ 174.642041][ T2215] device veth1_macvtap entered promiscuous mode [ 174.761410][ T93] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 174.784639][ T93] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 174.910818][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 174.932267][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 175.039042][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 175.060733][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 175.114403][ T2215] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.129052][ T2215] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.131773][ T2215] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.132516][ T2215] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.701043][ C1] ------------[ cut here ]------------ [ 175.702819][ C1] WARNING: CPU: 1 PID: 27 at include/linux/cpumask.h:110 wg_cpumask_next_online+0x1c0/0x2c0 [ 175.703500][ C1] Modules linked in: [ 175.703997][ C1] CPU: 1 PID: 27 Comm: kworker/u4:1 Tainted: G W 6.0.0-syzkaller-11840-gf2b220ef93ea #0 [ 175.704570][ C1] Hardware name: linux,dummy-virt (DT) [ 175.705292][ C1] Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker [ 175.706962][ C1] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 175.709225][ C1] pc : wg_cpumask_next_online+0x1c0/0x2c0 [ 175.709729][ C1] lr : wg_packet_receive+0x978/0x1560 [ 175.710106][ C1] sp : ffff800010ab7440 [ 175.710480][ C1] x29: ffff800010ab7440 x28: 0000000000000001 x27: 1fffe00002749219 [ 175.711131][ C1] x26: 0000000000000000 x25: ffff80000de5c000 x24: 0000000000000000 [ 175.711763][ C1] x23: 0000000000000003 x22: ffff80000de5cb68 x21: 0000000000000001 [ 175.712385][ C1] x20: ffff000013a490c8 x19: ffff80000de5cd50 x18: ffff00000f359478 [ 175.712980][ C1] x17: 1fffe0000146850c x16: 1fffe00001e6b27f x15: ffff00000f359400 [ 175.713606][ C1] x14: 1ffff00002156e60 x13: 0000000000000000 x12: ffff600002749291 [ 175.714229][ C1] x11: 1fffe00002749290 x10: ffff600002749290 x9 : dfff800000000000 [ 175.714900][ C1] x8 : ffff000013a49483 x7 : 00009ffffd8b6d70 x6 : 0000000000000001 [ 175.717319][ C1] x5 : ffff000013a49480 x4 : ffff700001bcb9aa x3 : dfff800000000000 [ 175.719500][ C1] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 175.722417][ C1] Call trace: [ 175.723715][ C1] wg_cpumask_next_online+0x1c0/0x2c0 [ 175.726074][ C1] wg_packet_receive+0x978/0x1560 [ 175.726444][ C1] wg_receive+0x58/0xb0 [ 175.726887][ C1] udp_queue_rcv_one_skb+0x820/0x1a8c [ 175.728105][ C1] udp_queue_rcv_skb+0x134/0x7e0 [ 175.728399][ C1] udp_unicast_rcv_skb+0xe8/0x2e0 [ 175.728693][ C1] __udp4_lib_rcv+0xcf0/0x31b0 [ 175.728999][ C1] udp_rcv+0x20/0x30 [ 175.729297][ C1] ip_protocol_deliver_rcu+0xbc/0x634 [ 175.729627][ C1] ip_local_deliver_finish+0x248/0x3ac [ 175.729978][ C1] ip_local_deliver+0x16c/0x384 [ 175.730283][ C1] ip_rcv_finish+0x144/0x224 [ 175.730629][ C1] ip_rcv+0xc0/0x2b0 [ 175.730945][ C1] __netif_receive_skb_one_core+0xf4/0x170 [ 175.731315][ C1] __netif_receive_skb+0x24/0x184 [ 175.731650][ C1] process_backlog+0x24c/0x6b0 [ 175.731953][ C1] __napi_poll+0x94/0x3a4 [ 175.732215][ C1] net_rx_action+0x78c/0xb60 [ 175.732509][ C1] _stext+0x28c/0x107c [ 175.732972][ C1] ____do_softirq+0x10/0x20 [ 175.733238][ C1] call_on_irq_stack+0x2c/0x54 [ 175.733471][ C1] do_softirq_own_stack+0x1c/0x30 [ 175.733692][ C1] do_softirq.part.0+0xd0/0xf4 [ 175.733935][ C1] __local_bh_enable_ip+0x50c/0x5d0 [ 175.734303][ C1] _raw_read_unlock_bh+0x54/0x64 [ 175.734622][ C1] wg_socket_send_skb_to_peer+0xf0/0x190 [ 175.734915][ C1] wg_socket_send_buffer_to_peer+0x110/0x160 [ 175.735351][ C1] wg_packet_send_handshake_initiation+0x1a8/0x274 [ 175.735898][ C1] wg_packet_handshake_send_worker+0x1c/0x34 [ 175.750835][ C1] process_one_work+0x780/0x184c [ 175.751304][ C1] worker_thread+0x3cc/0xc40 [ 175.751663][ C1] kthread+0x23c/0x2a0 [ 175.752004][ C1] ret_from_fork+0x10/0x20 [ 175.752361][ C1] irq event stamp: 516663 [ 175.752701][ C1] hardirqs last enabled at (516662): [] __local_bh_enable_ip+0x1e4/0x5d0 [ 175.753195][ C1] hardirqs last disabled at (516663): [] el1_dbg+0x24/0x80 [ 175.753651][ C1] softirqs last enabled at (516654): [] wg_socket_send_skb_to_peer+0xf0/0x190 [ 175.754150][ C1] softirqs last disabled at (516655): [] ____do_softirq+0x10/0x20 [ 175.754649][ C1] ---[ end trace 0000000000000000 ]--- [ 175.802544][ T21] ------------[ cut here ]------------ [ 175.803604][ T21] WARNING: CPU: 1 PID: 21 at include/linux/cpumask.h:110 wg_packet_send_staged_packets+0xe38/0x1380 [ 175.804254][ T21] Modules linked in: [ 175.804722][ T21] CPU: 1 PID: 21 Comm: kworker/1:0 Tainted: G W 6.0.0-syzkaller-11840-gf2b220ef93ea #0 [ 175.805525][ T21] Hardware name: linux,dummy-virt (DT) [ 175.805910][ T21] Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker [ 175.806595][ T21] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 175.807085][ T21] pc : wg_packet_send_staged_packets+0xe38/0x1380 [ 175.807466][ T21] lr : wg_packet_send_staged_packets+0x524/0x1380 [ 175.807848][ T21] sp : ffff800010c57800 [ 175.808164][ T21] x29: ffff800010c57800 x28: ffff000010a42400 x27: 0000000000000001 [ 175.808911][ T21] x26: 0000000000000001 x25: 0000000000000002 x24: 1fffe00001e6b2a6 [ 175.809688][ T21] x23: ffff00000f359528 x22: ffff80000de5cd50 x21: ffff00000f0e2ee0 [ 175.810396][ T21] x20: ffff00000f359500 x19: ffff000013a4cc40 x18: 0000000000b7c783 [ 175.813225][ T21] x17: 00000000c86c9f7b x16: 0000000003b21763 x15: 0000000000000000 [ 175.816454][ T21] x14: 1ffff0000218aece x13: 0000000000000000 x12: ffff600001e1c5de [ 175.819963][ T21] x11: ffff700001bcb9aa x10: dfff800000000000 x9 : 0000000000000003 [ 175.820721][ T21] x8 : ffff80000de5c000 x7 : 1fffe000027499b9 x6 : 0000000000000000 [ 175.821402][ T21] x5 : ffff000013a4cdc8 x4 : ffff80000de5cb68 x3 : ffff800009f2c124 [ 175.822112][ T21] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 175.822915][ T21] Call trace: [ 175.823256][ T21] wg_packet_send_staged_packets+0xe38/0x1380 [ 175.823732][ T21] wg_packet_send_keepalive+0x40/0x2a0 [ 175.824160][ T21] wg_receive_handshake_packet+0x2c8/0x7c0 [ 175.824591][ T21] wg_packet_handshake_receive_worker+0xd8/0x2ec [ 175.825044][ T21] process_one_work+0x780/0x184c [ 175.825603][ T21] worker_thread+0x3cc/0xc40 [ 175.826023][ T21] kthread+0x23c/0x2a0 [ 175.826460][ T21] ret_from_fork+0x10/0x20 [ 175.826968][ T21] irq event stamp: 17497 [ 175.827433][ T21] hardirqs last enabled at (17495): [] seqcount_lockdep_reader_access.constprop.0+0xc4/0xe0 [ 175.827990][ T21] hardirqs last disabled at (17497): [] el1_dbg+0x24/0x80 [ 175.828335][ T21] softirqs last enabled at (17492): [] wg_packet_send_staged_packets+0x20c/0x1380 [ 175.828721][ T21] softirqs last disabled at (17496): [] wg_packet_send_staged_packets+0x460/0x1380 [ 175.829138][ T21] ---[ end trace 0000000000000000 ]--- executing program [ 178.063193][ T27] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:02:57 building call list... [ 178.371564][ T27] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.609980][ T27] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.957590][ T27] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 182.646965][ T27] device hsr_slave_0 left promiscuous mode [ 182.691475][ T27] device hsr_slave_1 left promiscuous mode [ 182.867226][ T27] device veth1_macvtap left promiscuous mode [ 182.869881][ T27] device veth0_macvtap left promiscuous mode [ 182.890689][ T27] device veth1_vlan left promiscuous mode [ 182.904129][ T27] device veth0_vlan left promiscuous mode executing program executing program [ 187.018195][ T27] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 187.197485][ T27] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.142931][ T27] bond0 (unregistering): Released all slaves executing program executing program executing program executing program executing program executing program VM DIAGNOSIS: 19:05:31 Registers: info registers vcpu 0 PC=ffff8000087da318 X00=0000000000000001 X01=0000000000000000 X02=1ffff00001e7a748 X03=ffff80000de5fb74 X04=0000000000000001 X05=0000000000000000 X06=00000000f3f3f3f3 X07=1fffe0000154014b X08=ffff00000aa00a58 X09=0000000000000050 X10=ffff00000aa009cc X11=0000000000000007 X12=1fffe00001540139 X13=0000000000000000 X14=1ffff00001000f28 X15=0000000000008000 X16=ffff800008008000 X17=ffff80005cbc5000 X18=ffff00006a9cbb88 X19=ffff000016ce1480 X20=ffff000016ce1400 X21=ffff00000aa00000 X22=0000000000000000 X23=ffff8000080079f8 X24=0000000000000000 X25=ffff8000108f1428 X26=0000000000000000 X27=0000000000080800 X28=dfff800000000000 X29=ffff8000080079f0 X30=ffff80000829c148 SP=ffff8000080079e0 PSTATE=00000005 ---- EL1h FPCR=00000000 FPSR=00000000 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000 Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000 Q04=0000000000000000:0000000000000000 Q05=0000000000000000:0000000000000000 Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff8000082ca660 X00=00000000000003c0 X01=00000000000003c0 X02=0000000000000000 X03=ffff8000082ca5f4 X04=ffff700002156d6b X05=ffff800010ab6b50 X06=0000000000000001 X07=00008ffffdea9296 X08=ffff800010ab6b57 X09=dfff800000000000 X10=ffff700002156d6a X11=1ffff00002156d6a X12=ffff700002156d6b X13=0000000000000000 X14=0000000000000001 X15=ffff80000f2b6dc0 X16=0000000000000007 X17=0000000000000000 X18=ffff00000f359478 X19=1ffff00002156d9f X20=ffff800010ab6cf0 X21=ffff800010ab6cf8 X22=80000000ffffe352 X23=ffff800010ab6b50 X24=1ffff00002156d66 X25=000000000000000d X26=00000000ffffe352 X27=00000000ffffe352 X28=ffff800010ab6cf0 X29=ffff800010ab6ad0 X30=ffff8000082ca5f4 SP=ffff800010ab6ad0 PSTATE=600003c5 -ZC- EL1h FPCR=00000000 FPSR=00000000 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000 Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000 Q04=0000000000000000:0000000000000000 Q05=0000000000000000:0000000000000000 Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000