syzkaller login: [ 100.077565][ T2050] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 100.089095][ T2050] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 100.106775][ T2050] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 100.135429][ T2050] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:28134' (ECDSA) to the list of known hosts. 1970/01/01 00:02:13 fuzzer started 1970/01/01 00:02:17 connecting to host at localhost:45647 1970/01/01 00:02:17 checking machine... 1970/01/01 00:02:17 checking revisions... 1970/01/01 00:02:19 testing simple program... [ 140.787906][ T2218] cgroup: Unknown subsys name 'net' executing program [ 141.267534][ T2218] cgroup: Unknown subsys name 'rlimit' executing program executing program [ 147.407144][ T2221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.438032][ T2221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.967315][ T2221] device hsr_slave_0 entered promiscuous mode [ 150.025267][ T2221] device hsr_slave_1 entered promiscuous mode executing program [ 151.883821][ T2221] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 152.035781][ T2221] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 152.134764][ T2221] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 152.216700][ T2221] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 154.094624][ T2221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.196716][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 154.218650][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.446095][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 155.481490][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.571474][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 155.593478][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.646114][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 155.719446][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 155.914835][ T2219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 155.920959][ T2219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.997225][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.009746][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.099760][ T2221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 157.165785][ T2219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 157.168533][ T2219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 159.646409][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 159.659611][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 161.165256][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 161.186259][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 161.250582][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 161.260168][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 161.275010][ T2221] device veth0_vlan entered promiscuous mode [ 161.480988][ T2221] device veth1_vlan entered promiscuous mode [ 161.770745][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 161.780230][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.866551][ T2221] device veth0_macvtap entered promiscuous mode [ 161.916480][ T2221] device veth1_macvtap entered promiscuous mode [ 162.063004][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 162.069248][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 162.105393][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 162.110508][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 162.200063][ T888] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 162.207096][ T888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 162.298994][ T2221] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.300811][ T2221] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.301490][ T2221] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.317544][ T2221] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.882674][ C1] ------------[ cut here ]------------ [ 162.883579][ C1] WARNING: CPU: 1 PID: 9 at include/linux/cpumask.h:110 wg_cpumask_next_online+0x1c0/0x2c0 [ 162.884302][ C1] Modules linked in: [ 162.884718][ C1] CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G W 6.0.0-syzkaller-11468-g95b8b5953a31 #0 [ 162.885389][ C1] Hardware name: linux,dummy-virt (DT) [ 162.885928][ C1] Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker [ 162.886546][ C1] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 162.887303][ C1] pc : wg_cpumask_next_online+0x1c0/0x2c0 [ 162.888008][ C1] lr : wg_packet_receive+0x978/0x1560 [ 162.888370][ C1] sp : ffff800010ab7440 [ 162.888681][ C1] x29: ffff800010ab7440 x28: 0000000000000001 x27: 1fffe000017a5a19 [ 162.889234][ C1] x26: 0000000000000000 x25: ffff80000de5c000 x24: 0000000000000000 [ 162.889855][ C1] x23: 0000000000000003 x22: ffff80000de5cb68 x21: 0000000000000001 [ 162.890786][ C1] x20: ffff00000bd2d0c8 x19: ffff80000de5cd50 x18: ffff000012e01338 [ 162.892489][ C1] x17: 1fffe00001362c0c x16: 1fffe000025c0257 x15: ffff000012e012c0 [ 162.893451][ C1] x14: 1ffff00002156e60 x13: 0000000000000000 x12: ffff6000017a5a91 [ 162.894092][ C1] x11: 1fffe000017a5a90 x10: ffff6000017a5a90 x9 : dfff800000000000 [ 162.894744][ C1] x8 : ffff00000bd2d483 x7 : 00009ffffe85a570 x6 : 0000000000000001 [ 162.895374][ C1] x5 : ffff00000bd2d480 x4 : ffff700001bcb9aa x3 : dfff800000000000 [ 162.895994][ C1] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 162.896634][ C1] Call trace: [ 162.897061][ C1] wg_cpumask_next_online+0x1c0/0x2c0 [ 162.897525][ C1] wg_packet_receive+0x978/0x1560 [ 162.897920][ C1] wg_receive+0x58/0xb0 [ 162.898269][ C1] udp_queue_rcv_one_skb+0x820/0x1a8c [ 162.898701][ C1] udp_queue_rcv_skb+0x134/0x7e0 [ 162.899078][ C1] udp_unicast_rcv_skb+0xe8/0x2e0 [ 162.899461][ C1] __udp4_lib_rcv+0xcf0/0x31b0 [ 162.899830][ C1] udp_rcv+0x20/0x30 [ 162.900187][ C1] ip_protocol_deliver_rcu+0xbc/0x634 [ 162.900576][ C1] ip_local_deliver_finish+0x248/0x3ac [ 162.900978][ C1] ip_local_deliver+0x16c/0x384 [ 162.901339][ C1] ip_rcv_finish+0x144/0x224 [ 162.901807][ C1] ip_rcv+0xc0/0x2b0 [ 162.902153][ C1] __netif_receive_skb_one_core+0xf4/0x170 [ 162.903361][ C1] __netif_receive_skb+0x24/0x184 [ 162.903722][ C1] process_backlog+0x24c/0x6b0 [ 162.904140][ C1] __napi_poll+0x94/0x3a4 [ 162.904505][ C1] net_rx_action+0x78c/0xb60 [ 162.904900][ C1] _stext+0x28c/0x107c [ 162.905267][ C1] ____do_softirq+0x10/0x20 [ 162.905617][ C1] call_on_irq_stack+0x2c/0x54 [ 162.905968][ C1] do_softirq_own_stack+0x1c/0x30 [ 162.906335][ C1] do_softirq.part.0+0xd0/0xf4 [ 162.906696][ C1] __local_bh_enable_ip+0x50c/0x5d0 [ 162.907073][ C1] _raw_read_unlock_bh+0x54/0x64 [ 162.907383][ C1] wg_socket_send_skb_to_peer+0xf0/0x190 [ 162.907730][ C1] wg_socket_send_buffer_to_peer+0x110/0x160 [ 162.908116][ C1] wg_packet_send_handshake_initiation+0x1a8/0x274 [ 162.908545][ C1] wg_packet_handshake_send_worker+0x1c/0x34 [ 162.909406][ C1] process_one_work+0x780/0x184c [ 162.909761][ C1] worker_thread+0x3cc/0xc40 [ 162.910142][ C1] kthread+0x23c/0x2a0 [ 162.910450][ C1] ret_from_fork+0x10/0x20 [ 162.910809][ C1] irq event stamp: 2777 [ 162.911117][ C1] hardirqs last enabled at (2776): [] __local_bh_enable_ip+0x1e4/0x5d0 [ 162.911525][ C1] hardirqs last disabled at (2777): [] el1_dbg+0x24/0x80 [ 162.911907][ C1] softirqs last enabled at (2766): [] wg_socket_send_skb_to_peer+0xf0/0x190 [ 162.912701][ C1] softirqs last disabled at (2767): [] ____do_softirq+0x10/0x20 [ 162.913462][ C1] ---[ end trace 0000000000000000 ]--- [ 162.997520][ C0] ------------[ cut here ]------------ [ 163.000688][ C0] WARNING: CPU: 0 PID: 888 at include/linux/cpumask.h:110 wg_packet_send_staged_packets+0xe38/0x1380 [ 163.003214][ C0] Modules linked in: [ 163.004118][ C0] CPU: 0 PID: 888 Comm: kworker/0:2 Tainted: G W 6.0.0-syzkaller-11468-g95b8b5953a31 #0 [ 163.004711][ C0] Hardware name: linux,dummy-virt (DT) [ 163.005104][ C0] Workqueue: wg-crypt-wg1 wg_packet_decrypt_worker [ 163.005605][ C0] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 163.006087][ C0] pc : wg_packet_send_staged_packets+0xe38/0x1380 [ 163.006507][ C0] lr : wg_packet_send_staged_packets+0x524/0x1380 [ 163.007018][ C0] sp : ffff800008007960 [ 163.007384][ C0] x29: ffff800008007960 x28: ffff00000ffcf400 x27: 0000000000000001 [ 163.008066][ C0] x26: 0000000000000001 x25: 0000000000000002 x24: 1fffe00001f09af6 [ 163.008712][ C0] x23: ffff00000f84d7a8 x22: ffff80000de5cd50 x21: ffff000009c71c20 [ 163.009494][ C0] x20: ffff00000f84d780 x19: ffff00000bd2cc40 x18: ffff000012e011f8 [ 163.010101][ C0] x17: ffff80005cbc5000 x16: ffff800008008000 x15: 0000000000008000 [ 163.010840][ C0] x14: 1ffff00001000efa x13: 1fffe000022e94b3 x12: ffff60000138e386 [ 163.011438][ C0] x11: ffff700001bcb9aa x10: dfff800000000000 x9 : 0000000000000003 [ 163.012191][ C0] x8 : ffff80000de5c000 x7 : 1fffe000017a59b9 x6 : 0000000000000000 [ 163.013021][ C0] x5 : ffff00000bd2cdc8 x4 : ffff80000de5cb68 x3 : ffff800009f2c334 [ 163.013650][ C0] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 163.014276][ C0] Call trace: [ 163.014592][ C0] wg_packet_send_staged_packets+0xe38/0x1380 [ 163.015024][ C0] wg_packet_rx_poll+0xd94/0x1580 [ 163.015417][ C0] __napi_poll+0x94/0x3a4 [ 163.015792][ C0] net_rx_action+0x78c/0xb60 [ 163.016310][ C0] _stext+0x28c/0x107c [ 163.016686][ C0] ____do_softirq+0x10/0x20 [ 163.017108][ C0] call_on_irq_stack+0x2c/0x54 [ 163.017490][ C0] do_softirq_own_stack+0x1c/0x30 [ 163.017897][ C0] do_softirq.part.0+0xd0/0xf4 [ 163.018373][ C0] __local_bh_enable_ip+0x50c/0x5d0 [ 163.018770][ C0] _raw_spin_unlock_bh+0x54/0x64 [ 163.019207][ C0] wg_packet_decrypt_worker+0xd4/0x3c0 [ 163.019588][ C0] process_one_work+0x780/0x184c [ 163.019945][ C0] worker_thread+0x3cc/0xc40 [ 163.020365][ C0] kthread+0x23c/0x2a0 [ 163.020775][ C0] ret_from_fork+0x10/0x20 [ 163.021116][ C0] irq event stamp: 14623 [ 163.021457][ C0] hardirqs last enabled at (14622): [] seqcount_lockdep_reader_access.constprop.0+0xc4/0xe0 [ 163.022268][ C0] hardirqs last disabled at (14623): [] el1_dbg+0x24/0x80 [ 163.022940][ C0] softirqs last enabled at (14600): [] wg_packet_decrypt_worker+0xd4/0x3c0 [ 163.023609][ C0] softirqs last disabled at (14601): [] ____do_softirq+0x10/0x20 [ 163.024075][ C0] ---[ end trace 0000000000000000 ]--- executing program 1970/01/01 00:02:45 building call list... [ 165.695651][ T1010] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.118607][ T1010] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.567308][ T1010] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.879229][ T1010] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 170.410310][ T1010] device hsr_slave_0 left promiscuous mode [ 170.468078][ T1010] device hsr_slave_1 left promiscuous mode [ 170.654919][ T1010] device veth1_macvtap left promiscuous mode [ 170.657382][ T1010] device veth0_macvtap left promiscuous mode [ 170.687339][ T1010] device veth1_vlan left promiscuous mode [ 170.691673][ T1010] device veth0_vlan left promiscuous mode executing program executing program [ 174.677647][ T1010] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 174.835622][ T1010] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 175.850149][ T1010] bond0 (unregistering): Released all slaves executing program executing program executing program executing program executing program executing program VM DIAGNOSIS: 18:42:29 Registers: info registers vcpu 0 PC=ffff800009f31760 X00=0000000000000001 X01=0000000000000002 X02=0000000000000002 X03=dfff800000000000 X04=ffff700001bcb9aa X05=ffff00000bd29480 X06=0000000000000001 X07=00009ffffe85ad70 X08=ffff00000bd29483 X09=dfff800000000000 X10=ffff6000017a5290 X11=1fffe000017a5290 X12=ffff6000017a5291 X13=0000000000000000 X14=1ffff00001000e68 X15=ffff00000e27f028 X16=ffff800008008000 X17=ffff80005cbc5000 X18=000000000e5188ea X19=ffff80000de5cd50 X20=ffff00000bd290c8 X21=0000000000000001 X22=ffff80000de5cb68 X23=0000000000000003 X24=0000000000000000 X25=ffff80000de5c000 X26=0000000000000000 X27=1fffe000017a5219 X28=0000000000000001 X29=ffff800008007480 X30=ffff800009f34ec8 SP=ffff800008007480 PSTATE=60000005 -ZC- EL1h FPCR=00000000 FPSR=00000010 Q00=0000000000000000:0000000000000004 Q01=0000000000000000:414fffffe0000000 Q02=84f3383a9d3c4141:b51012dde01579f9 Q03=0000000040000000:0000000000000000 Q04=4010040140100401:4000000000000000 Q05=4010040140100401:4010040140100401 Q06=5555400000400000:5555400000400000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000010:0000001e8d0a7390 Q31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff8000096b95e8 X00=0000000000000002 X01=0000000000000f01 X02=ffff000009a720c8 X03=0000000000000000 X04=1fffe0000134e42e X05=0000000000000002 X06=1fffe0000134e42e X07=0000000000000030 X08=ffff800010ab6a33 X09=dfff800000000000 X10=ffff700002156d46 X11=1ffff00002156d46 X12=ffff700002156d47 X13=0000000000000000 X14=1ffff00002156d1c X15=0000000000000000 X16=0000000000000000 X17=0000000000000000 X18=ffff000012e01338 X19=ffff8000107777a0 X20=1fffe0000134e459 X21=00000000000003c0 X22=0000000000000f01 X23=1fffe0000134e458 X24=00000000000003c0 X25=0000000000000001 X26=ffff000009a72080 X27=ffff800010aad030 X28=000000000000003f X29=ffff800010ab6a90 X30=ffff8000096b95e8 SP=ffff800010ab6a90 PSTATE=800003c5 N--- EL1h FPCR=00000000 FPSR=00000000 Q00=0000000000000000:0000000000000000 Q01=30253a3a30386566:000a2e6574656c70 Q02=388e9c6c4fa85ca0:0000000000007832 Q03=0000000000000000:ff00000000000000 Q04=0000000000000000:ffffffffffff0000 Q05=0010000000000000:4000000000000000 Q06=0000000000000000:4010040140100000 Q07=4010040140100401:4010040140100401 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000555010004000:0000555010004000 Q17=000000ff00ff00ff:000000ff00ff00ff Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000