syzkaller login: [ 104.092718][ T2051] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 104.141855][ T2051] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 104.171495][ T2051] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:37230' (ECDSA) to the list of known hosts. 1970/01/01 00:02:05 fuzzer started 1970/01/01 00:02:10 connecting to host at localhost:44949 1970/01/01 00:02:10 checking machine... 1970/01/01 00:02:10 checking revisions... executing program 1970/01/01 00:02:14 testing simple program... [ 135.523159][ T2211] cgroup: Unknown subsys name 'net' [ 136.136144][ T2211] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 143.601848][ T2214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 143.627937][ T2214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program [ 146.479828][ T2214] device hsr_slave_0 entered promiscuous mode [ 146.571141][ T2214] device hsr_slave_1 entered promiscuous mode [ 148.740018][ T2214] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 148.836911][ T2214] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 148.968470][ T2214] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 149.071963][ T2214] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 151.970510][ T2214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.147516][ T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.180949][ T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program [ 153.663450][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 153.674654][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 153.787648][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.798288][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.872860][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 153.990515][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 154.201350][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 154.209858][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 154.293604][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 154.327042][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 154.426099][ T2214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 156.039375][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 156.042686][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 159.529137][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 159.546998][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 161.001259][ T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 161.023212][ T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 161.098986][ T887] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 161.121726][ T887] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 161.156942][ T2214] device veth0_vlan entered promiscuous mode executing program [ 161.356245][ T2214] device veth1_vlan entered promiscuous mode [ 161.731326][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 161.741349][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.809204][ T2214] device veth0_macvtap entered promiscuous mode [ 161.872594][ T2214] device veth1_macvtap entered promiscuous mode [ 162.008023][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 162.021170][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 162.104507][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 162.117020][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 162.190291][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 162.210231][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 162.282173][ T2214] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.287097][ T2214] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.289004][ T2214] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.291304][ T2214] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.005001][ C1] ------------[ cut here ]------------ [ 163.006052][ C1] WARNING: CPU: 1 PID: 1590 at include/linux/cpumask.h:110 wg_cpumask_next_online+0x1c0/0x2c0 [ 163.006696][ C1] Modules linked in: [ 163.007166][ C1] CPU: 1 PID: 1590 Comm: kworker/u4:7 Tainted: G W 6.0.0-syzkaller-12053-gf2e44139f3e0 #0 [ 163.007694][ C1] Hardware name: linux,dummy-virt (DT) [ 163.008202][ C1] Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker [ 163.008698][ C1] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 163.009045][ C1] pc : wg_cpumask_next_online+0x1c0/0x2c0 [ 163.009623][ C1] lr : wg_packet_receive+0x978/0x1560 [ 163.009882][ C1] sp : ffff800010ab7440 [ 163.010493][ C1] x29: ffff800010ab7440 x28: 0000000000000001 x27: 1fffe000025aba19 [ 163.010927][ C1] x26: 0000000000000000 x25: ffff80000de5c000 x24: 0000000000000000 [ 163.011354][ C1] x23: 0000000000000003 x22: ffff80000de5cb68 x21: 0000000000000001 [ 163.012397][ C1] x20: ffff000012d5d0c8 x19: ffff80000de5cd50 x18: ffff000012c93978 [ 163.012874][ C1] x17: 1fffe00002b7640c x16: 1fffe0000259271f x15: ffff000012c93900 [ 163.013362][ C1] x14: 1ffff00002156e60 x13: 0000000000000000 x12: ffff6000025aba91 [ 163.013784][ C1] x11: 1fffe000025aba90 x10: ffff6000025aba90 x9 : dfff800000000000 [ 163.014277][ C1] x8 : ffff000012d5d483 x7 : 00009ffffda54570 x6 : 0000000000000001 [ 163.014821][ C1] x5 : ffff000012d5d480 x4 : ffff700001bcb9aa x3 : dfff800000000000 [ 163.015379][ C1] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 163.016112][ C1] Call trace: [ 163.016418][ C1] wg_cpumask_next_online+0x1c0/0x2c0 [ 163.016810][ C1] wg_packet_receive+0x978/0x1560 [ 163.017167][ C1] wg_receive+0x58/0xb0 [ 163.017504][ C1] udp_queue_rcv_one_skb+0x820/0x1a8c [ 163.017937][ C1] udp_queue_rcv_skb+0x134/0x7e0 [ 163.018361][ C1] udp_unicast_rcv_skb+0xe8/0x2e0 [ 163.018760][ C1] __udp4_lib_rcv+0xcf0/0x31b0 [ 163.019149][ C1] udp_rcv+0x20/0x30 [ 163.019492][ C1] ip_protocol_deliver_rcu+0xbc/0x634 [ 163.019910][ C1] ip_local_deliver_finish+0x248/0x3ac [ 163.020290][ C1] ip_local_deliver+0x16c/0x384 [ 163.020668][ C1] ip_rcv_finish+0x144/0x224 [ 163.021108][ C1] ip_rcv+0xc0/0x2b0 [ 163.021449][ C1] __netif_receive_skb_one_core+0xf4/0x170 [ 163.021848][ C1] __netif_receive_skb+0x24/0x184 [ 163.022217][ C1] process_backlog+0x24c/0x6b0 [ 163.022585][ C1] __napi_poll+0x94/0x3a4 [ 163.023000][ C1] net_rx_action+0x78c/0xb60 [ 163.023379][ C1] _stext+0x28c/0x107c [ 163.023716][ C1] ____do_softirq+0x10/0x20 [ 163.024074][ C1] call_on_irq_stack+0x2c/0x54 [ 163.024447][ C1] do_softirq_own_stack+0x1c/0x30 [ 163.024878][ C1] do_softirq.part.0+0xd0/0xf4 [ 163.025372][ C1] __local_bh_enable_ip+0x50c/0x5d0 [ 163.026062][ C1] _raw_read_unlock_bh+0x54/0x64 [ 163.026547][ C1] wg_socket_send_skb_to_peer+0xf0/0x190 [ 163.026943][ C1] wg_socket_send_buffer_to_peer+0x110/0x160 [ 163.027375][ C1] wg_packet_send_handshake_initiation+0x1a8/0x274 [ 163.027790][ C1] wg_packet_handshake_send_worker+0x1c/0x34 [ 163.028197][ C1] process_one_work+0x780/0x184c [ 163.028576][ C1] worker_thread+0x3cc/0xc40 [ 163.028927][ C1] kthread+0x23c/0x2a0 [ 163.029279][ C1] ret_from_fork+0x10/0x20 [ 163.029657][ C1] irq event stamp: 12597 [ 163.030031][ C1] hardirqs last enabled at (12596): [] __local_bh_enable_ip+0x1e4/0x5d0 [ 163.030538][ C1] hardirqs last disabled at (12597): [] el1_dbg+0x24/0x80 [ 163.030947][ C1] softirqs last enabled at (12588): [] wg_socket_send_skb_to_peer+0xf0/0x190 [ 163.031426][ C1] softirqs last disabled at (12589): [] ____do_softirq+0x10/0x20 [ 163.031803][ C1] ---[ end trace 0000000000000000 ]--- [ 163.037321][ T90] ------------[ cut here ]------------ [ 163.038142][ T90] WARNING: CPU: 1 PID: 90 at include/linux/cpumask.h:110 wg_packet_send_staged_packets+0xe38/0x1380 [ 163.038696][ T90] Modules linked in: [ 163.039129][ T90] CPU: 1 PID: 90 Comm: kworker/1:2 Tainted: G W 6.0.0-syzkaller-12053-gf2e44139f3e0 #0 [ 163.039638][ T90] Hardware name: linux,dummy-virt (DT) [ 163.040011][ T90] Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker [ 163.040497][ T90] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 163.040950][ T90] pc : wg_packet_send_staged_packets+0xe38/0x1380 [ 163.041359][ T90] lr : wg_packet_send_staged_packets+0x524/0x1380 [ 163.041770][ T90] sp : ffff800011067800 [ 163.042095][ T90] x29: ffff800011067800 x28: ffff0000115b2000 x27: 0000000000000001 [ 163.042706][ T90] x26: 0000000000000001 x25: 0000000000000002 x24: 1fffe000025926f6 [ 163.043332][ T90] x23: ffff000012c937a8 x22: ffff80000de5cd50 x21: ffff00001334a580 [ 163.043954][ T90] x20: ffff000012c93780 x19: ffff000013240c40 x18: 00000000ce626c27 [ 163.044543][ T90] x17: 00000000d56e7cf2 x16: 000000006eaca3f4 x15: 0000000000000000 [ 163.045493][ T90] x14: 1ffff0000220cece x13: 0000000000000000 x12: ffff6000026694b2 [ 163.046244][ T90] x11: ffff700001bcb9aa x10: dfff800000000000 x9 : 0000000000000003 [ 163.046818][ T90] x8 : ffff80000de5c000 x7 : 1fffe000026481b9 x6 : 0000000000000000 [ 163.047395][ T90] x5 : ffff000013240dc8 x4 : ffff80000de5cb68 x3 : ffff800009f2c4b4 [ 163.047863][ T90] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 163.048371][ T90] Call trace: [ 163.048624][ T90] wg_packet_send_staged_packets+0xe38/0x1380 [ 163.048930][ T90] wg_packet_send_keepalive+0x40/0x2a0 [ 163.049358][ T90] wg_receive_handshake_packet+0x2c8/0x7c0 [ 163.049651][ T90] wg_packet_handshake_receive_worker+0xd8/0x2ec [ 163.049937][ T90] process_one_work+0x780/0x184c [ 163.050199][ T90] worker_thread+0x3cc/0xc40 [ 163.050451][ T90] kthread+0x23c/0x2a0 [ 163.050713][ T90] ret_from_fork+0x10/0x20 [ 163.050969][ T90] irq event stamp: 43391 [ 163.051218][ T90] hardirqs last enabled at (43389): [] seqcount_lockdep_reader_access.constprop.0+0xc4/0xe0 [ 163.051630][ T90] hardirqs last disabled at (43391): [] el1_dbg+0x24/0x80 [ 163.051961][ T90] softirqs last enabled at (43386): [] wg_packet_send_staged_packets+0x20c/0x1380 [ 163.052315][ T90] softirqs last disabled at (43390): [] wg_packet_send_staged_packets+0x460/0x1380 [ 163.052650][ T90] ---[ end trace 0000000000000000 ]--- executing program 1970/01/01 00:02:45 building call list... [ 166.693395][ T1007] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.054425][ T1007] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 167.492073][ T1007] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.871610][ T1007] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 171.828781][ T1007] device hsr_slave_0 left promiscuous mode [ 171.900114][ T1007] device hsr_slave_1 left promiscuous mode [ 172.079896][ T1007] device veth1_macvtap left promiscuous mode [ 172.083528][ T1007] device veth0_macvtap left promiscuous mode [ 172.161361][ T1007] device veth1_vlan left promiscuous mode [ 172.164271][ T1007] device veth0_vlan left promiscuous mode executing program [ 176.182420][ T1007] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface executing program [ 176.372040][ T1007] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 177.103911][ T1007] bond0 (unregistering): Released all slaves executing program executing program executing program executing program executing program VM DIAGNOSIS: 19:25:28 Registers: info registers vcpu 0 PC=ffff800009f32b84 X00=ffff000011748000 X01=0000000000000004 X02=0000000000000001 X03=ffff800009f32b90 X04=ffff6000025ab291 X05=ffff000012d59480 X06=0000000000000001 X07=00009ffffda54d70 X08=ffff000012d59483 X09=dfff800000000000 X10=ffff6000025ab290 X11=1fffe000025ab290 X12=ffff6000025ab291 X13=ffff800008019c3c X14=ffff8000087dc338 X15=ffff8000087d10b0 X16=ffff8000087d8af8 X17=ffff80000b9dc0a0 X18=ffff00006a9cbb88 X19=ffff000012d58f80 X20=ffff000012e30000 X21=dfff800000000000 X22=ffff0000149e3640 X23=ffff0000117489e8 X24=ffff80000de06c48 X25=ffff6000025ab211 X26=00000000ffffffff X27=0000000000000000 X28=ffff000011748000 X29=ffff800012b77ad0 X30=ffff8000081ef62c SP=ffff800012b77b00 PSTATE=60000005 -ZC- EL1h FPCR=00000000 FPSR=00000010 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:414fffffe0000000 Q02=a30e6f5f74749192:643fb2479793df11 Q03=0000000040000000:0000000000000000 Q04=4010040140100401:4000000000000000 Q05=4010040140100401:4010040140100401 Q06=5555400000400000:5555400000400000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000010:0000001cc95ee210 Q31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff800008292d6c X00=00000000000003c0 X01=00000000000003c0 X02=0000000000000003 X03=1fffe0000146aa39 X04=1fffe0000d53d001 X05=0000000000000000 X06=ffff80000957e2a8 X07=ffff00000a3551c0 X08=ffff80000de5cd50 X09=ffff80000de5c000 X10=00000000f3000000 X11=dfff800000000000 X12=000000000000f1f1 X13=1fffe0000146ab92 X14=1ffff00002156d30 X15=3a31327820383662 X16=3030303030303020 X17=3030303030303030 X18=ffff000012c93978 X19=0000000000000000 X20=ffff00000a355c70 X21=ffff80000e03ca80 X22=0000000000000028 X23=ffff00000a355ba8 X24=ffff80000de06c48 X25=ffff80000c991f40 X26=00000000ffffffff X27=00000000000003c0 X28=ffff00000a3551c0 X29=ffff800010ab6850 X30=ffff80000c8f1f34 SP=ffff800010ab6850 PSTATE=100003c5 ---V EL1h FPCR=00000000 FPSR=00000000 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000 Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000 Q04=0000000000000000:0000000000000000 Q05=0000000000000000:0000000000000000 Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000