syzkaller login: [ 94.845359][ T2049] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 94.856385][ T2049] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 94.866552][ T2049] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:26414' (ECDSA) to the list of known hosts. 1970/01/01 00:02:11 fuzzer started 1970/01/01 00:02:16 connecting to host at localhost:41317 1970/01/01 00:02:16 checking machine... 1970/01/01 00:02:16 checking revisions... 1970/01/01 00:02:19 testing simple program... [ 140.092434][ T2209] cgroup: Unknown subsys name 'net' executing program [ 140.612901][ T2209] cgroup: Unknown subsys name 'rlimit' executing program executing program [ 147.154091][ T2212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.184738][ T2212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program [ 149.892720][ T2212] device hsr_slave_0 entered promiscuous mode [ 149.947153][ T2212] device hsr_slave_1 entered promiscuous mode [ 151.423475][ T2212] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 151.541583][ T2212] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 151.629911][ T2212] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 151.705586][ T2212] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 153.591073][ T2212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.705256][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 153.760598][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.020876][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 155.027185][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.107972][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 155.116909][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.185153][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 155.261933][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready executing program [ 155.417235][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 155.426611][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.481292][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 155.497838][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 155.544290][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.581343][ T2529] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 156.584191][ T2529] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 159.555385][ T2529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 159.596222][ T2529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 160.829817][ T2529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 160.853928][ T2529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 160.886847][ T2529] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 160.901080][ T2529] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 160.949150][ T2212] device veth0_vlan entered promiscuous mode [ 161.103536][ T2212] device veth1_vlan entered promiscuous mode executing program [ 161.416208][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 161.427874][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.504966][ T2212] device veth0_macvtap entered promiscuous mode [ 161.567786][ T2212] device veth1_macvtap entered promiscuous mode [ 161.732130][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 161.745277][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 161.764366][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 161.774336][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 161.870149][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 161.877316][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 161.936484][ T2212] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.944616][ T2212] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.945486][ T2212] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.946146][ T2212] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.305457][ C1] ------------[ cut here ]------------ [ 162.306437][ C1] WARNING: CPU: 1 PID: 44 at include/linux/cpumask.h:110 wg_cpumask_next_online+0x1c0/0x2c0 [ 162.307070][ C1] Modules linked in: [ 162.307438][ C1] CPU: 1 PID: 44 Comm: kworker/u4:2 Tainted: G W 6.0.0-syzkaller-11161-g041bc24d867a #0 [ 162.308065][ C1] Hardware name: linux,dummy-virt (DT) [ 162.308660][ C1] Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker [ 162.309630][ C1] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 162.310849][ C1] pc : wg_cpumask_next_online+0x1c0/0x2c0 [ 162.311527][ C1] lr : wg_packet_receive+0x978/0x1560 [ 162.311879][ C1] sp : ffff800010ab7480 [ 162.312189][ C1] x29: ffff800010ab7480 x28: 0000000000000001 x27: 1fffe00001d31219 [ 162.312858][ C1] x26: 0000000000000000 x25: ffff80000de5c000 x24: 0000000000000000 [ 162.313594][ C1] x23: 0000000000000003 x22: ffff80000de5cb68 x21: 0000000000000001 [ 162.314220][ C1] x20: ffff00000e9890c8 x19: ffff80000de5cd50 x18: 000000004da37d01 [ 162.314905][ C1] x17: ffff80005cbe4000 x16: ffff800010ab8000 x15: ffff000013ed4a28 [ 162.315551][ C1] x14: 1ffff00002156e68 x13: 0000000000000000 x12: ffff600001d31291 [ 162.316112][ C1] x11: 1fffe00001d31290 x10: ffff600001d31290 x9 : dfff800000000000 [ 162.316691][ C1] x8 : ffff00000e989483 x7 : 00009ffffe2ced70 x6 : 0000000000000001 [ 162.317256][ C1] x5 : ffff00000e989480 x4 : ffff700001bcb9aa x3 : dfff800000000000 [ 162.317827][ C1] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 162.319343][ C1] Call trace: [ 162.319824][ C1] wg_cpumask_next_online+0x1c0/0x2c0 [ 162.320194][ C1] wg_packet_receive+0x978/0x1560 [ 162.320540][ C1] wg_receive+0x58/0xb0 [ 162.320980][ C1] udpv6_queue_rcv_one_skb+0x8f4/0x17c0 [ 162.321347][ C1] udpv6_queue_rcv_skb+0x134/0x7e0 [ 162.321693][ C1] udp6_unicast_rcv_skb+0xe8/0x270 [ 162.322043][ C1] __udp6_lib_rcv+0x8a4/0x2330 [ 162.322429][ C1] udpv6_rcv+0x1c/0x2c [ 162.322756][ C1] ip6_protocol_deliver_rcu+0x154/0x14f0 [ 162.323114][ C1] ip6_input_finish+0x108/0x220 [ 162.323473][ C1] ip6_input+0xbc/0x2b0 [ 162.323825][ C1] ipv6_rcv+0x39c/0x47c [ 162.324154][ C1] __netif_receive_skb_one_core+0xf4/0x170 [ 162.324519][ C1] __netif_receive_skb+0x24/0x184 [ 162.324855][ C1] process_backlog+0x24c/0x6b0 [ 162.325184][ C1] __napi_poll+0x94/0x3a4 [ 162.325524][ C1] net_rx_action+0x78c/0xb60 [ 162.325858][ C1] _stext+0x28c/0x107c [ 162.326227][ C1] ____do_softirq+0x10/0x20 [ 162.326573][ C1] call_on_irq_stack+0x2c/0x54 [ 162.326907][ C1] do_softirq_own_stack+0x1c/0x30 [ 162.327254][ C1] do_softirq.part.0+0xd0/0xf4 [ 162.327601][ C1] __local_bh_enable_ip+0x50c/0x5d0 [ 162.328016][ C1] _raw_read_unlock_bh+0x54/0x64 [ 162.328655][ C1] wg_socket_send_skb_to_peer+0xf0/0x190 [ 162.329045][ C1] wg_socket_send_buffer_to_peer+0x110/0x160 [ 162.329406][ C1] wg_packet_send_handshake_initiation+0x1a8/0x274 [ 162.329845][ C1] wg_packet_handshake_send_worker+0x1c/0x34 [ 162.330379][ C1] process_one_work+0x780/0x184c [ 162.330772][ C1] worker_thread+0x3cc/0xc40 [ 162.331102][ C1] kthread+0x23c/0x2a0 [ 162.331427][ C1] ret_from_fork+0x10/0x20 [ 162.331756][ C1] irq event stamp: 329193 [ 162.332021][ C1] hardirqs last enabled at (329192): [] __local_bh_enable_ip+0x1e4/0x5d0 [ 162.332482][ C1] hardirqs last disabled at (329193): [] el1_dbg+0x24/0x80 [ 162.332893][ C1] softirqs last enabled at (329184): [] wg_socket_send_skb_to_peer+0xf0/0x190 [ 162.333275][ C1] softirqs last disabled at (329185): [] ____do_softirq+0x10/0x20 [ 162.333646][ C1] ---[ end trace 0000000000000000 ]--- [ 162.411709][ C1] ------------[ cut here ]------------ [ 162.412565][ C1] WARNING: CPU: 1 PID: 889 at include/linux/cpumask.h:110 wg_packet_send_staged_packets+0xe38/0x1380 [ 162.413099][ C1] Modules linked in: [ 162.413549][ C1] CPU: 1 PID: 889 Comm: kworker/1:2 Tainted: G W 6.0.0-syzkaller-11161-g041bc24d867a #0 [ 162.414124][ C1] Hardware name: linux,dummy-virt (DT) [ 162.414488][ C1] Workqueue: wg-crypt-wg0 wg_packet_decrypt_worker [ 162.414987][ C1] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 162.415382][ C1] pc : wg_packet_send_staged_packets+0xe38/0x1380 [ 162.415741][ C1] lr : wg_packet_send_staged_packets+0x524/0x1380 [ 162.416128][ C1] sp : ffff800010ab7960 [ 162.416492][ C1] x29: ffff800010ab7960 x28: ffff00000fce6800 x27: 0000000000000001 [ 162.417145][ C1] x26: 0000000000000001 x25: 0000000000000002 x24: 1fffe00002a884ce [ 162.417823][ C1] x23: ffff000015442668 x22: ffff80000de5cd50 x21: ffff000014e68960 [ 162.419139][ C1] x20: ffff000015442640 x19: ffff00000e988c40 x18: ffff00006a9eab88 [ 162.419970][ C1] x17: ffff80005cbe4000 x16: ffff800010ab8000 x15: 0000000000008000 [ 162.420575][ C1] x14: 1ffff00002156efa x13: 1fffe0000229bb83 x12: ffff6000029cd12e [ 162.421133][ C1] x11: ffff700001bcb9aa x10: dfff800000000000 x9 : 0000000000000003 [ 162.421696][ C1] x8 : ffff80000de5c000 x7 : 1fffe00001d311b9 x6 : 0000000000000000 [ 162.422328][ C1] x5 : ffff00000e988dc8 x4 : ffff80000de5cb68 x3 : ffff800009f2d9f4 [ 162.422883][ C1] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 162.423436][ C1] Call trace: [ 162.423750][ C1] wg_packet_send_staged_packets+0xe38/0x1380 [ 162.424126][ C1] wg_packet_rx_poll+0xd94/0x1580 [ 162.424453][ C1] __napi_poll+0x94/0x3a4 [ 162.424786][ C1] net_rx_action+0x78c/0xb60 [ 162.425101][ C1] _stext+0x28c/0x107c [ 162.425419][ C1] ____do_softirq+0x10/0x20 [ 162.425754][ C1] call_on_irq_stack+0x2c/0x54 [ 162.426088][ C1] do_softirq_own_stack+0x1c/0x30 [ 162.426454][ C1] do_softirq.part.0+0xd0/0xf4 [ 162.426800][ C1] __local_bh_enable_ip+0x50c/0x5d0 [ 162.427133][ C1] _raw_spin_unlock_bh+0x54/0x64 [ 162.427471][ C1] wg_packet_decrypt_worker+0x210/0x3c0 [ 162.427811][ C1] process_one_work+0x780/0x184c [ 162.428225][ C1] worker_thread+0x3cc/0xc40 [ 162.428633][ C1] kthread+0x23c/0x2a0 [ 162.429023][ C1] ret_from_fork+0x10/0x20 [ 162.429433][ C1] irq event stamp: 19613 [ 162.429760][ C1] hardirqs last enabled at (19612): [] seqcount_lockdep_reader_access.constprop.0+0xc4/0xe0 [ 162.430260][ C1] hardirqs last disabled at (19613): [] el1_dbg+0x24/0x80 [ 162.430666][ C1] softirqs last enabled at (19590): [] wg_packet_decrypt_worker+0x210/0x3c0 [ 162.431100][ C1] softirqs last disabled at (19591): [] ____do_softirq+0x10/0x20 [ 162.431526][ C1] ---[ end trace 0000000000000000 ]--- [ 163.944849][ T44] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:02:43 building call list... [ 164.245584][ T44] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 164.515504][ T44] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.826032][ T44] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 167.901882][ T44] device hsr_slave_0 left promiscuous mode [ 167.992046][ T44] device hsr_slave_1 left promiscuous mode [ 168.201374][ T44] device veth1_macvtap left promiscuous mode [ 168.203744][ T44] device veth0_macvtap left promiscuous mode [ 168.211727][ T44] device veth1_vlan left promiscuous mode [ 168.214080][ T44] device veth0_vlan left promiscuous mode executing program [ 171.635867][ T44] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 171.772449][ T44] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.554537][ T44] bond0 (unregistering): Released all slaves executing program executing program executing program executing program executing program [ 187.914402][ T2200] can: request_module (can-proto-0) failed. [ 188.213889][ T2200] can: request_module (can-proto-0) failed. executing program [ 188.473532][ T2200] can: request_module (can-proto-0) failed. executing program VM DIAGNOSIS: 18:33:25 Registers: info registers vcpu 0 PC=ffff80000c9102d0 X00=0000000000000000 X01=ffff00006a9dce58 X02=ffff000009234060 X03=1ffff00001bcbf6e X04=1fffe000012466d1 X05=ffff800010be79c0 X06=0000000000000001 X07=0000000000000004 X08=ffff800010be79c3 X09=dfff800000000000 X10=ffff70000217cf38 X11=1ffff0000217cf38 X12=ffff70000217cf39 X13=1fffe00001246811 X14=1ffff0000217cf0e X15=ffff00006a9cbbc4 X16=ffff800008008000 X17=ffff80005cbc5000 X18=ffff00006a9cbb88 X19=ffff80000e071e30 X20=0000000000000000 X21=0000000000000003 X22=0000000000000028 X23=ffff80000e071ec0 X24=dfff800000000000 X25=ffff80000e071e00 X26=0000000000000004 X27=ffff80000e071e30 X28=ffff000009234068 X29=ffff800010be7940 X30=ffff800008392d88 SP=ffff800010be7940 PSTATE=800000c5 N--- EL1h FPCR=00000000 FPSR=00000000 Q00=0000000000000000:0000000000000000 Q01=30253a3a30386566:000a2e6574656c70 Q02=388e9c6c4fa85ca0:0000000000007832 Q03=0000000000000000:ff00000000000000 Q04=0000000000000000:ffffffffffff0000 Q05=0010000000000000:4000000000000000 Q06=0000000000000000:4010040140100000 Q07=4010040140100401:4010040140100401 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000555010004000:0000555010004000 Q17=000000ff00ff00ff:000000ff00ff00ff Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff8000082a35f8 X00=0000000000000080 X01=00000000000003c0 X02=0000000000000000 X03=1fffe0000d53d589 X04=00000000f204f1f1 X05=ffff700002156d56 X06=dfff800000000000 X07=00000000f1f1f1f1 X08=ffff800010ab6af3 X09=dfff800000000000 X10=ffff700002156d5e X11=1ffff00002156d5e X12=ffff700002156d5f X13=0000000000000000 X14=1ffff00002156d34 X15=0000000000000000 X16=0000000000000000 X17=0000000000000000 X18=000000004da37d01 X19=ffff80000de06c48 X20=1ffff00002156d56 X21=ffff80000c991e40 X22=ffff80000de06c48 X23=ffff80005cbe4000 X24=00000000000003c0 X25=0000000000000007 X26=ffff00000a9189e0 X27=ffff00000a918000 X28=1fffe0000152313c X29=ffff800010ab6a40 X30=ffff8000082a35a8 SP=ffff800010ab6a40 PSTATE=100003c5 ---V EL1h FPCR=00000000 FPSR=00000010 Q00=0000000000000000:3f83f9cc9ba8668a Q01=0000000000000000:3f847ae147ae147b Q02=0000000000000000:419b0919caedfa87 Q03=0000000000000000:4131bd5000000000 Q04=0000000000000000:3f83f7ba7041d364 Q05=0000000000000000:3fd3333333333333 Q06=0000000000000000:3fd3333333333333 Q07=0000000000000000:3ff310a4dbf85d5a Q08=0000000000000000:3fb99906c0580ed8 Q09=0000000000000000:3fe29c8a8dd97b4e Q10=0000000000000000:3fe0000000000000 Q11=0000000000000000:0d6e43ed9a7e4ce5 Q12=0000000000000000:31bbb07694c1acf7 Q13=0000000000000000:841a97c2ef1fd390 Q14=0000000000000000:4706cf740b0c7324 Q15=0000000000000000:ab2f00486f688aeb Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:00000000aecc00ea Q31=0000000000000000:0000000000000000