syzkaller login: [ 104.234781][ T2049] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 104.272927][ T2049] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 104.300964][ T2049] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:15143' (ECDSA) to the list of known hosts. 1970/01/01 00:02:02 fuzzer started 1970/01/01 00:02:07 connecting to host at localhost:36695 1970/01/01 00:02:08 checking machine... 1970/01/01 00:02:08 checking revisions... executing program 1970/01/01 00:02:11 testing simple program... [ 132.305152][ T2208] cgroup: Unknown subsys name 'net' [ 132.819775][ T2208] cgroup: Unknown subsys name 'rlimit' executing program executing program [ 139.870270][ T2212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.902000][ T2212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program [ 143.266060][ T2212] device hsr_slave_0 entered promiscuous mode [ 143.333502][ T2212] device hsr_slave_1 entered promiscuous mode executing program [ 145.514213][ T2212] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 145.625556][ T2212] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 145.700003][ T2212] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 145.772380][ T2212] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 147.979687][ T2212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.101333][ T2523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 148.121592][ T2523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 149.468316][ T2523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.499527][ T2523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.592629][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.603815][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.665859][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 149.734745][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready executing program [ 149.893209][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 149.911518][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 150.008483][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 150.014712][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 150.106128][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 151.275059][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 151.285020][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 154.093287][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 154.114194][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 155.524964][ T2523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 155.548412][ T2523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 155.567694][ T2523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 155.575974][ T2523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 155.673860][ T2212] device veth0_vlan entered promiscuous mode [ 155.785385][ T2212] device veth1_vlan entered promiscuous mode executing program [ 156.151507][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 156.166301][ T90] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 156.222785][ T2212] device veth0_macvtap entered promiscuous mode [ 156.292207][ T2212] device veth1_macvtap entered promiscuous mode [ 156.479998][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 156.510683][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 156.525353][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 156.545399][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 156.663236][ T887] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 156.684041][ T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 156.772471][ T2212] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.774611][ T2212] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.775411][ T2212] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.775903][ T2212] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.296662][ C1] ------------[ cut here ]------------ [ 157.299182][ C1] WARNING: CPU: 1 PID: 9 at include/linux/cpumask.h:110 wg_cpumask_next_online+0x1c0/0x2c0 [ 157.299844][ C1] Modules linked in: [ 157.300271][ C1] CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G W 6.0.0-syzkaller-11546-g1440f5760228 #0 [ 157.300712][ C1] Hardware name: linux,dummy-virt (DT) [ 157.301344][ C1] Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker [ 157.301925][ C1] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 157.302885][ C1] pc : wg_cpumask_next_online+0x1c0/0x2c0 [ 157.304843][ C1] lr : wg_packet_receive+0x978/0x1560 [ 157.305379][ C1] sp : ffff800010ab7440 [ 157.305741][ C1] x29: ffff800010ab7440 x28: 0000000000000001 x27: 1fffe000020a3a19 [ 157.306499][ C1] x26: 0000000000000000 x25: ffff80000de5c000 x24: 0000000000000000 [ 157.307248][ C1] x23: 0000000000000003 x22: ffff80000de5cb68 x21: 0000000000000001 [ 157.308003][ C1] x20: ffff00001051d0c8 x19: ffff80000de5cd50 x18: ffff00001583c1f8 [ 157.308617][ C1] x17: 1fffe000013c680c x16: 1fffe00002b0782f x15: ffff00001583c180 [ 157.309369][ C1] x14: 1ffff00002156e60 x13: 0000000000000000 x12: ffff6000020a3a91 [ 157.310014][ C1] x11: 1fffe000020a3a90 x10: ffff6000020a3a90 x9 : dfff800000000000 [ 157.310637][ C1] x8 : ffff00001051d483 x7 : 00009ffffdf5c570 x6 : 0000000000000001 [ 157.311250][ C1] x5 : ffff00001051d480 x4 : ffff700001bcb9aa x3 : dfff800000000000 [ 157.311968][ C1] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 157.312611][ C1] Call trace: [ 157.312939][ C1] wg_cpumask_next_online+0x1c0/0x2c0 [ 157.313361][ C1] wg_packet_receive+0x978/0x1560 [ 157.313737][ C1] wg_receive+0x58/0xb0 [ 157.314107][ C1] udp_queue_rcv_one_skb+0x820/0x1a8c [ 157.314514][ C1] udp_queue_rcv_skb+0x134/0x7e0 [ 157.314868][ C1] udp_unicast_rcv_skb+0xe8/0x2e0 [ 157.315251][ C1] __udp4_lib_rcv+0xcf0/0x31b0 [ 157.315629][ C1] udp_rcv+0x20/0x30 [ 157.315953][ C1] ip_protocol_deliver_rcu+0xbc/0x634 [ 157.316338][ C1] ip_local_deliver_finish+0x248/0x3ac [ 157.317033][ C1] ip_local_deliver+0x16c/0x384 [ 157.318267][ C1] ip_rcv_finish+0x144/0x224 [ 157.318856][ C1] ip_rcv+0xc0/0x2b0 [ 157.319216][ C1] __netif_receive_skb_one_core+0xf4/0x170 [ 157.319693][ C1] __netif_receive_skb+0x24/0x184 [ 157.320056][ C1] process_backlog+0x24c/0x6b0 [ 157.320423][ C1] __napi_poll+0x94/0x3a4 [ 157.320790][ C1] net_rx_action+0x78c/0xb60 [ 157.321137][ C1] _stext+0x28c/0x107c [ 157.321482][ C1] ____do_softirq+0x10/0x20 [ 157.321850][ C1] call_on_irq_stack+0x2c/0x54 [ 157.322239][ C1] do_softirq_own_stack+0x1c/0x30 [ 157.322593][ C1] do_softirq.part.0+0xd0/0xf4 [ 157.322988][ C1] __local_bh_enable_ip+0x50c/0x5d0 [ 157.323404][ C1] _raw_read_unlock_bh+0x54/0x64 [ 157.323844][ C1] wg_socket_send_skb_to_peer+0xf0/0x190 [ 157.324217][ C1] wg_socket_send_buffer_to_peer+0x110/0x160 [ 157.324615][ C1] wg_packet_send_handshake_initiation+0x1a8/0x274 [ 157.325032][ C1] wg_packet_handshake_send_worker+0x1c/0x34 [ 157.325422][ C1] process_one_work+0x780/0x184c [ 157.325803][ C1] worker_thread+0x3cc/0xc40 [ 157.326161][ C1] kthread+0x23c/0x2a0 [ 157.326592][ C1] ret_from_fork+0x10/0x20 [ 157.327043][ C1] irq event stamp: 442343 [ 157.327454][ C1] hardirqs last enabled at (442342): [] __local_bh_enable_ip+0x1e4/0x5d0 [ 157.328008][ C1] hardirqs last disabled at (442343): [] el1_dbg+0x24/0x80 [ 157.328413][ C1] softirqs last enabled at (442334): [] wg_socket_send_skb_to_peer+0xf0/0x190 [ 157.328930][ C1] softirqs last disabled at (442335): [] ____do_softirq+0x10/0x20 [ 157.329416][ C1] ---[ end trace 0000000000000000 ]--- [ 157.421216][ T887] ------------[ cut here ]------------ [ 157.423157][ T887] WARNING: CPU: 1 PID: 887 at include/linux/cpumask.h:110 wg_packet_send_staged_packets+0xe38/0x1380 [ 157.427393][ T887] Modules linked in: [ 157.428555][ T887] CPU: 1 PID: 887 Comm: kworker/1:2 Tainted: G W 6.0.0-syzkaller-11546-g1440f5760228 #0 [ 157.429269][ T887] Hardware name: linux,dummy-virt (DT) [ 157.429736][ T887] Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker [ 157.430301][ T887] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 157.430820][ T887] pc : wg_packet_send_staged_packets+0xe38/0x1380 [ 157.431314][ T887] lr : wg_packet_send_staged_packets+0x524/0x1380 [ 157.432028][ T887] sp : ffff800012c17800 [ 157.432353][ T887] x29: ffff800012c17800 x28: ffff00001416d800 x27: 0000000000000001 [ 157.433135][ T887] x26: 0000000000000001 x25: 0000000000000002 x24: 1fffe00002b03ace [ 157.433949][ T887] x23: ffff00001581d668 x22: ffff80000de5cd50 x21: ffff000014d3aee0 [ 157.434812][ T887] x20: ffff00001581d640 x19: ffff000015478c40 x18: 000000003742fc8d [ 157.435506][ T887] x17: 00000000423cd9c7 x16: 00000000f613cd13 x15: 0000000000000000 [ 157.436165][ T887] x14: 1ffff00002582ece x13: 0000000000000000 x12: ffff6000029a75de [ 157.437223][ T887] x11: ffff700001bcb9aa x10: dfff800000000000 x9 : 0000000000000003 [ 157.438056][ T887] x8 : ffff80000de5c000 x7 : 1fffe00002a8f1b9 x6 : 0000000000000000 [ 157.438786][ T887] x5 : ffff000015478dc8 x4 : ffff80000de5cb68 x3 : ffff800009f2c124 [ 157.439460][ T887] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 157.440140][ T887] Call trace: [ 157.440460][ T887] wg_packet_send_staged_packets+0xe38/0x1380 [ 157.440903][ T887] wg_packet_send_keepalive+0x40/0x2a0 [ 157.441291][ T887] wg_receive_handshake_packet+0x2c8/0x7c0 [ 157.441706][ T887] wg_packet_handshake_receive_worker+0xd8/0x2ec [ 157.442113][ T887] process_one_work+0x780/0x184c [ 157.442502][ T887] worker_thread+0x3cc/0xc40 [ 157.442873][ T887] kthread+0x23c/0x2a0 [ 157.443220][ T887] ret_from_fork+0x10/0x20 [ 157.443612][ T887] irq event stamp: 28099 [ 157.443949][ T887] hardirqs last enabled at (28097): [] seqcount_lockdep_reader_access.constprop.0+0xc4/0xe0 [ 157.444517][ T887] hardirqs last disabled at (28099): [] el1_dbg+0x24/0x80 [ 157.444989][ T887] softirqs last enabled at (28094): [] wg_packet_send_staged_packets+0x20c/0x1380 [ 157.445524][ T887] softirqs last disabled at (28098): [] wg_packet_send_staged_packets+0x460/0x1380 [ 157.446244][ T887] ---[ end trace 0000000000000000 ]--- executing program 1970/01/01 00:02:38 building call list... [ 159.275499][ T27] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.542558][ T27] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.761596][ T27] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.011515][ T27] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 163.866317][ T27] device hsr_slave_0 left promiscuous mode [ 164.020779][ T27] device hsr_slave_1 left promiscuous mode [ 164.295301][ T27] device veth1_macvtap left promiscuous mode [ 164.320268][ T27] device veth0_macvtap left promiscuous mode [ 164.324285][ T27] device veth1_vlan left promiscuous mode [ 164.326405][ T27] device veth0_vlan left promiscuous mode executing program executing program [ 169.471277][ T27] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 169.665034][ T27] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 170.423088][ T27] bond0 (unregistering): Released all slaves executing program executing program executing program executing program executing program executing program VM DIAGNOSIS: 19:46:17 Registers: info registers vcpu 0 PC=ffff80000b45d5e8 X00=ffff80000b45d5e0 X01=ffff00000911d800 X02=0000000000000003 X03=0000000000000001 X04=0000000000001220 X05=0000000000000000 X06=dfff800000000000 X07=00000000f1f1f1f1 X08=0000000000000000 X09=0000000000000000 X10=ffff00000e67db8c X11=0000000000000007 X12=1fffe00001ccfb71 X13=1fffe00001ccfb79 X14=1ffff00002216e5c X15=0000000000000000 X16=ffff800008008000 X17=ffff80005cbc5000 X18=ffff00006a9cbb88 X19=ffff000009162600 X20=ffff00006a9e4f10 X21=0000000000000000 X22=00000000ffffffff X23=ffff8000110b7530 X24=ffff80000e184180 X25=0000000000000cc0 X26=0000000000000000 X27=ffff00000e67d1c0 X28=0000000000000000 X29=ffff8000110b7490 X30=ffff8000087d6804 SP=ffff8000110b7490 PSTATE=60000005 -ZC- EL1h FPCR=00000000 FPSR=00000000 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000 Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000 Q04=0000000000000000:0000000000000000 Q05=0000000000000000:0000000000000000 Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff800008292d6c X00=00000000000003c0 X01=00000000000003c0 X02=0000000000000003 X03=1fffe00001245001 X04=00000000f204f1f1 X05=ffff700002156d4e X06=dfff800000000000 X07=00000000f1f1f1f1 X08=ffff800010ab6ab3 X09=dfff800000000000 X10=ffff700002156d56 X11=1ffff00002156d56 X12=ffff700002156d57 X13=0000000000000000 X14=1ffff00002156d2c X15=0000000000000000 X16=0000000000000000 X17=0000000000000000 X18=ffff00001583c1f8 X19=0000000000000000 X20=ffff000009228ab0 X21=ffff80000e03ca80 X22=0000000000000028 X23=ffff0000092289e8 X24=ffff80000de06c48 X25=ffff80000c991f40 X26=00000000ffffffff X27=00000000000003c0 X28=ffff000009228000 X29=ffff800010ab6980 X30=ffff80000c8ef884 SP=ffff800010ab6980 PSTATE=100003c5 ---V EL1h FPCR=00000000 FPSR=00000010 Q00=0000000000000000:3f8408bc1a3dc2c2 Q01=0000000000000000:3f847ae147ae147b Q02=0000000000000000:41ba3bb8682c7962 Q03=0000000000000000:415129b800000000 Q04=0000000000000000:3f83e91c2b06fe86 Q05=4010040140100401:4010040140100401 Q06=0000004000000000:0000004000000000 Q07=0000000000000000:3febf7ad6f2ad635 Q08=0000000000000000:3fa15786bb7e19d0 Q09=0000000000000000:3fe3ce7fe10eb75b Q10=0000000000000000:3fe0000000000000 Q11=0000000000000000:57e98167c892cd7e Q12=0000000000000000:69c6d3c58fb7f1e6 Q13=0000000000000000:5bd5ac11aa2328cb Q14=0000000000000000:0c367d6f23cef21d Q15=0000000000000000:ede572fd07d79803 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=000000000000000c:000000001fecd622 Q31=0000000000000000:0000000000000000