syzkaller login: [ 94.378179][ T2051] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 94.389904][ T2051] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 94.400531][ T2051] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:42680' (ECDSA) to the list of known hosts. 1970/01/01 00:02:00 fuzzer started 1970/01/01 00:02:05 connecting to host at localhost:35197 1970/01/01 00:02:06 checking machine... 1970/01/01 00:02:06 checking revisions... 1970/01/01 00:02:08 testing simple program... executing program [ 129.866762][ T2211] cgroup: Unknown subsys name 'net' [ 130.387988][ T2211] cgroup: Unknown subsys name 'rlimit' executing program executing program [ 136.717363][ T2214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.748351][ T2214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program [ 139.189940][ T2214] device hsr_slave_0 entered promiscuous mode [ 139.249446][ T2214] device hsr_slave_1 entered promiscuous mode [ 141.089810][ T2214] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 141.199003][ T2214] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 141.279318][ T2214] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 141.379199][ T2214] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 143.218176][ T2214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.322112][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 143.347850][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.536911][ T92] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 144.564490][ T92] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready executing program [ 144.656371][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 144.665986][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.720533][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 144.819540][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 144.986382][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 144.997759][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 145.076640][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 145.090339][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.155363][ T2214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 146.264218][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 146.265903][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 148.685332][ T92] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 148.692399][ T92] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 149.940371][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 149.949521][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 149.977911][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 149.990183][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 150.037381][ T2214] device veth0_vlan entered promiscuous mode [ 150.144200][ T2214] device veth1_vlan entered promiscuous mode [ 150.379727][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 150.397581][ T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 150.444011][ T2214] device veth0_macvtap entered promiscuous mode [ 150.520913][ T2214] device veth1_macvtap entered promiscuous mode executing program [ 150.735795][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 150.750512][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 150.760003][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 150.776004][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 150.853245][ T2553] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 150.859497][ T2553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 150.935156][ T2214] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.936513][ T2214] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.937051][ T2214] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.937589][ T2214] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.266094][ C1] ------------[ cut here ]------------ [ 151.267409][ C1] WARNING: CPU: 1 PID: 1025 at include/linux/cpumask.h:110 wg_cpumask_next_online+0x1c0/0x2c0 [ 151.270656][ C1] Modules linked in: [ 151.271201][ C1] CPU: 1 PID: 1025 Comm: kworker/u4:8 Tainted: G W 6.0.0-syzkaller-11397-gf311d498be8f #0 [ 151.273971][ C1] Hardware name: linux,dummy-virt (DT) [ 151.274661][ C1] Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker [ 151.275138][ C1] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 151.275464][ C1] pc : wg_cpumask_next_online+0x1c0/0x2c0 [ 151.275758][ C1] lr : wg_packet_receive+0x978/0x1560 [ 151.276037][ C1] sp : ffff800010ab7480 [ 151.276291][ C1] x29: ffff800010ab7480 x28: 0000000000000001 x27: 1fffe00002043219 [ 151.276764][ C1] x26: 0000000000000000 x25: ffff80000de5c000 x24: 0000000000000000 [ 151.277358][ C1] x23: 0000000000000003 x22: ffff80000de5cb68 x21: 0000000000000001 [ 151.277937][ C1] x20: ffff0000102190c8 x19: ffff80000de5cd50 x18: 000000001d960664 [ 151.278418][ C1] x17: ffff80005cbe4000 x16: ffff800010ab8000 x15: ffff000016073a28 [ 151.279014][ C1] x14: 1ffff00002156e68 x13: 0000000000000000 x12: ffff600002043291 [ 151.279519][ C1] x11: 1fffe00002043290 x10: ffff600002043290 x9 : dfff800000000000 [ 151.279980][ C1] x8 : ffff000010219483 x7 : 00009ffffdfbcd70 x6 : 0000000000000001 [ 151.280441][ C1] x5 : ffff000010219480 x4 : ffff700001bcb9aa x3 : dfff800000000000 [ 151.281092][ C1] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 151.282528][ C1] Call trace: [ 151.282967][ C1] wg_cpumask_next_online+0x1c0/0x2c0 [ 151.283317][ C1] wg_packet_receive+0x978/0x1560 [ 151.283626][ C1] wg_receive+0x58/0xb0 [ 151.283935][ C1] udpv6_queue_rcv_one_skb+0x8f4/0x17c0 [ 151.284249][ C1] udpv6_queue_rcv_skb+0x134/0x7e0 [ 151.284535][ C1] udp6_unicast_rcv_skb+0xe8/0x270 [ 151.284825][ C1] __udp6_lib_rcv+0x8a4/0x2330 [ 151.285085][ C1] udpv6_rcv+0x1c/0x2c [ 151.285340][ C1] ip6_protocol_deliver_rcu+0x154/0x14f0 [ 151.285640][ C1] ip6_input_finish+0x108/0x220 [ 151.286048][ C1] ip6_input+0xbc/0x2b0 [ 151.286313][ C1] ipv6_rcv+0x39c/0x47c [ 151.286575][ C1] __netif_receive_skb_one_core+0xf4/0x170 [ 151.286891][ C1] __netif_receive_skb+0x24/0x184 [ 151.287184][ C1] process_backlog+0x24c/0x6b0 [ 151.287510][ C1] __napi_poll+0x94/0x3a4 [ 151.287836][ C1] net_rx_action+0x78c/0xb60 [ 151.288156][ C1] _stext+0x28c/0x107c [ 151.288474][ C1] ____do_softirq+0x10/0x20 [ 151.288774][ C1] call_on_irq_stack+0x2c/0x54 [ 151.289036][ C1] do_softirq_own_stack+0x1c/0x30 [ 151.289326][ C1] do_softirq.part.0+0xd0/0xf4 [ 151.289647][ C1] __local_bh_enable_ip+0x50c/0x5d0 [ 151.290060][ C1] _raw_read_unlock_bh+0x54/0x64 [ 151.290363][ C1] wg_socket_send_skb_to_peer+0xf0/0x190 [ 151.291720][ C1] wg_socket_send_buffer_to_peer+0x110/0x160 [ 151.292045][ C1] wg_packet_send_handshake_initiation+0x1a8/0x274 [ 151.292983][ C1] wg_packet_handshake_send_worker+0x1c/0x34 [ 151.294720][ C1] process_one_work+0x780/0x184c [ 151.296013][ C1] worker_thread+0x3cc/0xc40 [ 151.297217][ C1] kthread+0x23c/0x2a0 [ 151.298424][ C1] ret_from_fork+0x10/0x20 [ 151.299774][ C1] irq event stamp: 10293 [ 151.300173][ C1] hardirqs last enabled at (10292): [] __local_bh_enable_ip+0x1e4/0x5d0 [ 151.300685][ C1] hardirqs last disabled at (10293): [] el1_dbg+0x24/0x80 [ 151.301316][ C1] softirqs last enabled at (10284): [] wg_socket_send_skb_to_peer+0xf0/0x190 [ 151.301810][ C1] softirqs last disabled at (10285): [] ____do_softirq+0x10/0x20 [ 151.302363][ C1] ---[ end trace 0000000000000000 ]--- [ 151.383337][ C1] ------------[ cut here ]------------ [ 151.384245][ C1] WARNING: CPU: 1 PID: 2553 at include/linux/cpumask.h:110 wg_packet_send_staged_packets+0xe38/0x1380 [ 151.384866][ C1] Modules linked in: [ 151.385240][ C1] CPU: 1 PID: 2553 Comm: kworker/1:3 Tainted: G W 6.0.0-syzkaller-11397-gf311d498be8f #0 [ 151.385780][ C1] Hardware name: linux,dummy-virt (DT) [ 151.386147][ C1] Workqueue: wg-crypt-wg0 wg_packet_decrypt_worker [ 151.386588][ C1] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 151.387013][ C1] pc : wg_packet_send_staged_packets+0xe38/0x1380 [ 151.387375][ C1] lr : wg_packet_send_staged_packets+0x524/0x1380 [ 151.387752][ C1] sp : ffff800010ab7960 [ 151.388038][ C1] x29: ffff800010ab7960 x28: ffff0000137a3c00 x27: 0000000000000001 [ 151.388610][ C1] x26: 0000000000000001 x25: 0000000000000002 x24: 1fffe00002585396 [ 151.389198][ C1] x23: ffff000012c29ca8 x22: ffff80000de5cd50 x21: ffff00000f940960 [ 151.389798][ C1] x20: ffff000012c29c80 x19: ffff000010218c40 x18: ffff00006a9eab88 [ 151.390358][ C1] x17: ffff80005cbe4000 x16: ffff800010ab8000 x15: 0000000000008000 [ 151.391002][ C1] x14: 1ffff00002156efa x13: 1fffe00001dff4b3 x12: ffff600001f2812e [ 151.391758][ C1] x11: ffff700001bcb9aa x10: dfff800000000000 x9 : 0000000000000003 [ 151.392364][ C1] x8 : ffff80000de5c000 x7 : 1fffe000020431b9 x6 : 0000000000000000 [ 151.393111][ C1] x5 : ffff000010218dc8 x4 : ffff80000de5cb68 x3 : ffff800009f2b1f4 [ 151.393758][ C1] x2 : 0000000000000002 x1 : 0000000000000002 x0 : 0000000000000001 [ 151.394343][ C1] Call trace: [ 151.394628][ C1] wg_packet_send_staged_packets+0xe38/0x1380 [ 151.395043][ C1] wg_packet_rx_poll+0xd94/0x1580 [ 151.395395][ C1] __napi_poll+0x94/0x3a4 [ 151.395749][ C1] net_rx_action+0x78c/0xb60 [ 151.396106][ C1] _stext+0x28c/0x107c [ 151.396446][ C1] ____do_softirq+0x10/0x20 [ 151.396789][ C1] call_on_irq_stack+0x2c/0x54 [ 151.397125][ C1] do_softirq_own_stack+0x1c/0x30 [ 151.397483][ C1] do_softirq.part.0+0xd0/0xf4 [ 151.397838][ C1] __local_bh_enable_ip+0x50c/0x5d0 [ 151.398175][ C1] _raw_spin_unlock_bh+0x54/0x64 [ 151.398519][ C1] wg_packet_decrypt_worker+0x210/0x3c0 [ 151.398890][ C1] process_one_work+0x780/0x184c [ 151.399217][ C1] worker_thread+0x3cc/0xc40 [ 151.399556][ C1] kthread+0x23c/0x2a0 [ 151.399885][ C1] ret_from_fork+0x10/0x20 [ 151.400220][ C1] irq event stamp: 2211 [ 151.400533][ C1] hardirqs last enabled at (2210): [] seqcount_lockdep_reader_access.constprop.0+0xc4/0xe0 [ 151.401253][ C1] hardirqs last disabled at (2211): [] el1_dbg+0x24/0x80 [ 151.401841][ C1] softirqs last enabled at (2188): [] wg_packet_decrypt_worker+0x210/0x3c0 [ 151.402333][ C1] softirqs last disabled at (2189): [] ____do_softirq+0x10/0x20 [ 151.402805][ C1] ---[ end trace 0000000000000000 ]--- 1970/01/01 00:02:32 building call list... [ 153.128172][ T1025] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.398864][ T1025] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.566532][ T1025] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 153.786149][ T1025] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 156.986359][ T1025] device hsr_slave_0 left promiscuous mode [ 157.054334][ T1025] device hsr_slave_1 left promiscuous mode [ 157.264210][ T1025] device veth1_macvtap left promiscuous mode [ 157.266017][ T1025] device veth0_macvtap left promiscuous mode [ 157.269504][ T1025] device veth1_vlan left promiscuous mode [ 157.279597][ T1025] device veth0_vlan left promiscuous mode executing program [ 161.344850][ T1025] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 161.603041][ T1025] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 162.243814][ T1025] bond0 (unregistering): Released all slaves executing program executing program executing program executing program executing program [ 177.127556][ T2207] can: request_module (can-proto-0) failed. [ 177.366183][ T2207] can: request_module (can-proto-0) failed. [ 177.556220][ T2207] can: request_module (can-proto-0) failed. executing program executing program VM DIAGNOSIS: 03:27:00 Registers: info registers vcpu 0 PC=ffff80000b45c258 X00=ffff80000b45c250 X01=0000000000000000 X02=ffff00000ad8dba0 X03=1ffff00001bcbf6e X04=1fffe000015b1a39 X05=ffff800008007980 X06=0000000000000001 X07=0000000000000004 X08=ffff800008007983 X09=dfff800000000000 X10=ffff700001000f30 X11=1ffff00001000f30 X12=ffff700001000f31 X13=0000000000000000 X14=1ffff00001000f06 X15=0000000000008000 X16=ffff800008008000 X17=ffff80005cbc5000 X18=0000000000000000 X19=ffff80000e071eb0 X20=0000000000000000 X21=0000000000000003 X22=0000000000000028 X23=ffff80000e071f40 X24=dfff800000000000 X25=ffff80000e071e80 X26=0000000000000004 X27=ffff80000e071eb0 X28=ffff00000ad8dc70 X29=ffff800008007900 X30=ffff800008391588 SP=ffff800008007900 PSTATE=600000c5 -ZC- EL1h FPCR=00000000 FPSR=00000010 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:414fffffe0000000 Q02=788359b1d565d05a:2f2b65dfb66fe69f Q03=0000000040000000:0000000000000000 Q04=4010040140100401:4000000000000000 Q05=4010040140100401:4010040140100401 Q06=5555400000400000:5555400000400000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000010:0000001ba536efc0 Q31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff800008292b5c X00=00000000000003c0 X01=00000000000003c0 X02=0000000000000003 X03=1fffe000025e3a39 X04=00000000f204f1f1 X05=ffff700002156d70 X06=dfff800000000000 X07=00000000f1f1f1f1 X08=ffff800010ab6bb3 X09=dfff800000000000 X10=ffff700002156d76 X11=1ffff00002156d76 X12=ffff700002156d77 X13=0000000000000000 X14=1ffff00002156d4c X15=202047203a646574 X16=2057202020202020 X17=2020202020202020 X18=000000001d960664 X19=0000000000000000 X20=ffff000012f1dc48 X21=ffff80000e03cb00 X22=0000000000000028 X23=ffff000012f1dba8 X24=ffff80000de06c48 X25=ffff80000c991f40 X26=00000000ffffffff X27=00000000000003c0 X28=ffff000012f1d1c0 X29=ffff800010ab6a90 X30=ffff80000c8ee514 SP=ffff800010ab6a90 PSTATE=100003c5 ---V EL1h FPCR=00000000 FPSR=00000010 Q00=0000000000000000:3f8423a3c6ed4c6e Q01=0000000000000000:3f847ae147ae147b Q02=0000000000000000:4197e627072df7db Q03=0000000000000000:412f1bc000000000 Q04=0000000000000000:3f844af42e1d4fa4 Q05=0000000000000000:3fd4303253012b54 Q06=0000000000000000:3fd3333333333333 Q07=0000000000000000:3ff742950a5eb92d Q08=0000000000000000:3fbda16ec65fdd88 Q09=0000000000000000:3fe18e09f568fdeb Q10=0000000000000000:3fe0000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:00000000ac792309 Q31=0000000000000000:0000000000000000