syzkaller login: [ 98.068956][ T3138] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 98.085399][ T3138] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 98.091613][ T3138] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:24283' (ECDSA) to the list of known hosts. 1970/01/01 00:01:59 fuzzer started 1970/01/01 00:02:01 connecting to host at localhost:39957 1970/01/01 00:02:02 checking machine... 1970/01/01 00:02:02 checking revisions... 1970/01/01 00:02:02 testing simple program... executing program executing program [ 129.240636][ T3300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.308368][ T3300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.360009][ T3300] device hsr_slave_0 entered promiscuous mode [ 131.430213][ T3300] device hsr_slave_1 entered promiscuous mode executing program [ 133.251512][ T3300] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 133.338283][ T3300] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 133.450394][ T3300] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 133.536695][ T3300] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 135.558720][ T3300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 135.685073][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 135.691296][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 136.793881][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 136.813460][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 136.917963][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 136.939241][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 137.010716][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 137.090350][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 137.287230][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 137.306067][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 137.398271][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 137.415528][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 137.461118][ T3300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 137.722443][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 137.727263][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 140.002566][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 140.032679][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready executing program [ 141.207595][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 141.239051][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 141.272411][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 141.281874][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 141.333791][ T3300] device veth0_vlan entered promiscuous mode [ 141.473037][ T3300] device veth1_vlan entered promiscuous mode [ 141.877522][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 141.889125][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 141.961269][ T3300] device veth0_macvtap entered promiscuous mode [ 142.039976][ T3300] device veth1_macvtap entered promiscuous mode [ 142.230860][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 142.246721][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 142.339460][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 142.350039][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 142.430391][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 142.443816][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 142.501764][ T3300] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.504747][ T3300] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.506091][ T3300] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.507303][ T3300] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.451459][ T3300] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation executing program [ 144.424847][ T119] ------------[ cut here ]------------ [ 144.426529][ T119] hook not found, pf 3 num 0 [ 144.427507][ T119] WARNING: CPU: 1 PID: 119 at net/netfilter/core.c:480 __nf_unregister_net_hook+0xac/0x1d0 [ 144.431704][ T119] Modules linked in: [ 144.432897][ T119] CPU: 1 PID: 119 Comm: kworker/u4:4 Not tainted 5.12.0-syzkaller-13621-g9b1f61d5d73d #0 [ 144.436670][ T119] Hardware name: linux,dummy-virt (DT) [ 144.439157][ T119] Workqueue: netns cleanup_net [ 144.440147][ T119] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 144.441029][ T119] pc : __nf_unregister_net_hook+0xac/0x1d0 [ 144.441738][ T119] lr : __nf_unregister_net_hook+0xac/0x1d0 [ 144.442425][ T119] sp : ffff800012d83c80 [ 144.443088][ T119] x29: ffff800012d83c80 x28: ffff80001293c508 [ 144.444543][ T119] x27: ffff800012739810 x26: ffff8000128f3cc0 [ 144.445474][ T119] x25: ffff8000128f3e40 x24: f4ff000009532000 [ 144.446530][ T119] x23: fbff0000061989f0 x22: fbff000006198000 [ 144.449223][ T119] x21: ffff8000128fbe10 x20: 0000000000000003 [ 144.450429][ T119] x19: faff0000059f2400 x18: 00000000fffffffe [ 144.451462][ T119] x17: 0000000000000000 x16: 0000000000000000 [ 144.452645][ T119] x15: 0000000000000020 x14: ffffffffffffffff [ 144.453438][ T119] x13: 00000000000002f8 x12: ffff800012d83950 [ 144.454226][ T119] x11: ffff8000127f0d60 x10: ffff80001274cb60 [ 144.455173][ T119] x9 : ffff8000127ec620 x8 : ffff80001273c620 [ 144.456379][ T119] x7 : ffff8000127ec620 x6 : fffffffffffcbd50 [ 144.457739][ T119] x5 : ffff00007fbd0948 x4 : 0000000000015ff5 [ 144.458780][ T119] x3 : 0000000000000001 x2 : 0000000000000000 [ 144.460076][ T119] x1 : 0000000000000000 x0 : fcff000003389e80 [ 144.461423][ T119] Call trace: [ 144.463205][ T119] __nf_unregister_net_hook+0xac/0x1d0 [ 144.464167][ T119] nf_unregister_net_hooks+0x88/0xac [ 144.465138][ T119] arpt_unregister_table_pre_exit+0x40/0x50 [ 144.466071][ T119] arptable_filter_net_pre_exit+0x20/0x2c [ 144.466972][ T119] cleanup_net+0x200/0x410 [ 144.468003][ T119] process_one_work+0x1d8/0x364 [ 144.468961][ T119] worker_thread+0x70/0x434 [ 144.470034][ T119] kthread+0x174/0x180 [ 144.470948][ T119] ret_from_fork+0x10/0x34 [ 144.472987][ T119] ---[ end trace dbc20d7531a1ab4e ]--- [ 144.620967][ T119] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:02:23 building call list... [ 144.819665][ T119] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.961069][ T119] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.132798][ T119] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 148.160620][ T119] device hsr_slave_0 left promiscuous mode [ 148.227514][ T119] device hsr_slave_1 left promiscuous mode [ 148.377224][ T119] device veth1_macvtap left promiscuous mode [ 148.378879][ T119] device veth0_macvtap left promiscuous mode [ 148.380669][ T119] device veth1_vlan left promiscuous mode [ 148.382152][ T119] device veth0_vlan left promiscuous mode executing program [ 151.299692][ T119] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 151.439846][ T119] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 152.088345][ T119] bond0 (unregistering): Released all slaves executing program [ 153.369717][ T119] ================================================================== [ 153.373253][ T119] BUG: KASAN: invalid-access in hooks_validate+0x38/0x7c [ 153.377056][ T119] Read at addr f5ff00000982ef48 by task kworker/u4:4/119 [ 153.378125][ T119] Pointer tag: [f5], memory tag: [fe] [ 153.378874][ T119] [ 153.379620][ T119] CPU: 1 PID: 119 Comm: kworker/u4:4 Tainted: G W 5.12.0-syzkaller-13621-g9b1f61d5d73d #0 [ 153.381042][ T119] Hardware name: linux,dummy-virt (DT) [ 153.381774][ T119] Workqueue: netns cleanup_net [ 153.382738][ T119] Call trace: [ 153.387045][ T119] dump_backtrace+0x0/0x1b0 [ 153.393032][ T119] show_stack+0x18/0x24 [ 153.393912][ T119] dump_stack+0xd0/0x12c [ 153.395391][ T119] print_address_description+0x70/0x2ac [ 153.398429][ T119] kasan_report+0x134/0x380 [ 153.400650][ T119] __do_kernel_fault+0x1a8/0x1dc [ 153.402777][ T119] do_tag_check_fault+0x74/0x90 [ 153.403747][ T119] do_mem_abort+0x44/0xbc [ 153.404542][ T119] el1_abort+0x40/0x60 [ 153.405471][ T119] el1_sync_handler+0xac/0xd0 [ 153.406328][ T119] el1_sync+0x70/0x100 [ 153.407050][ T119] hooks_validate+0x38/0x7c [ 153.407872][ T119] __nf_unregister_net_hook+0x114/0x1d0 [ 153.408706][ T119] nf_unregister_net_hook+0x64/0x74 [ 153.409474][ T119] clusterip_net_exit+0x60/0x7c [ 153.410170][ T119] ops_exit_list+0x44/0x80 [ 153.411213][ T119] cleanup_net+0x23c/0x410 [ 153.412316][ T119] process_one_work+0x1d8/0x364 [ 153.413260][ T119] worker_thread+0x70/0x434 [ 153.414871][ T119] kthread+0x174/0x180 [ 153.415607][ T119] ret_from_fork+0x10/0x34 [ 153.416397][ T119] [ 153.416987][ T119] Allocated by task 3300: [ 153.417825][ T119] kasan_save_stack+0x28/0x5c [ 153.418718][ T119] __kasan_kmalloc+0xc8/0x100 [ 153.419489][ T119] allocate_cgrp_cset_links+0x98/0x100 [ 153.420352][ T119] find_css_set+0x210/0x640 [ 153.421154][ T119] cgroup_migrate_prepare_dst+0x5c/0x234 [ 153.422231][ T119] cgroup_attach_task+0xbc/0x11c [ 153.423150][ T119] __cgroup1_procs_write.constprop.0+0x128/0x170 [ 153.424298][ T119] cgroup1_procs_write+0x14/0x20 [ 153.425168][ T119] cgroup_file_write+0x94/0x1a0 [ 153.425866][ T119] kernfs_fop_write_iter+0x128/0x1c0 [ 153.426627][ T119] new_sync_write+0xe8/0x184 [ 153.427373][ T119] vfs_write+0x244/0x2a4 [ 153.428125][ T119] ksys_write+0x68/0xf4 [ 153.428905][ T119] __arm64_sys_write+0x20/0x2c [ 153.429823][ T119] invoke_syscall+0x48/0x110 [ 153.430820][ T119] el0_svc_common.constprop.0+0x44/0xd0 [ 153.431816][ T119] do_el0_svc+0x74/0x90 [ 153.432508][ T119] el0_svc+0x2c/0x54 [ 153.433146][ T119] el0_sync_handler+0x1a4/0x1b0 [ 153.433953][ T119] el0_sync+0x1a8/0x1c0 [ 153.434838][ T119] [ 153.435451][ T119] Freed by task 119: [ 153.436045][ T119] kasan_save_stack+0x28/0x5c [ 153.437003][ T119] kasan_set_track+0x28/0x40 [ 153.439864][ T119] kasan_set_free_info+0x20/0x30 [ 153.440920][ T119] ____kasan_slab_free.constprop.0+0x1dc/0x254 [ 153.442102][ T119] __kasan_slab_free+0x10/0x1c [ 153.443203][ T119] slab_free_freelist_hook+0xc0/0x220 [ 153.444046][ T119] kfree+0x350/0x4c4 [ 153.444949][ T119] xt_unregister_table+0x8c/0xcc [ 153.445855][ T119] __arpt_unregister_table+0x2c/0xcc [ 153.446921][ T119] arpt_unregister_table+0x30/0x40 [ 153.448058][ T119] arptable_filter_net_exit+0x18/0x24 [ 153.449051][ T119] ops_exit_list+0x44/0x80 [ 153.450605][ T119] cleanup_net+0x23c/0x410 [ 153.451503][ T119] process_one_work+0x1d8/0x364 [ 153.452583][ T119] worker_thread+0x70/0x434 [ 153.453724][ T119] kthread+0x174/0x180 [ 153.454674][ T119] ret_from_fork+0x10/0x34 [ 153.455710][ T119] [ 153.456248][ T119] The buggy address belongs to the object at ffff00000982ef00 [ 153.456248][ T119] which belongs to the cache kmalloc-128 of size 128 [ 153.457954][ T119] The buggy address is located 72 bytes inside of [ 153.457954][ T119] 128-byte region [ffff00000982ef00, ffff00000982ef80) [ 153.459859][ T119] The buggy address belongs to the page: [ 153.461066][ T119] page:000000000580f6fe refcount:1 mapcount:0 mapping:0000000000000000 index:0xfaff00000982ee00 pfn:0x4982e [ 153.463498][ T119] flags: 0x1ffc00000000200(slab|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 153.466722][ T119] raw: 01ffc00000000200 fffffc000017da08 fffffc0000254a08 f8ff000003001200 [ 153.467822][ T119] raw: faff00000982ee00 000000000010000e 00000001ffffffff 0000000000000000 [ 153.468614][ T119] page dumped because: kasan: bad access detected [ 153.469394][ T119] [ 153.469845][ T119] Memory state around the buggy address: [ 153.470764][ T119] ffff00000982ed00: f7 f7 f7 f7 f7 f7 f7 f7 fe fe fe fe fe fe fe fe [ 153.471778][ T119] ffff00000982ee00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 153.472779][ T119] >ffff00000982ef00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 153.473871][ T119] ^ [ 153.474924][ T119] ffff00000982f000: fc fc fc fc fc fc fc fc fe f1 f1 f1 f1 f1 f1 f1 [ 153.476385][ T119] ffff00000982f100: f1 fe f2 f2 f2 f2 f2 f2 f2 f2 fe f6 f6 f6 f6 f6 [ 153.477882][ T119] ================================================================== [ 153.479024][ T119] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program [ 170.656109][ T3291] can: request_module (can-proto-0) failed. [ 170.807500][ T3291] can: request_module (can-proto-0) failed. [ 170.955298][ T3291] can: request_module (can-proto-0) failed. executing program executing program VM DIAGNOSIS: 19:28:15 Registers: info registers vcpu 0 PC=ffff8000110d0b48 X00=ffff8000110d0b40 X01=0000000000000000 X02=0000000000000004 X03=000000000000000e X04=0000000000000000 X05=0000000000000004 X06=0000000000000000 X07=000000000000b898 X08=0000000000000001 X09=00000000000023ba X10=000000000000b67e X11=000000000000b67e X12=008f23c80c620c52 X13=000023bab68b2d8e X14=0000000000000000 X15=000049d062b246a4 X16=00000000df30d4d8 X17=00000000b46b1406 X18=0000000000000014 X19=ffff80001281e5c8 X20=ffff80001281e5c0 X21=0000000000000000 X22=0000000000000004 X23=ffff80001281e5c8 X24=0000000000000028 X25=0000000000000000 X26=0000000000000001 X27=ffff800010128840 X28=0000000000000005 X29=ffff800010003c60 X30=ffc280001013b2d0 SP=ffff800010003c60 PSTATE=404000c9 -Z-- EL2h BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000004 Z01=0000000000000000:c1162e42fefa39ef Z02=3c36a7bea0b02901:85ac5a94183fbb4f Z03=0000000040000000:0000000000000000 Z04=4010040140100401:4000000000000000 Z05=4010040140100401:4010040140100401 Z06=5555400000400000:5555400000400000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000010:0000001b85ddddf0 Z31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff8000101015b4 X00=0000000100000002 X01=fcff000003389e80 X02=ffff80006d4eb000 X03=00000000ffffffff X04=0000000000000000 X05=ffff800012d836a0 X06=00000000ffffe2fc X07=0000000000000015 X08=00000000ffffffff X09=ffff800012d838c0 X10=fffffffffffc0000 X11=ffff80001273c610 X12=fffffffffff8be8f X13=00000000000002fc X14=776b203a6d6d6f43 X15=0000000000000030 X16=0000000000000000 X17=0000000000000000 X18=fffffffffffcbe90 X19=0000000000000000 X20=ffff80001273c518 X21=00000000000003c0 X22=00000000000003c0 X23=0000000000000000 X24=0000000000000000 X25=ffff800011d8d680 X26=0000000000000000 X27=ffff800012739810 X28=fcff000003389e80 X29=ffff800012d836c0 X30=ffff8000101015b0 SP=ffff800012d836c0 PSTATE=604003c9 -ZC- EL2h BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=6b7a79732f323636:3636393837337269 Z02=0000302f466c6959:41512e72656c6c61 Z03=0000000000000000:0000000000000000 Z04=4010000000000000:0000000000000000 Z05=4010040140100401:4010040140100401 Z06=5000000000000000:5000000000000000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:000000005acb8ded Z31=0000000000000000:0000000000000000