syzkaller login: [ 57.882451][ T3138] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 57.889297][ T3138] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 60.599870][ T3138] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:62919' (ECDSA) to the list of known hosts. 1970/01/01 00:01:08 fuzzer started 1970/01/01 00:01:10 connecting to host at localhost:38285 1970/01/01 00:01:10 checking machine... 1970/01/01 00:01:10 checking revisions... 1970/01/01 00:01:10 testing simple program... executing program [ 74.548646][ T3300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.570742][ T3300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.703121][ T3300] device hsr_slave_0 entered promiscuous mode [ 75.747474][ T3300] device hsr_slave_1 entered promiscuous mode [ 76.736775][ T3300] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.810294][ T3300] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.879102][ T3300] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.947907][ T3300] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 78.107990][ T3300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.188818][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.199725][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.802638][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 78.808125][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.857506][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.862316][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.899164][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.940434][ T3499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 79.059608][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 79.068432][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.111531][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 79.117792][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.157484][ T3300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.301950][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.303951][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 80.549801][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 80.561577][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 81.216655][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 81.222212][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 81.243418][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 81.249832][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 81.271979][ T3300] device veth0_vlan entered promiscuous mode [ 81.351636][ T3300] device veth1_vlan entered promiscuous mode [ 81.537363][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 81.542690][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 81.555704][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 81.560722][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 81.590125][ T3300] device veth0_macvtap entered promiscuous mode [ 81.638598][ T3300] device veth1_macvtap entered promiscuous mode [ 81.770978][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 81.780705][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 81.827776][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 81.833112][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 81.867869][ T3300] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.868773][ T3300] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.869453][ T3300] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.870107][ T3300] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.422369][ T3300] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation 1970/01/01 00:01:22 building call list... [ 82.989763][ T51] ------------[ cut here ]------------ [ 82.990305][ T51] hook not found, pf 3 num 0 [ 82.990832][ T51] WARNING: CPU: 0 PID: 51 at net/netfilter/core.c:480 __nf_unregister_net_hook+0xac/0x1d0 [ 82.992899][ T51] Modules linked in: [ 82.994099][ T51] CPU: 0 PID: 51 Comm: kworker/u4:3 Not tainted 5.12.0-syzkaller-13670-g5e321ded302d #0 [ 82.995821][ T51] Hardware name: linux,dummy-virt (DT) [ 82.996840][ T51] Workqueue: netns cleanup_net [ 82.997507][ T51] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 82.998083][ T51] pc : __nf_unregister_net_hook+0xac/0x1d0 [ 82.998571][ T51] lr : __nf_unregister_net_hook+0xac/0x1d0 [ 82.999086][ T51] sp : ffff800012cfbc80 [ 82.999451][ T51] x29: ffff800012cfbc80 x28: ffff80001293c508 [ 83.000119][ T51] x27: ffff800012739810 x26: ffff8000128f3cc0 [ 83.000809][ T51] x25: ffff8000128f3e40 x24: f7ff000009c53100 [ 83.001431][ T51] x23: f2ff0000063b89f0 x22: f2ff0000063b8000 [ 83.002042][ T51] x21: ffff8000128fbe10 x20: 0000000000000003 [ 83.002678][ T51] x19: f0ff0000056bec00 x18: 00000000fffffffe [ 83.003306][ T51] x17: 0000000000000000 x16: 0000000000000000 [ 83.004122][ T51] x15: 0000000000000020 x14: ffffffffffffffff [ 83.004881][ T51] x13: 00000000000002f8 x12: ffff800012cfb950 [ 83.005527][ T51] x11: ffff8000127f0d60 x10: ffff80001274cb60 [ 83.006326][ T51] x9 : ffff8000127ec620 x8 : ffff80001273c620 [ 83.007052][ T51] x7 : ffff8000127ec620 x6 : fffffffffffcbd50 [ 83.007671][ T51] x5 : ffff00007fbb8948 x4 : 0000000000015ff5 [ 83.008286][ T51] x3 : 0000000000000001 x2 : 0000000000000000 [ 83.008897][ T51] x1 : 0000000000000000 x0 : f7ff000003301e80 [ 83.009641][ T51] Call trace: [ 83.009991][ T51] __nf_unregister_net_hook+0xac/0x1d0 [ 83.010471][ T51] nf_unregister_net_hooks+0x88/0xac [ 83.010937][ T51] arpt_unregister_table_pre_exit+0x40/0x50 [ 83.011414][ T51] arptable_filter_net_pre_exit+0x20/0x2c [ 83.011904][ T51] cleanup_net+0x200/0x410 [ 83.012307][ T51] process_one_work+0x1d8/0x364 [ 83.012745][ T51] worker_thread+0x70/0x434 [ 83.013156][ T51] kthread+0x174/0x180 [ 83.013539][ T51] ret_from_fork+0x10/0x34 [ 83.014235][ T51] ---[ end trace 064e0f6c6031f8f7 ]--- [ 83.082138][ T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 83.208181][ T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.456843][ T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.611476][ T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.914611][ T51] device hsr_slave_0 left promiscuous mode [ 85.956942][ T51] device hsr_slave_1 left promiscuous mode [ 86.067535][ T51] device veth1_macvtap left promiscuous mode [ 86.068346][ T51] device veth0_macvtap left promiscuous mode [ 86.069442][ T51] device veth1_vlan left promiscuous mode [ 86.070724][ T51] device veth0_vlan left promiscuous mode executing program [ 87.560300][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 87.637764][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 88.013098][ T51] bond0 (unregistering): Released all slaves [ 89.079880][ T51] ================================================================== [ 89.080976][ T51] BUG: KASAN: invalid-access in hooks_validate+0x38/0x7c [ 89.082098][ T51] Read at addr f3ff000009c53048 by task kworker/u4:3/51 [ 89.083344][ T51] Pointer tag: [f3], memory tag: [fe] [ 89.083947][ T51] [ 89.084585][ T51] CPU: 1 PID: 51 Comm: kworker/u4:3 Tainted: G W 5.12.0-syzkaller-13670-g5e321ded302d #0 [ 89.086534][ T51] Hardware name: linux,dummy-virt (DT) [ 89.087249][ T51] Workqueue: netns cleanup_net [ 89.088212][ T51] Call trace: [ 89.088677][ T51] dump_backtrace+0x0/0x1b0 [ 89.089286][ T51] show_stack+0x18/0x24 [ 89.089867][ T51] dump_stack+0xd0/0x12c [ 89.090523][ T51] print_address_description+0x70/0x2ac [ 89.091259][ T51] kasan_report+0x134/0x380 [ 89.091873][ T51] __do_kernel_fault+0x1a8/0x1dc [ 89.092502][ T51] do_tag_check_fault+0x74/0x90 [ 89.093136][ T51] do_mem_abort+0x44/0xbc [ 89.093764][ T51] el1_abort+0x40/0x60 [ 89.094243][ T51] el1_sync_handler+0xac/0xd0 [ 89.094880][ T51] el1_sync+0x70/0x100 [ 89.095433][ T51] hooks_validate+0x38/0x7c [ 89.096290][ T51] __nf_unregister_net_hook+0x114/0x1d0 [ 89.097038][ T51] nf_unregister_net_hook+0x64/0x74 [ 89.097694][ T51] clusterip_net_exit+0x60/0x7c [ 89.098351][ T51] ops_exit_list+0x44/0x80 [ 89.099070][ T51] cleanup_net+0x23c/0x410 [ 89.099644][ T51] process_one_work+0x1d8/0x364 [ 89.100236][ T51] worker_thread+0x70/0x434 [ 89.100898][ T51] kthread+0x174/0x180 [ 89.101584][ T51] ret_from_fork+0x10/0x34 [ 89.102320][ T51] [ 89.102857][ T51] Allocated by task 0: [ 89.103548][ T51] (stack is not available) [ 89.103989][ T51] [ 89.104316][ T51] Freed by task 51: [ 89.104872][ T51] kasan_save_stack+0x28/0x5c [ 89.105790][ T51] kasan_set_track+0x28/0x40 [ 89.106459][ T51] kasan_set_free_info+0x20/0x30 [ 89.107299][ T51] ____kasan_slab_free.constprop.0+0x1dc/0x254 [ 89.108097][ T51] __kasan_slab_free+0x10/0x1c [ 89.108700][ T51] slab_free_freelist_hook+0xc0/0x220 [ 89.109217][ T51] kfree+0x350/0x4c4 [ 89.109741][ T51] xt_unregister_table+0x8c/0xcc [ 89.110482][ T51] __arpt_unregister_table+0x2c/0xcc [ 89.111138][ T51] arpt_unregister_table+0x30/0x40 [ 89.111761][ T51] arptable_filter_net_exit+0x18/0x24 [ 89.112403][ T51] ops_exit_list+0x44/0x80 [ 89.112920][ T51] cleanup_net+0x23c/0x410 [ 89.113539][ T51] process_one_work+0x1d8/0x364 [ 89.114261][ T51] worker_thread+0x70/0x434 [ 89.114936][ T51] kthread+0x174/0x180 [ 89.115616][ T51] ret_from_fork+0x10/0x34 [ 89.116492][ T51] [ 89.116864][ T51] The buggy address belongs to the object at ffff000009c53000 [ 89.116864][ T51] which belongs to the cache kmalloc-128 of size 128 [ 89.118573][ T51] The buggy address is located 72 bytes inside of [ 89.118573][ T51] 128-byte region [ffff000009c53000, ffff000009c53080) [ 89.120014][ T51] The buggy address belongs to the page: [ 89.120912][ T51] page:000000008d71acfc refcount:1 mapcount:0 mapping:0000000000000000 index:0xf3ff000009c53000 pfn:0x49c53 [ 89.122389][ T51] flags: 0x1ffc00000000200(slab|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 89.123859][ T51] raw: 01ffc00000000200 fffffc000017db08 fffffc000026e6c8 f9ff000003001200 [ 89.124901][ T51] raw: f3ff000009c53000 000000000010000b 00000001ffffffff 0000000000000000 [ 89.125934][ T51] page dumped because: kasan: bad access detected [ 89.126865][ T51] [ 89.127333][ T51] Memory state around the buggy address: [ 89.128142][ T51] ffff000009c52e00: f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 [ 89.129119][ T51] ffff000009c52f00: f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 f1 [ 89.129902][ T51] >ffff000009c53000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 89.130881][ T51] ^ [ 89.131545][ T51] ffff000009c53100: f7 f7 f7 f7 fe fe fe fe fe fe fe fe fe fe fe fe [ 89.132408][ T51] ffff000009c53200: f4 f4 f4 f4 f4 fe fe fe fe fe fe fe fe fe fe fe [ 89.133298][ T51] ================================================================== [ 89.134505][ T51] Disabling lock debugging due to kernel taint executing program executing program executing program executing program [ 98.219163][ T3296] can: request_module (can-proto-0) failed. [ 98.318337][ T3296] can: request_module (can-proto-0) failed. [ 98.397220][ T3296] can: request_module (can-proto-0) failed. executing program executing program [ 106.979392][ T3138] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 106.983605][ T3138] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 106.988538][ T3138] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 106.992592][ T3138] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. VM DIAGNOSIS: 13:22:35 Registers: info registers vcpu 0 PC=ffff800010768bdc X00=ffff800012ac5000 X01=0000000000000002 X02=0000000000000000 X03=0000000000000018 X04=f9ff000003385880 X05=0000000000000072 X06=ffff80001293f98f X07=312d72656c6c616b X08=6535672d30373633 X09=2e35206465746e69 X10=7a79732d302e3231 X11=3a34752f72656b72 X12=617420746f4e2033 X13=43203135203a4449 X14=6f776b203a6d6d6f X15=0000000000000020 X16=0000000000000000 X17=0000000000000000 X18=00000000fffffffd X19=ffff80001293f9cd X20=ffff800010768bb4 X21=f9ff000003385880 X22=ffff80001293f9e5 X23=0000000000000f01 X24=000000000000006d X25=ffff80001270fe08 X26=ffff80001285c728 X27=ffff80001293f978 X28=ffff80001293f7d0 X29=ffff800012cfb560 X30=ffff800010768bdc SP=ffff800012cfb560 PSTATE=804003c9 N--- EL2h BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000000000000000:c1162e42fefa39ef Z02=57e6a5242e572d2a:624a2e354e890960 Z03=0000000040000000:0000000000000000 Z04=4010040140100401:4000000000000000 Z05=4010040140100401:4010040140100401 Z06=5555400000400000:5555400000400000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000010:0000000fe8a17510 Z31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff800010128480 X00=0000000000000000 X01=ffff00007fbd4d00 X02=ffff800012d83980 X03=0000000000000001 X04=0000000000000000 X05=ffff800012707000 X06=ffff00007fbd4c18 X07=ffff00007fbd4d28 X08=ffff00007fbd4e38 X09=ffff8000112d2690 X10=ffff800010a896d4 X11=ffff8000102b3b28 X12=ffff8000102b3d70 X13=ffff8000100b97e0 X14=ffff800010098e5c X15=0000b5cfd2ae5cde X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=00000000000000c0 X20=f6ff0000039d1000 X21=f0ff000006084540 X22=0000000000000040 X23=f0ff000006084500 X24=ffff80001270ff08 X25=0000000000000000 X26=0000000000000000 X27=ffff00007fbd4b40 X28=ffff800012716230 X29=ffff800012d83a70 X30=ffff8000112c87e8 SP=ffff800012d83a70 PSTATE=a04000c9 N-C- EL2h BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000008 Z01=746573656661732c:616d61792c797469 Z02=006b63616d732c6f:796f6d6f742c6469 Z03=0000040000000400:0000000000000000 Z04=0000000000100000:0000000000000000 Z05=4010040140100401:4010040140100401 Z06=0010000004040000:0010000004040000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000008:0000000027e74889 Z31=0000000000000000:0000000000000000