syzkaller login: [ 57.506654][ T3141] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 57.542476][ T3141] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 59.439920][ T3141] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:45243' (ECDSA) to the list of known hosts. 1970/01/01 00:01:05 fuzzer started 1970/01/01 00:01:06 connecting to host at localhost:45573 1970/01/01 00:01:07 checking machine... 1970/01/01 00:01:07 checking revisions... 1970/01/01 00:01:07 testing simple program... executing program [ 70.671713][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.694926][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.825989][ T3304] device hsr_slave_0 entered promiscuous mode [ 71.881990][ T3304] device hsr_slave_1 entered promiscuous mode [ 72.826044][ T3304] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.894661][ T3304] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.964234][ T3304] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.022976][ T3304] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 74.120806][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.193698][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.202390][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.762940][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.767855][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.810817][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.816023][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.852922][ T2915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.893959][ T2915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.012653][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.017594][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.061561][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.066722][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.104725][ T3304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.261822][ T3443] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.263284][ T3443] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 76.472033][ T2915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.477176][ T2915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.106990][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.113158][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.126189][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.134359][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.154903][ T3304] device veth0_vlan entered promiscuous mode [ 77.232557][ T3304] device veth1_vlan entered promiscuous mode [ 77.401694][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.406724][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.413058][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.418337][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.447905][ T3304] device veth0_macvtap entered promiscuous mode [ 77.479903][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.488709][ T3304] device veth1_macvtap entered promiscuous mode [ 77.616679][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.622618][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.658007][ T3443] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.663927][ T3443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.700118][ T3304] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.701093][ T3304] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.701822][ T3304] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.702579][ T3304] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.206139][ T3304] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation 1970/01/01 00:01:18 building call list... [ 78.673596][ T29] ------------[ cut here ]------------ [ 78.674090][ T29] hook not found, pf 3 num 0 [ 78.674607][ T29] WARNING: CPU: 1 PID: 29 at net/netfilter/core.c:480 __nf_unregister_net_hook+0xac/0x1d0 [ 78.676036][ T29] Modules linked in: [ 78.676683][ T29] CPU: 1 PID: 29 Comm: kworker/u4:2 Not tainted 5.12.0-syzkaller-14380-g8404c9fbc84b #0 [ 78.677652][ T29] Hardware name: linux,dummy-virt (DT) [ 78.678306][ T29] Workqueue: netns cleanup_net [ 78.679700][ T29] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 78.680759][ T29] pc : __nf_unregister_net_hook+0xac/0x1d0 [ 78.681313][ T29] lr : __nf_unregister_net_hook+0xac/0x1d0 [ 78.681827][ T29] sp : ffff800012bcbc80 [ 78.682176][ T29] x29: ffff800012bcbc80 x28: ffff80001294d508 [ 78.682835][ T29] x27: ffff800012749838 x26: ffff800012904240 [ 78.683441][ T29] x25: ffff8000129043c0 x24: f6ff000009693900 [ 78.684289][ T29] x23: f6ff0000063d09f0 x22: f6ff0000063d0000 [ 78.685438][ T29] x21: ffff80001290c390 x20: 0000000000000003 [ 78.686084][ T29] x19: f6ff0000055ca000 x18: 00000000fffffffe [ 78.686702][ T29] x17: 0000000000000000 x16: 0000000000000000 [ 78.687330][ T29] x15: 0000000000000020 x14: ffffffffffffffff [ 78.687947][ T29] x13: 00000000000002f9 x12: ffff800012bcb950 [ 78.688694][ T29] x11: ffff800012800da0 x10: ffff80001275cbe0 [ 78.689372][ T29] x9 : ffff8000127fc648 x8 : ffff80001274c648 [ 78.690014][ T29] x7 : ffff8000127fc648 x6 : fffffffffffcbd98 [ 78.690630][ T29] x5 : ffff00007fbd0948 x4 : 0000000000015ff5 [ 78.691302][ T29] x3 : 0000000000000001 x2 : 0000000000000000 [ 78.691931][ T29] x1 : 0000000000000000 x0 : f9ff00000312bd00 [ 78.692673][ T29] Call trace: [ 78.693036][ T29] __nf_unregister_net_hook+0xac/0x1d0 [ 78.693521][ T29] nf_unregister_net_hooks+0x88/0xac [ 78.693957][ T29] arpt_unregister_table_pre_exit+0x40/0x50 [ 78.694447][ T29] arptable_filter_net_pre_exit+0x20/0x2c [ 78.694916][ T29] cleanup_net+0x200/0x410 [ 78.695334][ T29] process_one_work+0x1d8/0x364 [ 78.695773][ T29] worker_thread+0x70/0x434 [ 78.696188][ T29] kthread+0x174/0x180 [ 78.696599][ T29] ret_from_fork+0x10/0x34 [ 78.697101][ T29] ---[ end trace 2dc55d5eadab5e82 ]--- [ 78.790472][ T29] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.934176][ T29] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.163973][ T29] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.292108][ T29] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 81.431137][ T29] device hsr_slave_0 left promiscuous mode [ 81.481349][ T29] device hsr_slave_1 left promiscuous mode [ 81.584571][ T29] device veth1_macvtap left promiscuous mode [ 81.585331][ T29] device veth0_macvtap left promiscuous mode [ 81.586927][ T29] device veth1_vlan left promiscuous mode [ 81.587654][ T29] device veth0_vlan left promiscuous mode executing program [ 83.052580][ T29] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.155345][ T29] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.601576][ T29] bond0 (unregistering): Released all slaves [ 84.614366][ T29] ================================================================== [ 84.615610][ T29] BUG: KASAN: invalid-access in hooks_validate+0x38/0x7c [ 84.616623][ T29] Read at addr f6ff000009693848 by task kworker/u4:2/29 [ 84.617328][ T29] Pointer tag: [f6], memory tag: [fe] [ 84.617871][ T29] [ 84.618403][ T29] CPU: 0 PID: 29 Comm: kworker/u4:2 Tainted: G W 5.12.0-syzkaller-14380-g8404c9fbc84b #0 [ 84.619875][ T29] Hardware name: linux,dummy-virt (DT) [ 84.620818][ T29] Workqueue: netns cleanup_net [ 84.622117][ T29] Call trace: [ 84.622925][ T29] dump_backtrace+0x0/0x1b0 [ 84.623680][ T29] show_stack+0x18/0x24 [ 84.624370][ T29] dump_stack+0xd0/0x12c [ 84.625097][ T29] print_address_description+0x70/0x2ac [ 84.625744][ T29] kasan_report+0x134/0x380 [ 84.626499][ T29] __do_kernel_fault+0x1a8/0x1dc [ 84.627186][ T29] do_tag_check_fault+0x74/0x90 [ 84.627902][ T29] do_mem_abort+0x44/0xbc [ 84.628785][ T29] el1_abort+0x40/0x60 [ 84.629469][ T29] el1_sync_handler+0xac/0xd0 [ 84.630090][ T29] el1_sync+0x70/0x100 [ 84.630725][ T29] hooks_validate+0x38/0x7c [ 84.631447][ T29] __nf_unregister_net_hook+0x114/0x1d0 [ 84.632016][ T29] nf_unregister_net_hook+0x64/0x74 [ 84.632592][ T29] clusterip_net_exit+0x60/0x7c [ 84.633100][ T29] ops_exit_list+0x44/0x80 [ 84.633608][ T29] cleanup_net+0x23c/0x410 [ 84.634031][ T29] process_one_work+0x1d8/0x364 [ 84.634517][ T29] worker_thread+0x70/0x434 [ 84.634951][ T29] kthread+0x174/0x180 [ 84.635469][ T29] ret_from_fork+0x10/0x34 [ 84.636150][ T29] [ 84.636745][ T29] Allocated by task 0: [ 84.637380][ T29] (stack is not available) [ 84.638053][ T29] [ 84.638521][ T29] Freed by task 29: [ 84.639229][ T29] kasan_save_stack+0x28/0x5c [ 84.640177][ T29] kasan_set_track+0x28/0x40 [ 84.640981][ T29] kasan_set_free_info+0x20/0x30 [ 84.641839][ T29] ____kasan_slab_free.constprop.0+0x1dc/0x254 [ 84.642850][ T29] __kasan_slab_free+0x10/0x1c [ 84.643687][ T29] slab_free_freelist_hook+0xc0/0x220 [ 84.644466][ T29] kfree+0x350/0x4c4 [ 84.645143][ T29] xt_unregister_table+0x8c/0xcc [ 84.645772][ T29] __arpt_unregister_table+0x2c/0xcc [ 84.646505][ T29] arpt_unregister_table+0x30/0x40 [ 84.647147][ T29] arptable_filter_net_exit+0x18/0x24 [ 84.647793][ T29] ops_exit_list+0x44/0x80 [ 84.648480][ T29] cleanup_net+0x23c/0x410 [ 84.648966][ T29] process_one_work+0x1d8/0x364 [ 84.649613][ T29] worker_thread+0x70/0x434 [ 84.650274][ T29] kthread+0x174/0x180 [ 84.650886][ T29] ret_from_fork+0x10/0x34 [ 84.651686][ T29] [ 84.652171][ T29] The buggy address belongs to the object at ffff000009693800 [ 84.652171][ T29] which belongs to the cache kmalloc-128 of size 128 [ 84.654011][ T29] The buggy address is located 72 bytes inside of [ 84.654011][ T29] 128-byte region [ffff000009693800, ffff000009693880) [ 84.655678][ T29] The buggy address belongs to the page: [ 84.656670][ T29] page:00000000e0878cd4 refcount:1 mapcount:0 mapping:0000000000000000 index:0xfdff000009693500 pfn:0x49693 [ 84.658467][ T29] flags: 0x1ffc00000000200(slab|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 84.660299][ T29] raw: 01ffc00000000200 fffffc000018dbc0 0000000700000007 f3ff000003001200 [ 84.661776][ T29] raw: fdff000009693500 000000008010000b 00000001ffffffff 0000000000000000 [ 84.662994][ T29] page dumped because: kasan: bad access detected [ 84.663843][ T29] [ 84.664286][ T29] Memory state around the buggy address: [ 84.665315][ T29] ffff000009693600: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 84.666405][ T29] ffff000009693700: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 84.667407][ T29] >ffff000009693800: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 84.668390][ T29] ^ [ 84.669051][ T29] ffff000009693900: f6 f6 f6 f6 fe fe fe fe fe fe fe fe fe fe fe fe [ 84.670082][ T29] ffff000009693a00: f1 f1 f1 f1 f1 fe fe fe fe fe fe fe fe fe fe fe [ 84.671135][ T29] ================================================================== [ 84.672110][ T29] Disabling lock debugging due to kernel taint executing program executing program executing program [ 93.067096][ T3294] can: request_module (can-proto-0) failed. [ 93.152973][ T3294] can: request_module (can-proto-0) failed. [ 93.227948][ T3294] can: request_module (can-proto-0) failed. executing program executing program [ 103.445612][ T3141] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 103.453487][ T3141] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 103.463361][ T3141] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 103.467189][ T3141] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. VM DIAGNOSIS: 14:57:52 Registers: info registers vcpu 0 PC=ffff8000105ebc8c X00=0000000000000000 X01=ffff800012d23b80 X02=0000000000000000 X03=00000000000008b8 X04=ffffffffffffffff X05=00000000ffffffd0 X06=ffff800012d23c50 X07=ffff800012d23c50 X08=f4ff0000062f6000 X09=ffff800011d497a0 X10=0000000000000000 X11=0000000000000000 X12=f4ff0000062f68b8 X13=f4ff0000062f7000 X14=ffffffffffffffff X15=0000000000000030 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=f4ff0000062f7000 X20=f4ff0000062f68b8 X21=ffff800012d23c50 X22=ffff800011875578 X23=00000000ffffffe8 X24=0000000000000748 X25=0000000000000020 X26=ffff800011d61791 X27=ffff800011d61791 X28=f4ff0000062f68da X29=ffff800012d23b10 X30=adde8000105ebf24 SP=ffff800012d23b10 PSTATE=60400009 -ZC- EL2h BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000004 Z01=746573656661732c:616d61792c797469 Z02=006b63616d732c6f:796f6d6f742c6469 Z03=0000040000000400:0000000000000000 Z04=0000000000100000:0000000000000000 Z05=4010040140100401:4010040140100401 Z06=0010000004040000:0010000004040000 Z07=0000000000000000:3ff4d148e104939a Z08=0000000000000000:3fb90cc608e43d88 Z09=0000000000000000:3fe372fcaacc9506 Z10=0000000000000000:3fe0000000000000 Z11=0000000000000000:230c4dbeccd5d0e2 Z12=0000000000000000:cbc79827e9cfe5d4 Z13=0000000000000000:d05359c15f6b46ce Z14=0000000000000000:9e7176c0845f6a99 Z15=0000000000000000:b6b41caaf63e8e50 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000008:0000000000a2d02c Z31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff80001076a994 X00=f3ff0000033d2080 X01=0000000000000002 X02=ffff800012ad5018 X03=0000000000000018 X04=f3ff0000033d2080 X05=0000000000000030 X06=ffff80001295098f X07=3930303030343036 X08=642076435a6e2820 X09=ffff800012bcb520 X10=ffff80001275cdf0 X11=ffff800012800e30 X12=ffff800012bcb59d X13=ffff800012bcb5a8 X14=ffffffffffffffff X15=0000000000000020 X16=0000000000000000 X17=0000000000000000 X18=00000000fffffffd X19=ffff80001295099d X20=ffff80001076a994 X21=f3ff0000033d2080 X22=ffff8000129509c4 X23=0000000000000f01 X24=000000000000004c X25=ffff80001271fe08 X26=ffff80001286cca8 X27=ffff800012950978 X28=ffff8000129507d0 X29=ffff800012bcb5d0 X30=eda780001076a9bc SP=ffff800012bcb5d0 PSTATE=804003c9 N--- EL2h BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000000000000000:c1162e42fefa39ef Z02=f1cecb52b976ad81:6e0ceb520395948f Z03=0000000040000000:0000000000000000 Z04=4010040140100401:4000000000000000 Z05=4010040140100401:4010040140100401 Z06=5555400000400000:5555400000400000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000010:0000000f12dbb510 Z31=0000000000000000:0000000000000000