syzkaller login: [  103.856631][ T3137] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  103.877434][ T3137] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  106.879060][ T3137] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:59018' (ECDSA) to the list of known hosts.
1970/01/01 00:02:11 fuzzer started
1970/01/01 00:02:14 connecting to host at localhost:45765
1970/01/01 00:02:15 checking machine...
1970/01/01 00:02:15 checking revisions...
1970/01/01 00:02:16 testing simple program...
executing program
executing program
[  143.524032][ T3299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  143.574729][ T3299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.585138][ T3299] device hsr_slave_0 entered promiscuous mode
executing program
[  145.638456][ T3299] device hsr_slave_1 entered promiscuous mode
[  147.332703][ T3299] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  147.408725][ T3299] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  147.505058][ T3299] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  147.595681][ T3299] netdevsim netdevsim0 netdevsim3: renamed from eth3
executing program
[  149.696851][ T3299] 8021q: adding VLAN 0 to HW filter on device bond0
[  149.796566][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  149.819377][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  150.890003][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  150.900309][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  150.989388][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  151.013518][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  151.105352][ T3493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  151.229282][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  151.484313][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  151.506074][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
executing program
[  151.599846][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  151.610629][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  151.699255][ T3299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  151.999467][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  152.005926][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  154.399385][ T3493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  154.424806][ T3493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
executing program
[  155.630330][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  155.648996][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  155.681581][ T3493] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  155.697652][ T3493] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  155.735840][ T3299] device veth0_vlan entered promiscuous mode
[  155.945311][ T3299] device veth1_vlan entered promiscuous mode
[  156.414871][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  156.437515][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  156.518369][ T3299] device veth0_macvtap entered promiscuous mode
[  156.603362][ T3299] device veth1_macvtap entered promiscuous mode
[  156.644959][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  156.657874][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  156.916024][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  156.936677][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  157.046585][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  157.069444][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  157.147933][ T3299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  157.149631][ T3299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  157.150848][ T3299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  157.153762][ T3299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[  158.160494][ T3299] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
1970/01/01 00:02:37 building call list...
[  159.125324][   T30] ------------[ cut here ]------------
[  159.126475][   T30] hook not found, pf 3 num 0
[  159.127427][   T30] WARNING: CPU: 0 PID: 30 at net/netfilter/core.c:480 __nf_unregister_net_hook+0xac/0x1d0
[  159.136006][   T30] Modules linked in:
[  159.137546][   T30] CPU: 0 PID: 30 Comm: kworker/u4:2 Not tainted 5.12.0-syzkaller-11146-g8ca5297e7e38 #0
[  159.140115][   T30] Hardware name: linux,dummy-virt (DT)
[  159.141780][   T30] Workqueue: netns cleanup_net
[  159.143267][   T30] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)
[  159.144575][   T30] pc : __nf_unregister_net_hook+0xac/0x1d0
[  159.145866][   T30] lr : __nf_unregister_net_hook+0xac/0x1d0
[  159.147113][   T30] sp : ffff800012bb3c80
[  159.148007][   T30] x29: ffff800012bb3c80 x28: ffff8000129294f8 
[  159.149635][   T30] x27: ffff800012729790 x26: ffff8000128e3280 
[  159.151139][   T30] x25: ffff8000128e3400 x24: f5ff00000977ad00 
[  159.152705][   T30] x23: fdff0000062109f0 x22: fdff000006210000 
[  159.154236][   T30] x21: ffff8000128eb3d0 x20: 0000000000000003 
[  159.155403][   T30] x19: f5ff0000058b6600 x18: 00000000fffffffe 
[  159.156582][   T30] x17: 0000000000000000 x16: 0000000000000000 
[  159.157816][   T30] x15: 0000000000000020 x14: ffffffffffffffff 
[  159.159495][   T30] x13: 00000000000002f8 x12: ffff800012bb3950 
[  159.160798][   T30] x11: ffff8000127e0ce0 x10: ffff80001273cae0 
[  159.162030][   T30] x9 : ffff8000127dc5a0 x8 : ffff80001272c5a0 
[  159.163250][   T30] x7 : ffff8000127dc5a0 x6 : fffffffffffcbd10 
[  159.164629][   T30] x5 : ffff00007fbb8948 x4 : 0000000000015ff5 
[  159.166109][   T30] x3 : 0000000000000001 x2 : 0000000000000000 
[  159.167631][   T30] x1 : 0000000000000000 x0 : f7ff000003230f40 
[  159.169602][   T30] Call trace:
[  159.170505][   T30]  __nf_unregister_net_hook+0xac/0x1d0
[  159.171558][   T30]  nf_unregister_net_hooks+0x88/0xac
[  159.172505][   T30]  arpt_unregister_table_pre_exit+0x40/0x50
[  159.173488][   T30]  arptable_filter_net_pre_exit+0x20/0x2c
[  159.174344][   T30]  cleanup_net+0x200/0x410
[  159.175030][   T30]  process_one_work+0x1d8/0x364
[  159.175739][   T30]  worker_thread+0x70/0x434
[  159.176485][   T30]  kthread+0x174/0x180
[  159.177280][   T30]  ret_from_fork+0x10/0x34
[  159.178185][   T30] ---[ end trace 2e6bbb3f70400921 ]---
[  159.348946][   T30] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.525236][   T30] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.691364][   T30] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.838621][   T30] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
executing program
[  162.880195][   T30] device hsr_slave_0 left promiscuous mode
[  162.957235][   T30] device hsr_slave_1 left promiscuous mode
[  163.109282][   T30] device veth1_macvtap left promiscuous mode
[  163.110602][   T30] device veth0_macvtap left promiscuous mode
[  163.133692][   T30] device veth1_vlan left promiscuous mode
[  163.135274][   T30] device veth0_vlan left promiscuous mode
executing program
[  166.228382][   T30] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  166.394746][   T30] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
executing program
[  167.103967][   T30] bond0 (unregistering): Released all slaves
[  168.410327][   T30] ==================================================================
[  168.414213][   T30] BUG: KASAN: invalid-access in hooks_validate+0x38/0x7c
[  168.415227][   T30] Read at addr f2ff00000977ac48 by task kworker/u4:2/30
[  168.416201][   T30] Pointer tag: [f2], memory tag: [fe]
[  168.416931][   T30] 
[  168.417651][   T30] CPU: 0 PID: 30 Comm: kworker/u4:2 Tainted: G        W         5.12.0-syzkaller-11146-g8ca5297e7e38 #0
[  168.418793][   T30] Hardware name: linux,dummy-virt (DT)
[  168.419483][   T30] Workqueue: netns cleanup_net
[  168.420369][   T30] Call trace:
[  168.420886][   T30]  dump_backtrace+0x0/0x1b0
[  168.424672][   T30]  show_stack+0x18/0x24
[  168.425387][   T30]  dump_stack+0xd0/0x12c
[  168.426274][   T30]  print_address_description+0x70/0x2ac
[  168.426998][   T30]  kasan_report+0x134/0x380
[  168.427693][   T30]  __do_kernel_fault+0x1a8/0x1dc
[  168.428376][   T30]  do_tag_check_fault+0x74/0x90
[  168.429132][   T30]  do_mem_abort+0x44/0xbc
[  168.429777][   T30]  el1_abort+0x40/0x60
[  168.430451][   T30]  el1_sync_handler+0xac/0xd0
[  168.431134][   T30]  el1_sync+0x70/0x100
[  168.431843][   T30]  hooks_validate+0x38/0x7c
[  168.432760][   T30]  __nf_unregister_net_hook+0x114/0x1d0
[  168.433847][   T30]  nf_unregister_net_hook+0x64/0x74
[  168.434594][   T30]  clusterip_net_exit+0x60/0x7c
[  168.435246][   T30]  ops_exit_list+0x44/0x80
[  168.435865][   T30]  cleanup_net+0x23c/0x410
[  168.436553][   T30]  process_one_work+0x1d8/0x364
[  168.437216][   T30]  worker_thread+0x70/0x434
[  168.437865][   T30]  kthread+0x174/0x180
[  168.438466][   T30]  ret_from_fork+0x10/0x34
[  168.439222][   T30] 
[  168.439726][   T30] Allocated by task 3299:
[  168.440387][   T30]  kasan_save_stack+0x28/0x60
[  168.441197][   T30]  __kasan_kmalloc+0xc8/0x100
[  168.442072][   T30]  allocate_cgrp_cset_links+0x98/0x100
[  168.442895][   T30]  find_css_set+0x210/0x640
[  168.443504][   T30]  cgroup_migrate_prepare_dst+0x5c/0x234
[  168.444177][   T30]  cgroup_attach_task+0xbc/0x11c
[  168.444919][   T30]  __cgroup1_procs_write.constprop.0+0x128/0x170
[  168.445627][   T30]  cgroup1_procs_write+0x14/0x20
[  168.446239][   T30]  cgroup_file_write+0x94/0x1a0
[  168.446891][   T30]  kernfs_fop_write_iter+0x128/0x1c0
[  168.447541][   T30]  new_sync_write+0xe8/0x184
[  168.448172][   T30]  vfs_write+0x244/0x2a4
[  168.448792][   T30]  ksys_write+0x68/0xf4
[  168.449395][   T30]  __arm64_sys_write+0x20/0x2c
[  168.450105][   T30]  invoke_syscall+0x48/0x110
[  168.450677][   T30]  el0_svc_common.constprop.0+0x44/0xd0
[  168.451335][   T30]  do_el0_svc+0x74/0x90
[  168.452031][   T30]  el0_svc+0x2c/0x54
[  168.452788][   T30]  el0_sync_handler+0x1a4/0x1b0
[  168.453596][   T30]  el0_sync+0x1a8/0x1c0
[  168.454385][   T30] 
[  168.454850][   T30] Freed by task 30:
[  168.455395][   T30]  kasan_save_stack+0x28/0x60
[  168.456008][   T30]  kasan_set_track+0x28/0x40
[  168.456635][   T30]  kasan_set_free_info+0x20/0x30
[  168.457308][   T30]  ____kasan_slab_free.constprop.0+0x1e8/0x230
[  168.458035][   T30]  __kasan_slab_free+0x10/0x1c
[  168.458662][   T30]  slab_free_freelist_hook+0xbc/0x210
[  168.459366][   T30]  kfree+0x350/0x4d4
[  168.459978][   T30]  xt_unregister_table+0x8c/0xcc
[  168.461234][   T30]  __arpt_unregister_table+0x2c/0xcc
[  168.461989][   T30]  arpt_unregister_table+0x30/0x40
[  168.462707][   T30]  arptable_filter_net_exit+0x18/0x24
[  168.463427][   T30]  ops_exit_list+0x44/0x80
[  168.464055][   T30]  cleanup_net+0x23c/0x410
[  168.464701][   T30]  process_one_work+0x1d8/0x364
[  168.465350][   T30]  worker_thread+0x70/0x434
[  168.465960][   T30]  kthread+0x174/0x180
[  168.466618][   T30]  ret_from_fork+0x10/0x34
[  168.467298][   T30] 
[  168.467708][   T30] The buggy address belongs to the object at ffff00000977ac00
[  168.467708][   T30]  which belongs to the cache kmalloc-128 of size 128
[  168.469256][   T30] The buggy address is located 72 bytes inside of
[  168.469256][   T30]  128-byte region [ffff00000977ac00, ffff00000977ac80)
[  168.470890][   T30] The buggy address belongs to the page:
[  168.471868][   T30] page:00000000dadde429 refcount:1 mapcount:0 mapping:0000000000000000 index:0xf2ff00000977ac00 pfn:0x4977a
[  168.480281][   T30] flags: 0x1ffc00000000200(slab|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0)
[  168.483064][   T30] raw: 01ffc00000000200 fffffc000018d200 0000000c0000000c f2ff000003001200
[  168.485146][   T30] raw: f2ff00000977ac00 000000008010000f 00000001ffffffff 0000000000000000
[  168.486970][   T30] page dumped because: kasan: bad access detected
[  168.487839][   T30] 
[  168.488310][   T30] Memory state around the buggy address:
[  168.489256][   T30]  ffff00000977aa00: fc fc fc fc fc fc fc fc fe fe fe fe fe fe fe fe
[  168.490439][   T30]  ffff00000977ab00: f4 f4 f4 f4 f4 f4 f4 f4 fe fe fe fe fe fe fe fe
[  168.491497][   T30] >ffff00000977ac00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  168.497860][   T30]                                ^
[  168.498769][   T30]  ffff00000977ad00: f5 f5 f5 f5 fe fe fe fe fe fe fe fe fe fe fe fe
[  168.499790][   T30]  ffff00000977ae00: fd fd fd fd fd fe fe fe fe fe fe fe fe fe fe fe
[  168.500951][   T30] ==================================================================
[  168.502183][   T30] Disabling lock debugging due to kernel taint
executing program
executing program
executing program
executing program
executing program
executing program
[  187.200853][ T3295] can: request_module (can-proto-0) failed.
[  187.331379][ T3295] can: request_module (can-proto-0) failed.
[  187.524456][ T3295] can: request_module (can-proto-0) failed.
executing program

VM DIAGNOSIS:
21:50:03  Registers:
info registers vcpu 0
 PC=ffff800010104570 X00=00000000000003c0 X01=00000000ffffe2fb
X02=80000000ffffe2fb X03=ffff8000127e0d28 X04=00000000ffffe2fb
X05=ffff800012bb36a0 X06=00000000ffffe2fb X07=0000000000000001
X08=0000000000000002 X09=ffff800012bb38c0 X10=fffffffffffc0000
X11=ffff80001272c590 X12=ffff80001293abdc X13=ffff80001293ac27
X14=ffffffffffffffff X15=0000000000000020 X16=0000000000000000
X17=0000000000000000 X18=00000000fffffffd X19=0000000000000055
X20=0000000000000000 X21=0000000000000055 X22=0000000000000057
X23=0000000000000000 X24=ffff800011d87d28 X25=ffff800012bb3688
X26=ffff800012bb36a0 X27=000000000000001e X28=ffff80001272c498
X29=ffff800012bb35d0 X30=49d6800010105114  SP=ffff800012bb35d0
PSTATE=604003c9 -ZC- EL2h  BTYPE=0     FPCR=00000000 FPSR=00000010
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=7373737373737373:7373737373737373 Z01=746573656661732c:616d61792c797469
Z02=006b63616d732c6f:796f6d6f742c6469 Z03=0000040000000400:0000000000000000
Z04=0000000000100000:0000000000000000 Z05=4010040140100401:4010040140100401
Z06=0010000004040000:0010000004040000 Z07=0000000000000000:0000000000000001
Z08=0000000000000000:0000000000000003 Z09=0000000000000000:3fe37827cffd9b75
Z10=0000000000000000:3fe0000000000000 Z11=0000000000000000:ef84949c960bbb6e
Z12=0000000000000000:7c50f3ee61ddf209 Z13=0000000000000000:7cf06be27c2b6e97
Z14=0000000000000000:a3d91c85559026db Z15=0000000000000000:5710df825a45efb7
Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000008:00000000cfaa4116 Z31=0000000000000000:0000000000000000
info registers vcpu 1
 PC=ffff8000110d1298 X00=ffff8000110d1290 X01=ffff8000110d12d0
X02=0000000000000000 X03=7fffffffffffffff X04=0000000000000041
X05=0000000000000000 X06=00000000ffffffff X07=ffff00007fbdb4c0
X08=ffff00007fbdb540 X09=00000000005b8d80 X10=0000000000000001
X11=f6ff000003400260 X12=0000000000000040 X13=00002d01e1f6ac00
X14=0000000000000000 X15=0000000000000000 X16=0000000000000000
X17=0000000000000000 X18=0000000000000000 X19=ffff80001296f8c0
X20=0000000000007a36 X21=00000024c988ac00 X22=00000024cfea9be0
X23=0000000000000003 X24=7fffffffffffffff X25=ffff00007fbd6e0c
X26=ffff00007fbd6f38 X27=ffff00007fbd6ef8 X28=ffff00007fbd6eb8
X29=ffff80001000be30 X30=f3e88000110d12e8  SP=ffff80001000be30
PSTATE=604000c9 -ZC- EL2h  BTYPE=0     FPCR=00000000 FPSR=00000010
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000004 Z01=0000000000000000:c1162e42fefa39ef
Z02=ee3292ad1c35835f:cfcb2ecc9e77dfee Z03=0000000040000000:0000000000000000
Z04=4010040140100401:4000000000000000 Z05=4010040140100401:4010040140100401
Z06=5555400000400000:5555400000400000 Z07=0000000000000000:0000000000000000
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000010:0000001e7402e3f0 Z31=0000000000000000:0000000000000000