[  146.790174][ T3143] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  146.836972][ T3143] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  146.868162][ T3143] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:23785' (ECDSA) to the list of known hosts.
1970/01/01 00:02:49 fuzzer started
1970/01/01 00:02:54 connecting to host at localhost:40893
1970/01/01 00:02:54 checking machine...
1970/01/01 00:02:54 checking revisions...
1970/01/01 00:02:55 testing simple program...
executing program
executing program
[  184.979248][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  185.025948][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
executing program
[  187.773761][ T3313] device hsr_slave_0 entered promiscuous mode
[  187.840137][ T3313] device hsr_slave_1 entered promiscuous mode
executing program
[  190.094142][ T3313] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  190.364837][ T3313] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  190.549254][ T3313] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  190.674711][ T3313] netdevsim netdevsim0 netdevsim3: renamed from eth3
executing program
[  193.304947][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.431526][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  193.454631][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
executing program
[  195.375937][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  195.407113][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  195.485013][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  195.493985][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  195.579874][ T2114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  195.666243][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  195.935554][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  195.956615][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  196.045613][ T2114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  196.072589][ T2114] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  196.149818][ T3313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  196.497508][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  196.499225][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
executing program
[  199.972726][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  199.988227][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
executing program
[  201.706510][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  201.726478][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  201.754298][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  201.768111][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  201.848327][ T3313] device veth0_vlan entered promiscuous mode
[  201.986407][ T3313] device veth1_vlan entered promiscuous mode
[  202.427322][ T3536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  202.438812][ T3536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  202.513397][ T3313] device veth0_macvtap entered promiscuous mode
[  202.610233][ T3313] device veth1_macvtap entered promiscuous mode
[  202.726663][ T3536] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  202.789232][ T3536] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  203.036289][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  203.063859][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  203.208777][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  203.223400][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  203.368114][ T3313] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  203.370043][ T3313] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  203.379703][ T3313] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  203.383737][ T3313] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[  204.777440][ T3313] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
1970/01/01 00:03:24 building call list...
executing program
[  206.877661][   T29] ------------[ cut here ]------------
[  206.878556][   T29] hook not found, pf 3 num 0
[  206.879955][   T29] WARNING: CPU: 1 PID: 29 at net/netfilter/core.c:480 __nf_unregister_net_hook+0x17c/0x4f0
[  206.880999][   T29] Modules linked in:
[  206.881872][   T29] CPU: 1 PID: 29 Comm: kworker/u4:2 Not tainted 5.12.0-syzkaller-13670-g5e321ded302d #0
[  206.882397][   T29] Hardware name: linux,dummy-virt (DT)
[  206.884635][   T29] Workqueue: netns cleanup_net
[  206.887718][   T29] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[  206.890062][   T29] pc : __nf_unregister_net_hook+0x17c/0x4f0
[  206.892200][   T29] lr : __nf_unregister_net_hook+0x17c/0x4f0
[  206.893684][   T29] sp : ffff8000183779e0
[  206.895490][   T29] x29: ffff8000183779e0 x28: 0000000000000003 
[  206.898385][   T29] x27: 0000000000000001 x26: ffff00000afe8f10 
[  206.900442][   T29] x25: 0000000000000007 x24: ffff00001404a91c 
[  206.902294][   T29] x23: ffff80001711f9a0 x22: ffff00000afe8000 
[  206.903984][   T29] x21: 0000000000000001 x20: ffff00000a35cb20 
[  206.905535][   T29] x19: ffff00001404a900 x18: ffff00006ab25b48 
[  206.907013][   T29] x17: 0000000000000000 x16: 0000000000000000 
[  206.909506][   T29] x15: ffff00006ab25b7c x14: 1ffff0000306ee6a 
[  206.910997][   T29] x13: 0000000000000001 x12: ffff60000d564b84 
[  206.914278][   T29] x11: 1fffe0000d564b83 x10: ffff60000d564b83 
[  206.916777][   T29] x9 : dfff800000000000 x8 : ffff00006ab25c1b 
[  206.919180][   T29] x7 : 0000000000000001 x6 : 00009ffff2a9b47d 
[  206.920953][   T29] x5 : ffff00006ab25c18 x4 : 1fffe0000115e9d9 
[  206.930650][   T29] x3 : dfff800000000000 x2 : 0000000000000000 
[  206.933193][   T29] x1 : 0000000000000000 x0 : ffff000008af4ec0 
[  206.936128][   T29] Call trace:
[  206.937668][   T29]  __nf_unregister_net_hook+0x17c/0x4f0
[  206.939671][   T29]  nf_unregister_net_hooks+0xd4/0x120
[  206.942493][   T29]  arpt_unregister_table_pre_exit+0x6c/0x8c
[  206.945143][   T29]  arptable_filter_net_pre_exit+0x20/0x2c
[  206.951243][   T29]  cleanup_net+0x328/0x820
[  206.952750][   T29]  process_one_work+0x798/0x1764
[  206.954112][   T29]  worker_thread+0x3d4/0xcd0
[  206.955481][   T29]  kthread+0x320/0x3bc
[  206.956619][   T29]  ret_from_fork+0x10/0x3c
[  206.958133][   T29] irq event stamp: 122098
[  206.959409][   T29] hardirqs last  enabled at (122097): [<ffff8000102aaaa8>] console_unlock+0x7f8/0xbf4
[  206.970553][   T29] hardirqs last disabled at (122098): [<ffff800014483114>] el1_dbg+0x24/0x80
[  206.971327][   T29] softirqs last  enabled at (121832): [<ffff8000100109e0>] _stext+0x9e0/0x1084
[  206.971916][   T29] softirqs last disabled at (121825): [<ffff80001015dfd4>] __irq_exit_rcu+0x494/0x550
[  206.972475][   T29] ---[ end trace 87969328c5d81a6c ]---
[  207.337184][   T29] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.698616][   T29] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.994823][   T29] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.356412][   T29] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
executing program
executing program
[  212.692786][   T29] device hsr_slave_0 left promiscuous mode
[  212.737532][   T29] device hsr_slave_1 left promiscuous mode
[  212.939555][   T29] device veth1_macvtap left promiscuous mode
[  212.943420][   T29] device veth0_macvtap left promiscuous mode
[  212.964939][   T29] device veth1_vlan left promiscuous mode
[  212.967721][   T29] device veth0_vlan left promiscuous mode
executing program
[  218.038636][   T29] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  218.244413][   T29] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
executing program
[  219.357192][   T29] bond0 (unregistering): Released all slaves
[  221.904688][   T29] ==================================================================
[  221.907914][   T29] BUG: KASAN: use-after-free in hooks_validate+0x164/0x1ac
[  221.910184][   T29] Read of size 4 at addr ffff00000a35ca48 by task kworker/u4:2/29
[  221.912599][   T29] 
[  221.913744][   T29] CPU: 1 PID: 29 Comm: kworker/u4:2 Tainted: G        W         5.12.0-syzkaller-13670-g5e321ded302d #0
[  221.917140][   T29] Hardware name: linux,dummy-virt (DT)
[  221.918750][   T29] Workqueue: netns cleanup_net
[  221.919415][   T29] Call trace:
[  221.919636][   T29]  dump_backtrace+0x0/0x3e0
[  221.919922][   T29]  show_stack+0x18/0x24
[  221.920184][   T29]  dump_stack+0x120/0x1a8
[  221.920553][   T29]  print_address_description.constprop.0+0x2c/0x300
[  221.920946][   T29]  kasan_report+0x1ec/0x200
[  221.921277][   T29]  __asan_report_load4_noabort+0x34/0x60
[  221.921592][   T29]  hooks_validate+0x164/0x1ac
[  221.921928][   T29]  __nf_hook_entries_try_shrink+0x1d4/0x2c4
[  221.922249][   T29]  __nf_unregister_net_hook+0x240/0x4f0
[  221.922554][   T29]  nf_unregister_net_hook+0xb8/0x100
[  221.922963][   T29]  clusterip_net_exit+0x13c/0x204
[  221.923246][   T29]  ops_exit_list+0x78/0x124
[  221.923568][   T29]  cleanup_net+0x3a4/0x820
[  221.923893][   T29]  process_one_work+0x798/0x1764
[  221.924171][   T29]  worker_thread+0x3d4/0xcd0
[  221.924436][   T29]  kthread+0x320/0x3bc
[  221.924677][   T29]  ret_from_fork+0x10/0x3c
[  221.925147][   T29] 
[  221.925492][   T29] Allocated by task 0:
[  221.925780][   T29] (stack is not available)
[  221.926078][   T29] 
[  221.926335][   T29] Freed by task 29:
[  221.926707][   T29]  kasan_save_stack+0x28/0x60
[  221.927090][   T29]  kasan_set_track+0x28/0x40
[  221.927377][   T29]  kasan_set_free_info+0x28/0x50
[  221.927656][   T29]  __kasan_slab_free+0xfc/0x150
[  221.927948][   T29]  slab_free_freelist_hook+0x140/0x264
[  221.928266][   T29]  kfree+0x154/0x7d0
[  221.928544][   T29]  xt_unregister_table+0x1cc/0x2ec
[  221.928910][   T29]  __arpt_unregister_table+0x44/0x1b4
[  221.929201][   T29]  arpt_unregister_table+0x30/0x40
[  221.929707][   T29]  arptable_filter_net_exit+0x18/0x24
[  221.931524][   T29]  ops_exit_list+0x78/0x124
[  221.933097][   T29]  cleanup_net+0x3a4/0x820
[  221.934218][   T29]  process_one_work+0x798/0x1764
[  221.934509][   T29]  worker_thread+0x3d4/0xcd0
[  221.934805][   T29]  kthread+0x320/0x3bc
[  221.935164][   T29]  ret_from_fork+0x10/0x3c
[  221.935518][   T29] 
[  221.935754][   T29] The buggy address belongs to the object at ffff00000a35ca00
[  221.935754][   T29]  which belongs to the cache kmalloc-128 of size 128
[  221.936400][   T29] The buggy address is located 72 bytes inside of
[  221.936400][   T29]  128-byte region [ffff00000a35ca00, ffff00000a35ca80)
[  221.936957][   T29] The buggy address belongs to the page:
[  221.937695][   T29] page:000000002ff29027 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4a35c
[  221.938498][   T29] flags: 0x1ffc00000000200(slab|node=0|zone=0|lastcpupid=0x7ff)
[  221.939576][   T29] raw: 01ffc00000000200 dead000000000100 dead000000000122 ffff000008802300
[  221.939986][   T29] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  221.941165][   T29] page dumped because: kasan: bad access detected
[  221.941638][   T29] 
[  221.941884][   T29] Memory state around the buggy address:
[  221.944034][   T29]  ffff00000a35c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  221.946356][   T29]  ffff00000a35c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  221.948673][   T29] >ffff00000a35ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  221.949120][   T29]                                               ^
[  221.949634][   T29]  ffff00000a35ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  221.949979][   T29]  ffff00000a35cb00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  221.950553][   T29] ==================================================================
[  221.951026][   T29] Disabling lock debugging due to kernel taint
executing program
executing program
[  224.672192][ T3305] can: request_module (can-proto-0) failed.
[  224.788094][ T3305] can: request_module (can-proto-0) failed.
[  224.897063][ T3305] can: request_module (can-proto-0) failed.
executing program
executing program
executing program

VM DIAGNOSIS:
22:54:48  Registers:
info registers vcpu 0
 PC=ffff800013186f58 X00=ffff800013186f50 X01=0000000000000000
X02=0000000000000000 X03=1fffe0000d560780 X04=000000000022277d
X05=0000000000000000 X06=00000000f3f3f3f3 X07=ffff8000173d1760
X08=ffff800015efac00 X09=1fffe000013bcb0b X10=0000000000000007
X11=1fffe000013bcb03 X12=0000000000000089 X13=0000000000000001
X14=1ffff000030a4f86 X15=0000000000000000 X16=0000000000000000
X17=0000000000000000 X18=0000000000000000 X19=ffff8000161753f0
X20=0000000000000000 X21=0000000000000003 X22=0000000000000028
X23=ffff800016175480 X24=dfff800000000000 X25=ffff8000161753c0
X26=0000000000000004 X27=ffff8000161753f0 X28=ffff000009de4ec0
X29=ffff800018527d10 X30=ffff800010355c78  SP=ffff800018527d10
PSTATE=600003c5 -ZC- EL1h     FPCR=00000000 FPSR=00000010
Q00=0000000000000000:0000000000000000 Q01=0000000000000000:c1162e42fefa39ef
Q02=ad58e7ea2aa9be12:fea57eb878041317 Q03=0000000040000000:0000000000000000
Q04=4010040140100401:4000000000000000 Q05=4010040140100401:4010040140100401
Q06=5555400000400000:5555400000400000 Q07=0000000000000000:0000000000000000
Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000
Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000
Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000
Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000
Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000
Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000
Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000
Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000
Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000
Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000
Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000
Q30=0000000000000010:000000271a65dbc0 Q31=0000000000000000:0000000000000000
info registers vcpu 1
 PC=ffff8000115b6094 X00=0000000000000002 X01=0000000000000000
X02=0000000000000002 X03=1fffe0000128a82e X04=0000000000000000
X05=0000000000000002 X06=1fffe0000128a82e X07=0000000000000030
X08=0000000000000003 X09=dfff800000000000 X10=ffff70000306edcc
X11=1ffff0000306edcc X12=ffff70000306edcd X13=0000000000000001
X14=1ffff0000306eda2 X15=0000000000000012 X16=0000000000000002
X17=0000000000000000 X18=fffffffffffcbf30 X19=ffff000009454080
X20=ffff800016674660 X21=0000000000000020 X22=ffff80001815b000
X23=dfff800000000000 X24=ffff800017e323f4 X25=0000000000000002
X26=ffff000009454080 X27=dfff800000000000 X28=0000000000000034
X29=ffff800018376e50 X30=ffff8000115b6094  SP=ffff800018376e50
PSTATE=800003c5 N--- EL1h     FPCR=00000000 FPSR=00000010
Q00=0000000000000000:0000000000000000 Q01=2e646e616d6d6f43:656b616d2e637069
Q02=02800101ff4f0280:05020032636e7566 Q03=0000000000000000:0000000000000000
Q04=0000000000000000:0000040000000000 Q05=4010040140100401:4010040140100401
Q06=0000040000000000:0000040000000000 Q07=0000000000000000:3feab83f1540e33c
Q08=0000000000000000:3f939628d53225a0 Q09=0000000000000000:3fe4be9a11825b0a
Q10=0000000000000000:3fe0000000000000 Q11=0000000000000000:0000000000000000
Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000
Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000
Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000
Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000
Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000
Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000
Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000
Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000
Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000
Q30=000000000000000d:0000000011917ae2 Q31=0000000000000000:0000000000000000