syzkaller login: [ 101.067977][ T3141] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 101.076980][ T3141] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 101.105843][ T3141] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:53858' (ECDSA) to the list of known hosts. 1970/01/01 00:02:00 fuzzer started 1970/01/01 00:02:03 connecting to host at localhost:32843 1970/01/01 00:02:03 checking machine... 1970/01/01 00:02:03 checking revisions... 1970/01/01 00:02:04 testing simple program... executing program executing program [ 131.451476][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.491099][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program [ 133.709249][ T3303] device hsr_slave_0 entered promiscuous mode [ 133.751886][ T3303] device hsr_slave_1 entered promiscuous mode [ 135.420386][ T3303] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 135.505589][ T3303] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 135.610832][ T3303] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 135.721133][ T3303] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 137.806480][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.949885][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.969290][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.157017][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.186866][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.274946][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 139.300765][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.381989][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 139.463950][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 139.659942][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 139.666305][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready executing program [ 139.766160][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 139.785064][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 139.845748][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.198318][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 140.200869][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 142.605115][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 142.614243][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready executing program [ 143.864461][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 143.875117][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 143.933434][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 143.993132][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 144.017109][ T3303] device veth0_vlan entered promiscuous mode [ 144.171118][ T3303] device veth1_vlan entered promiscuous mode [ 144.485415][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 144.493403][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 144.559047][ T3303] device veth0_macvtap entered promiscuous mode [ 144.674418][ T3303] device veth1_macvtap entered promiscuous mode [ 144.869870][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 144.881191][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 144.953196][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 144.966397][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 145.051213][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 145.083716][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 145.158811][ T3303] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.163866][ T3303] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.166685][ T3303] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.174898][ T3303] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 146.183947][ T3303] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 147.051548][ T1124] ------------[ cut here ]------------ [ 147.052380][ T1124] hook not found, pf 3 num 0 [ 147.053207][ T1124] WARNING: CPU: 1 PID: 1124 at net/netfilter/core.c:480 __nf_unregister_net_hook+0xac/0x1d0 [ 147.055817][ T1124] Modules linked in: [ 147.056905][ T1124] CPU: 1 PID: 1124 Comm: kworker/u4:6 Not tainted 5.12.0-syzkaller-14859-g1ad77a05cfae #0 [ 147.059798][ T1124] Hardware name: linux,dummy-virt (DT) [ 147.060994][ T1124] Workqueue: netns cleanup_net [ 147.062488][ T1124] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 147.063438][ T1124] pc : __nf_unregister_net_hook+0xac/0x1d0 [ 147.064279][ T1124] lr : __nf_unregister_net_hook+0xac/0x1d0 [ 147.065109][ T1124] sp : ffff800013e83c80 [ 147.065745][ T1124] x29: ffff800013e83c80 x28: ffff80001293d510 x27: ffff800012739838 [ 147.067377][ T1124] x26: ffff8000128f42c0 x25: ffff8000128f4440 x24: f8ff0000068d0300 [ 147.069020][ T1124] x23: faff0000062e09f0 x22: faff0000062e0000 x21: ffff8000128fc410 [ 147.070404][ T1124] x20: 0000000000000003 x19: fcff0000059de200 x18: 00000000fffffffe [ 147.071823][ T1124] x17: 0000000000000000 x16: 0000000000000001 x15: 0000000000000020 [ 147.075059][ T1124] x14: ffffffffffffffff x13: 00000000000002fb x12: ffff800013e83950 [ 147.079067][ T1124] x11: ffff8000127f0dd0 x10: ffff80001274cc90 x9 : ffff8000127ec648 [ 147.082463][ T1124] x8 : ffff80001273c648 x7 : ffff8000127ec648 x6 : fffffffffffcbe00 [ 147.086612][ T1124] x5 : ffff00007fbd0948 x4 : 0000000000015ff5 x3 : 0000000000000001 [ 147.091151][ T1124] x2 : 0000000000000000 x1 : 0000000000000000 x0 : f2ff000003371e80 [ 147.095706][ T1124] Call trace: [ 147.097675][ T1124] __nf_unregister_net_hook+0xac/0x1d0 [ 147.100522][ T1124] nf_unregister_net_hooks+0x88/0xac [ 147.102191][ T1124] arpt_unregister_table_pre_exit+0x40/0x50 [ 147.103015][ T1124] arptable_filter_net_pre_exit+0x20/0x2c [ 147.103801][ T1124] cleanup_net+0x200/0x410 [ 147.104451][ T1124] process_one_work+0x1d8/0x364 1970/01/01 00:02:26 building call list... [ 147.105155][ T1124] worker_thread+0x70/0x434 [ 147.106332][ T1124] kthread+0x174/0x180 [ 147.107051][ T1124] ret_from_fork+0x10/0x34 [ 147.108230][ T1124] ---[ end trace b15dc78eeee2b9fa ]--- [ 147.183180][ T1124] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.377204][ T1124] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.539026][ T1124] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.715115][ T1124] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 150.661436][ T1124] device hsr_slave_0 left promiscuous mode [ 150.724803][ T1124] device hsr_slave_1 left promiscuous mode [ 150.868869][ T1124] device veth1_macvtap left promiscuous mode [ 150.872497][ T1124] device veth0_macvtap left promiscuous mode [ 150.889337][ T1124] device veth1_vlan left promiscuous mode [ 150.892935][ T1124] device veth0_vlan left promiscuous mode executing program [ 153.796127][ T1124] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.947242][ T1124] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.574147][ T1124] bond0 (unregistering): Released all slaves executing program [ 155.877285][ T1124] ================================================================== [ 155.878939][ T1124] BUG: KASAN: invalid-access in hooks_validate+0x38/0x7c [ 155.879915][ T1124] Read at addr f0ff0000068d0248 by task kworker/u4:6/1124 [ 155.880746][ T1124] Pointer tag: [f0], memory tag: [fe] [ 155.881402][ T1124] [ 155.881875][ T1124] CPU: 0 PID: 1124 Comm: kworker/u4:6 Tainted: G W 5.12.0-syzkaller-14859-g1ad77a05cfae #0 [ 155.883278][ T1124] Hardware name: linux,dummy-virt (DT) [ 155.885685][ T1124] Workqueue: netns cleanup_net [ 155.886609][ T1124] Call trace: [ 155.887537][ T1124] dump_backtrace+0x0/0x1b0 [ 155.888280][ T1124] show_stack+0x18/0x24 [ 155.888817][ T1124] dump_stack+0xd0/0x12c [ 155.890289][ T1124] print_address_description+0x70/0x2ac [ 155.891394][ T1124] kasan_report+0x134/0x380 [ 155.892565][ T1124] __do_kernel_fault+0x1a8/0x1dc [ 155.893801][ T1124] do_tag_check_fault+0x74/0x90 [ 155.894536][ T1124] do_mem_abort+0x44/0xbc [ 155.895438][ T1124] el1_abort+0x40/0x60 [ 155.896067][ T1124] el1_sync_handler+0xac/0xd0 [ 155.896644][ T1124] el1_sync+0x78/0x100 [ 155.897259][ T1124] hooks_validate+0x38/0x7c [ 155.897976][ T1124] __nf_unregister_net_hook+0x114/0x1d0 [ 155.898615][ T1124] nf_unregister_net_hook+0x64/0x74 [ 155.899235][ T1124] clusterip_net_exit+0x60/0x7c [ 155.899838][ T1124] ops_exit_list+0x44/0x80 [ 155.900411][ T1124] cleanup_net+0x23c/0x410 [ 155.900990][ T1124] process_one_work+0x1d8/0x364 [ 155.901568][ T1124] worker_thread+0x70/0x434 [ 155.902125][ T1124] kthread+0x174/0x180 [ 155.902729][ T1124] ret_from_fork+0x10/0x34 [ 155.903470][ T1124] [ 155.903959][ T1124] Allocated by task 3303: [ 155.904594][ T1124] kasan_save_stack+0x28/0x5c [ 155.905316][ T1124] __kasan_kmalloc+0xc8/0x100 [ 155.905886][ T1124] allocate_cgrp_cset_links+0x98/0x100 [ 155.906532][ T1124] find_css_set+0x210/0x640 [ 155.907204][ T1124] cgroup_migrate_prepare_dst+0x5c/0x234 [ 155.908058][ T1124] cgroup_attach_task+0xbc/0x11c [ 155.908790][ T1124] __cgroup1_procs_write.constprop.0+0x128/0x170 [ 155.909646][ T1124] cgroup1_procs_write+0x14/0x20 [ 155.910526][ T1124] cgroup_file_write+0x94/0x1a0 [ 155.911249][ T1124] kernfs_fop_write_iter+0x128/0x1c0 [ 155.911974][ T1124] new_sync_write+0xe8/0x184 [ 155.912678][ T1124] vfs_write+0x244/0x2a4 [ 155.913320][ T1124] ksys_write+0x68/0xf4 [ 155.913962][ T1124] __arm64_sys_write+0x20/0x2c [ 155.914524][ T1124] invoke_syscall+0x48/0x110 [ 155.915153][ T1124] el0_svc_common.constprop.0+0x44/0xd0 [ 155.915780][ T1124] do_el0_svc+0x74/0x90 [ 155.916345][ T1124] el0_svc+0x2c/0x54 [ 155.916923][ T1124] el0_sync_handler+0x1a4/0x1b0 [ 155.917659][ T1124] el0_sync+0x1b4/0x1c0 [ 155.918376][ T1124] [ 155.918822][ T1124] Freed by task 1124: [ 155.919315][ T1124] kasan_save_stack+0x28/0x5c [ 155.919843][ T1124] kasan_set_track+0x28/0x40 [ 155.920495][ T1124] kasan_set_free_info+0x20/0x30 [ 155.921178][ T1124] ____kasan_slab_free.constprop.0+0x1dc/0x254 [ 155.921840][ T1124] __kasan_slab_free+0x10/0x1c [ 155.922454][ T1124] slab_free_freelist_hook+0xc0/0x220 [ 155.923140][ T1124] kfree+0x350/0x4c4 [ 155.923686][ T1124] xt_unregister_table+0x8c/0xcc [ 155.924279][ T1124] __arpt_unregister_table+0x2c/0xcc [ 155.924869][ T1124] arpt_unregister_table+0x30/0x40 [ 155.925522][ T1124] arptable_filter_net_exit+0x18/0x24 [ 155.926155][ T1124] ops_exit_list+0x44/0x80 [ 155.926744][ T1124] cleanup_net+0x23c/0x410 [ 155.927335][ T1124] process_one_work+0x1d8/0x364 [ 155.928000][ T1124] worker_thread+0x70/0x434 [ 155.928550][ T1124] kthread+0x174/0x180 [ 155.929085][ T1124] ret_from_fork+0x10/0x34 [ 155.929623][ T1124] [ 155.930004][ T1124] The buggy address belongs to the object at ffff0000068d0200 [ 155.930004][ T1124] which belongs to the cache kmalloc-128 of size 128 [ 155.931236][ T1124] The buggy address is located 72 bytes inside of [ 155.931236][ T1124] 128-byte region [ffff0000068d0200, ffff0000068d0280) [ 155.932422][ T1124] The buggy address belongs to the page: [ 155.933164][ T1124] page:0000000045416bc7 refcount:1 mapcount:0 mapping:0000000000000000 index:0xf4ff0000068d0100 pfn:0x468d0 [ 155.934385][ T1124] flags: 0x1ffc00000000200(slab|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 155.935751][ T1124] raw: 01ffc00000000200 fffffc0000182880 0000000600000006 f2ff000003001200 [ 155.936651][ T1124] raw: f4ff0000068d0100 000000008010000e 00000001ffffffff 0000000000000000 [ 155.937550][ T1124] page dumped because: kasan: bad access detected [ 155.938271][ T1124] [ 155.938715][ T1124] Memory state around the buggy address: [ 155.939565][ T1124] ffff0000068d0000: fb fb fb fb fe fe fe fe fe fe fe fe fe fe fe fe [ 155.940346][ T1124] ffff0000068d0100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 155.941115][ T1124] >ffff0000068d0200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 155.941836][ T1124] ^ [ 155.942436][ T1124] ffff0000068d0300: f8 f8 f8 f8 fe fe fe fe fe fe fe fe fe fe fe fe [ 155.943235][ T1124] ffff0000068d0400: f4 f4 f4 f4 f4 f4 f4 f4 fe fe fe fe fe fe fe fe [ 155.944045][ T1124] ================================================================== [ 155.944783][ T1124] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program [ 170.559231][ T3299] can: request_module (can-proto-0) failed. [ 170.721853][ T3299] can: request_module (can-proto-0) failed. [ 170.921993][ T3299] can: request_module (can-proto-0) failed. executing program executing program VM DIAGNOSIS: 21:02:59 Registers: info registers vcpu 0 PC=ffff8000110d1e88 X00=ffff8000110d1e80 X01=0000000000000100 X02=ffff8000126e3000 X03=ffff80006d4d3000 X04=0000000000000015 X05=00ffffffffffffff X06=0000000002b94bfe X07=7fffffffffffffff X08=000000220f904080 X09=0000000000000000 X10=ffff80001273afb8 X11=0000000000000003 X12=0000000000000008 X13=0000000000000001 X14=000000000000030f X15=000009b17c3df0ff X16=0000000041c6372c X17=00000000bd36a092 X18=0000000000000014 X19=ffff80001281e608 X20=ffff80001281e600 X21=0000000000000000 X22=0000000000000004 X23=ffff80001281e608 X24=0000000000000028 X25=ffff800010000000 X26=ffff800010004000 X27=0000000000000200 X28=f7ff00000689eac0 X29=ffff800010003e20 X30=e59780001013c080 SP=ffff800010003e20 PSTATE=404000c9 -Z-- EL2h BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=053ff85d021c892b:7f86e4ea1cb25be2 Z01=0000000052303546:39422e72656c6c61 Z02=5d02a8921f477ac7:6c4791dc8cc16d8d Z03=4010040100000000:0000000000000000 Z04=0000000000000000:0000000000000000 Z05=4010040140100401:4010040140100401 Z06=0000000055000000:0000000055000000 Z07=0000000000000000:0000000000000001 Z08=0000000000000000:0000000000000003 Z09=0000000000000000:3fe32db570927fa2 Z10=0000000000000000:3fe0000000000000 Z11=0000000000000000:08d86144d4d21a4c Z12=0000000000000000:00897fea6eb66299 Z13=0000000000000000:4bd541ab93e4ee7c Z14=0000000000000000:ac843eea67b45382 Z15=0000000000000000:a9a926415922b711 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000007d7394a Z31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff80001076930c X00=ffff800012ac5000 X01=0000000000000002 X02=0000000000000000 X03=0000000000000018 X04=f8ff00000335b880 X05=0000000000000066 X06=ffff80001294098f X07=72656c6c616b7a79 X08=672d39353834312d X09=206465746e696174 X10=732d302e32312e35 X11=752f72656b726f77 X12=20746f4e20363a34 X13=34323131203a4449 X14=6b203a6d6d6f4320 X15=0000000000000020 X16=0000000000000001 X17=0000000000000000 X18=00000000fffffffb X19=ffff8000129409e1 X20=ffff8000107692e4 X21=f8ff00000335b880 X22=ffff8000129409e7 X23=0000000000000f01 X24=000000000000006f X25=ffff80001270fe08 X26=ffff80001285cd28 X27=ffff800012940978 X28=ffff8000129407d0 X29=ffff800013e83560 X30=ffff80001076930c SP=ffff800013e83560 PSTATE=804003c9 N--- EL2h BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000000000000000:c1162e42fefa39ef Z02=5d02a8921f477ac7:6c4791dc8cc16d8d Z03=0000000040000000:0000000000000000 Z04=4010040140100401:4000000000000000 Z05=4010040140100401:4010040140100401 Z06=5555400000400000:5555400000400000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000010:0000001bd908c7a0 Z31=0000000000000000:0000000000000000