bisecting fixing commit since 7a7fd0de4a9804299793e564a555a49c1fc924cb
building syzkaller on 92ead2966b78ac6b2d6a0a464cc15c6ee6f853c6
testing commit 7a7fd0de4a9804299793e564a555a49c1fc924cb with gcc (GCC) 10.2.1 20210217
kernel signature: 74bce822fd4794bfcdf5332ddb1ac763b48e7fc50c7ac65c757919a80859e464
run #0: crashed: BUG: corrupted list in em28xx_close_extension
run #1: crashed: KASAN: use-after-free Read in em28xx_close_extension
run #2: crashed: KASAN: use-after-free Read in em28xx_init_extension
run #3: crashed: BUG: corrupted list in em28xx_close_extension
run #4: crashed: BUG: corrupted list in em28xx_close_extension
run #5: crashed: KASAN: use-after-free Read in em28xx_close_extension
run #6: crashed: KASAN: use-after-free Read in em28xx_close_extension
run #7: crashed: BUG: corrupted list in em28xx_close_extension
run #8: crashed: BUG: corrupted list in em28xx_init_extension
run #9: crashed: KASAN: use-after-free Read in em28xx_init_extension
run #10: crashed: KASAN: use-after-free Read in em28xx_init_extension
run #11: crashed: KASAN: use-after-free Read in em28xx_init_extension
run #12: crashed: KASAN: use-after-free Read in em28xx_init_extension
run #13: crashed: BUG: corrupted list in em28xx_init_extension
run #14: crashed: BUG: corrupted list in em28xx_init_extension
run #15: crashed: KASAN: use-after-free Read in em28xx_close_extension
run #16: crashed: BUG: corrupted list in em28xx_init_extension
run #17: crashed: KASAN: use-after-free Read in em28xx_init_extension
run #18: crashed: KASAN: use-after-free Read in em28xx_close_extension
run #19: crashed: BUG: corrupted list in em28xx_init_extension
testing current HEAD 17ae69aba89dbfa2139b7f8024b757ab3cc42f59
testing commit 17ae69aba89dbfa2139b7f8024b757ab3cc42f59 with gcc (GCC) 10.2.1 20210217
kernel signature: a143938a3530df46e26f163dd45d05e3dfb635bb82c8aba0791f2430ba5ba462
run #0: basic kernel testing failed: WARNING in __nf_unregister_net_hook
run #1: basic kernel testing failed: WARNING in __nf_unregister_net_hook
run #2: basic kernel testing failed: WARNING in __nf_unregister_net_hook
run #3: basic kernel testing failed: WARNING in __nf_unregister_net_hook
run #4: basic kernel testing failed: WARNING in __nf_unregister_net_hook
run #5: basic kernel testing failed: WARNING in __nf_unregister_net_hook
run #6: crashed: WARNING in __nf_unregister_net_hook
run #7: basic kernel testing failed: WARNING in __nf_unregister_net_hook
run #8: crashed: WARNING in __nf_unregister_net_hook
run #9: basic kernel testing failed: WARNING in __nf_unregister_net_hook
revisions tested: 2, total time: 21m24.701882564s (build: 14m5.940970553s, test: 6m25.480928805s)
the crash still happens on HEAD
commit msg: Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
crash: WARNING in __nf_unregister_net_hook
------------[ cut here ]------------
hook not found, pf 3 num 0
WARNING: CPU: 0 PID: 901 at net/netfilter/core.c:480 __nf_unregister_net_hook+0x17a/0x560 net/netfilter/core.c:480
Modules linked in:
CPU: 1 PID: 901 Comm: kworker/u4:5 Not tainted 5.12.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
RIP: 0010:__nf_unregister_net_hook+0x17a/0x560 net/netfilter/core.c:480
Code: 89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 a7 03 00 00 8b 53 1c 44 89 e6 48 c7 c7 00 c9 9d 89 4c 89 04 24 e8 d7 7d 62 01 <0f> 0b 4c 8b 04 24 e9 ba 00 00 00 48 89 ea 48 c1 e2 04 49 8d 7c 10
RSP: 0018:ffffc90003a2fbf0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8880226e5900 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000004 RDI: fffff52000745f70
RBP: 0000000000000001 R08: 0000000000000001 R09: ffff8880ba01fa5b
R10: ffffed1017403f4b R11: 0000000000000001 R12: 0000000000000003
R13: ffff888014a20000 R14: ffff8880226e591c R15: ffff888014a20f20
FS:  0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1d584da000 CR3: 0000000020437000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 nf_unregister_net_hook net/netfilter/core.c:502 [inline]
 nf_unregister_net_hooks+0xb1/0xf0 net/netfilter/core.c:576
 ops_pre_exit_list net/core/net_namespace.c:165 [inline]
 cleanup_net+0x3a4/0x990 net/core/net_namespace.c:583
 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275
 worker_thread+0x598/0xf80 kernel/workqueue.c:2421
 kthread+0x36f/0x450 kernel/kthread.c:313
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294