------------[ cut here ]------------
hook not found, pf 3 num 0
WARNING: CPU: 1 PID: 119 at net/netfilter/core.c:480 __nf_unregister_net_hook+0xac/0x1d0 net/netfilter/core.c:480
Modules linked in:
CPU: 1 PID: 119 Comm: kworker/u4:4 Not tainted 5.12.0-syzkaller-13621-g9b1f61d5d73d #0
Hardware name: linux,dummy-virt (DT)
Workqueue: netns cleanup_net
pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)
pc : __nf_unregister_net_hook+0xac/0x1d0 net/netfilter/core.c:480
lr : __nf_unregister_net_hook+0xac/0x1d0 net/netfilter/core.c:480
sp : ffff800012d83c80
x29: ffff800012d83c80 x28: ffff80001293c508 
x27: ffff800012739810 x26: ffff8000128f3cc0 
x25: ffff8000128f3e40 x24: f4ff000009532000 
x23: fbff0000061989f0 x22: fbff000006198000 
x21: ffff8000128fbe10 x20: 0000000000000003 
x19: faff0000059f2400 x18: 00000000fffffffe 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: ffffffffffffffff 
x13: 00000000000002f8 x12: ffff800012d83950 
x11: ffff8000127f0d60 x10: ffff80001274cb60 
x9 : ffff8000127ec620 x8 : ffff80001273c620 
x7 : ffff8000127ec620 x6 : fffffffffffcbd50 
x5 : ffff00007fbd0948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : fcff000003389e80 
Call trace:
 __nf_unregister_net_hook+0xac/0x1d0 net/netfilter/core.c:480
 nf_unregister_net_hook net/netfilter/core.c:502 [inline]
 nf_unregister_net_hooks+0x88/0xac net/netfilter/core.c:576
 arpt_unregister_table_pre_exit+0x40/0x50 net/ipv4/netfilter/arp_tables.c:1565
 arptable_filter_net_pre_exit+0x20/0x2c net/ipv4/netfilter/arptable_filter.c:57
 ops_pre_exit_list net/core/net_namespace.c:165 [inline]
 cleanup_net+0x200/0x410 net/core/net_namespace.c:583
 process_one_work+0x1d8/0x364 kernel/workqueue.c:2275
 worker_thread+0x70/0x434 kernel/workqueue.c:2421
 kthread+0x174/0x180 kernel/kthread.c:313
 ret_from_fork+0x10/0x34 arch/arm64/kernel/entry.S:1006
---[ end trace dbc20d7531a1ab4e ]---
netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
device hsr_slave_0 left promiscuous mode
device hsr_slave_1 left promiscuous mode
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves
==================================================================
BUG: KASAN: invalid-access in hooks_validate+0x38/0x7c net/netfilter/core.c:174
Read at addr f5ff00000982ef48 by task kworker/u4:4/119
Pointer tag: [f5], memory tag: [fe]

CPU: 1 PID: 119 Comm: kworker/u4:4 Tainted: G        W         5.12.0-syzkaller-13621-g9b1f61d5d73d #0
Hardware name: linux,dummy-virt (DT)
Workqueue: netns cleanup_net
Call trace:
 dump_backtrace+0x0/0x1b0 arch/arm64/kernel/stacktrace.c:136
 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:215
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0xd0/0x12c lib/dump_stack.c:120
 print_address_description+0x70/0x2ac mm/kasan/report.c:233
 __kasan_report mm/kasan/report.c:419 [inline]
 kasan_report+0x134/0x380 mm/kasan/report.c:436
 report_tag_fault arch/arm64/mm/fault.c:324 [inline]
 do_tag_recovery arch/arm64/mm/fault.c:336 [inline]
 __do_kernel_fault+0x1a8/0x1dc arch/arm64/mm/fault.c:378
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_tag_check_fault+0x74/0x90 arch/arm64/mm/fault.c:745
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:821
 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:171
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:263
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:719
 hooks_validate+0x38/0x7c net/netfilter/core.c:174
 __nf_unregister_net_hook+0x114/0x1d0 net/netfilter/core.c:483
 nf_unregister_net_hook+0x64/0x74 net/netfilter/core.c:502
 clusterip_net_exit+0x60/0x7c net/ipv4/netfilter/ipt_CLUSTERIP.c:853
 ops_exit_list+0x44/0x80 net/core/net_namespace.c:175
 cleanup_net+0x23c/0x410 net/core/net_namespace.c:595
 process_one_work+0x1d8/0x364 kernel/workqueue.c:2275
 worker_thread+0x70/0x434 kernel/workqueue.c:2421
 kthread+0x174/0x180 kernel/kthread.c:313
 ret_from_fork+0x10/0x34 arch/arm64/kernel/entry.S:1006

Allocated by task 3300:
 kasan_save_stack+0x28/0x5c mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:428 [inline]
 ____kasan_kmalloc mm/kasan/common.c:507 [inline]
 ____kasan_kmalloc mm/kasan/common.c:466 [inline]
 __kasan_kmalloc+0xc8/0x100 mm/kasan/common.c:516
 kasan_kmalloc include/linux/kasan.h:246 [inline]
 kmem_cache_alloc_trace include/linux/slab.h:454 [inline]
 kmalloc include/linux/slab.h:556 [inline]
 kzalloc include/linux/slab.h:686 [inline]
 allocate_cgrp_cset_links+0x98/0x100 kernel/cgroup/cgroup.c:1119
 find_css_set+0x210/0x640 kernel/cgroup/cgroup.c:1197
 cgroup_migrate_prepare_dst+0x5c/0x234 kernel/cgroup/cgroup.c:2641
 cgroup_attach_task+0xbc/0x11c kernel/cgroup/cgroup.c:2747
 __cgroup1_procs_write.constprop.0+0x128/0x170 kernel/cgroup/cgroup-v1.c:519
 cgroup1_procs_write+0x14/0x20 kernel/cgroup/cgroup-v1.c:532
 cgroup_file_write+0x94/0x1a0 kernel/cgroup/cgroup.c:3711
 kernfs_fop_write_iter+0x128/0x1c0 fs/kernfs/file.c:296
 call_write_iter include/linux/fs.h:2116 [inline]
 new_sync_write+0xe8/0x184 fs/read_write.c:518
 vfs_write+0x244/0x2a4 fs/read_write.c:605
 ksys_write+0x68/0xf4 fs/read_write.c:658
 __do_sys_write fs/read_write.c:670 [inline]
 __se_sys_write fs/read_write.c:667 [inline]
 __arm64_sys_write+0x20/0x2c fs/read_write.c:667
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0x44/0xd0 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:184
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x1a8/0x1c0 arch/arm64/kernel/entry.S:743

Freed by task 119:
 kasan_save_stack+0x28/0x5c mm/kasan/common.c:38
 kasan_set_track+0x28/0x40 mm/kasan/common.c:46
 kasan_set_free_info+0x20/0x30 mm/kasan/hw_tags.c:226
 ____kasan_slab_free.constprop.0+0x1dc/0x254 mm/kasan/common.c:360
 __kasan_slab_free+0x10/0x1c mm/kasan/common.c:368
 kasan_slab_free include/linux/kasan.h:212 [inline]
 slab_free_hook mm/slub.c:1581 [inline]
 slab_free_freelist_hook+0xc0/0x220 mm/slub.c:1606
 slab_free mm/slub.c:3166 [inline]
 kfree+0x350/0x4c4 mm/slub.c:4225
 xt_unregister_table+0x8c/0xcc net/netfilter/x_tables.c:1501
 __arpt_unregister_table+0x2c/0xcc net/ipv4/netfilter/arp_tables.c:1488
 arpt_unregister_table+0x30/0x40 net/ipv4/netfilter/arp_tables.c:1574
 arptable_filter_net_exit+0x18/0x24 net/ipv4/netfilter/arptable_filter.c:62
 ops_exit_list+0x44/0x80 net/core/net_namespace.c:175
 cleanup_net+0x23c/0x410 net/core/net_namespace.c:595
 process_one_work+0x1d8/0x364 kernel/workqueue.c:2275
 worker_thread+0x70/0x434 kernel/workqueue.c:2421
 kthread+0x174/0x180 kernel/kthread.c:313
 ret_from_fork+0x10/0x34 arch/arm64/kernel/entry.S:1006

The buggy address belongs to the object at ffff00000982ef00
 which belongs to the cache kmalloc-128 of size 128
The buggy address is located 72 bytes inside of
 128-byte region [ffff00000982ef00, ffff00000982ef80)
The buggy address belongs to the page:
page:000000000580f6fe refcount:1 mapcount:0 mapping:0000000000000000 index:0xfaff00000982ee00 pfn:0x4982e
flags: 0x1ffc00000000200(slab|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0)
raw: 01ffc00000000200 fffffc000017da08 fffffc0000254a08 f8ff000003001200
raw: faff00000982ee00 000000000010000e 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff00000982ed00: f7 f7 f7 f7 f7 f7 f7 f7 fe fe fe fe fe fe fe fe
 ffff00000982ee00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
>ffff00000982ef00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
                               ^
 ffff00000982f000: fc fc fc fc fc fc fc fc fe f1 f1 f1 f1 f1 f1 f1
 ffff00000982f100: f1 fe f2 f2 f2 f2 f2 f2 f2 f2 fe f6 f6 f6 f6 f6
==================================================================