device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode ------------[ cut here ]------------ DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 1 PID: 6652 at kernel/locking/lockdep.c:203 hlock_class kernel/locking/lockdep.c:203 [inline] WARNING: CPU: 1 PID: 6652 at kernel/locking/lockdep.c:203 hlock_class kernel/locking/lockdep.c:192 [inline] WARNING: CPU: 1 PID: 6652 at kernel/locking/lockdep.c:203 check_wait_context kernel/locking/lockdep.c:4688 [inline] WARNING: CPU: 1 PID: 6652 at kernel/locking/lockdep.c:203 __lock_acquire+0xb7c/0x2d84 kernel/locking/lockdep.c:4965 Modules linked in: CPU: 1 PID: 6652 Comm: kworker/u4:6 Not tainted 5.15.0-rc1-syzkaller-00001-g64a19591a293 #0 Hardware name: riscv-virtio,qemu (DT) Workqueue: netns cleanup_net epc : hlock_class kernel/locking/lockdep.c:203 [inline] epc : hlock_class kernel/locking/lockdep.c:192 [inline] epc : check_wait_context kernel/locking/lockdep.c:4688 [inline] epc : __lock_acquire+0xb7c/0x2d84 kernel/locking/lockdep.c:4965 ra : hlock_class kernel/locking/lockdep.c:203 [inline] ra : hlock_class kernel/locking/lockdep.c:192 [inline] ra : check_wait_context kernel/locking/lockdep.c:4688 [inline] ra : __lock_acquire+0xb7c/0x2d84 kernel/locking/lockdep.c:4965 epc : ffffffff800d80cc ra : ffffffff800d80cc sp : ffffffe0229bf6b0 gp : ffffffff83f9a558 tp : ffffffe007f72f80 t0 : ffffffff83c62b60 t1 : ffffffc40b5bc914 t2 : 0000000000000000 s0 : ffffffe0229bf790 s1 : 0000000000001fff a0 : 0000000000000016 a1 : 00000000000f0000 a2 : 0000000000000002 a3 : ffffffff800e5d66 a4 : e57e64d13ac0ca00 a5 : e57e64d13ac0ca00 a6 : 0000000000f00000 a7 : ffffffe05ade48a3 s2 : 0000000084a4319d s3 : ffffffff83fb07c0 s4 : 0000000000000000 s5 : ffffffe007f73928 s6 : ffffffff83fb0590 s7 : ffffffe007f739d0 s8 : ffffffe007f72f80 s9 : 0000000000000994 s10: 0000000000001000 s11: 000000000004119d t3 : 000000002d2d2d2d t4 : ffffffc40b5bc914 t5 : ffffffc40b5bc915 t6 : ffffffe0229bf3b8 status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [] hlock_class kernel/locking/lockdep.c:203 [inline] [] hlock_class kernel/locking/lockdep.c:192 [inline] [] check_wait_context kernel/locking/lockdep.c:4688 [inline] [] __lock_acquire+0xb7c/0x2d84 kernel/locking/lockdep.c:4965 [] lock_acquire.part.0+0x15a/0x37c kernel/locking/lockdep.c:5625 [] lock_acquire+0x44/0x5a kernel/locking/lockdep.c:5598 [] kernfs_drain fs/kernfs/dir.c:470 [inline] [] __kernfs_remove+0x686/0x730 fs/kernfs/dir.c:1339 [] kernfs_remove_by_name_ns+0x52/0xb8 fs/kernfs/dir.c:1532 [] kernfs_remove_by_name include/linux/kernfs.h:598 [inline] [] remove_files+0x66/0xf8 fs/sysfs/group.c:28 [] sysfs_remove_group+0x64/0xee fs/sysfs/group.c:289 [] sysfs_remove_groups fs/sysfs/group.c:313 [inline] [] sysfs_remove_groups+0x50/0x78 fs/sysfs/group.c:305 [] device_remove_groups drivers/base/core.c:2445 [inline] [] device_remove_attrs+0xf4/0x10a drivers/base/core.c:2651 [] device_del+0x2d4/0x6ce drivers/base/core.c:3545 [] netdev_unregister_kobject+0xf4/0x104 net/core/net-sysfs.c:1921 [] unregister_netdevice_many+0x9b8/0xec0 net/core/dev.c:11066 [] default_device_exit_batch+0x228/0x258 net/core/dev.c:11569 [] ops_exit_list+0xb2/0xcc net/core/net_namespace.c:171 [] cleanup_net+0x3ca/0x6b2 net/core/net_namespace.c:591 [] process_one_work+0x5e4/0xf5c kernel/workqueue.c:2297 [] worker_thread+0x356/0x8e6 kernel/workqueue.c:2444 [] kthread+0x25c/0x2c6 kernel/kthread.c:319 [] ret_from_exception+0x0/0x14 irq event stamp: 305553 hardirqs last enabled at (305553): [] kasan_quarantine_put+0x194/0x1f6 mm/kasan/quarantine.c:220 hardirqs last disabled at (305552): [] kasan_quarantine_put+0xa4/0x1f6 mm/kasan/quarantine.c:193 softirqs last enabled at (305512): [] softirq_handle_end kernel/softirq.c:401 [inline] softirqs last enabled at (305512): [] __do_softirq+0x5f8/0x8dc kernel/softirq.c:587 softirqs last disabled at (305505): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (305505): [] invoke_softirq kernel/softirq.c:439 [inline] softirqs last disabled at (305505): [] __irq_exit_rcu+0x142/0x1f8 kernel/softirq.c:636 ---[ end trace ffa6dadad644eee5 ]--- ================================================================== BUG: KASAN: null-ptr-deref in check_wait_context kernel/locking/lockdep.c:4688 [inline] BUG: KASAN: null-ptr-deref in __lock_acquire+0x2b8/0x2d84 kernel/locking/lockdep.c:4965 Read of size 1 at addr 00000000000000b8 by task kworker/u4:6/6652 CPU: 1 PID: 6652 Comm: kworker/u4:6 Tainted: G W 5.15.0-rc1-syzkaller-00001-g64a19591a293 #0 Hardware name: riscv-virtio,qemu (DT) Workqueue: netns cleanup_net Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:112 ================================================================== Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8 Oops [#1] Modules linked in: CPU: 1 PID: 6652 Comm: kworker/u4:6 Tainted: G B W 5.15.0-rc1-syzkaller-00001-g64a19591a293 #0 Hardware name: riscv-virtio,qemu (DT) Workqueue: netns cleanup_net epc : check_wait_context kernel/locking/lockdep.c:4688 [inline] epc : __lock_acquire+0x2bc/0x2d84 kernel/locking/lockdep.c:4965 ra : check_wait_context kernel/locking/lockdep.c:4688 [inline] ra : __lock_acquire+0x2b8/0x2d84 kernel/locking/lockdep.c:4965 epc : ffffffff800d780c ra : ffffffff800d7808 sp : ffffffe0229bf6b0 gp : ffffffff83f9a558 tp : ffffffe007f72f80 t0 : ffffffff852b6bd7 t1 : ffffffc7f07f366c t2 : 0000000000000000 s0 : ffffffe0229bf790 s1 : 0000000000000000 a0 : ffffffe007f739f0 a1 : 0000000000000007 a2 : 1ffffffc00fee5f0 a3 : ffffffff82be4084 a4 : 0000000000000000 a5 : ffffffe007f73f80 a6 : 0000000000f00000 a7 : ffffffff83f9b363 s2 : 0000000084a4319d s3 : ffffffff83fb07c0 s4 : 0000000000000000 s5 : ffffffe007f73928 s6 : ffffffff83fb0590 s7 : ffffffe007f739d0 s8 : ffffffe007f72f80 s9 : 0000000000000994 s10: 0000000000001000 s11: 000000000004119d t3 : 000000000000003d t4 : ffffffc7f07f366c t5 : ffffffc7f07f366d t6 : ffffffe0229bf328 status: 0000000000000100 badaddr: 00000000000000b8 cause: 000000000000000d [] hlock_class kernel/locking/lockdep.c:194 [inline] [] check_wait_context kernel/locking/lockdep.c:4689 [inline] [] __lock_acquire+0x2bc/0x2d84 kernel/locking/lockdep.c:4965 [] lock_acquire.part.0+0x15a/0x37c kernel/locking/lockdep.c:5625 [] lock_acquire+0x44/0x5a kernel/locking/lockdep.c:5598 [] kernfs_drain fs/kernfs/dir.c:470 [inline] [] __kernfs_remove+0x686/0x730 fs/kernfs/dir.c:1339 [] kernfs_remove_by_name_ns+0x52/0xb8 fs/kernfs/dir.c:1532 [] kernfs_remove_by_name include/linux/kernfs.h:598 [inline] [] remove_files+0x66/0xf8 fs/sysfs/group.c:28 [] sysfs_remove_group+0x64/0xee fs/sysfs/group.c:289 [] sysfs_remove_groups fs/sysfs/group.c:313 [inline] [] sysfs_remove_groups+0x50/0x78 fs/sysfs/group.c:305 [] device_remove_groups drivers/base/core.c:2445 [inline] [] device_remove_attrs+0xf4/0x10a drivers/base/core.c:2651 [] device_del+0x2d4/0x6ce drivers/base/core.c:3545 [] netdev_unregister_kobject+0xf4/0x104 net/core/net-sysfs.c:1921 [] unregister_netdevice_many+0x9b8/0xec0 net/core/dev.c:11066 [] default_device_exit_batch+0x228/0x258 net/core/dev.c:11569 [] ops_exit_list+0xb2/0xcc net/core/net_namespace.c:171 [] cleanup_net+0x3ca/0x6b2 net/core/net_namespace.c:591 [] process_one_work+0x5e4/0xf5c kernel/workqueue.c:2297 [] worker_thread+0x356/0x8e6 kernel/workqueue.c:2444 [] kthread+0x25c/0x2c6 kernel/kthread.c:319 [] ret_from_exception+0x0/0x14 ---[ end trace ffa6dadad644eee6 ]---