------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(!test_bit(class_idx, lock_classes_in_use))
WARNING: CPU: 0 PID: 13112 at kernel/locking/lockdep.c:5023 __lock_acquire+0x2784/0x30a4
Modules linked in:
CPU: 0 PID: 13112 Comm: syz-executor.4 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __lock_acquire+0x2784/0x30a4
lr : __lock_acquire+0x2780/0x30a4 kernel/locking/lockdep.c:5023
sp : ffff80001397b820
x29: ffff80001397b900 x28: 0000000000000001 x27: ffff000110a60028
x26: ffff000110a60a38 x25: ffff000110a60a58 x24: ffff000110a60a58
x23: 00000000000000c0 x22: 0000000000000001 x21: 0000000000000000
x20: ffff000110a60000 x19: aaaaaa00015448ea x18: ffff80000d271c40
x17: 0000000000000008 x16: 0000000000000001 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000012 x12: ffff80000d5ef920
x11: ff808000081c0d5c x10: 0000000000000000 x9 : 71df774bae895c00
x8 : 71df774bae895c00 x7 : 4e5241575f534b43 x6 : ffff80000819545c
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000100000001 x0 : 0000000000000000
Call trace:
 __lock_acquire+0x2784/0x30a4
 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
 __mutex_lock_common+0xd4/0xca8 kernel/locking/mutex.c:603
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
 tee_netdev_event+0x54/0x1a8 net/netfilter/xt_TEE.c:68
 notifier_call_chain kernel/notifier.c:87 [inline]
 raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
 call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
 call_netdevice_notifiers net/core/dev.c:1997 [inline]
 netdev_wait_allrefs_any net/core/dev.c:10250 [inline]
 netdev_run_todo+0x340/0x6f0 net/core/dev.c:10364
 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:147
 tun_detach drivers/net/tun.c:704 [inline]
 tun_chr_close+0xe8/0xfc drivers/net/tun.c:3455
 __fput+0x198/0x3dc fs/file_table.c:320
 ____fput+0x20/0x30 fs/file_table.c:353
 task_work_run+0xc4/0x14c kernel/task_work.c:177
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x26c/0xbe0 kernel/exit.c:795
 do_group_exit+0x60/0xe8 kernel/exit.c:925
 __do_sys_exit_group kernel/exit.c:936 [inline]
 __se_sys_exit_group kernel/exit.c:934 [inline]
 __wake_up_parent+0x0/0x40 kernel/exit.c:934
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 3582705
hardirqs last  enabled at (3582705): [<ffff800008102154>] __local_bh_enable_ip+0x13c/0x1a4 kernel/softirq.c:401
hardirqs last disabled at (3582703): [<ffff8000081020dc>] __local_bh_enable_ip+0xc4/0x1a4 kernel/softirq.c:378
softirqs last  enabled at (3582704): [<ffff80000b58ac34>] spin_unlock_bh include/linux/spinlock.h:394 [inline]
softirqs last  enabled at (3582704): [<ffff80000b58ac34>] rt_flush_dev+0x32c/0x374 net/ipv4/route.c:1557
softirqs last disabled at (3582702): [<ffff80000b58aa1c>] spin_lock_bh include/linux/spinlock.h:354 [inline]
softirqs last disabled at (3582702): [<ffff80000b58aa1c>] rt_flush_dev+0x114/0x374 net/ipv4/route.c:1548
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 13112 at net/ipv6/ip6_fib.c:2068 fib6_walk_continue+0x278/0x2b0 net/ipv6/ip6_fib.c:2068
Modules linked in:
CPU: 1 PID: 13112 Comm: syz-executor.4 Tainted: G        W          6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : fib6_walk_continue+0x278/0x2b0 net/ipv6/ip6_fib.c:2068
lr : fib6_walk_continue+0x278/0x2b0 net/ipv6/ip6_fib.c:2068
sp : ffff80001397b890
x29: ffff80001397b890 x28: 0000000000000000 x27: ffff0000feff3000
x26: ffff0000fd8a2510 x25: ffff0000feff3018 x24: ffff0000fd8a2510
x23: ffff0000fd8a2520 x22: ffff0000fd8a1a80 x21: ffff80000b765440
x20: 0000000000000000 x19: ffff80001397b8f8 x18: 00000000000002ca
x17: ffff80000bffd6bc x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000015 x12: ffff80000d821fb0
x11: ff8080000b77912c x10: 0000000000000000 x9 : ffff80000b77912c
x8 : ffff000110a60000 x7 : 0000000000000000 x6 : ffff80000b777988
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff000110a60000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 fib6_walk_continue+0x278/0x2b0 net/ipv6/ip6_fib.c:2068
 fib6_walk net/ipv6/ip6_fib.c:2161 [inline]
 fib6_clean_tree net/ipv6/ip6_fib.c:2241 [inline]
 __fib6_clean_all+0x16c/0x2c4 net/ipv6/ip6_fib.c:2257
 fib6_clean_all+0x3c/0x50 net/ipv6/ip6_fib.c:2268
 rt6_sync_down_dev net/ipv6/route.c:4894 [inline]
 rt6_disable_ip+0x80/0xc8 net/ipv6/route.c:4899
 addrconf_ifdown+0x90/0xc30 net/ipv6/addrconf.c:3750
 addrconf_notify+0x218/0x848
 notifier_call_chain kernel/notifier.c:87 [inline]
 raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
 call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
 call_netdevice_notifiers net/core/dev.c:1997 [inline]
 netdev_wait_allrefs_any net/core/dev.c:10250 [inline]
 netdev_run_todo+0x340/0x6f0 net/core/dev.c:10364
 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:147
 tun_detach drivers/net/tun.c:704 [inline]
 tun_chr_close+0xe8/0xfc drivers/net/tun.c:3455
 __fput+0x198/0x3dc fs/file_table.c:320
 ____fput+0x20/0x30 fs/file_table.c:353
 task_work_run+0xc4/0x14c kernel/task_work.c:177
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x26c/0xbe0 kernel/exit.c:795
 do_group_exit+0x60/0xe8 kernel/exit.c:925
 __do_sys_exit_group kernel/exit.c:936 [inline]
 __se_sys_exit_group kernel/exit.c:934 [inline]
 __wake_up_parent+0x0/0x40 kernel/exit.c:934
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 3582705
hardirqs last  enabled at (3582705): [<ffff800008102154>] __local_bh_enable_ip+0x13c/0x1a4 kernel/softirq.c:401
hardirqs last disabled at (3582703): [<ffff8000081020dc>] __local_bh_enable_ip+0xc4/0x1a4 kernel/softirq.c:378
softirqs last  enabled at (3582704): [<ffff80000b58ac34>] spin_unlock_bh include/linux/spinlock.h:394 [inline]
softirqs last  enabled at (3582704): [<ffff80000b58ac34>] rt_flush_dev+0x32c/0x374 net/ipv4/route.c:1557
softirqs last disabled at (3582702): [<ffff80000b58aa1c>] spin_lock_bh include/linux/spinlock.h:354 [inline]
softirqs last disabled at (3582702): [<ffff80000b58aa1c>] rt_flush_dev+0x114/0x374 net/ipv4/route.c:1548
---[ end trace 0000000000000000 ]---
Unable to handle kernel paging request at virtual address ffff8000747ec800
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005
  CM = 0, WnR = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001c566b000
[ffff8000747ec800] pgd=100000023ffff003, p4d=100000023ffff003, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 13112 Comm: syz-executor.4 Tainted: G        W          6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : decode_cpu kernel/locking/osq_lock.c:34 [inline]
pc : osq_lock+0x60/0x1f8 kernel/locking/osq_lock.c:111
lr : osq_lock+0x38/0x1f8 kernel/locking/osq_lock.c:94
sp : ffff80001397b980
x29: ffff80001397b980 x28: ffff80000ee2b000 x27: ffff80000cb4f733
x26: 0000000000000000 x25: 0000000000000001 x24: ffff0000fe83b078
x23: ffff80000bad09b0 x22: ffff80000d272a00 x21: ffff80000d30cf28
x20: ffff0001fefefa00 x19: ffff0000fe83b058 x18: 0000000000000136
x17: 000000000000b67e x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000006 x12: ffff80000d857160
x11: ff808000095d19c0 x10: 0000000000000000 x9 : 0000000000000002
x8 : 000000000ce9bf1b x7 : 0000000100000007 x6 : ffff80000bad09b0
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : ffff80000ce26a9f x0 : 0000000000000001
Call trace:
 decode_cpu kernel/locking/osq_lock.c:32 [inline]
 osq_lock+0x60/0x1f8 kernel/locking/osq_lock.c:111
 mutex_optimistic_spin+0x1dc/0x254 kernel/locking/mutex.c:460
 __mutex_lock_common+0x1b4/0xca8 kernel/locking/mutex.c:607
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
 phonet_device_destroy net/phonet/pn_dev.c:94 [inline]
 phonet_device_notify+0x98/0x338 net/phonet/pn_dev.c:289
 notifier_call_chain kernel/notifier.c:87 [inline]
 raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
 call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
 call_netdevice_notifiers net/core/dev.c:1997 [inline]
 netdev_wait_allrefs_any net/core/dev.c:10250 [inline]
 netdev_run_todo+0x340/0x6f0 net/core/dev.c:10364
 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:147
 tun_detach drivers/net/tun.c:704 [inline]
 tun_chr_close+0xe8/0xfc drivers/net/tun.c:3455
 __fput+0x198/0x3dc fs/file_table.c:320
 ____fput+0x20/0x30 fs/file_table.c:353
 task_work_run+0xc4/0x14c kernel/task_work.c:177
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x26c/0xbe0 kernel/exit.c:795
 do_group_exit+0x60/0xe8 kernel/exit.c:925
 __do_sys_exit_group kernel/exit.c:936 [inline]
 __se_sys_exit_group kernel/exit.c:934 [inline]
 __wake_up_parent+0x0/0x40 kernel/exit.c:934
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: d503201f d503201f 340006a8 51000508 (f868daa8) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	d503201f 	nop
   4:	d503201f 	nop
   8:	340006a8 	cbz	w8, 0xdc
   c:	51000508 	sub	w8, w8, #0x1
* 10:	f868daa8 	ldr	x8, [x21, w8, sxtw #3] <-- trapping instruction