last executing test programs:

4.986053038s ago: executing program 1 (id=265):
readv(0xffffffffffffffff, &(0x7f0000000000), 0x0)

4.97076373s ago: executing program 1 (id=270):
signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)

4.922205717s ago: executing program 1 (id=274):
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

4.917681019s ago: executing program 1 (id=279):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video1', 0x2, 0x0)

4.862432667s ago: executing program 1 (id=284):
syz_init_net_socket$rose(0xb, 0x5, 0x0)

4.83958446s ago: executing program 1 (id=289):
pause()

3.672463969s ago: executing program 2 (id=435):
msgrcv(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0)

2.578156036s ago: executing program 3 (id=557):
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)

2.578049646s ago: executing program 3 (id=559):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwbinder', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwbinder', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwbinder', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwbinder', 0x800, 0x0)

2.520375195s ago: executing program 3 (id=563):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/checkreqprot', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/checkreqprot', 0x800, 0x0)

2.446597996s ago: executing program 0 (id=571):
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$usbmon(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$usbmon(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$usbmon(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$usbmon(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$usbmon(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$usbmon(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$usbmon(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$usbmon(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$usbmon(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$usbmon(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$usbmon(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$usbmon(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$usbmon(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$usbmon(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$usbmon(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$usbmon(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$usbmon(&(0x7f0000000500), 0x4, 0x800)

2.335561903s ago: executing program 0 (id=577):
fsync(0xffffffffffffffff)

2.046026277s ago: executing program 0 (id=579):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.795997766s ago: executing program 3 (id=569):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.673415264s ago: executing program 0 (id=581):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.634290991s ago: executing program 4 (id=580):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.098019492s ago: executing program 3 (id=583):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.04883852s ago: executing program 4 (id=585):
socket$nl_crypto(0x10, 0x3, 0x15)

1.004738526s ago: executing program 4 (id=587):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttynull', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttynull', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttynull', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttynull', 0x800, 0x0)

976.056361ms ago: executing program 0 (id=584):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

949.816695ms ago: executing program 4 (id=588):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ocfs2_control', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control', 0x800, 0x0)

875.793496ms ago: executing program 4 (id=590):
fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0)

606.707408ms ago: executing program 2 (id=592):
syz_open_dev$sndpcmp(&(0x7f0000000040), 0x2, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x2, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x2, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000100), 0x2, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000140), 0xc, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000180), 0xc, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xc, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0xc, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000240), 0x16, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000280), 0x16, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x16, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x16, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000340), 0x20, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000380), 0x20, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x20, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000400), 0x20, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2a, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2a, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2a, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2a, 0x800)

606.595177ms ago: executing program 2 (id=593):
syz_open_dev$sndpcmc(&(0x7f0000000040), 0x3, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x3, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x3, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000100), 0x3, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000140), 0xd, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000180), 0xd, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xd, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000200), 0xd, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000240), 0x17, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000280), 0x17, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x17, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000300), 0x17, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000340), 0x21, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000380), 0x21, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x21, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000400), 0x21, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2b, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2b, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2b, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2b, 0x800)

598.281649ms ago: executing program 2 (id=594):
syz_open_dev$sndhw(&(0x7f0000000040), 0x4, 0x0)
syz_open_dev$sndhw(&(0x7f0000000080), 0x4, 0x1)
syz_open_dev$sndhw(&(0x7f00000000c0), 0x4, 0x2)
syz_open_dev$sndhw(&(0x7f0000000100), 0x4, 0x800)
syz_open_dev$sndhw(&(0x7f0000000140), 0xe, 0x0)
syz_open_dev$sndhw(&(0x7f0000000180), 0xe, 0x1)
syz_open_dev$sndhw(&(0x7f00000001c0), 0xe, 0x2)
syz_open_dev$sndhw(&(0x7f0000000200), 0xe, 0x800)
syz_open_dev$sndhw(&(0x7f0000000240), 0x18, 0x0)
syz_open_dev$sndhw(&(0x7f0000000280), 0x18, 0x1)
syz_open_dev$sndhw(&(0x7f00000002c0), 0x18, 0x2)
syz_open_dev$sndhw(&(0x7f0000000300), 0x18, 0x800)
syz_open_dev$sndhw(&(0x7f0000000340), 0x22, 0x0)
syz_open_dev$sndhw(&(0x7f0000000380), 0x22, 0x1)
syz_open_dev$sndhw(&(0x7f00000003c0), 0x22, 0x2)
syz_open_dev$sndhw(&(0x7f0000000400), 0x22, 0x800)
syz_open_dev$sndhw(&(0x7f0000000440), 0x2c, 0x0)
syz_open_dev$sndhw(&(0x7f0000000480), 0x2c, 0x1)
syz_open_dev$sndhw(&(0x7f00000004c0), 0x2c, 0x2)
syz_open_dev$sndhw(&(0x7f0000000500), 0x2c, 0x800)

556.746135ms ago: executing program 2 (id=595):
syz_open_dev$sndpcmc(&(0x7f0000000040), 0x4, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x4, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x4, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000100), 0x4, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000140), 0xe, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000180), 0xe, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xe, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000200), 0xe, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000240), 0x18, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000280), 0x18, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x18, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000300), 0x18, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000340), 0x22, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000380), 0x22, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x22, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000400), 0x22, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2c, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2c, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2c, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2c, 0x800)

545.870456ms ago: executing program 3 (id=586):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/socket/zygote', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/socket/zygote', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/socket/zygote', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/socket/zygote', 0x800, 0x0)

521.23122ms ago: executing program 2 (id=596):
syz_open_dev$sndpcmp(&(0x7f0000000040), 0x4, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x4, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x4, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000100), 0x4, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000140), 0xe, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000180), 0xe, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xe, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0xe, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000240), 0x18, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000280), 0x18, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x18, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x18, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000340), 0x22, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000380), 0x22, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x22, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000400), 0x22, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2c, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2c, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2c, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2c, 0x800)

500.016113ms ago: executing program 0 (id=589):
getresuid(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000))

0s ago: executing program 4 (id=591):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.141' (ED25519) to the list of known hosts.
syzkaller login: [   48.882224][ T3541] cgroup: Unknown subsys name 'net'
[   48.982537][ T3541] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.252524][ T3541] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   50.757246][ T3579] mmap: syz.2.26 (3579) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   55.376866][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.392564][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.466793][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   55.512525][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.522671][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.549311][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   55.955581][ T4166] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.964283][ T4166] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.972586][ T4166] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.980495][ T4166] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.988598][ T4166] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   55.996074][ T4166] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   56.073717][ T4153] chnl_net:caif_netlink_parms(): no params data found
[   56.431250][ T4153] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.466377][ T4153] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.505719][ T4153] device bridge_slave_0 entered promiscuous mode
[   56.537391][ T4153] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.554763][ T4153] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.563188][ T4153] device bridge_slave_1 entered promiscuous mode
[   56.686500][ T4153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.738654][ T4153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.819233][ T4153] team0: Port device team_slave_0 added
[   56.837155][ T4153] team0: Port device team_slave_1 added
[   56.900137][ T4153] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.914683][ T4153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.940633][    C0] vkms_vblank_simulate: vblank timer overrun
[   56.984791][ T4153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.026428][ T4153] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.033417][ T4153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.128090][ T4153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.281768][ T4153] device hsr_slave_0 entered promiscuous mode
[   57.331996][ T4153] device hsr_slave_1 entered promiscuous mode
[   57.597130][   T51] 
[   57.599681][   T51] =============================
[   57.604782][   T51] WARNING: suspicious RCU usage
[   57.609648][   T51] 6.1.95-syzkaller #0 Not tainted
[   57.614875][   T51] -----------------------------
[   57.619860][   T51] net/netfilter/ipset/ip_set_core.c:1202 suspicious rcu_dereference_protected() usage!
[   57.629752][   T51] 
[   57.629752][   T51] other info that might help us debug this:
[   57.629752][   T51] 
[   57.640156][   T51] 
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[   57.640156][   T51] rcu_scheduler_active = 2, debug_locks = 1
[   57.648309][   T51] 3 locks held by kworker/u4:3/51:
[   57.653565][   T51]  #0: ffff888012616938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[   57.663975][   T51]  #1: ffffc90000bc7d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[   57.674009][   T51]  #2: ffffffff8e28d9d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60
[   57.683459][   T51] 
[   57.683459][   T51] stack backtrace:
[   57.689499][   T51] CPU: 0 PID: 51 Comm: kworker/u4:3 Not tainted 6.1.95-syzkaller #0
[