last executing test programs:
2.231696175s ago: executing program 0:
gettid()
2.206063439s ago: executing program 3:
ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000))
2.193192831s ago: executing program 1:
sendmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0)
2.184582972s ago: executing program 2:
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x0)
2.181900122s ago: executing program 4:
socket(0x1e, 0x2, 0x0)
2.178904173s ago: executing program 0:
perf_event_open(&(0x7f0000000000), 0x0, 0x0, 0xffffffffffffffff, 0x0)
2.161337786s ago: executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0)
2.155729737s ago: executing program 4:
close(0xffffffffffffffff)
2.150718507s ago: executing program 1:
getpid()
2.146650128s ago: executing program 2:
unlink(&(0x7f0000000000))
2.144817759s ago: executing program 0:
clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000))
exit(0x0)
2.13145353s ago: executing program 1:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cmdline', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cmdline', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cmdline', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cmdline', 0x800, 0x0)
1.696673838s ago: executing program 4:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
1.577402326s ago: executing program 3:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
1.203822333s ago: executing program 1:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
1.15989094s ago: executing program 2:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
1.129018925s ago: executing program 4:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
1.126896775s ago: executing program 3:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
857.345877ms ago: executing program 4:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
220.011395ms ago: executing program 3:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
142.148298ms ago: executing program 1:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
141.539108ms ago: executing program 4:
socket$kcm(0x29, 0x2, 0x0)
0s ago: executing program 2:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts.
2024/06/21 16:23:34 fuzzer started
2024/06/21 16:23:34 dialing manager at 10.128.0.163:30025
[ 55.785274][ T3547] cgroup: Unknown subsys name 'net'
[ 55.991061][ T3547] cgroup: Unknown subsys name 'rlimit'
2024/06/21 16:23:36 starting 5 executor processes
[ 57.092137][ T3571] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 58.207149][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 58.242561][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 58.251478][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 58.318336][ T3612] chnl_net:caif_netlink_parms(): no params data found
[ 58.377419][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 58.390538][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 58.419595][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 58.545027][ T3612] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.553023][ T3612] bridge0: port 1(bridge_slave_0) entered disabled state
[ 58.561721][ T3612] device bridge_slave_0 entered promiscuous mode
[ 58.591770][ T3612] bridge0: port 2(bridge_slave_1) entered blocking state
[ 58.612345][ T3612] bridge0: port 2(bridge_slave_1) entered disabled state
[ 58.624976][ T3612] device bridge_slave_1 entered promiscuous mode
[ 58.845543][ T3612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 58.885157][ T3612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 58.936537][ T3648] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 58.961869][ T3648] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 58.969967][ T3648] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 58.978179][ T3648] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 58.986111][ T3648] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 58.993823][ T3648] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 59.028705][ T3612] team0: Port device team_slave_0 added
[ 59.094506][ T3612] team0: Port device team_slave_1 added
[ 59.214148][ T3612] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 59.221756][ T3612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.256726][ T3612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 59.301678][ T3612] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 59.322187][ T3612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.351807][ T3612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 59.484278][ T3612] device hsr_slave_0 entered promiscuous mode
[ 59.503224][ T3612] device hsr_slave_1 entered promiscuous mode
[ 59.798286][ T3612] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 59.809981][ T3612] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 59.823248][ T3612] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 59.834933][ T3612] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 59.928309][ T3612] 8021q: adding VLAN 0 to HW filter on device bond0
[ 59.945390][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 59.954957][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 59.969111][ T3612] 8021q: adding VLAN 0 to HW filter on device team0
[ 59.984836][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 59.996108][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 60.005709][ T14] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.013231][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 60.034656][ T3661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 60.044669][ T3661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 60.054255][ T3661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 60.065108][ T3661] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.072646][ T3661] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 60.080867][ T3661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 60.091410][ T3661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 60.123224][ T3662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 60.133919][ T3662] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 60.143311][ T3662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 60.153469][ T3662] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 60.162789][ T3662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 60.171415][ T3662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 60.182000][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 60.196359][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 60.203688][ T46]
[ 60.206429][ T46] =============================
[ 60.211292][ T46] WARNING: suspicious RCU usage
[ 60.216445][ T46] 6.1.95-syzkaller #0 Not tainted
[ 60.221491][ T46] -----------------------------
[ 60.226711][ T46] net/netfilter/ipset/ip_set_core.c:1202 suspicious rcu_dereference_protected() usage!
[ 60.236422][ T46]
[ 60.236422][ T46] other info that might help us debug this:
[ 60.236422][ T46]
[ 60.247621][ T46]
[ 60.247621][ T46] rcu_scheduler_active = 2, debug_locks = 1
[ 60.256700][ T46] 3 locks held by kworker/u4:3/46:
[ 60.261940][ T46] #0: ffff888012616938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[ 60.272844][ T46] #1: ffffc90000b77d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
2024/06/21 16:23:39 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[ 60.283490][ T46] #2: ffffffff8e28d9d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60
[ 60.293941][ T46]
[ 60.293941][ T46] stack backtrace:
[ 60.299962][ T46] CPU: 1 PID: 46 Comm: kworker/u4:3 Not tainted 6.1.95-syzkaller #0
[ 60.308231][ T46] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 60.318557][ T46] Workqueue: netns cleanup_net
[ 60.323604][ T46] Call Trace:
[ 60.326960][ T46]
[ 60.330058][ T46] dump_stack_lvl+0x1e3/0x2cb
[ 60.334794][ T46] ? nf_tcp_handle_invalid+0x642/0x642
[ 60.340437][ T46] ? panic+0x764/0x764
[ 60.344516][ T46] lockdep_rcu_suspicious+0x21c/0x330
[ 60.350060][ T46] _destroy_all_sets+0x22c/0x5e0
[ 60.355090][ T46] ip_set_net_exit+0x1c/0x50
[ 60.359677][ T46] cleanup_net+0x6ce/0xb60
[ 60.364283][ T46] ? ops_free_list+0x3b0/0x3b0
[ 60.369132][ T46] ? process_one_work+0x7a9/0x11d0
[ 60.374408][ T46] process_one_work+0x8a9/0x11d0
[ 60.379375][ T46] ? worker_detach_from_pool+0x260/0x260
[ 60.385441][ T46] ? _raw_spin_lock_irqsave+0x120/0x120
[ 60.390980][ T46] ? kthread_data+0x4e/0xc0
[ 60.395848][ T46] ? wq_worker_running+0x97/0x190
[ 60.401218][ T46] worker_thread+0xa47/0x1200
[ 60.406194][ T46] ? _raw_spin_unlock+0x40/0x40
[ 60.411046][ T46] kthread+0x28d/0x320
[ 60.415370][ T46] ? worker_clr_flags+0x190/0x190
[ 60.420386][ T46] ? kthread_blkcg+0xd0/0xd0
[ 60.425051][ T46] ret_from_fork+0x1f/0x30
[ 60.429829][ T46]
[ 60.439326][ T3612] syz-executor.0 (3612) used greatest stack depth: 19544 bytes left
[ 60.469377][ T46]
[ 60.471851][ T46] =============================
[ 60.477251][ T46] WARNING: suspicious RCU usage
[ 60.482361][ T46] 6.1.95-syzkaller #0 Not tainted
[ 60.487410][ T46] -----------------------------
[ 60.492313][ T46] net/netfilter/ipset/ip_set_core.c:1213 suspicious rcu_dereference_protected() usage!
[ 60.502529][ T46]
[ 60.502529][ T46] other info that might help us debug this:
[ 60.502529][ T46]
[ 60.512931][ T46]
[ 60.512931][ T46] rcu_scheduler_active = 2, debug_locks = 1
[ 60.521108][ T46] 3 locks held by kworker/u4:3/46:
[ 60.526706][ T46] #0: ffff888012616938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[ 60.537181][ T46] #1: ffffc90000b77d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[ 60.547403][ T46] #2: ffffffff8e28d9d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60
[ 60.557602][ T46]
[ 60.557602][ T46] stack backtrace:
[ 60.563753][ T46] CPU: 0 PID: 46 Comm: kworker/u4:3 Not tainted 6.1.95-syzkaller #0
[ 60.572215][ T46] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 60.582711][ T46] Workqueue: netns cleanup_net
[ 60.587704][ T46] Call Trace:
[ 60.591264][ T46]
[ 60.594295][ T46] dump_stack_lvl+0x1e3/0x2cb
[ 60.599126][ T46] ? nf_tcp_handle_invalid+0x642/0x642
[ 60.604692][ T46] ? panic+0x764/0x764
[ 60.608939][ T46] lockdep_rcu_suspicious+0x21c/0x330
[ 60.614470][ T46] _destroy_all_sets+0x533/0x5e0
[ 60.619707][ T46] ip_set_net_exit+0x1c/0x50
[ 60.624516][ T46] cleanup_net+0x6ce/0xb60
[ 60.629323][ T46] ? ops_free_list+0x3b0/0x3b0
[ 60.634482][ T46] ? process_one_work+0x7a9/0x11d0
[ 60.639960][ T46] process_one_work+0x8a9/0x11d0
[ 60.645601][ T46] ? worker_detach_from_pool+0x260/0x260
[ 60.651519][ T46] ? _raw_spin_lock_irqsave+0x120/0x120
[ 60.657251][ T46] ? kthread_data+0x4e/0xc0
[ 60.661957][ T46] ? wq_worker_running+0x97/0x190
[ 60.669271][ T46] worker_thread+0xa47/0x1200
[ 60.674092][ T46] ? _raw_spin_unlock+0x40/0x40
[ 60.679170][ T46] kthread+0x28d/0x320
[ 60.683273][ T46] ? worker_clr_flags+0x190/0x190
[ 60.688445][ T46] ? k