last executing test programs: 900.683359ms ago: executing program 3: write(0xffffffffffffffff, &(0x7f0000000000), 0x0) 826.390175ms ago: executing program 3: cachestat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 774.574743ms ago: executing program 3: socket$isdn_base(0x22, 0x3, 0x0) 737.135417ms ago: executing program 3: brk(0x0) 699.72923ms ago: executing program 3: msgsnd(0x0, &(0x7f0000000000), 0x0, 0x0) 279.929225ms ago: executing program 1: chroot(&(0x7f0000000000)) 242.358989ms ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/trusty-ipc-dev0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/trusty-ipc-dev0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/trusty-ipc-dev0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/trusty-ipc-dev0', 0x800, 0x0) 207.671871ms ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid', 0x800, 0x0) 202.786585ms ago: executing program 2: timer_create(0x0, &(0x7f0000000000), &(0x7f0000000000)) 197.880464ms ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs', 0x800, 0x0) 181.071987ms ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/attach', 0x1, 0x0) 170.66971ms ago: executing program 4: recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 161.561856ms ago: executing program 0: timerfd_create(0x0, 0x0) 161.042499ms ago: executing program 1: lsm_list_modules(&(0x7f0000000000), &(0x7f0000000000), 0x0) 153.177561ms ago: executing program 2: accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) 138.22827ms ago: executing program 0: process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 136.21006ms ago: executing program 4: syz_open_dev$sndhw(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x28, 0x800) 130.356822ms ago: executing program 2: migrate_pages(0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 126.135284ms ago: executing program 1: fsetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 114.667627ms ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/xen/evtchn', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/xen/evtchn', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/xen/evtchn', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/xen/evtchn', 0x800, 0x0) 109.305937ms ago: executing program 2: syz_open_dev$vcsu(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vcsu(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vcsu(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vcsu(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vcsu(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vcsu(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vcsu(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vcsu(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vcsu(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vcsu(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vcsu(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vcsu(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vcsu(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vcsu(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vcsu(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vcsu(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vcsu(&(0x7f0000000500), 0x4, 0x800) 95.689154ms ago: executing program 0: ppoll(&(0x7f0000000000), 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 77.210407ms ago: executing program 2: getpeername(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 77.001423ms ago: executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/raw-gadget', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/raw-gadget', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/raw-gadget', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/raw-gadget', 0x800, 0x0) 75.258148ms ago: executing program 4: ioperm(0x0, 0x0, 0x0) 75.009177ms ago: executing program 0: syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x28, 0x800) 55.215727ms ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp', 0x800, 0x0) 32.96165ms ago: executing program 4: socket(0x10, 0x3, 0x10) 6.447645ms ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom', 0x800, 0x0) 0s ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats', 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.24' (ED25519) to the list of known hosts. 2024/06/18 06:04:00 fuzzer started 2024/06/18 06:04:00 dialing manager at 10.128.0.169:30001 [ 56.497820][ T5089] cgroup: Unknown subsys name 'net' [ 56.692050][ T5089] cgroup: Unknown subsys name 'rlimit' 2024/06/18 06:04:02 starting 5 executor processes [ 57.832805][ T5099] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 59.250404][ T62] [ 59.252993][ T62] ============================= [ 59.257865][ T62] WARNING: suspicious RCU usage [ 59.262931][ T62] 6.10.0-rc4-syzkaller-00033-g14d7c92f8df9 #0 Not tainted [ 59.270601][ T62] ----------------------------- [ 59.275610][ T62] net/netfilter/ipset/ip_set_core.c:1200 suspicious rcu_dereference_protected() usage! [ 59.285307][ T62] [ 59.285307][ T62] other info that might help us debug this: [ 59.285307][ T62] [ 59.296339][ T62] [ 59.296339][ T62] rcu_scheduler_active = 2, debug_locks = 1 [ 59.305121][ T62] 3 locks held by kworker/u8:4/62: [ 59.310276][ T62] #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 59.321673][ T62] #1: ffffc900015d7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 59.332792][ T62] #2: ffffffff8f5db750 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 59.342407][ T62] [ 59.342407][ T62] stack backtrace: 2024/06/18 06:04:03 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 59.348348][ T62] CPU: 1 PID: 62 Comm: kworker/u8:4 Not tainted 6.10.0-rc4-syzkaller-00033-g14d7c92f8df9 #0 [ 59.358617][ T62] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 59.368703][ T62] Workqueue: netns cleanup_net [ 59.373616][ T62] Call Trace: [ 59.377079][ T62] [ 59.380017][ T62] dump_stack_lvl+0x241/0x360 [ 59.384731][ T62] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.389946][ T62] ? __pfx__printk+0x10/0x10 [ 59.394549][ T62] lockdep_rcu_suspicious+0x221/0x340 [ 59.399919][ T62] _destroy_all_sets+0x232/0x5f0 [ 59.404866][ T62] ip_set_net_exit+0x20/0x50 [ 59.409625][ T62] cleanup_net+0x802/0xcc0 [ 59.414046][ T62] ? __pfx_cleanup_net+0x10/0x10 [ 59.419030][ T62] ? process_scheduled_works+0x945/0x1830 [ 59.424846][ T62] process_scheduled_works+0xa2c/0x1830 [ 59.430533][ T62] ? __pfx_process_scheduled_works+0x10/0x10 [ 59.436615][ T62] ? assign_work+0x364/0x3d0 [ 59.441206][ T62] worker_thread+0x86d/0xd70 [ 59.445834][ T62] ? __kthread_parkme+0x169/0x1d0 [ 59.450881][ T62] ? __pfx_worker_thread+0x10/0x10 [ 59.455988][ T62] kthread+0x2f0/0x390 [ 59.460055][ T62] ? __pfx_worker_thread+0x10/0x10 [ 59.465168][ T62] ? __pfx_kthread+0x10/0x10 [ 59.469779][ T62] ret_from_fork+0x4b/0x80 [ 59.474203][ T62] ? __pfx_kthread+0x10/0x10 [ 59.478786][ T62] ret_from_fork_asm+0x1a/0x30 [ 59.483558][ T62]