last executing test programs: 814.801515ms ago: executing program 3: write(0xffffffffffffffff, &(0x7f0000000000), 0x0) 806.807418ms ago: executing program 3: io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) 789.946569ms ago: executing program 3: getpeername(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 769.736587ms ago: executing program 3: signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 750.306203ms ago: executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock', 0x800, 0x0) 441.61102ms ago: executing program 1: sendto(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 385.407726ms ago: executing program 1: timer_settime(0x0, 0x0, &(0x7f0000000000), 0x0) 339.24307ms ago: executing program 1: socket$inet6_sctp(0xa, 0x1, 0x84) 312.391556ms ago: executing program 1: timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 289.511761ms ago: executing program 1: personality(0x0) 266.567599ms ago: executing program 1: munlock(0x0, 0x0) 197.123107ms ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cmdline', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cmdline', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cmdline', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cmdline', 0x800, 0x0) 184.705298ms ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec', 0x2, 0x0) 170.11344ms ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/load', 0x2, 0x0) 167.636802ms ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/attach', 0x1, 0x0) 156.115034ms ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill', 0x800, 0x0) 139.743615ms ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/sync/info', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/sync/info', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/sync/info', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/sync/info', 0x800, 0x0) 130.885484ms ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse', 0x800, 0x0) 124.141882ms ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/cipso', 0x2, 0x0) 109.10406ms ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nmem0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nmem0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nmem0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nmem0', 0x800, 0x0) 108.771719ms ago: executing program 2: msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) 91.400562ms ago: executing program 0: getrusage(0x0, &(0x7f0000000000)) 82.712628ms ago: executing program 4: truncate(&(0x7f0000000000), 0x0) 62.473551ms ago: executing program 2: sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 56.457077ms ago: executing program 0: syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x800) 52.23615ms ago: executing program 4: close(0xffffffffffffffff) 45.689373ms ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio', 0x800, 0x0) 1.535562ms ago: executing program 0: futex_waitv(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), 0x0) 0s ago: executing program 4: setxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts. 2024/06/17 00:17:39 fuzzer started 2024/06/17 00:17:39 dialing manager at 10.128.0.169:30021 [ 55.367217][ T5092] cgroup: Unknown subsys name 'net' [ 55.672586][ T5092] cgroup: Unknown subsys name 'rlimit' 2024/06/17 00:17:41 starting 5 executor processes [ 56.791691][ T5112] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.192199][ T51] [ 58.194743][ T51] ============================= [ 58.200014][ T51] WARNING: suspicious RCU usage [ 58.204883][ T51] 6.10.0-rc3-syzkaller-00255-g6456c4256d1c #0 Not tainted [ 58.212173][ T51] ----------------------------- [ 58.217090][ T51] net/netfilter/ipset/ip_set_core.c:1200 suspicious rcu_dereference_protected() usage! [ 58.227069][ T51] [ 58.227069][ T51] other info that might help us debug this: [ 58.227069][ T51] [ 58.238254][ T51] [ 58.238254][ T51] rcu_scheduler_active = 2, debug_locks = 1 [ 58.246934][ T51] 3 locks held by kworker/u8:3/51: [ 58.252335][ T51] #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 58.263417][ T51] #1: ffffc90000bb7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 58.274083][ T51] #2: ffffffff8f5dba90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 58.283880][ T51] [ 58.283880][ T51] stack backtrace: [ 58.290455][ T51] CPU: 0 PID: 51 Comm: kworker/u8:3 Not tainted 6.10.0-rc3-syzkaller-00255-g6456c4256d1c #0 [ 58.300827][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 58.310904][ T51] Workqueue: netns cleanup_net [ 58.315720][ T51] Call Trace: [ 58.319033][ T51] [ 58.322087][ T51] dump_stack_lvl+0x241/0x360 [ 58.326795][ T51] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.332029][ T51] ? __pfx__printk+0x10/0x10 [ 58.336914][ T51] lockdep_rcu_suspicious+0x221/0x340 [ 58.342577][ T51] _destroy_all_sets+0x232/0x5f0 [ 58.347650][ T51] ip_set_net_exit+0x20/0x50 [ 58.352270][ T51] cleanup_net+0x802/0xcc0 [ 58.356727][ T51] ? __pfx_cleanup_net+0x10/0x10 [ 58.361712][ T51] ? process_scheduled_works+0x945/0x1830 [ 58.367487][ T51] process_scheduled_works+0xa2c/0x1830 [ 58.373087][ T51] ? __pfx_process_scheduled_works+0x10/0x10 [ 58.379191][ T51] ? assign_work+0x364/0x3d0 [ 58.383824][ T51] worker_thread+0x86d/0xd70 2024/06/17 00:17:42 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 58.388475][ T51] ? __kthread_parkme+0x169/0x1d0 [ 58.393551][ T51] ? __pfx_worker_thread+0x10/0x10 [ 58.398702][ T51] kthread+0x2f0/0x390 [ 58.402814][ T51] ? __pfx_worker_thread+0x10/0x10 [ 58.407951][ T51] ? __pfx_kthread+0x10/0x10 [ 58.412575][ T51] ret_from_fork+0x4b/0x80 [ 58.417127][ T51] ? __pfx_kthread+0x10/0x10 [ 58.421749][ T51] ret_from_fork_asm+0x1a/0x30 [ 58.426567][ T51]