last executing test programs: 2.244092052s ago: executing program 4 (id=384): eventfd2(0x0, 0x0) 2.220803565s ago: executing program 4 (id=389): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/run', 0x1, 0x0) 2.172642003s ago: executing program 0 (id=392): migrate_pages(0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 2.172471623s ago: executing program 1 (id=394): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/validatetrans', 0x1, 0x0) 2.172303673s ago: executing program 4 (id=396): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) 2.169982304s ago: executing program 0 (id=398): newfstatat(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000000), 0x0) 2.154856596s ago: executing program 1 (id=399): getpid() 2.146554947s ago: executing program 4 (id=401): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/schemes', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/schemes', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/schemes', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/schemes', 0x800, 0x0) 2.101061414s ago: executing program 1 (id=403): chmod(&(0x7f0000000000), 0x0) 2.101009834s ago: executing program 0 (id=404): socket$nl_route(0x10, 0x3, 0x0) 2.100803544s ago: executing program 1 (id=406): syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x28, 0x800) 2.100695064s ago: executing program 4 (id=408): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwbinder', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwbinder', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwbinder', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwbinder', 0x800, 0x0) 2.100366514s ago: executing program 0 (id=409): socket$inet_icmp_raw(0x2, 0x3, 0x1) 2.085878557s ago: executing program 3 (id=411): fsopen(&(0x7f0000000000), 0x0) 2.032894665s ago: executing program 4 (id=412): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pmem0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pmem0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/pmem0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pmem0', 0x800, 0x0) 1.339954572s ago: executing program 3 (id=417): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.326723814s ago: executing program 1 (id=413): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.147350932s ago: executing program 0 (id=414): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 592.932608ms ago: executing program 2 (id=437): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tlk_device', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tlk_device', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tlk_device', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tlk_device', 0x800, 0x0) 592.870258ms ago: executing program 2 (id=438): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem', 0x800, 0x0) 568.663862ms ago: executing program 2 (id=439): preadv2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 564.695102ms ago: executing program 3 (id=419): tkill(0x0, 0x0) 551.231314ms ago: executing program 2 (id=440): syz_open_dev$sndpcmc(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x29, 0x800) 507.781381ms ago: executing program 2 (id=441): syz_open_dev$sndhw(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x29, 0x800) 507.498661ms ago: executing program 3 (id=442): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x29, 0x800) 478.147265ms ago: executing program 2 (id=443): syz_open_dev$sndpcmc(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2a, 0x800) 462.847278ms ago: executing program 3 (id=444): syz_open_dev$sndhw(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2a, 0x800) 392.981739ms ago: executing program 3 (id=445): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2a, 0x800) 332.853938ms ago: executing program 0 (id=429): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/timer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/timer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/timer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/timer', 0x800, 0x0) 0s ago: executing program 1 (id=423): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.29' (ED25519) to the list of known hosts. syzkaller login: [ 49.154275][ T3536] cgroup: Unknown subsys name 'net' [ 49.260560][ T3536] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 50.554606][ T3536] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 52.601398][ T3831] mmap: syz.3.276 (3831) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 54.140136][ T3978] chnl_net:caif_netlink_parms(): no params data found [ 54.508643][ T3978] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.527956][ T3978] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.574215][ T3978] device bridge_slave_0 entered promiscuous mode [ 54.627131][ T3978] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.666195][ T3978] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.710111][ T3978] device bridge_slave_1 entered promiscuous mode [ 54.885344][ T3978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.972824][ T3978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.095371][ T3978] team0: Port device team_slave_0 added [ 55.118143][ T3978] team0: Port device team_slave_1 added [ 55.223481][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.247317][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.287549][ T3978] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.294781][ T3978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.336025][ T3978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.359682][ T2965] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 55.373961][ T3978] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.382865][ T3978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.410585][ T3978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.423905][ T2462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.439604][ T2462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.465856][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 55.536007][ T3978] device hsr_slave_0 entered promiscuous mode [ 55.549197][ T3978] device hsr_slave_1 entered promiscuous mode [ 55.678290][ T3978] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 55.690391][ T3978] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 55.701351][ T3978] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 55.711935][ T3978] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 55.799907][ T3978] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.816402][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.826354][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.837749][ T3978] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.851331][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.861275][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.870523][ T3972] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.877842][ T3972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.898538][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.907286][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.916372][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.925710][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.932966][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.941190][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.950149][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.973598][ T3978] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.988675][ T3978] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.007858][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.017377][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.026164][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.035462][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.048388][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.051329][ T9] [ 56.058173][ T9] ============================= [ 56.063032][ T9] WARNING: suspicious RCU usage [ 56.064842][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.067989][ T9] 6.1.95-syzkaller #0 Not tainted [ 56.080108][ T9] ----------------------------- [ 56.085047][ T9] net/netfilter/ipset/ip_set_core.c:1202 suspicious rcu_dereference_protected() usage! [ 56.094748][ T9] [ 56.094748][ T9] other info that might help us debug this: [ 56.094748][ T9] [ 56.105055][ T9] [ 56.105055][ T9] rcu_scheduler_active = 2, debug_locks = 1 [ 56.113318][ T9] 3 locks held by kworker/u4:0/9: [ 56.118403][ T9] #0: ffff888012616938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 56.128814][ T9] #1: ffffc900000e7d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 56.139375][ T9] #2: ffffffff8e28d9d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 [ 56.148861][ T9] [ 56.148861][ T9] stack backtrace: [ 56.154813][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.95-syzkaller #0 [ 56.162720][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 56.172874][ T9] Workqueue: netns cleanup_net [ 56.177658][ T9] Call Trace: [ 56.180936][ T9] [ 56.183865][ T9] dump_stack_lvl+0x1e3/0x2cb [ 56.188645][ T9] ? nf_tcp_handle_invalid+0x642/0x642 [ 56.194098][ T9] ? panic+0x764/0x764 [ 56.198164][ T9] lockdep_rcu_suspicious+0x21c/0x330 [ 56.203533][ T9] _destroy_all_sets+0x22c/0x5e0 [ 56.208558][ T9] ip_set_net_exit+0x1c/0x50 [ 56.213167][ T9] cleanup_net+0x6ce/0xb60 [ 56.217673][ T9] ? ops_free_list+0x3b0/0x3b0 [ 56.222433][ T9] ? process_one_work+0x7a9/0x11d0 [ 56.227537][ T9] process_one_work+0x8a9/0x11d0 [ 56.232650][ T9] ? worker_detach_from_pool+0x260/0x260 [ 56.238377][ T9] ? _raw_spin_lock_irqsave+0x120/0x120 [ 56.244083][ T9] ? kthread_data+0x4e/0xc0 [ 56.248581][ T9] ? wq_worker_running+0x97/0x190 [ 56.253772][ T9] worker_thread+0xa47/0x1200 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 56.258457][ T9] kthread+0x28d/0x320 [ 56.262516][ T9] ? worker_clr_flags+0x190/0x190 [ 56.267536][ T9] ? kthread_blkcg+0xd0/0xd0 [ 56.272113][ T9] ret_from_fork+0x1f/0x30 [ 56.276544][ T9]