last executing test programs: 1.319503063s ago: executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/ambient', 0x2, 0x0) 1.278678039s ago: executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0) 994.101874ms ago: executing program 0: stat(&(0x7f0000000000), &(0x7f0000000000)) 978.733556ms ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/ptrace', 0x2, 0x0) 971.301818ms ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop-control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control', 0x800, 0x0) 961.90365ms ago: executing program 1: rmdir(&(0x7f0000000000)) 949.687091ms ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/attrs', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/attrs', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/attrs', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/attrs', 0x800, 0x0) 945.640062ms ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp', 0x800, 0x0) 931.330244ms ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/run', 0x1, 0x0) 928.584574ms ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/enforce', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce', 0x800, 0x0) 912.444367ms ago: executing program 2: truncate(&(0x7f0000000000), 0x0) 905.197448ms ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/member', 0x2, 0x0) 904.608938ms ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control', 0x800, 0x0) 895.64777ms ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb1', 0x800, 0x0) 892.9891ms ago: executing program 0: statfs(&(0x7f0000000000), &(0x7f0000000000)) 873.046593ms ago: executing program 2: readahead(0xffffffffffffffff, 0x0, 0x0) 866.012504ms ago: executing program 1: linkat(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 863.844735ms ago: executing program 3: splice(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 849.756357ms ago: executing program 4: fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) 847.819757ms ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci', 0x800, 0x0) 845.959887ms ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/yama/ptrace_scope', 0x2, 0x0) 828.44433ms ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sgx_provision', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sgx_provision', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sgx_provision', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sgx_provision', 0x800, 0x0) 826.330921ms ago: executing program 3: dup(0xffffffffffffffff) 820.723351ms ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem', 0x800, 0x0) 813.917752ms ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptp1', 0x800, 0x0) 802.315784ms ago: executing program 2: pwritev2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 799.385135ms ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy', 0x0, 0x0) 795.450455ms ago: executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0', 0x2, 0x0) 239.300902ms ago: executing program 4: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 0s ago: executing program 3: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.143' (ED25519) to the list of known hosts. 2024/06/18 11:41:46 fuzzer started 2024/06/18 11:41:46 dialing manager at 10.128.0.163:30033 [ 57.075584][ T5079] cgroup: Unknown subsys name 'net' [ 57.280774][ T5079] cgroup: Unknown subsys name 'rlimit' [ 58.391311][ T5102] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/06/18 11:41:53 starting 5 executor processes [ 65.963001][ T5377] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.971538][ T5377] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.979307][ T5377] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.987704][ T5377] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.995443][ T5377] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.003114][ T5377] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.494973][ T64] [ 66.497543][ T64] ============================= [ 66.502408][ T64] WARNING: suspicious RCU usage [ 66.507349][ T64] 6.10.0-rc4-syzkaller-00033-g14d7c92f8df9 #0 Not tainted [ 66.514475][ T64] ----------------------------- [ 66.519850][ T64] net/netfilter/ipset/ip_set_core.c:1200 suspicious rcu_dereference_protected() usage! [ 66.529679][ T64] [ 66.529679][ T64] other info that might help us debug this: [ 66.529679][ T64] [ 66.539964][ T64] [ 66.539964][ T64] rcu_scheduler_active = 2, debug_locks = 1 [ 66.548221][ T64] 3 locks held by kworker/u8:4/64: [ 66.553343][ T64] #0: ffff888015ed3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 66.564481][ T64] #1: ffffc900015d7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 66.575147][ T64] #2: ffffffff8f5c9290 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 66.585072][ T64] [ 66.585072][ T64] stack backtrace: [ 66.591054][ T64] CPU: 1 PID: 64 Comm: kworker/u8:4 Not tainted 6.10.0-rc4-syzkaller-00033-g14d7c92f8df9 #0 [ 66.601141][ T64] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 66.611211][ T64] Workqueue: netns cleanup_net [ 66.616012][ T64] Call Trace: [ 66.619304][ T64] [ 66.622244][ T64] dump_stack_lvl+0x241/0x360 [ 66.626948][ T64] ? __pfx_dump_stack_lvl+0x10/0x10 [ 66.632165][ T64] ? __pfx__printk+0x10/0x10 [ 66.636791][ T64] lockdep_rcu_suspicious+0x221/0x340 [ 66.642194][ T64] _destroy_all_sets+0x232/0x5f0 [ 66.647159][ T64] ip_set_net_exit+0x20/0x50 [ 66.651759][ T64] cleanup_net+0x802/0xcc0 [ 66.656209][ T64] ? __pfx_cleanup_net+0x10/0x10 [ 66.661183][ T64] ? process_scheduled_works+0x945/0x1830 [ 66.666924][ T64] process_scheduled_works+0xa2c/0x1830 [ 66.672524][ T64] ? __pfx_process_scheduled_works+0x10/0x10 [ 66.678540][ T64] ? assign_work+0x364/0x3d0 [ 66.683152][ T64] worker_thread+0x86d/0xd70 [ 66.687784][ T64] ? __kthread_parkme+0x169/0x1d0 2024/06/18 11:41:56 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 66.692830][ T64] ? __pfx_worker_thread+0x10/0x10 [ 66.697961][ T64] kthread+0x2f0/0x390 [ 66.702053][ T64] ? __pfx_worker_thread+0x10/0x10 [ 66.707179][ T64] ? __pfx_kthread+0x10/0x10 [ 66.711789][ T64] ret_from_fork+0x4b/0x80 [ 66.716232][ T64] ? __pfx_kthread+0x10/0x10 [ 66.720843][ T64] ret_from_fork_asm+0x1a/0x30 [ 66.725647][ T64]