last executing test programs: 3.396335648s ago: executing program 1 (id=415): fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) 3.361993243s ago: executing program 1 (id=419): timer_delete(0x0) 3.360721284s ago: executing program 1 (id=423): rt_sigreturn() 2.634654295s ago: executing program 2 (id=539): setgroups(0x0, &(0x7f0000000000)) 2.571926874s ago: executing program 2 (id=542): rt_sigaction(0x0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 2.571751215s ago: executing program 2 (id=543): init_module(&(0x7f0000000000), 0x0, &(0x7f0000000000)) 2.571707475s ago: executing program 2 (id=544): io_destroy(0x0) 2.560120586s ago: executing program 2 (id=546): socket$caif_stream(0x25, 0x1, 0x0) 2.483932288s ago: executing program 2 (id=550): wait4(0x0, 0x0, 0x0, 0x0) 1.668098943s ago: executing program 3 (id=558): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.358415341s ago: executing program 1 (id=560): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.269731404s ago: executing program 3 (id=561): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptp1', 0x800, 0x0) 1.211882993s ago: executing program 3 (id=570): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37', 0x2, 0x0) 1.204333054s ago: executing program 3 (id=572): kexec_load(0x0, 0x0, &(0x7f0000000000), 0x0) 1.176809849s ago: executing program 0 (id=574): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x2, 0x0) 1.175830869s ago: executing program 4 (id=575): setresgid(0x0, 0x0, 0x0) 1.114791378s ago: executing program 0 (id=576): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/relabel-self', 0x2, 0x0) 1.114666378s ago: executing program 4 (id=577): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx', 0x800, 0x0) 1.114619658s ago: executing program 0 (id=578): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mISDNtimer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mISDNtimer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mISDNtimer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mISDNtimer', 0x800, 0x0) 1.114571078s ago: executing program 0 (id=579): unshare(0x0) 1.10713908s ago: executing program 4 (id=580): setitimer(0x0, &(0x7f0000000000), 0x0) 1.099392541s ago: executing program 4 (id=581): lgetxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 931.854036ms ago: executing program 1 (id=567): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_enable', 0x2, 0x0) 594.074498ms ago: executing program 0 (id=582): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 593.875868ms ago: executing program 3 (id=573): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 367.271133ms ago: executing program 1 (id=584): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 366.325803ms ago: executing program 4 (id=583): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 98.188284ms ago: executing program 0 (id=585): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 5.010109ms ago: executing program 3 (id=586): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net', 0x2, 0x0) 0s ago: executing program 4 (id=587): flistxattr(0xffffffffffffffff, &(0x7f0000000000), 0x0) kernel console output (not intermixed with test programs): [ 15.167287][ T3896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.170650][ T3896] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.215062][ T185] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.219028][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.217' (ED25519) to the list of known hosts. syzkaller login: [ 31.938126][ T4213] cgroup: Unknown subsys name 'net' [ 32.187458][ T4213] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 32.497351][ T4213] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 34.133054][ T4534] mmap: syz.4.305 (4534) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 36.434766][ T4803] chnl_net:caif_netlink_parms(): no params data found [ 36.614911][ T4803] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.616979][ T4803] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.621087][ T4803] device bridge_slave_0 entered promiscuous mode [ 36.649697][ T4803] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.660724][ T4803] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.677267][ T4803] device bridge_slave_1 entered promiscuous mode [ 36.784108][ T4803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.811674][ T4803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.857283][ T4803] team0: Port device team_slave_0 added [ 36.861464][ T4803] team0: Port device team_slave_1 added [ 37.036747][ T4803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.038690][ T4803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.072993][ T4803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.079199][ T4803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.081013][ T4803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.103871][ T4803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.199152][ T4803] device hsr_slave_0 entered promiscuous mode [ 37.204407][ T4863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 37.207189][ T4863] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 37.209615][ T4863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 37.212206][ T4863] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 37.214988][ T4863] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 37.217024][ T4863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 37.253392][ T4803] device hsr_slave_1 entered promiscuous mode [ 37.564030][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.566215][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.595818][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.624453][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.626700][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.629790][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.681891][ T4803] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 37.748995][ T4803] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 37.859226][ T4803] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 37.908405][ T4803] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 38.114999][ T1606] [ 38.115812][ T1606] ============================= [ 38.117170][ T1606] WARNING: suspicious RCU usage [ 38.118469][ T1606] 6.1.95-syzkaller #0 Not tainted [ 38.119735][ T1606] ----------------------------- [ 38.121030][ T1606] net/netfilter/ipset/ip_set_core.c:1202 suspicious rcu_dereference_protected() usage! [ 38.123894][ T1606] [ 38.123894][ T1606] other info that might help us debug this: [ 38.123894][ T1606] [ 38.126620][ T1606] [ 38.126620][ T1606] rcu_scheduler_active = 2, debug_locks = 1 [ 38.128687][ T1606] 3 locks held by kworker/u4:4/1606: [ 38.130041][ T1606] #0: ffff0000c0845138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 [ 38.132871][ T1606] #1: ffff8000225a7c20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 [ 38.135587][ T1606] #2: ffff800017e26350 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf4/0x994 [ 38.138191][ T1606] [ 38.138191][ T1606] stack backtrace: [ 38.139825][ T1606] CPU: 1 PID: 1606 Comm: kworker/u4:4 Not tainted 6.1.95-syzkaller #0 [ 38.141951][ T1606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 38.144531][ T1606] Workqueue: netns cleanup_net [ 38.145918][ T1606] Call trace: [ 38.146804][ T1606] dump_backtrace+0x1c8/0x1f4 [ 38.148058][ T1606] show_stack+0x2c/0x3c [ 38.149234][ T1606] dump_stack_lvl+0x108/0x170 [ 38.150529][ T1606] dump_stack+0x1c/0x5c [ 38.151636][ T1606] lockdep_rcu_suspicious+0x260/0x464 [ 38.153099][ T1606] _destroy_all_sets+0x21c/0x5a4 [ 38.154412][ T1606] ip_set_net_exit+0x28/0x60 [ 38.155595][ T1606] cleanup_net+0x564/0x994 [ 38.156770][ T1606] process_one_work+0x7ac/0x1404 [ 38.158086][ T1606] worker_thread+0x8e4/0xfec [ 38.159394][ T1606] kthread+0x250/0x2d8 [ 38.160429][ T1606] ret_from_fork+0x10/0x20 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)