last executing test programs:
1.795213031s ago: executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0)
1.726313672s ago: executing program 4:
write(0xffffffffffffffff, &(0x7f0000000000), 0x0)
1.710665885s ago: executing program 2:
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x0)
1.667573551s ago: executing program 3:
recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0)
1.666967011s ago: executing program 1:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0)
1.655692553s ago: executing program 0:
ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000))
1.647016354s ago: executing program 2:
getpid()
1.624434188s ago: executing program 3:
perf_event_open(&(0x7f0000000000), 0x0, 0x0, 0xffffffffffffffff, 0x0)
1.621361399s ago: executing program 1:
socket(0x1, 0x1, 0x0)
1.61118729s ago: executing program 2:
mkdirat(0xffffffffffffffff, &(0x7f0000000000), 0x0)
1.599982492s ago: executing program 0:
mkdir(&(0x7f0000000000), 0x0)
1.599538422s ago: executing program 1:
socket$kcm(0x29, 0x2, 0x0)
1.589769754s ago: executing program 1:
socket(0x1e, 0x2, 0x0)
1.587937483s ago: executing program 3:
clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000))
exit(0x0)
1.573202476s ago: executing program 2:
unlink(&(0x7f0000000000))
1.059689116s ago: executing program 1:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
1.002929444s ago: executing program 4:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
976.410248ms ago: executing program 0:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
905.37861ms ago: executing program 3:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
876.779454ms ago: executing program 2:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
194.58008ms ago: executing program 2:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
154.712506ms ago: executing program 1:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
128.4494ms ago: executing program 0:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
0s ago: executing program 4:
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.0.152' (ED25519) to the list of known hosts.
2024/06/21 13:01:45 fuzzer started
2024/06/21 13:01:45 dialing manager at 10.128.0.163:30025
[ 51.903404][ T3548] cgroup: Unknown subsys name 'net'
[ 52.112675][ T3548] cgroup: Unknown subsys name 'rlimit'
2024/06/21 13:01:47 starting 5 executor processes
[ 53.192830][ T3571] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 53.817050][ T3613] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 53.825488][ T3613] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 53.834122][ T3613] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 53.842624][ T3613] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 53.853265][ T3613] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 53.861166][ T3613] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 54.897006][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.905063][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 54.962976][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 54.993158][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 55.007635][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 55.016335][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 55.340013][ T3639] chnl_net:caif_netlink_parms(): no params data found
[ 55.433322][ T3639] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.441323][ T3639] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.451576][ T3639] device bridge_slave_0 entered promiscuous mode
[ 55.461952][ T3639] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.470683][ T3639] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.479351][ T3639] device bridge_slave_1 entered promiscuous mode
[ 55.510628][ T3639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 55.522514][ T3639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 55.557529][ T3639] team0: Port device team_slave_0 added
[ 55.565657][ T3639] team0: Port device team_slave_1 added
[ 55.593173][ T3639] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.600316][ T3639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.627968][ T3639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.641454][ T3639] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.649672][ T3639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.677190][ T3639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.719519][ T3639] device hsr_slave_0 entered promiscuous mode
[ 55.726741][ T3639] device hsr_slave_1 entered promiscuous mode
[ 55.861607][ T3639] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 55.873973][ T3639] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 55.886533][ T3639] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 55.901281][ T3639] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 55.907245][ T11]
[ 55.910685][ T11] =============================
[ 55.915511][ T11] WARNING: suspicious RCU usage
[ 55.921077][ T11] 6.1.95-syzkaller #0 Not tainted
[ 55.926127][ T11] -----------------------------
[ 55.931366][ T11] net/netfilter/ipset/ip_set_core.c:1202 suspicious rcu_dereference_protected() usage!
[ 55.941069][ T11]
[ 55.941069][ T11] other info that might help us debug this:
[ 55.941069][ T11]
[ 55.951361][ T11]
[ 55.951361][ T11] rcu_scheduler_active = 2, debug_locks = 1
2024/06/21 13:01:50 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[ 55.959470][ T11] 3 locks held by kworker/u4:1/11:
[ 55.964693][ T11] #0: ffff888012616938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[ 55.975438][ T11] #1: ffffc90000107d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[ 55.985786][ T11] #2: ffffffff8e28d9d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60
[ 55.995222][ T11]
[ 55.995222][ T11] stack backtrace:
[ 56.003275][ T11] CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.95-syzkaller #0
[ 56.011438][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 56.021652][ T11] Workqueue: netns cleanup_net
[ 56.026497][ T11] Call Trace:
[ 56.029786][ T11]
[ 56.032727][ T11] dump_stack_lvl+0x1e3/0x2cb
[ 56.037439][ T11] ? nf_tcp_handle_invalid+0x642/0x642
[ 56.042924][ T11] ? panic+0x764/0x764
[ 56.047017][ T11] lockdep_rcu_suspicious+0x21c/0x330
[ 56.052415][ T11] _destroy_all_sets+0x22c/0x5e0
[ 56.057394][ T11] ip_set_net_exit+0x1c/0x50
[ 56.062086][ T11] cleanup_net+0x6ce/0xb60
[ 56.066674][ T11] ? ops_free_list+0x3b0/0x3b0
[ 56.071524][ T11] ? process_one_work+0x7a9/0x11d0
[ 56.076718][ T11] process_one_work+0x8a9/0x11d0
[ 56.081662][ T11] ? worker_detach_from_pool+0x260/0x260
[ 56.087297][ T11] ? _raw_spin_lock_irqsave+0x120/0x120
[ 56.092841][ T11] ? kthread_data+0x4e/0xc0
[ 56.097338][ T11] ? wq_worker_running+0x97/0x190
[ 56.102356][ T11] worker_thread+0xa47/0x1200
[ 56.107219][ T11] kthread+0x28d/0x320
[ 56.111274][ T11] ? worker_clr_flags+0x190/0x190
[ 56.116460][ T11] ? kthread_blkcg+0xd0/0xd0
[ 56.121038][ T11] ret_from_fork+0x1f/0x30
[ 56.125557][ T11]
[ 56.132188][ T11]
[ 56.134540][ T11] =============================
[ 56.139499][ T11] WARNING: suspicious RCU usage
[ 56.144358][ T11] 6.1.95-syzkaller #0 Not tainted
[ 56.149627][ T11] -----------------------------
[ 56.154482][ T11] net/netfilter/ipset/ip_set_core.c:1213 suspicious rcu_dereference_protected() usage!
[ 56.164285][ T11]
[ 56.164285][ T11] other info that might help us debug this:
[ 56.164285][ T11]
[ 56.174626][ T11]
[ 56.174626][ T11] rcu_scheduler_active = 2, debug_locks = 1
[ 56.182786][ T11] 3 locks held by kworker/u4:1/11:
[ 56.187951][ T11] #0: ffff888012616938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[ 56.198589][ T11] #1: ffffc90000107d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[ 56.208659][ T11] #2: ffffffff8e28d9d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60
[ 56.218090][ T11]
[ 56.218090][ T11] stack backtrace:
[ 56.223992][ T11] CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.95-syzkaller #0
[ 56.231987][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 56.242386][ T11] Workqueue: netns cleanup_net
[ 56.247211][ T11] Call Trace:
[ 56.250476][ T11]
[ 56.253408][ T11] dump_stack_lvl+0x1e3/0x2cb
[ 56.258086][ T11] ? nf_tcp_handle_invalid+0x642/0x642
[ 56.263553][ T11] ? panic+0x764/0x764
[ 56.267620][ T11] lockdep_rcu_suspicious+0x21c/0x330
[ 56.273109][ T11] _destroy_all_sets+0x533/0x5e0
[ 56.278140][ T11] ip_set_net_exit+0x1c/0x50
[ 56.282723][ T11] cleanup_net+0x6ce/0xb60
[ 56.287143][ T11] ? ops_free_list+0x3b0/0x3b0
[ 56.291905][ T11] ? process_one_work+0x7a9/0x11d0
[ 56.297002][ T11] process_one_work+0x8a9/0x11d0
[ 56.301948][ T11] ? worker_detach_from_pool+0x260/0x260
[ 56.307689][ T11] ? _raw_spin_lock_irqsave+0x120/0x120
[ 56.313323][ T11] ? kthread_data+0x4e/0xc0
[ 56.317822][ T11] ? wq_worker_running+0x97/0x190
[ 56.322844][ T11] worker_thread+0xa47/0x1200
[ 56.327528][ T11] kthread+0x28d/0x320
[ 56.331600][ T11] ? worker_clr_flags+0x190/0x190
[ 56.336635][ T11] ? kthread_blkcg+0xd0/0xd0
[ 56.341215][ T11] ret_from_fork+0x1f/0x30
[ 56.345684][ T11]
[