last executing test programs: 2.952032876s ago: executing program 2 (id=513): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0) 2.902992084s ago: executing program 2 (id=517): syz_open_dev$radio(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$radio(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$radio(&(0x7f0000000100), 0x0, 0x800) 2.854783041s ago: executing program 2 (id=524): syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) 2.854581721s ago: executing program 2 (id=527): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram', 0x800, 0x0) 2.846189513s ago: executing program 2 (id=529): fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 2.655393922s ago: executing program 3 (id=556): socket$inet6_tcp(0xa, 0x1, 0x0) 2.586981423s ago: executing program 3 (id=558): acct(0x0) 2.584387583s ago: executing program 2 (id=534): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.411855659s ago: executing program 3 (id=560): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.131745272s ago: executing program 1 (id=566): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.038914167s ago: executing program 3 (id=567): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.535131584s ago: executing program 1 (id=568): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.534222894s ago: executing program 3 (id=569): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.03974968s ago: executing program 0 (id=576): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl', 0x800, 0x0) 810.994086ms ago: executing program 0 (id=577): socket$inet_udplite(0x2, 0x2, 0x88) 613.421855ms ago: executing program 4 (id=575): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 556.081235ms ago: executing program 0 (id=578): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 543.194156ms ago: executing program 1 (id=574): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 127.109271ms ago: executing program 4 (id=582): socket$vsock_stream(0x28, 0x1, 0x0) 82.590808ms ago: executing program 0 (id=581): clock_nanosleep(0x0, 0x0, &(0x7f0000000000), 0x0) 75.718018ms ago: executing program 1 (id=580): syz_open_dev$mouse(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$mouse(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$mouse(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$mouse(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$mouse(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$mouse(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$mouse(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$mouse(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$mouse(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$mouse(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$mouse(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$mouse(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$mouse(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$mouse(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$mouse(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$mouse(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$mouse(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$mouse(&(0x7f0000000500), 0x4, 0x800) 74.912278ms ago: executing program 4 (id=583): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) 56.283431ms ago: executing program 3 (id=579): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 6.874069ms ago: executing program 4 (id=584): getgroups(0x0, &(0x7f0000000000)) 6.759139ms ago: executing program 4 (id=585): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/cipso', 0x2, 0x0) 6.644609ms ago: executing program 0 (id=586): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/relabel', 0x2, 0x0) 6.505319ms ago: executing program 1 (id=587): socket$l2tp6(0xa, 0x2, 0x73) 6.433168ms ago: executing program 0 (id=588): socket$unix(0x1, 0x1, 0x0) 6.361409ms ago: executing program 1 (id=589): socket(0x1e, 0x2, 0x0) 0s ago: executing program 4 (id=590): open_tree(0xffffffffffffffff, &(0x7f0000000000), 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.238' (ED25519) to the list of known hosts. [ 29.602157][ T4213] cgroup: Unknown subsys name 'net' [ 29.883300][ T4213] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 30.216054][ T4213] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 31.125361][ T4373] mmap: syz.3.143 (4373) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 33.994616][ T4811] chnl_net:caif_netlink_parms(): no params data found [ 34.256584][ T4811] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.258534][ T4811] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.270113][ T4811] device bridge_slave_0 entered promiscuous mode [ 34.359161][ T4811] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.361163][ T4811] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.363609][ T4811] device bridge_slave_1 entered promiscuous mode [ 34.484643][ T4811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.510046][ T4811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.642612][ T4811] team0: Port device team_slave_0 added [ 34.646639][ T4811] team0: Port device team_slave_1 added [ 34.881685][ T4811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.883660][ T4811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.895630][ T4811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.924064][ T4811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.925942][ T4811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.962724][ T4811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.181085][ T1747] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.183378][ T1747] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.254134][ T4811] device hsr_slave_0 entered promiscuous mode [ 35.290767][ T4811] device hsr_slave_1 entered promiscuous mode [ 35.320778][ T4862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 35.323428][ T4862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 35.325756][ T4862] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 35.328278][ T4862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 35.332073][ T4862] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 35.334118][ T4862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 35.372207][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.450623][ T1570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.452824][ T1570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.455686][ T4832] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.700435][ T4811] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 35.761779][ T4811] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 35.810722][ T4811] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 35.874814][ T4811] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 36.091934][ T11] [ 36.092753][ T11] ============================= [ 36.094034][ T11] WARNING: suspicious RCU usage [ 36.095275][ T11] 6.1.95-syzkaller #0 Not tainted [ 36.096559][ T11] ----------------------------- [ 36.097883][ T11] net/netfilter/ipset/ip_set_core.c:1202 suspicious rcu_dereference_protected() usage! [ 36.100577][ T11] [ 36.100577][ T11] other info that might help us debug this: [ 36.100577][ T11] [ 36.103180][ T11] [ 36.103180][ T11] rcu_scheduler_active = 2, debug_locks = 1 [ 36.105246][ T11] 3 locks held by kworker/u4:1/11: [ 36.106546][ T11] #0: ffff0000c0845138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 [ 36.109311][ T11] #1: ffff800019e57c20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 [ 36.111970][ T11] #2: ffff800017e26350 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf4/0x994 [ 36.114360][ T11] [ 36.114360][ T11] stack backtrace: [ 36.115920][ T11] CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.95-syzkaller #0 [ 36.117901][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 36.120501][ T11] Workqueue: netns cleanup_net [ 36.121767][ T11] Call trace: [ 36.122732][ T11] dump_backtrace+0x1c8/0x1f4 [ 36.123895][ T11] show_stack+0x2c/0x3c [ 36.125012][ T11] dump_stack_lvl+0x108/0x170 [ 36.126187][ T11] dump_stack+0x1c/0x5c [ 36.127363][ T11] lockdep_rcu_suspicious+0x260/0x464 [ 36.128818][ T11] _destroy_all_sets+0x21c/0x5a4 [ 36.130083][ T11] ip_set_net_exit+0x28/0x60 [ 36.131313][ T11] cleanup_net+0x564/0x994 [ 36.132469][ T11] process_one_work+0x7ac/0x1404 [ 36.133765][ T11] worker_thread+0x8e4/0xfec [ 36.134980][ T11] kthread+0x250/0x2d8 [ 36.136072][ T11] ret_from_fork+0x10/0x20 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)