last executing test programs:

497.755594ms ago: executing program 2:
io_setup(0x0, &(0x7f0000000000))

456.515158ms ago: executing program 2:
syz_open_dev$mouse(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$mouse(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$mouse(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$mouse(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$mouse(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$mouse(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$mouse(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$mouse(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$mouse(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$mouse(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$mouse(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$mouse(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$mouse(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$mouse(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$mouse(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$mouse(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$mouse(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$mouse(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$mouse(&(0x7f0000000500), 0x4, 0x800)

378.06536ms ago: executing program 1:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control', 0x800, 0x0)

350.139604ms ago: executing program 2:
pwrite64(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)

349.429973ms ago: executing program 1:
time(&(0x7f0000000000))

298.930748ms ago: executing program 2:
syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$video4linux(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$video4linux(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$video4linux(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$video4linux(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$video4linux(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$video4linux(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$video4linux(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$video4linux(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$video4linux(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$video4linux(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$video4linux(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$video4linux(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$video4linux(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$video4linux(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$video4linux(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$video4linux(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$video4linux(&(0x7f0000000500), 0x4, 0x800)

295.881399ms ago: executing program 1:
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$sg(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$sg(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$sg(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$sg(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$sg(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$sg(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$sg(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$sg(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$sg(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$sg(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$sg(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$sg(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$sg(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$sg(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$sg(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$sg(&(0x7f0000000500), 0x4, 0x800)

228.427657ms ago: executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/ambient', 0x2, 0x0)

225.74764ms ago: executing program 2:
getxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)

219.547498ms ago: executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys', 0x0, 0x0)

215.752993ms ago: executing program 1:
rename(&(0x7f0000000000), &(0x7f0000000000))

191.871799ms ago: executing program 2:
syz_open_dev$audion(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$audion(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$audion(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$audion(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$audion(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$audion(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$audion(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$audion(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$audion(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$audion(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$audion(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$audion(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$audion(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$audion(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$audion(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$audion(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$audion(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$audion(&(0x7f0000000500), 0x4, 0x800)

189.83724ms ago: executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ocfs2_control', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control', 0x800, 0x0)

181.823676ms ago: executing program 1:
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)

170.871378ms ago: executing program 3:
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)

168.637086ms ago: executing program 4:
timer_gettime(0x0, &(0x7f0000000000))

144.220911ms ago: executing program 1:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio1', 0x800, 0x0)

142.185696ms ago: executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log', 0x0, 0x0)

132.816057ms ago: executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec', 0x2, 0x0)

128.526535ms ago: executing program 3:
fsync(0xffffffffffffffff)

96.162641ms ago: executing program 0:
set_tid_address(&(0x7f0000000000))

92.463729ms ago: executing program 3:
signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x0)

86.908887ms ago: executing program 4:
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000000))

61.195528ms ago: executing program 0:
readv(0xffffffffffffffff, &(0x7f0000000000), 0x0)

45.829248ms ago: executing program 3:
fchdir(0xffffffffffffffff)

39.969967ms ago: executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0)

27.976109ms ago: executing program 0:
fspick(0xffffffffffffffff, &(0x7f0000000000), 0x0)

17.675474ms ago: executing program 3:
rt_sigpending(&(0x7f0000000000), 0x0)

9.544148ms ago: executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter', 0x800, 0x0)

0s ago: executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhci', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci', 0x800, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.7' (ED25519) to the list of known hosts.
2024/06/17 02:36:34 fuzzer started
[   74.958996][   T29] audit: type=1400 audit(1718591794.201:87): avc:  denied  { node_bind } for  pid=5081 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
2024/06/17 02:36:34 dialing manager at 10.128.0.169:30007
[   74.993334][   T29] audit: type=1400 audit(1718591794.231:88): avc:  denied  { name_bind } for  pid=5081 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   75.282233][   T29] audit: type=1400 audit(1718591794.521:89): avc:  denied  { read } for  pid=5081 comm="syz-fuzzer" name="raw-gadget" dev="devtmpfs" ino=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   75.319054][   T29] audit: type=1400 audit(1718591794.521:90): avc:  denied  { open } for  pid=5081 comm="syz-fuzzer" path="/dev/raw-gadget" dev="devtmpfs" ino=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   75.416202][   T29] audit: type=1400 audit(1718591794.651:91): avc:  denied  { mounton } for  pid=5090 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   75.464174][ T5090] cgroup: Unknown subsys name 'net'
[   75.524691][   T29] audit: type=1400 audit(1718591794.651:92): avc:  denied  { mount } for  pid=5090 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   75.645912][   T29] audit: type=1400 audit(1718591794.691:93): avc:  denied  { setattr } for  pid=5098 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   75.676845][   T29] audit: type=1400 audit(1718591794.731:94): avc:  denied  { unmount } for  pid=5090 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   75.699443][   T29] audit: type=1400 audit(1718591794.741:95): avc:  denied  { create } for  pid=5105 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   75.714108][ T5106] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   75.725377][   T29] audit: type=1400 audit(1718591794.741:96): avc:  denied  { write } for  pid=5105 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   75.877469][ T5090] cgroup: Unknown subsys name 'rlimit'
2024/06/17 02:36:36 starting 5 executor processes
[   77.149794][ T5097] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   79.787387][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.795516][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.813132][   T11] 
[   79.815648][   T11] =============================
[   79.820636][   T11] WARNING: suspicious RCU usage
[   79.825508][   T11] 6.10.0-rc4-syzkaller #0 Not tainted
[   79.831419][   T11] -----------------------------
[   79.836313][   T11] net/netfilter/ipset/ip_set_core.c:1200 suspicious rcu_dereference_protected() usage!
[   79.846301][   T11] 
[   79.846301][   T11] other info that might help us debug this:
[   79.846301][   T11] 
[   79.856883][   T11] 
[   79.856883][   T11] rcu_scheduler_active = 2, debug_locks = 1
[   79.864977][   T11] 3 locks held by kworker/u8:0/11:
[   79.870159][   T11]  #0: ffff8880162d3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60
2024/06/17 02:36:39 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[   79.880792][   T11]  #1: ffffc90000107d80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60
[   79.890900][   T11]  #2: ffffffff8f7375d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xbb/0xbf0
[   79.900706][   T11] 
[   79.900706][   T11] stack backtrace:
[   79.906805][   T11] CPU: 1 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc4-syzkaller #0
[   79.915170][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   79.925345][   T11] Workqueue: netns cleanup_net
[   79.930511][   T11] Call Trace:
[   79.933844][   T11]  <TASK>
[   79.936795][   T11]  dump_stack_lvl+0x16c/0x1f0
[   79.941530][   T11]  lockdep_rcu_suspicious+0x20b/0x3b0
[   79.946941][   T11]  _destroy_all_sets+0x261/0x6d0
[   79.952008][   T11]  ? __pfx_ip_set_net_exit+0x10/0x10
[   79.957339][   T11]  ip_set_net_exit+0x26/0x60
[   79.961973][   T11]  ops_exit_list+0xb0/0x180
[   79.966643][   T11]  cleanup_net+0x5b7/0xbf0
[   79.971104][   T11]  ? __pfx_cleanup_net+0x10/0x10
[   79.976070][   T11]  process_one_work+0x9fb/0x1b60
[   79.981213][   T11]  ? __pfx_lock_acquire+0x10/0x10
[   79.986277][   T11]  ? __pfx_process_one_work+0x10/0x10
[   79.991670][   T11]  ? assign_work+0x1a0/0x250
[   79.996390][   T11]  worker_thread+0x6c8/0xf70
[   80.001144][   T11]  ? __pfx_worker_thread+0x10/0x10
[   80.006289][   T11]  kthread+0x2c1/0x3a0
[   80.010569][   T11]  ? _raw_spin_unlock_irq+0x23/0x50
[   80.015991][   T11]  ? __pfx_kthread+0x10/0x10
[   80.020600][   T11]  ret_from_fork+0x45/0x80
[   80.025038][   T11]  ? __pfx_kthread+0x10/0x10
[   80.029749][   T11]  ret_from_fork_asm+0x1a/0x30
[   80.034648][   T11]  </TASK>
[   80.146666][   T11] 
[   80.149323][   T11] =============================
[   80.154195][   T11] WARNING: suspicious RCU usage
[   80.159285][   T11] 6.10.0-rc4-syzkaller #0 Not tainted
[   80.164905][   T11] -----------------------------
[   80.169924][   T11] net/netfilter/ipset/ip_set_core.c:1211 suspicious rcu_dereference_protected() usage!
[   80.179699][   T11] 
[   80.179699][   T11] other info that might help us debug this:
[   80.179699][   T11] 
[   80.190011][   T11] 
[   80.190011][   T11] rcu_scheduler_active = 2, debug_locks = 1
[   80.198239][   T11] 3 locks held by kworker/u8:0/11:
[   80.203384][   T11]  #0: ffff8880162d3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60
[   80.213980][   T11]  #1: ffffc90000107d80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60
[   80.224090][   T11]  #2: ffffffff8f7375d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xbb/0xbf0
[   80.233892][   T11] 
[   80.233892][   T11] stack backtrace:
[   80.239925][   T11] CPU: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc4-syzkaller #0
[   80.248286][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   80.258546][   T11] Workqueue: netns cleanup_net
[   80.263441][   T11] Call Trace:
[   80.266758][   T11]  <TASK>
[   80.269805][   T11]  dump_stack_lvl+0x16c/0x1f0
[   80.274529][   T11]  lockdep_rcu_suspicious+0x20b/0x3b0
[   80.279972][   T11]  _destroy_all_sets+0x4e6/0x6d0
[   80.285037][   T11]  ? __pfx_ip_set_net_exit+0x10/0x10
[   80.290724][   T11]  ip_set_net_exit+0x26/0x60
[   80.295713][   T11]  ops_exit_list+0xb0/0x180
[   80.300260][   T11]  cleanup_net+0x5b7/0xbf0
[   80.304794][   T11]  ? __pfx_cleanup_net+0x10/0x10
[   80.309773][   T11]  process_one_work+0x9fb/0x1b60
[   80.314748][   T11]  ? __pfx_lock_acquire+0x10/0x10
[   80.319818][   T11]  ? __pfx_process_one_work+0x10/0x10
[   80.325237][   T11]  ? assign_work+0x1a0/0x250
[   80.330039][   T11]  worker_thread+0x6c8/0xf70
[   80.334678][   T11]  ? __pfx_worker_thread+0x10/0x10
[   80.339825][   T11]  kthread+0x2c1/0x3a0
[   80.343940][   T11]  ? _raw_spin_unlock_irq+0x23/0x50
[   80.349194][   T11]  ? __pfx_kthread+0x10/0x10
[   80.353821][   T11]  ret_from_fork+0x45/0x80
[   80.358300][   T11]  ? __pfx_kthread+0x10/0x10
[   80.363189][   T11]  ret_from_fork_asm+0x1a/0x30
[   80.367999][   T11]  </TASK>
[   80.371056][    C0] vkms_vblank_simulate: vblank timer overrun