Extracting prog: 37.789863521s
Minimizing prog: 1h11m22.794911221s
Simplifying prog options: 0s
Extracting C: 32.131773145s
Simplifying C: 27m48.081597767s


extracting reproducer from 67 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$NFT_BATCH-mount
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000c300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}]}], {0x14}}, 0x74}}, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000100)='squashfs\x00', 0x0, 0x0)

program crashed: WARNING: bad unlock balance in query_matching_vma
single: successfully extracted reproducer
found reproducer with 37 syscalls
minimizing guilty program
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000c300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}]}], {0x14}}, 0x74}}, 0x0)

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)

program did not crash
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program did not crash
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program did not crash
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: stack segment fault in mtree_range_walk
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
socket$rds(0x15, 0x5, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in procfs_procmap_ioctl
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r5, 0x851, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: possible deadlock in lock_next_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: general protection fault in vma_start_read
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: general protection fault in mas_next_slot
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: general protection fault in mas_next_slot
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: general protection fault in mas_next_slot
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000300), 0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: general protection fault in vma_start_read
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
socket$rds(0x15, 0x5, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: stack segment fault in mtree_range_walk
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: general protection fault in vma_start_read
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: stack segment fault in mtree_range_walk
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program did not crash
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program did not crash
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program did not crash
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: stack segment fault in mtree_range_walk
simplifying C reproducer
testing compiled C program (duration=46.207626237s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program did not crash
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program did not crash
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: possible deadlock in lock_next_vma
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: lock held when returning to user space in query_matching_vma
a never seen crash title: WARNING: lock held when returning to user space in query_matching_vma, ignore
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: general protection fault in mas_start
a never seen crash title: general protection fault in mas_start, ignore
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: general protection fault in mas_next_slot
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: stack segment fault in mtree_range_walk
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: possible deadlock in lock_next_vma
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: general protection fault in vma_start_read
validation run: crashed=true
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: general protection fault in mas_next_slot
validation run: crashed=true
testing program (duration=46.207626237s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
validation run: crashed=true
reproducing took 1h44m43.267654875s
repro crashed as (corrupted=false):
=====================================
WARNING: bad unlock balance detected!
6.16.0-rc5-next-20250711-syzkaller #0 Not tainted
-------------------------------------
syz.0.21/6079 is trying to release lock (vm_lock) at:
[<ffffffff825aa9e7>] get_next_vma fs/proc/task_mmu.c:181 [inline]
[<ffffffff825aa9e7>] query_vma_find_by_addr fs/proc/task_mmu.c:512 [inline]
[<ffffffff825aa9e7>] query_matching_vma+0x2f7/0x5c0 fs/proc/task_mmu.c:544
but there are no more locks to release!

other info that might help us debug this:
2 locks held by syz.0.21/6079:
 #0: ffff8880752c96c8 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x146/0xdc0 mm/mmap_lock.c:220
 #1: ffffffff8e53c5a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #1: ffffffff8e53c5a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #1: ffffffff8e53c5a0 (rcu_read_lock){....}-{1:3}, at: query_vma_find_by_addr fs/proc/task_mmu.c:510 [inline]
 #1: ffffffff8e53c5a0 (rcu_read_lock){....}-{1:3}, at: query_matching_vma+0x141/0x5c0 fs/proc/task_mmu.c:544

stack backtrace:
CPU: 0 UID: 0 PID: 6079 Comm: syz.0.21 Not tainted 6.16.0-rc5-next-20250711-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_unlock_imbalance_bug+0xdc/0xf0 kernel/locking/lockdep.c:5301
 __lock_release kernel/locking/lockdep.c:5540 [inline]
 lock_release+0x269/0x3e0 kernel/locking/lockdep.c:5892
 vma_refcount_put include/linux/mmap_lock.h:141 [inline]
 vma_end_read include/linux/mmap_lock.h:237 [inline]
 unlock_vma+0x70/0x180 fs/proc/task_mmu.c:135
 get_next_vma fs/proc/task_mmu.c:181 [inline]
 query_vma_find_by_addr fs/proc/task_mmu.c:512 [inline]
 query_matching_vma+0x2f7/0x5c0 fs/proc/task_mmu.c:544
 do_procmap_query fs/proc/task_mmu.c:629 [inline]
 procfs_procmap_ioctl+0x3f9/0xd50 fs/proc/task_mmu.c:747
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:598 [inline]
 __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:584
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa16d38e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa16e167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa16d5b5fa0 RCX: 00007fa16d38e929
RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000003
RBP: 00007fa16d410b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fa16d5b5fa0 R15: 00007ffedd07ab28
 </TASK>

final repro crashed as (corrupted=false):
=====================================
WARNING: bad unlock balance detected!
6.16.0-rc5-next-20250711-syzkaller #0 Not tainted
-------------------------------------
syz.0.21/6079 is trying to release lock (vm_lock) at:
[<ffffffff825aa9e7>] get_next_vma fs/proc/task_mmu.c:181 [inline]
[<ffffffff825aa9e7>] query_vma_find_by_addr fs/proc/task_mmu.c:512 [inline]
[<ffffffff825aa9e7>] query_matching_vma+0x2f7/0x5c0 fs/proc/task_mmu.c:544
but there are no more locks to release!

other info that might help us debug this:
2 locks held by syz.0.21/6079:
 #0: ffff8880752c96c8 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x146/0xdc0 mm/mmap_lock.c:220
 #1: ffffffff8e53c5a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #1: ffffffff8e53c5a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #1: ffffffff8e53c5a0 (rcu_read_lock){....}-{1:3}, at: query_vma_find_by_addr fs/proc/task_mmu.c:510 [inline]
 #1: ffffffff8e53c5a0 (rcu_read_lock){....}-{1:3}, at: query_matching_vma+0x141/0x5c0 fs/proc/task_mmu.c:544

stack backtrace:
CPU: 0 UID: 0 PID: 6079 Comm: syz.0.21 Not tainted 6.16.0-rc5-next-20250711-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_unlock_imbalance_bug+0xdc/0xf0 kernel/locking/lockdep.c:5301
 __lock_release kernel/locking/lockdep.c:5540 [inline]
 lock_release+0x269/0x3e0 kernel/locking/lockdep.c:5892
 vma_refcount_put include/linux/mmap_lock.h:141 [inline]
 vma_end_read include/linux/mmap_lock.h:237 [inline]
 unlock_vma+0x70/0x180 fs/proc/task_mmu.c:135
 get_next_vma fs/proc/task_mmu.c:181 [inline]
 query_vma_find_by_addr fs/proc/task_mmu.c:512 [inline]
 query_matching_vma+0x2f7/0x5c0 fs/proc/task_mmu.c:544
 do_procmap_query fs/proc/task_mmu.c:629 [inline]
 procfs_procmap_ioctl+0x3f9/0xd50 fs/proc/task_mmu.c:747
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:598 [inline]
 __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:584
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa16d38e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa16e167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa16d5b5fa0 RCX: 00007fa16d38e929
RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000003
RBP: 00007fa16d410b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fa16d5b5fa0 R15: 00007ffedd07ab28
 </TASK>