Extracting prog: 38.688820131s
Minimizing prog: 1h7m50.53035952s
Simplifying prog options: 0s
Extracting C: 1m43.7417741s
Simplifying C: 12m30.522769931s


extracting reproducer from 67 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$NFT_BATCH-mount
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000c300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}]}], {0x14}}, 0x74}}, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000100)='squashfs\x00', 0x0, 0x0)

program crashed: WARNING: bad unlock balance in query_matching_vma
single: successfully extracted reproducer
found reproducer with 37 syscalls
minimizing guilty program
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000c300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}]}], {0x14}}, 0x74}}, 0x0)

program crashed: stack segment fault in mtree_range_walk
program crashed: general protection fault in vma_start_read
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: stack segment fault in mtree_range_walk
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)

program did not crash
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program did not crash
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r12, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: possible deadlock in lock_next_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000004200)={0x50, 0x0, r11, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-read$FUSE-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f0000002140)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-mount$fuse-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-openat$fuse-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-mkdirat-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program did not crash
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-socket$nl_netfilter-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-setsockopt$RDS_RECVERR-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000080)=0x1, 0x4)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-socket$rds-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
socket$rds(0x15, 0x5, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-setsockopt$netlink_NETLINK_ADD_MEMBERSHIP-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-lseek-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r5, 0x851, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-openat$binder_debug-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-openat$binder_debug-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in procfs_procmap_ioctl
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-ioctl$BINDER_WRITE_READ-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ed"})
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-openat$binderfs-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-socket$nl_netfilter-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-socket$nl_netfilter-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_SET_MESH-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500330001000000cee0ddf297cc978ff024b18ad4a34af9f5f593136a9634dd9b99560800c948b3bd6c6900798ddb030b14f1cddc675cad2983520472c1a63ebea22639faff0968baf447e1d455ab047de116e5abfe18cc"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: KASAN: slab-out-of-bounds Read in mas_next_slot
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000300), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: possible deadlock in lock_next_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-setsockopt$RDS_CONG_MONITOR-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000300), 0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-setsockopt$RDS_CONG_MONITOR-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000300), 0x4) (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-socket$rds-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
socket$rds(0x15, 0x5, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_genetlink_get_family_id$batadv-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: general protection fault in mas_next_slot
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: stack segment fault in mtree_range_walk
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program did not crash
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program did not crash
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program did not crash
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: general protection fault in vma_start_read
simplifying C reproducer
testing compiled C program (duration=46.222588476s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program did not crash
testing compiled C program (duration=46.222588476s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program did not crash
testing compiled C program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing compiled C program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: possible deadlock in lock_next_vma
testing compiled C program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
program crashed: WARNING: bad unlock balance in query_matching_vma
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: general protection fault in mas_next_slot
validation run: crashed=true
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in lock_next_vma
validation run: crashed=true
testing program (duration=46.222588476s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

program crashed: WARNING: lock held when returning to user space in query_matching_vma
validation run: crashed=true
reproducing took 1h27m33.497520005s
repro crashed as (corrupted=false):
================================================
WARNING: lock held when returning to user space!
6.16.0-rc5-next-20250711-syzkaller #0 Not tainted
------------------------------------------------
syz.0.22/6099 is leaving the kernel with locks still held!
1 lock held by syz.0.22/6099:
 #0: ffff888069d41588 (vm_lock){++++}-{0:0}, at: get_next_vma fs/proc/task_mmu.c:182 [inline]
 #0: ffff888069d41588 (vm_lock){++++}-{0:0}, at: query_vma_find_by_addr fs/proc/task_mmu.c:512 [inline]
 #0: ffff888069d41588 (vm_lock){++++}-{0:0}, at: query_matching_vma+0x319/0x5c0 fs/proc/task_mmu.c:544

final repro crashed as (corrupted=false):
================================================
WARNING: lock held when returning to user space!
6.16.0-rc5-next-20250711-syzkaller #0 Not tainted
------------------------------------------------
syz.0.22/6099 is leaving the kernel with locks still held!
1 lock held by syz.0.22/6099:
 #0: ffff888069d41588 (vm_lock){++++}-{0:0}, at: get_next_vma fs/proc/task_mmu.c:182 [inline]
 #0: ffff888069d41588 (vm_lock){++++}-{0:0}, at: query_vma_find_by_addr fs/proc/task_mmu.c:512 [inline]
 #0: ffff888069d41588 (vm_lock){++++}-{0:0}, at: query_matching_vma+0x319/0x5c0 fs/proc/task_mmu.c:544