Extracting prog: 2m18.071047711s
Minimizing prog: 34m54.462214869s
Simplifying prog options: 0s
Extracting C: 27.21450193s
Simplifying C: 8m50.123965543s


30 programs, timeouts [30s 1m40s 6m0s]
extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-openat-link-syz_mount_image$ext4-mkdir-socket$nl_generic-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-bpf$BPF_RAW_TRACEPOINT_OPEN-pipe2-mkdir-bpf$PROG_LOAD-bpf$PROG_LOAD-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socketpair-mount$overlay
detailed listing:
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
link(0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mkdir(0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
pipe2(0x0, 0xf0ff1f)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c01250000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6_tcp-connect$inet6-socket$inet6_udplite-setsockopt$inet6_IPV6_XFRM_POLICY-sendmmsg$inet6
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r5, &(0x7f0000000080), 0x1c)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x2}, {}, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x32}, 0x0, @in=@local}}, 0xe8)
sendmmsg$inet6(r6, &(0x7f0000000a80)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}, {{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0xe00}}], 0x2, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-syz_kvm_setup_cpu$x86-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MP_STATE
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000040))
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000300)=0x3)

program crashed: kernel BUG in ext4_writepages
single: successfully extracted reproducer
found reproducer with 30 syscalls
minimizing guilty program
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-syz_kvm_setup_cpu$x86-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000040))

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r4, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0xb)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$cgroup_ro-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-syz_mount_image$ext4-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-preadv-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-socket$netlink-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
socket$netlink(0x10, 0x3, 0x8ab0117d794ff86)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = dup2(r3, r1)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
dup(r2)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r3, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = dup2(0xffffffffffffffff, r1)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r3, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_IRQCHIP-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = dup2(0xffffffffffffffff, r1)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r3, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = dup2(0xffffffffffffffff, r1)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r3, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = dup2(0xffffffffffffffff, r1)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r3, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-syz_usb_control_io$hid-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9}}}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program crashed: kernel BUG in ext4_writepages
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x70, 0x0, 0x0)

program did not crash
testing program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000080), 0x1, 0x7a9, &(0x7f0000001a00)="$eJzs3c9rG9kdAPDvyLIdO2ntQqFNToZCawiR49RNWughpYdSaCDQnpsIWTGpZStYcoiNoQml0EuhLT0U2kvO/ZHeeu3uXnf/iz0sCdldJ6yXPSxeRh7Zciw5tmNJ3vXnA2O9NzPye1+9+fFG89AEcGpNpH9yEecj4k9JxFg2P4mIwUYqH3F9a72NoYhYXyslsbn5y4+Sxjov19dK0fKe1Nks8+2IePv3ERdze8utrazOFyuV8lKWn6ov3JuqraxeurtQnCvPlRevTs/MXLn2g2tX3yi8r7dmPnlv9dyzP//se/+5/tnvvvXkj+8kcT3OZcta4zguEzGRfSaD6Ue4y0+Pu7A+S/pdAY4k3TUHtvbyOB9jMdBIdTDSy5oBAN3y24jYBABOmcT5HwBOmeb3AC/X10rZdKG/30j01vOfRMSZrfg3smlrST67Z3emcR909GWy685IEhHjx1D+RET843+//lc6RZfuQwK08/BRRNwen2g5/mfHn2TPmIXDurzfws3hxsvEK7Md/6B3/p/2f364q/+X7X+57f5PtOn/DLfZd4/i9ft/7ukxFNNR2v/7cURs7On/bQ9aGx/Icl9r9PkGkzt3K+XL2eCyyRgcTvPTjVXbj4KafPH5i07lt/b/Pv7Lb/6Zlp++7qyRe5of3v2e2WK9+KZxNz1/FHEh3y7+ZLv9kw7935sHLOPnP/rD3zstS+NP421Oe+Pvrs3HEd9t2/47bZnsOz5xqrE5TDU3ijb++/7fRndyu8dXtbZ/OqXlN68FeiFt/9H94x9PWsdr1g5fxruPx97qtOz18bff/oeSXzXSQ9m8B8V6fWk6Yij5xd75V3be28w310/jn/xO+/1/v+0/vSa8fcD4888+/PfR4++uNP7ZQ7X/4RNPNuYHOpV/sPafaaQmszkHOf7t1CK/Z05r4qifGwAAAAAAAAAAAAAAAAAAAAAAAAAcRi4izkWSK2ync7lCYesZ3t+M0VylWqtfvFNdXpyNxrOyx2Mw1/ypy7GW30Odzn4Pv5m/8kr++xHxjYj46/BII18oVSuz/Q4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADJnOzz/P/XBcL9rBwB0zZl+VwAA6DnnfwA4fQ53/h/pWj0AgN5x/Q8Ap8+Bz/+3u1sPAKB3Dn39n+9OPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjKunnjRjptfrq+Vkrzs/dXluer9y/NlmvzhYXlUqFUXbpXmKtW5yrlQqm60PEfPdx6qVSr92ZicfnBVL1cq0/VVlZvLVSXF+u37i4U58q3yoM9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq62sjpfrFTKSxL7JkZORjVOTCIf88XKWN+r0bm94kRU40ucaD1KjPTvAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwn0RAAD//wBtIzw=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x70, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=31.816190491s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program crashed: kernel BUG in ext4_writepages
simplifying C reproducer
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program crashed: kernel BUG in ext4_writepages
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program crashed: kernel BUG in ext4_writepages
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program did not crash
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program crashed: kernel BUG in ext4_writepages
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program crashed: kernel BUG in ext4_writepages
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program crashed: kernel BUG in ext4_writepages
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program crashed: kernel BUG in ext4_writepages
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program did not crash
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program did not crash
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program did not crash
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program crashed: kernel BUG in ext4_writepages
testing compiled C program (duration=31.816190491s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-dup2-syz_mount_image$ext4-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-mmap-syz_kvm_setup_cpu$x86
program crashed: kernel BUG in ext4_writepages
reproducing took 46m29.871749373s
repro crashed as (corrupted=false):
------------[ cut here ]------------
kernel BUG at fs/ext4/inode.c:2749!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:ext4_writepages+0x3fab/0x3fd0 fs/ext4/inode.c:2748
Code: 98 80 ff 31 ff 89 de e8 93 98 80 ff 45 84 f6 75 2a e8 f9 95 80 ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 e5 95 80 ff <0f> 0b e8 de 95 80 ff e8 45 78 0b ff e9 46 c3 ff ff e8 cf 95 80 ff
RSP: 0018:ffffc90000087000 EFLAGS: 00010293
RAX: ffffffff81f50f6b RBX: 0000008000000000 RCX: ffff88810039d100
RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000
RBP: ffffc90000087410 R08: ffffffff81f4d6cb R09: ffffed10217d267a
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881254d6000
R13: ffff88810be93508 R14: 000000c410000000 R15: ffffc900000872e0
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f28c601d848 CR3: 000000010ed52000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 do_writepages+0x385/0x620 mm/page-writeback.c:2472
 __writeback_single_inode+0xdc/0xb80 fs/fs-writeback.c:1612
 writeback_sb_inodes+0xb32/0x1910 fs/fs-writeback.c:1903
 wb_writeback+0x3b9/0x9f0 fs/fs-writeback.c:2077
 wb_do_writeback fs/fs-writeback.c:2220 [inline]
 wb_workfn+0x399/0x1030 fs/fs-writeback.c:2260
 process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299
 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446
 kthread+0x26d/0x300 kernel/kthread.c:386
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_writepages+0x3fab/0x3fd0 fs/ext4/inode.c:2748
Code: 98 80 ff 31 ff 89 de e8 93 98 80 ff 45 84 f6 75 2a e8 f9 95 80 ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 e5 95 80 ff <0f> 0b e8 de 95 80 ff e8 45 78 0b ff e9 46 c3 ff ff e8 cf 95 80 ff
RSP: 0018:ffffc90000087000 EFLAGS: 00010293
RAX: ffffffff81f50f6b RBX: 0000008000000000 RCX: ffff88810039d100
RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000
RBP: ffffc90000087410 R08: ffffffff81f4d6cb R09: ffffed10217d267a
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881254d6000
R13: ffff88810be93508 R14: 000000c410000000 R15: ffffc900000872e0
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bb8f0a70d8 CR3: 000000010eb6e000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

final repro crashed as (corrupted=false):
------------[ cut here ]------------
kernel BUG at fs/ext4/inode.c:2749!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:ext4_writepages+0x3fab/0x3fd0 fs/ext4/inode.c:2748
Code: 98 80 ff 31 ff 89 de e8 93 98 80 ff 45 84 f6 75 2a e8 f9 95 80 ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 e5 95 80 ff <0f> 0b e8 de 95 80 ff e8 45 78 0b ff e9 46 c3 ff ff e8 cf 95 80 ff
RSP: 0018:ffffc90000087000 EFLAGS: 00010293
RAX: ffffffff81f50f6b RBX: 0000008000000000 RCX: ffff88810039d100
RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000
RBP: ffffc90000087410 R08: ffffffff81f4d6cb R09: ffffed10217d267a
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881254d6000
R13: ffff88810be93508 R14: 000000c410000000 R15: ffffc900000872e0
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f28c601d848 CR3: 000000010ed52000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 do_writepages+0x385/0x620 mm/page-writeback.c:2472
 __writeback_single_inode+0xdc/0xb80 fs/fs-writeback.c:1612
 writeback_sb_inodes+0xb32/0x1910 fs/fs-writeback.c:1903
 wb_writeback+0x3b9/0x9f0 fs/fs-writeback.c:2077
 wb_do_writeback fs/fs-writeback.c:2220 [inline]
 wb_workfn+0x399/0x1030 fs/fs-writeback.c:2260
 process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299
 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446
 kthread+0x26d/0x300 kernel/kthread.c:386
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_writepages+0x3fab/0x3fd0 fs/ext4/inode.c:2748
Code: 98 80 ff 31 ff 89 de e8 93 98 80 ff 45 84 f6 75 2a e8 f9 95 80 ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 e5 95 80 ff <0f> 0b e8 de 95 80 ff e8 45 78 0b ff e9 46 c3 ff ff e8 cf 95 80 ff
RSP: 0018:ffffc90000087000 EFLAGS: 00010293
RAX: ffffffff81f50f6b RBX: 0000008000000000 RCX: ffff88810039d100
RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000
RBP: ffffc90000087410 R08: ffffffff81f4d6cb R09: ffffed10217d267a
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881254d6000
R13: ffff88810be93508 R14: 000000c410000000 R15: ffffc900000872e0
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bb8f0a70d8 CR3: 000000010eb6e000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400