last executing test programs: 29.240520248s ago: executing program 3 (id=549): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xbd, 0x16, 0xf, 0x40, 0x8086, 0x110, 0xbfad, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x12, 0x24}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 25.252372184s ago: executing program 3 (id=562): socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0x8, &(0x7f00000005c0)={[{@errors_remount}, {}]}, 0x4, 0x4f3, &(0x7f00000012c0)="$eJzs3c9vVEUcAPDvbru0lEJBOahRQUTRELY/gIZwES4aQ0iMxJMHqO3SNN1lm26JtHIoR+8kknjSP8GbBxNOHrx505sXPJigEg018bDmvV3apb+1P9Z2P5/k9b2ZWfY702Vm9g3sTgAt62hEzEbEnoi4FhE99fxM/YgLtSN53ONHt4fnHt0ezkS1euW3TFqe5EXDn0nsqz9nZ0S8/07ER5mlcSvTM+NDxWJhsp7unSpN9FamZ06NZes5A4P9g33nTp8d2LS2Hil99fDtsUsffPP1Sw++n33zk6Ra3Z/uT8sa27GZak3PRXdDXntEXNqKYE3SXv/7w86T9LZnIuJY2v97oi19NQGA3axa7YlqT2MaANjtkvv/7shk8/W1gO7IZvP52hre4ejKFsuVqZM95Zs3RiJdwzoYuez1sWKhr75WeDBymSTdn14vpAeeSt8tnI6IQxFxt2NvWp4fLhdHmvnGBwBa2L5F8/+fHbX5HwDY5TqbXQEAYNuZ/wGg9Zj/AaD1/Iv536cDAWCXcP8PAK3H/A8ArWfN+f/O9tQDANgW712+nBzVudr3Xz/5pu5TI4XKeL50czg/XJ6cyI+Wy6PFQn64Wl3r+Yrl8kT/mflkZXrmaql888bU1bHS0GjhaiG3lY0BANbl0JH7PyaT/uz5vekRDXs5mKthd8s2uwJA07Q1uwJA0/g8D7SuddzjWwaAXW6ZLXqfsuJ/Ebpn81fYqU48b/0fWtVG1v+tHcDO9t/W/9/a9HoA288cDq2rWs3Y8x8AWow1fmBD//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALao7PTLZfLoX+GzyM5vPR+yPiIORy1wfKxb6IuJARPzQketI0v3NrjQAsEHZXzL1/b9O9BzvXly6J/NXR3qOiI8/v/LZraGpqcn+JP/3+fype/X8gT3NaAAA0OjC0qzaPF0/N9zIP350e/jJsZ1VfHixtrloEneuftRK2qM9PXdGLiK6/sjU0zXJ+5W2TYg/eycinlto/62GCN3pGkht59PF8ZPY+7cg/sLvf3H87FPxs2lZcs6lv4tnN6Eu0GruX6yNk/W+l3Sxev/LxtH0vHz/70xHqI1Lxr9kLJlbMv5l58e/tiXxM2mfPzqfXr0mD898++6SzGpPrexOxAvty8XPzMfPLD/+5o6vs40/vfjysZXKql9EnFi2/U92pC6lw2zvVGmitzI9c2qsNDRaGC3cGBgY7B/sO3f67EBvukZd+/ndcjF+PX/ywErxk/Z3rRC/c/X2x2vrbP+Xf1/78JVV4r/x6vKv/+FV4idz4uvrjD/UdWHF7buT+CMrtH+N1z9OrjP+g59nRtb5UABgG1SmZ8aHisXC5BoXyXvNtR7jYmdexGzEZj1huigREf+HdrnYyEWzRyZgqy10+mbXBAAAAAAAAAAAAAAAWEllema8Y4s/rdXsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB7/RMAAP//TwTJNg==") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4808, 0x0, 0x0, 0x0, &(0x7f0000000000)) syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x80008, 0x0, 0x0, 0x0, &(0x7f0000000000)) rename(&(0x7f0000000000)='./bus/file0\x00', &(0x7f0000000080)='./file0\x00') 24.385017705s ago: executing program 3 (id=568): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = open_tree(0xffffffffffffffff, 0x0, 0x100) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{0x0}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_DISABLE(r1, 0x0, 0x8000) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000000)={0x2000}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 23.406687623s ago: executing program 3 (id=572): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2048c5, &(0x7f0000000340), 0x0, 0x29f, &(0x7f0000000580)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=") r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333c06, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) read$FUSE(r0, &(0x7f0000002c00)={0x2020}, 0x2020) 23.112740368s ago: executing program 3 (id=574): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001180)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x0, 0x98}) 22.613013621s ago: executing program 3 (id=577): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_connect$cdc_ncm(0x2, 0x6f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000202505a1a440000102030109025d00020100a0060904000001020d000006240600012005240001010d240f01000000000700ef030506241a05002a090581034000000301000002"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x12, &(0x7f0000000400)=@conn_svc_rsp={0x0, 0x0, 0xa, "e94252fd", {0x3, 0x107, 0x0, 0x18, 0x7fff, 0x8a, 0xfd}}) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0xfffffffffffffd7e, &(0x7f0000000040)=@ready={0x0, 0x0, 0x8, "1ae65a95", {0x1, 0xbf9, 0x6, 0x9c, 0x8}}) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xe7c) syz_emit_ethernet(0x0, 0x0, 0x0) 21.278621915s ago: executing program 32 (id=577): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_connect$cdc_ncm(0x2, 0x6f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000202505a1a440000102030109025d00020100a0060904000001020d000006240600012005240001010d240f01000000000700ef030506241a05002a090581034000000301000002"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x12, &(0x7f0000000400)=@conn_svc_rsp={0x0, 0x0, 0xa, "e94252fd", {0x3, 0x107, 0x0, 0x18, 0x7fff, 0x8a, 0xfd}}) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0xfffffffffffffd7e, &(0x7f0000000040)=@ready={0x0, 0x0, 0x8, "1ae65a95", {0x1, 0xbf9, 0x6, 0x9c, 0x8}}) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xe7c) syz_emit_ethernet(0x0, 0x0, 0x0) 10.46673392s ago: executing program 2 (id=611): openat$sysfs(0xffffff9c, 0x0, 0x2000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) syz_mount_image$bcachefs(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x2800000, &(0x7f0000000040)=ANY=[], 0xfd, 0x5aa4, &(0x7f000000c100)="$eJzs3WuQXNV9IPBzu3s0Lz1GAgcZzGiQ0Ybg2BrxKj9SsZJN7BQ4LrmcchArGwY0IrIlodIjgExiKQteq8AuO+VUgpMPxIW9i1FcVMHGKJQJj5VYG1vFxkttYWrtLPYHbxEWVQAt5fJ6tqb7np7u233n9vT0CEn8fgVz+54+/b/nnnv69v2fvpoJAAAAvCkcvWP3iQ+f+7vf/bPJ1z7ze/+w/UAYLlfLB2KFkXR5yxvVQk6m/srK6jI7Ln7109/46dgNv/2dB4a+9vqRzRds+eHvnHXDI5+88vDdf/34q0se+uULRXHjeLp4Zj15KQlh4NvH/+KzR54+Z7osWTr9s7Q/hOXJiseXJyHc3hhi/OchhM3pyspM/Adfu3TL9PLAnf1N5csy9Yz3N7fp45yEEPaduPkd4Ue/tfH276/65t/1HXpx/0yVZKBhPIWw9LrG1/eFEAbT/6fF0RbHY5IuN4QQhhpe9+6Cdr29g3ZPW5spj+vnpctF6XK4IF58fnVmvZSpl12P+jLLoYLtzVdeO7qtV2RxZj3pUdwor52xfHm6/Fa6vHiO8cvpPpSTUEpCpd78bcnMGAkNxy0JSfVYDtTXS/VjG9L9z6wnmfVSZr3cl9mv6nbTgVZOkubyWC9THk/HlbT8gsZzdRsfbXjcWO+tsSx9o76erZMJOtzyoL5fVbFdx2dpy8lQajgHtSuvH/j0YAynZcPJipbXTLURnzuy8a415U1PHB3JaUfyQJLGT7qKv+97yxd/4v6De7Of6/X415XS+KWu4v/4qmMvX3Pwq1/Jjf/FGL/cVfxLHh166aon71id2z/HY/9Uuoo/8cJTn1919vWHctt/T4w/0FX89YeP9S858ehjue0fj/0z2FX859/3gZ/c9+zDL+bGDzH+UFfxNx3e+YX+0RMX5cZ/LPbPcHfj55VDVzw3Ovqzsbz4z8T4S7qK//X9/e+9d9mdV+Ye3w2xf0a6iv+hCx+5ffGJh8/PO3cm9/TqkxPgzems9Brrc+l6t3nmfKX5woEQwl+NVWrXfIvT/5f0ckOZi89sngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvfCWd/zXD/6vj428VEnX+9MHz5dqy1i+KIRkMISwe8/Erj1bd9w49smb9u7aMbFtbGLP2OSOPbtuHbvs18d2Te7cNnHr9LPj77y09roVIaktk/Nbtt0/NTVVGmkui9v7txce+tGad//vfwlh/C0/GK3ktn/t3dvvPbvNz4xk/dT7t+/98A8u/9t0v0bSdo20adfU1NRUyGnX/7n6F/f++fGfXhTC+K/M1q6nnv/Nf2xqULVgJk6q1B9qDepPhtq2o97qtD2xvypbtm6bHJ+9f6dfX87Zj3/36Rd/vuWWL/2i1r8DufvRYf8Orp/aVvrLjR/6f395W62gqF1v1HGf7u9yTszpdsW9iO2L/TeQ9vfSdL+W5uxXJWe/7vj+Y89++9yDr+4P45VXVrUe66L96ksHQF/y1o62G7cwlCxvKh9I68cjHl+3ds/2nWt337rvnVu3T9w4eePkjvesu2zdFeOXX3H52uqer+3x/sft/5sO9//kjKdlf7z/W/FnZ+OpuV2L5twf0+0q7o/GFuW9/4Y++tkvv+fuJz9cKyg6r8Ta9fNJuhyaPs7rQsN4a+2rdvtVdHxCCGPt+uHlV68M5/yPrbcXnYcaj0zjz4xk/dTTq//1b9/9Nyt/o1ZwUs7zjQ3q8jxfb/VMe6r9NZAej6lTtH/707NpfzLctl3rnn6y766j//In9fYtWhRumdizZ9e62s/FaUsXJ+e1bVe2NO7XqurPcki7JdSHaZvxOq0v1NqXPX/G6udnXjecPjecrGi7X1nxuSMb71pT3vTE0byeTh6obWgwLKktk7fl1NyWeWG53uB22z9V339F42P0g3/z0Mce+vvLWsbHJbWfRfuV5OzXN5/9+pe/9qX/8Pe9268P/uaxkX/9n3+0plZwEs4rYV7nlXKtIfVWp+1JGs8rl4RQ9P5bFdrvR+77r9R+f4ref9ntzNRvH28ssz4cyl29Xy95dOilq568Y3Xu+/X4bO/Xxp29rel15YL366nyuZR9fyWV5nYs3PuraaAk66e+87mz9j/+mQ3n1gqKPi/rtduN60s7yD9y9usfr3lu9Kaxf//fe3fe+MavP3jtDyfW/2mtoPvjHtvSm+M+kPbvQE7/1lsd887G/n3XDTdt21wrL+rnN+76N10W5D/xVLL71n2fmti2bXLX7s72q9PP07idbC93+3kaz24rCvar1LJfC/egk/7q9P0W27+56/5qfr8Nh6Srz4V931u++BP3H9w70vKqdEPXldL4pa7i//iqYy9fc/CrX8mN/8UYv9JV/IkXnvr8qrOvP5Qb/54kjT9QHH9paIm//vCx/iUnHn0sN/54bP9gV+1//n0f+Ml9zz78Ym78EOMPd9f/rxy64rnR0Z/lxn8mSbczfY0UwoOvXbqltp6EvvT9FtvR19SukF1PMuulzHq5cb0UZxHSDZSTpLk81kvLL2hoSzt/mFMer8IGVtaWr8f1kH0we/mpptRw7m9XXnSdCgBwpovf/8dr0Pj9/2R6oZQ/0wAz5puHrcyJG/Owmfmc5u9YV6bx4+vjPODou8L49PLAWO1Cf67fI8T3Q3aeM27norc3x2g7P3G4cSPV7bfMcxbNv6/OrMd21ebLKw15aKo1r6mEDubfW7cz+/x7ZveLv88a+1xLs8Ya5q2yx68vnTFrd79Dpr2V6Qh54yM7Lxbv5xhdGjZUt9fh+MjeRxOPQ/Y+mridczMnzm7vo8kbHyOt/dDUrjg+Yr1Zxke1ycXfR7YevzBL/84cv/bRssdvDsd7YLr+Qn8/24N5w7antJM3b7iw34edEvOSbeLPaV5y72tt68wWPzMvubglfvoGO9XnDWN57KdKh/OJH8sp79V8YjxdxHYdn6UtJ4P5ROBMFfP/+Bkxnf9PX4D/30y9ojwle9UY4+XeJ5RzE3ZR3pG9Oh8OQ11dJ2w6vPML/aMnLsq9znms0/v0djatDRXc91PUj2sy64X9mDNBU5TvZbdT1O/Z+zKGw5Ku+v3r++9+773L7rwyt9831D5Ii/v9y01rSwr6/TTIF9rHly+cOvnCKXwfQ9H8WX4+Uq63Y0HykfTGp4XKR/4gp3yu+chQy4P6flWduvnIzAdpUz7Sd3LbBQCcPmL+X//+LM3//zleWKTXEUV568WZ9RgvN2/NuT7Jy1t/P13ekqk/nP6LirleN3/owkduX3zi4fNz85Z7Os1D/1PT2khhHtpd3jwY4+e1d0Nv7hfPzSPqedb88sTc9tfzxPnl6Tlf0zbk6fPLo3P7p55HN88DfPnYTKYxW/w4D5Abvz4P0MM895czlU5enlswX5fZWFztdL7uZOfR0yV9S5v3szkvHupNHp3+89mFyqM/mlM+1zx6uOVBfb+qTt08urlcHg0AnKli/h8v46r5f38IT8YKMfGc5/fsuXlBj67bs78PpB7/mQXJK2fi9+j73+K8b6Hz1oXO6xd6XuJ0//53fvdTFM8LjVR/gedCzZO9Yfe7Lkhe/M/1Rx3nxelG5cUAAJzKYv4f0/z4/f+TmXrzzU9a8re+2iXkTH5y+uXnjfVO4/z86nCy8vP+0zk/P93nvxb2PpkzK/+f0eX34q9PncH5f7XN8n8AgNNSzP/jP3uMv//vv6Tr2d9b32Gefk/2dl7fo/sePcjTO8jTezzPFuM33gdwGs8DlOc/DzB40u+PH5ypfybNA1T1BZMBAACngb5qptT67+w/ni6z/84+79/lX5NTv1OV9PL4+j27Jiev3btz88SeyWt33LR5cve1N+/aumfPZP3aeX55Y27ekuaNfaGS9kf7etm8bVn6+xCW5fw+hGz9GPa86oPW34eQ3exgwe8RmDl+nbU37/iVZqnfbnzkHe+8+H+YUz+qH/8b/uiSa7fsvnbrjq17tk5s27pvsrneSPVfUnf+dzPj95Rz+nupmR8tSnP/+53x8MyvHaWWdvSl/ZH399mTTDuWpy1Znvf3D3La/d3/9ud/fOHUL+4LYfwt5bfNq/+S9VP/+erJ399z9Ac7p9tfmrX99Zppu4r+Xmm2ftyfyrabdu95x5ab9u7I/kXJ7sT5jFJ9fYHua0jf/uUO5yc25ZTP9d/vl1senJo6np8AAKBJ/P4/Xs/G7w+/lF5AxfLCPH1Hrd58vz/OzdPHO8vTs3+XrChPz9aP+9tpnj4wzzw9u/2iPL1d/XZ5el7enRf/D3Lqz1Xn46SL+zwqaT/cf3Bv7ji5rrNxkv17BkXjJFt/ruMkmec4yW6/aJy0q99unOQd97z4H8mpn6doPFTq42F+9+XkjocvdjYefi2zXjQesvXnOh5K8xwP2e0XjYd29duNh7zj2xq/eYKgN/O/0wOjOi4mr735pl2faqi30H//IrTektFJ+xbNvHZh//5Htzrv34W972v+7Q9hfbUkr/3x+4FFc2p/p/eVzb/9Rf0/h/vKloaW+8py2//M/GbCOm//nO5LPBCf6/Tvu2TkVW99/cmar02HXdH9Z0XzuBtzyuc6j7uo5cGpyTwuvHFi/h+v5mL+f2e67PXXQKf/30nr4v77eA72d8zy+7/D65g33ed59it3n+cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ4T+ysrq8ugdu098+Nzf/e6fTb72md/7h+0HfvXT3/jp2A2//Z0Hhr72+pHNF2z54e+cdcMjn7zy8N1//firSx765QuFgUeqPysXp6sDISQvJSEMfPv4X3z2yNPnTJclIYRyMrI/hOXJiseXJ5kI4z8PIWyut7P5yQdfu3TL9PLAnf1N5csyQbL7FYbLsT2N7QzhlsI94jQ0kI6zfSdufkf40W9tvP37q775d32HXtw/UyUZaBhPISy9rvH1fSGEwfT/aXG0rYwvTpcbQghDDa97d0G73t5h+9fmrJ+XLhely+GCOPH51Zn1UqZedj3qyywb9nWwYNNdyWtHt/WKLM6sZ09G85XXzli+PF1+K11ePMf45fh/EkpJqNSbvy2ZGSOh4bglIakey4H6eql+bEO6/5n1JLNeyqyX+zL7Vd1uOtDKSdJcHutlyuPpuJKWX9B4rm7joznlb02XA+kb9fW4HrIPaoZbHtT3qyq263jTs9lPm6r/2L5FlZyWzk2p4RzUrrx+4NODMZyWDScrWl4z1UZ87sjGu9aUNz1xdCSnHckDSRo/6Sr+vu8tX/yJ+w/uXdnyqtdq8a8rpfFLXcX/8VXHXr7m4Fe/0ho/bf8XY/xyV/EveXTopauevGN1bv8cj/1T6Sr+xAtPfX7V2dcfym3/PTH+QFfx1x8+1r/kxKOP5bZ/PPbPYFfxn3/fB35y37MPv5gbP8T4Q13F33R45xf6R09clBv/sdg/w92Nn1cOXfHc6OjPxvLiPxPjL+kq/tf33/3ee5fdeWXu8d0Q+2ekq/gfuvCR2xefePj8vHNnck+vPjkB3pzOSq+xPpeud5tnzldDvvBXY5XaNd/i9P8lvdxQxvR2li5gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzkz/dNtlH7/6/R/ZWElCSHLqTLURnysvWr9+rIvtTrzw1OdXnX39ocaylV3EAQAAAIrFPLxULxkIK8PNyWA4r239OEdwXlxLmsuzcwgxTnaOoNs4pTZxSl3EKfeoPZUexenrUZxFPYrT36M4AwVxBkJncQZniVOZHgEdtmdo1vZ0Hme4R3EW9yjOkkyIbuMs7VF7lvUozsiscTofh8t7FGdFj+Kc1aM4Z2d6qNs4b+lRe36lR3HO6VGc7JzyXMfhkrTmuXlxqg/KhXEqSbn+RLv59HPS7Zw/z+0MF2xnSdHncYfbGexwO2/PvK40x+0MdLidy+a5naTD7fzaPLdTKthOHLe3ZNsXtxPXOhz/t/Yozr4exfl0j+Lc1qM4f9KjOH/aozifCc0Xp3ONA9CpmP/P5Hsjob/yG2EoPeNkZwFivruq+rP18y7vhBTjvS1TvqgoXjZRz8Rb1Wn7jqdPZCcQMvFWZ8r7muJV6lfb9fa1xhtojLcm8+Rs+/u+9e3b1hjv4kx5/yzxmnYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6Cf7rtso9f/f6PbAxJmP6vrak24nPlRevXj3Wx3SMb71pT3vTE0cay/koXgQAAAIBCMQ/vq5cMhP7KutCfLGqqN5DOAwyk6+WR2nJ0adgwvUzGStX1oWT5rK+rpK9bu2f7zrW7b933zq3bJ26cvHFyx3vWXbbuivHLr7h87Zat2ybHaz9D6C+IF0KoTj/svnXfpya2bZvctbtWmG3/yvR1K9P1JH3d6LvC+PTyQNr+FQXbK7Vsb+EeFB89AAAAAAAAAAAAAAAA/j+79hsiaV0HAPz7zMzOjKuXG/4bD+8czlOsrPRaQ0vcB4IE/xwuQsxamxx5krR6h96J2aQHqSlFoBwcF77owiRNeuOflMg/HBhmCe11hEr5ol4UWoaKL0KZ2N155t/OONskt+f1+byY55nv7/v7fX+/h+Pg+8wCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBozdcnZ2tT0zPjSUQyIKfRRzaWL6ZpdYS6X3ly+w9K6985szNWKoywEAAAADBU1oePtSLlKBXykY+TF79tiI6BaPf9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/5/5+uRsbWp65ugkIhmQ0+gjG8sX07Q6Qt1X33r4sy+tX/+3zlhlhHUAAACA4bI+PNeKlKMSp8VYcvJC59+KZu8G1vbMX8pry9ZZt8K83ncHg/JOW2HeGSvM+9iQvM3N680BAAAAH35Z/19oRSaiVFizrB/O+v9hfX2Wd2pPXr55rXYmva/iSpIAAACAFcj6/1IrUolSodLq11fa729ohxZ/Os/mD/vdPpt/ek9eNn/Y7/mXNa9+pwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD4/5+uRsbWp6Jp9EJANyGn1kY/limlZHqLvpqfF/XLL/jg2dsVJhhIUAAACAobI+vN16l6NUGI+xOHqx719/0X2PfunRxycjYqnNLxbj5i07dtywaeEzNmV557ywf+z7z73+7WV55yx9rtoBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD8x8fXK2NjU9c1QSkQzIafSRjeWLaVodoe4rn//iXx48+MRrnbHKCOsAAAAAw2V9eLv3L0clilGMExe/dfb6C3I98we9MwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOHDd+85ZvbJmb23qDm9W5aeQjDoNt/I832T+nw2U/H/6b8mpvY3X/XwIAAD54p0YSjf/SSZev9q4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDDwXx9crY2NT1TTiKSATmNTKkdyMbyxTStjlA3ffLF0pp3nnqmM1YZYR0AAABguKwPb/f+5ajEWIzFCYvf+r0TaCz0/xOHcJMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAYWW+Pjlbm5qeWZNEJANyGn1kY/limlZHqPvArr2fu//Y713cGSsVRlgIAAAAGCrrw4utSDlKhY9HKU5pfp/rnpDkm9f+7wXa87Z3TRtf8bx617z8+81LChGteXf1nKzQPM3SvHK23sTStVWv2p6Xa86rdsyrRKt8tTVv8WHt7qq2Zsj5lj95AAAAOHSy/r/UikxEqVDq6P9/2rwe1bwO6nNzh3bjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBhZ74+OVubmp5JkohkQE6jj2wsX0zT6gh1b/ntR4/56s/u3tkZq4ywDgAAADBc1oe3e/9yVGJdfCTWLfb9MdGdn+X9s/bu/ff+669nRpx94oH1hd5lf5Td/PqVC5/u/YjIdWfnIo5t1ksG1PvN7++9aWPj3Qcjzj4hf8qyevH+9bqXTBuP1bZetuO5A9uHPBwAAAA4QmT9/1grMhGlwvUD+/+s8x7S/7csNuDH3rTrF8c3P5sdec+M3ESzXm5AvS9sfPjPp5/399cX+v/l9T7Zuvv03uvuP76r4FKkR5I2pq7bufnAufty2amX6ud76mfP5cvfeu3f19x8z7tL9ctRbsbX9mxlqdryz57ykTbmcntmLn1vT727fmHA+e/43TMHf7X27rcX6r916nir/hnRr/7SyQsD68dRaWP8ijt3n793/+bu+hFR7Vf/jbcvjpP+eO3tvecfj4NdC3c++c7P3geQNl7Y8Oa+8+6rXNBdP+mpnz3/nx98YPdP7vnu41n97G9FzjwtVlg/11P/+buO2/XsbZev7a6fG3D+p698af226nf+0Hv+q7tWLQzcxfLzP3TWI1e9vCW9tXcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgyDJfn5ytTU3P5JKIZEBOo49sLF9M0+oIdV+95MU3rrz7xz/sjFVGWAcAAAAYLuvD271/OSpRjGKML/b9j9W2XrbjuQPbY2JpNGleC3PbbtzxiWu27bz+6lXaOQAAALBSr16SLPb/hVZkIkqFjTHW7P+nrtu5+cC5+3JZ/59buCYRcc21c1vPjlbe83cdt+vZ2y5f23pPELH4ZwHlhbzPtPMuuvDFiTf/9PXT++Ztaue9sOHNfefdV7kgy4vOvHOi9X7iobMeuerlLemtrf115n3qa9vmmq8nsnXHr7hz9/l792/OZe8xmtfx5rpZ3lxuz8yl7+2p5yaitDCeb+aVm+cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJabr0/O1qamZyIfkQzIaXRqBrKxfDFNqyPUvXTjL28/5p0n1nXGSoURFgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYX9+gmNo+zjAP48u8mbTTZpk/YFo2KaVkWphxYFEb2oqEgrUvBUKVJt7UEUBBGlHkylFUtVvAhWL0VUUKMUKthYLK2Siv+KFw8qKFQPQikGNUvxoJLNM5vNZKcbt1VQPh9YnnmemfnOb+Z5MpsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5VerqG6+2xXQ/Vbr/g5k+euHf68Vvfe2DHZY+98cPolhs/3t/36unJrSu3fX3T8i2H7ls3sfelo78OvPP7ibbBj842q1O3EkI8FUOovD/1/JOTn543MxZDCOU4OBbCUFx2dCjmEtb+FkLY2qhz/s4D01dtm2l37OmZN740F5K/r1AtZ/XMGpxfL/8tlbTOttceuSJ8e8PGnZ+vePut7vGTY3OHxJljymk9hbBkc/P53SGE3vSZka224ezk1G4IIfQ1nXdNm7ouXmT9a0Ko5fp1F6b2f6mttsnJ9q/K9Uu54/L9THeu7WtzvbNVVEfb43o7u17/3ObPPU3zeq6UymljTW48tUOpfTe1q/9ifjn7xFCKoatR/v1xbo2EpnmLIdbnstLolxpzG9L95/ox1y/l+uXu3H3Vr5sWWjnG+ePZcbnx7HXclcZXNr+rW7ijYPz81FbSH+rprB/yG7OqCzYa91WX1TV1hlr+CaWmd1Cr8cbEp8moprFqXLbgnD9ayPZNbnz60vKmD44NFtQR98eUHzvK3/7ZUP9db+5+eLgof3Mp5Zc6yv9u/fGf7tz98ouF+c9l+eWO8q883Hdq/Ye7VhU+n6m5N8hi8mPqZ/vuPvHRMyv+f894q7muZ+7Lnn+lo/qvnzjeM1A7fKSw/rXZ8+ntKP+b6275/vUvD54szA9Zfl9H+ZsmHny2Z6R2eWH+kdk/hWp9hXawfn4Zv/qrkZEfR4vyv8ie/0CL/Ng2/7Wxvde+snTPusL1uSF7PoMpf+EX25nyb7vk0M7+2sGLit6dcd9iv2EBaGV5+h/rqdRv9zvzwHSp5e/Ms9X0e+GF0a7Zb6D+9Bk4lxfKmbnOkr8xHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAP9mBAxIAAAAAQf9ftyNQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//742DgQ=") r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0x44) 8.549326252s ago: executing program 2 (id=614): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r3}, 0x18) ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000540)={0x48, 0x8, r2, 0x0, 0x7a6, 0xffe7, &(0x7f0000000500)="0ec67ba17264d20f00000000000000", 0x4}) 5.860063155s ago: executing program 0 (id=622): r0 = socket$inet6_udp(0xa, 0x2, 0x0) syz_io_uring_setup(0x35ff, &(0x7f0000000080)={0x0, 0x0, 0x3c00, 0x3, 0x0, 0x0, 0x0}, &(0x7f0000000100), &(0x7f0000000180)) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000180)={'dt2815\x00', [0x1, 0x842, 0xfffffff8, 0x9, 0x6, 0x3, 0x88, 0x1, 0x8, 0x10000, 0x4, 0xee4, 0x3, 0xbc06, 0x5, 0x4, 0x7, 0x80000000, 0x5d766b32, 0xba04, 0x9, 0x8000, 0x3, 0x7, 0x4, 0x2, 0x23, 0x5, 0x5, 0x9, 0x1, 0x6]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r0, 0x0, 0x3}, 0x18) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40040) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r3, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x2000c000) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r2) 4.311579802s ago: executing program 0 (id=627): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) fcntl$setpipe(r1, 0x407, 0x10003ff) 4.054397904s ago: executing program 1 (id=628): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0xfffffffd}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000002c0)={0x100042, 0xf7, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r2, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0xfffd}}, 0x10, 0x0}, 0x0) 3.513959494s ago: executing program 1 (id=630): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 3.328651478s ago: executing program 4 (id=631): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$P9_RGETATTR(r0, &(0x7f0000000500)={0xa0, 0x19, 0x2, {0x2881, {0x1, 0x4, 0x5}, 0x4, 0x0, 0xffffffffffffffff, 0x70d, 0x9800000000000000, 0xff, 0x3, 0x3, 0x0, 0x185, 0x40, 0x400, 0x8, 0x100, 0xf, 0x9, 0x401, 0x9}}, 0xa0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000008385000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1}}, 0x3c) close(r3) 3.043368474s ago: executing program 0 (id=632): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = open_tree(0xffffffffffffffff, 0x0, 0x100) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_DISABLE(r1, 0x0, 0x8000) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000000)={0x2000}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 2.8440832s ago: executing program 2 (id=633): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x6a, 0xa, 0xff00}, [@call={0xc}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)={@ifindex, r3, 0x11, 0x0, 0x0, @void, @value=r2}, 0x20) syz_emit_ethernet(0x42, &(0x7f0000000400)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local, {[@lsrr={0x83, 0x7, 0xc1, [@multicast1]}, @ssrr={0x89, 0x3, 0x21}]}}, @timestamp={0xd, 0x0, 0x0, 0xc, 0x3, 0xb, 0x401, 0x8000}}}}}, 0x0) 2.614509881s ago: executing program 4 (id=634): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x7, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[], 0x548}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 2.372483699s ago: executing program 1 (id=635): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x6, 0x4, 0x1c000000, 0x2, "0062ba7d820740ff00"}) ppoll(&(0x7f00000000c0)=[{r0, 0x2}], 0x1, 0x0, 0x0, 0x0) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000280)=0x13) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000340)={0x9, 0x3, 0x8, 0xde, 0x8, "19c92f4e77ea25e0972dde3d217a088f256352", 0x8, 0x6}) 2.366988743s ago: executing program 0 (id=636): r0 = socket$inet6_udp(0xa, 0x2, 0x0) syz_io_uring_setup(0x35ff, &(0x7f0000000080)={0x0, 0x0, 0x3c00, 0x3, 0x0, 0x0, 0x0}, &(0x7f0000000100), &(0x7f0000000180)) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000180)={'dt2815\x00', [0x1, 0x842, 0xfffffff8, 0x9, 0x6, 0x3, 0x88, 0x1, 0x8, 0x10000, 0x4, 0xee4, 0x3, 0xbc06, 0x5, 0x4, 0x7, 0x80000000, 0x5d766b32, 0xba04, 0x9, 0x8000, 0x3, 0x7, 0x4, 0x2, 0x23, 0x5, 0x5, 0x9, 0x1, 0x6]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r0, 0x0, 0x3}, 0x18) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40040) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r3, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c000) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r2) 2.265035744s ago: executing program 2 (id=637): r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) close(r0) io_uring_setup(0x2c93, &(0x7f00000000c0)={0x0, 0xfffffffe, 0x3000, 0x0, 0x9fc}) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001200), 0x101101, 0x0) ioctl$TCSBRKP(r1, 0x5425, 0x6) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 2.140175621s ago: executing program 4 (id=638): socket$phonet_pipe(0x23, 0x5, 0x2) syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x40800, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f00000000c0)={r0, r0, 0x206, 0x0, 0x0, 0x2, 0x72, 0x1, 0x3, 0x7, 0x0, 0x8, 'syz1\x00'}) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r2, 0x4b52, &(0x7f0000000000)={0x2, {0x2, 0x0, 0x1, 0xb31d, 0x0, 0x4}}) 1.867103791s ago: executing program 1 (id=639): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x802) 1.508138624s ago: executing program 4 (id=640): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r3 = open_tree(0xffffffffffffffff, 0x0, 0x100) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r5, 0x0, 0x1}, 0x18) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_DISABLE(r3, 0x0, 0x8000) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000000)={0x2000}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 1.231821809s ago: executing program 0 (id=641): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.182854206s ago: executing program 1 (id=642): bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={r0}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) 956.484774ms ago: executing program 2 (id=643): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@remote, @random="00006a9ce7f3", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '@\x00', 0x14, 0x6, 0x0, @private0={0xfc, 0x0, '\x00', 0x3}, @local, {[], {{0x4e20, 0x4e21, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x2, 0x0, 0x5}}}}}}}, 0x0) 711.981998ms ago: executing program 4 (id=644): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x1ff, 0x0, 0xeeee8000, 0x1000, &(0x7f0000001000/0x1000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 424.895013ms ago: executing program 1 (id=645): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = open_tree(0xffffffffffffffff, 0x0, 0x100) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_DISABLE(r1, 0x0, 0x8000) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000000)={0x2000}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 309.764113ms ago: executing program 2 (id=646): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000005c0), 0x10) recvmmsg(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x600181a2, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000540)={0x1d, r1}, 0x10, &(0x7f0000000480)={&(0x7f0000000140)=@can={{0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, "000000000000001e"}, 0x10}}, 0x4040) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 14.638498ms ago: executing program 0 (id=647): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x20440, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 4 (id=648): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) kernel console output (not intermixed with test programs): T6596] workqueue: max_active 40574 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048 [ 251.648118][ T6596] workqueue: max_active 40574 requested for btrfs-rmw is out of range, clamping between 1 and 2048 [ 251.673557][ T6596] workqueue: max_active 40574 requested for btrfs-endio-write is out of range, clamping between 1 and 2048 [ 251.695854][ T6596] workqueue: max_active 40574 requested for btrfs-compressed-write is out of range, clamping between 1 and 2048 [ 251.760289][ T6596] BTRFS info (device loop0): rebuilding free space tree [ 251.805238][ T6617] loop8: detected capacity change from 0 to 7 [ 251.816917][ T6617] Dev loop8: unable to read RDB block 7 [ 251.823702][ T6617] loop8: unable to read partition table [ 251.837681][ T6616] geneve2: entered promiscuous mode [ 251.851266][ T3974] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 60225 - 0 [ 251.871925][ T6596] BTRFS info (device loop0): setting nodatasum [ 251.878290][ T6596] BTRFS info (device loop0): enabling ssd optimizations [ 251.884756][ T3974] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 60225 - 0 [ 251.886168][ T6596] BTRFS info (device loop0): enabling free space tree [ 251.903507][ T6596] BTRFS info (device loop0): force clearing of disk cache [ 251.907118][ T6617] loop8: partition table beyond EOD, [ 251.910996][ T6596] BTRFS info (device loop0): doing ref verification [ 251.911117][ T6596] BTRFS info (device loop0): trying to use backup root at mount time [ 251.932291][ T6617] truncated [ 251.935605][ T6617] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 251.984883][ T3974] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 60225 - 0 [ 252.048644][ T3974] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 60225 - 0 [ 252.347904][ T5815] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 253.119615][ T6620] loop3: detected capacity change from 0 to 32768 [ 255.763727][ T6660] team_slave_0: entered promiscuous mode [ 255.769670][ T6660] team_slave_1: entered promiscuous mode [ 255.781792][ T6660] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 255.901027][ T6661] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 256.129745][ T6665] loop8: detected capacity change from 0 to 8 [ 256.178188][ T6665] Dev loop8: unable to read RDB block 8 [ 256.184459][ T6665] loop8: unable to read partition table [ 256.252119][ T6665] loop8: partition table beyond EOD, truncated [ 256.258705][ T6665] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 256.264027][ T6667] loop0: detected capacity change from 0 to 512 [ 256.532316][ T6667] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 256.545463][ T6667] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 256.651441][ T6675] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 257.210549][ T5815] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.695880][ T6688] batadv_slave_1: entered promiscuous mode [ 257.775844][ T6687] batadv_slave_1: left promiscuous mode [ 257.986391][ T6692] loop1: detected capacity change from 0 to 256 [ 258.106269][ T6692] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b14, utbl_chksum : 0xe619d30d) [ 258.218200][ T6697] loop2: detected capacity change from 0 to 128 [ 258.374782][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 258.374850][ T30] audit: type=1800 audit(1758544665.924:17): pid=6697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.247" name="file2" dev="loop2" ino=1048605 res=0 errno=0 [ 258.382372][ T6697] syz.2.247: attempt to access beyond end of device [ 258.382372][ T6697] loop2: rw=0, sector=2070, nr_sectors = 1 limit=128 [ 258.856043][ T6703] loop1: detected capacity change from 0 to 1024 [ 258.900999][ T6703] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 258.957180][ T6703] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 259.088874][ T6708] loop2: detected capacity change from 0 to 1024 [ 259.163299][ T6708] EXT4-fs: Ignoring removed bh option [ 259.306473][ T6708] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 259.368289][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.591907][ T6716] sctp: [Deprecated]: syz.4.255 (pid 6716) Use of int in max_burst socket option deprecated. [ 259.591907][ T6716] Use struct sctp_assoc_value instead [ 259.819308][ T5819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.179712][ T6729] process 'syz.1.260' launched '/dev/fd/3' with NULL argv: empty string added [ 260.541216][ T6721] loop3: detected capacity change from 0 to 4096 [ 260.578171][ T6721] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 260.636837][ T6734] loop4: detected capacity change from 0 to 2048 [ 260.686518][ T6734] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 260.759028][ T6734] syz.4.261: attempt to access beyond end of device [ 260.759028][ T6734] loop4: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 260.776946][ T6738] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 260.885764][ T6734] syz.4.261: attempt to access beyond end of device [ 260.885764][ T6734] loop4: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 260.900321][ T6734] NILFS (loop4): I/O error reading meta-data file (ino=6, block-offset=3) [ 260.914364][ T6734] NILFS (loop4): error -5 reading inode: ino=15 [ 261.380901][ T6737] loop1: detected capacity change from 0 to 32768 [ 261.559437][ T6737] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names [ 261.559591][ T6737] allowing incompatible features above 0.0: (unknown version) [ 261.559673][ T6737] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 261.559823][ T6737] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 261.559958][ T6737] bcachefs (loop1): initializing new filesystem [ 261.574643][ T6737] bcachefs (loop1): going read-write [ 261.620723][ T6721] ntfs3(loop3): Failed to initialize $Extend/$ObjId. [ 261.682806][ T6737] bcachefs (loop1): marking superblocks [ 261.736210][ T6737] bcachefs (loop1): initializing freespace [ 261.762639][ T6737] bcachefs (loop1): done initializing freespace [ 261.780734][ T6737] bcachefs (loop1): reading snapshots table [ 261.787123][ T6737] bcachefs (loop1): reading snapshots done [ 261.899861][ T6737] bcachefs (loop1): done starting filesystem [ 262.094284][ T5829] bcachefs (loop1): shutting down [ 262.099490][ T5829] bcachefs (loop1): going read-only [ 262.105094][ T5829] bcachefs (loop1): finished waiting for writes to stop [ 262.145111][ T5829] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3 [ 262.375927][ T5829] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3 [ 262.406087][ T5829] bcachefs (loop1): clean shutdown complete, journal seq 4 [ 262.442794][ T5829] bcachefs (loop1): marking filesystem clean [ 262.598308][ T6760] loop0: detected capacity change from 0 to 2048 [ 262.602280][ T5829] bcachefs (loop1): shutdown complete [ 262.759991][ T6760] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 262.974263][ T6766] loop3: detected capacity change from 0 to 256 [ 263.870291][ T6781] loop0: detected capacity change from 0 to 1024 [ 263.951141][ T6781] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 263.964382][ T6781] ext4 filesystem being mounted at /62/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 264.253771][ T4218] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 264.341027][ T4218] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 131075 with max blocks 1 with error 28 [ 264.354929][ T4218] EXT4-fs (loop0): This should not happen!! Data will be lost [ 264.354929][ T4218] [ 264.366976][ T4218] EXT4-fs (loop0): Total free blocks count 0 [ 264.374031][ T4218] EXT4-fs (loop0): Free/Dirty block details [ 264.380092][ T4218] EXT4-fs (loop0): free_blocks=4293918720 [ 264.386358][ T4218] EXT4-fs (loop0): dirty_blocks=16 [ 264.393780][ T4218] EXT4-fs (loop0): Block reservation details [ 264.399963][ T4218] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 264.501671][ T5815] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.978647][ T6799] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 265.975577][ T6810] loop4: detected capacity change from 0 to 1764 [ 266.460785][ T6816] loop0: detected capacity change from 0 to 128 [ 266.647326][ T6816] FAT-fs (loop0): error, invalid FAT chain (i_pos 548, last_block 8) [ 266.656410][ T6816] FAT-fs (loop0): Filesystem has been set read-only [ 266.705632][ T30] audit: type=1800 audit(1758544674.164:18): pid=6816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.290" name="file1" dev="loop0" ino=1048606 res=0 errno=0 [ 267.047625][ T6814] loop2: detected capacity change from 0 to 32768 [ 267.494504][ T6820] loop4: detected capacity change from 0 to 32768 [ 267.542692][ T6820] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.291 (6820) [ 267.568654][ T6820] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 267.579366][ T6820] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 267.650804][ T5875] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 267.777339][ T6814] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 267.777483][ T6814] allowing incompatible features above 0.0: (unknown version) [ 267.777556][ T6814] features: [ 267.802576][ T6820] BTRFS info (device loop4): enabling ssd optimizations [ 267.809106][ T6814] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 267.809257][ T6814] bcachefs (loop2): initializing new filesystem [ 267.812937][ T6820] BTRFS info (device loop4): enabling free space tree [ 267.841818][ T6814] bcachefs (loop2): going read-write [ 267.880128][ T6814] bcachefs (loop2): marking superblocks [ 267.931098][ T6814] bcachefs (loop2): initializing freespace [ 267.953963][ T5875] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 267.957352][ T6814] bcachefs (loop2): done initializing freespace [ 267.963770][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.979826][ T5875] usb 2-1: Product: syz [ 267.985041][ T5875] usb 2-1: Manufacturer: syz [ 267.989012][ T6814] bcachefs (loop2): reading snapshots table [ 267.989803][ T5875] usb 2-1: SerialNumber: syz [ 267.999231][ T6814] bcachefs (loop2): reading snapshots done [ 268.118520][ T6814] bcachefs (loop2): done starting filesystem [ 268.503338][ T5821] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 269.382109][ T5875] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 269.394872][ T5875] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 269.405525][ T5875] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 269.529957][ T6860] netlink: 'syz.0.299': attribute type 2 has an invalid length. [ 269.556395][ T5875] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 269.642934][ T5875] usb 2-1: USB disconnect, device number 5 [ 270.619609][ T6862] loop3: detected capacity change from 0 to 32768 [ 270.830860][ T5875] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 270.926626][ T5819] bcachefs (loop2): shutting down [ 270.932230][ T5819] bcachefs (loop2): going read-only [ 270.937883][ T5819] bcachefs (loop2): finished waiting for writes to stop [ 270.990716][ T5819] bcachefs (loop2): flushing journal and stopping allocators, journal seq 6 [ 271.165627][ T6877] skbuff: bad partial csum: csum=65506/2 headroom=178 headlen=65526 [ 271.378837][ T5819] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 6 [ 271.413957][ T5819] bcachefs (loop2): clean shutdown complete, journal seq 7 [ 271.449933][ T5819] bcachefs (loop2): marking filesystem clean [ 271.674198][ T5819] bcachefs (loop2): shutdown complete [ 271.702473][ T6874] loop1: detected capacity change from 0 to 32768 [ 271.738740][ T5875] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 271.748254][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.752702][ T6862] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 271.783586][ T6862] allowing incompatible features above 0.0: (unknown version) [ 271.792551][ T6862] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 271.807412][ T6862] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 271.815994][ T6862] bcachefs (loop3): initializing new filesystem [ 271.836707][ T6862] bcachefs (loop3): going read-write [ 271.898386][ T5875] usb 1-1: config 0 descriptor?? [ 271.917651][ T6862] bcachefs (loop3): marking superblocks [ 271.931411][ T5875] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 271.966494][ T6862] bcachefs (loop3): initializing freespace [ 271.998430][ T6862] bcachefs (loop3): done initializing freespace [ 272.018391][ T6862] bcachefs (loop3): reading snapshots table [ 272.025223][ T6862] bcachefs (loop3): reading snapshots done [ 272.235854][ T6862] bcachefs (loop3): done starting filesystem [ 272.331308][ T30] audit: type=1800 audit(1758544679.864:19): pid=6862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.300" name="file1" dev="loop3" ino=4098 res=0 errno=0 [ 272.388304][ T5875] cpia1 1-1:0.0: unexpected state after lo power cmd: 00 [ 272.521529][ T5824] bcachefs (loop3): shutting down [ 272.526737][ T5824] bcachefs (loop3): going read-only [ 272.532486][ T5824] bcachefs (loop3): finished waiting for writes to stop [ 272.596964][ T5875] gspca_cpia1: usb_control_msg 01, error -32 [ 272.625538][ T5875] gspca_cpia1: usb_control_msg 01, error -71 [ 272.633901][ T5875] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0) [ 272.671952][ T5824] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3 [ 272.690943][ T5875] usb 1-1: USB disconnect, device number 4 [ 272.945413][ T5824] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3 [ 273.080260][ T5824] bcachefs (loop3): clean shutdown complete, journal seq 4 [ 273.104489][ T5824] bcachefs (loop3): marking filesystem clean [ 273.338996][ T5824] bcachefs (loop3): shutdown complete [ 273.771675][ T6888] Dead loop on virtual device ip6_vti0, fix it urgently! [ 273.780535][ T6888] Dead loop on virtual device ip6_vti0, fix it urgently! [ 273.788902][ T6888] Dead loop on virtual device ip6_vti0, fix it urgently! [ 273.797452][ T6888] Dead loop on virtual device ip6_vti0, fix it urgently! [ 273.806137][ T6888] Dead loop on virtual device ip6_vti0, fix it urgently! [ 273.816326][ T6888] Dead loop on virtual device ip6_vti0, fix it urgently! [ 274.352103][ T6893] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 274.365367][ T5875] IPVS: starting estimator thread 0... [ 274.480752][ T6895] IPVS: using max 240 ests per chain, 12000 per kthread [ 275.357779][ T6897] loop0: detected capacity change from 0 to 40427 [ 275.371896][ T6897] F2FS-fs (loop0): build fault injection rate: 14 [ 275.378541][ T6897] F2FS-fs (loop0): build fault injection type: 0x3bfe8c [ 275.395847][ T6897] F2FS-fs (loop0): invalid crc value [ 275.431107][ C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of bio_endio+0xeb1/0x1010 [ 275.480086][ C0] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of bio_endio+0xeb1/0x1010 [ 275.729202][ T6897] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 275.738581][ T6897] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 275.761023][ T6897] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 275.807427][ T6897] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 275.833314][ T6897] F2FS-fs (loop0): inject inconsistent footer in sanity_check_node_footer of f2fs_get_inode_folio+0x40/0x50 [ 275.845414][ T6897] F2FS-fs (loop0): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0] [ 275.966553][ T5815] syz-executor: attempt to access beyond end of device [ 275.966553][ T5815] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 275.981165][ T5815] CPU: 1 UID: 0 PID: 5815 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 275.981299][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 275.981379][ T5815] Call Trace: [ 275.981424][ T5815] [ 275.981469][ T5815] __dump_stack+0x26/0x30 [ 275.981639][ T5815] dump_stack_lvl+0x1df/0x270 [ 275.981810][ T5815] dump_stack+0x1e/0x25 [ 275.981951][ T5815] f2fs_handle_critical_error+0xa6f/0xc20 [ 275.982173][ T5815] f2fs_stop_checkpoint+0x65/0x80 [ 275.982357][ T5815] f2fs_write_end_io+0x101c/0x1bc0 [ 275.982528][ T5815] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 275.982661][ T5815] bio_endio+0xeb1/0x1010 [ 275.982801][ T5815] submit_bio_noacct+0x213/0x2750 [ 275.983002][ T5815] submit_bio+0x57c/0x630 [ 275.983160][ T5815] f2fs_submit_write_bio+0x92/0x250 [ 275.983331][ T5815] __submit_merged_bio+0x16f/0x6a0 [ 275.983489][ T5815] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 275.983649][ T5815] __submit_merged_write_cond+0x458/0x9a0 [ 275.983840][ T5815] f2fs_write_data_pages+0x4bb2/0x5480 [ 275.984149][ T5815] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 275.984297][ T5815] ? folios_put_refs+0x21/0xb10 [ 275.984460][ T5815] ? filter_irq_stacks+0x49/0x190 [ 275.984584][ T5815] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 275.984738][ T5815] ? stack_depot_save_flags+0x35/0x7b0 [ 275.984867][ T5815] ? kmsan_get_metadata+0xfb/0x160 [ 275.985022][ T5815] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 275.985166][ T5815] ? kmsan_get_metadata+0xfb/0x160 [ 275.985311][ T5815] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 275.985458][ T5815] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 275.985647][ T5815] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 275.985828][ T5815] do_writepages+0x3f2/0x860 [ 275.985964][ T5815] ? _raw_spin_unlock+0x30/0x50 [ 275.986116][ T5815] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 275.986322][ T5815] filemap_fdatawrite+0x207/0x260 [ 275.986537][ T5815] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 275.986710][ T5815] f2fs_write_checkpoint+0xfe2/0x2b00 [ 275.986961][ T5815] kill_f2fs_super+0x2ff/0x970 [ 275.987116][ T5815] ? __pfx_kill_f2fs_super+0x10/0x10 [ 275.987255][ T5815] deactivate_locked_super+0xcb/0x3c0 [ 275.987409][ T5815] deactivate_super+0x12f/0x140 [ 275.987550][ T5815] cleanup_mnt+0x6fb/0x780 [ 275.987721][ T5815] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 275.987870][ T5815] ? __pfx___cleanup_mnt+0x10/0x10 [ 275.988034][ T5815] __cleanup_mnt+0x22/0x30 [ 275.988191][ T5815] task_work_run+0x206/0x2b0 [ 275.988344][ T5815] exit_to_user_mode_loop+0x2a6/0x330 [ 275.988492][ T5815] do_syscall_64+0x1e3/0x210 [ 275.988619][ T5815] ? irqentry_exit+0x16/0x60 [ 275.988778][ T5815] ? clear_bhb_loop+0x40/0x90 [ 275.988911][ T5815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.989047][ T5815] RIP: 0033:0x7fe5269901f7 [ 275.989146][ T5815] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 275.989255][ T5815] RSP: 002b:00007ffe4932c2b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 275.989380][ T5815] RAX: 0000000000000000 RBX: 00007fe526a11d7d RCX: 00007fe5269901f7 [ 275.989470][ T5815] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe4932c370 [ 275.989552][ T5815] RBP: 00007ffe4932c370 R08: 0000000000000000 R09: 0000000000000000 [ 275.989636][ T5815] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe4932d400 [ 275.989723][ T5815] R13: 00007fe526a11d7d R14: 000000000004359a R15: 00007ffe4932d440 [ 275.989842][ T5815] [ 275.989894][ T5815] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 276.627437][ T6911] loop1: detected capacity change from 0 to 4096 [ 276.763671][ T6917] loop4: detected capacity change from 0 to 256 [ 277.046404][ T6917] FAT-fs (loop4): Directory bread(block 64) failed [ 277.053567][ T6917] FAT-fs (loop4): Directory bread(block 65) failed [ 277.060662][ T6917] FAT-fs (loop4): Directory bread(block 66) failed [ 277.067365][ T6917] FAT-fs (loop4): Directory bread(block 67) failed [ 277.074534][ T6917] FAT-fs (loop4): Directory bread(block 68) failed [ 277.081421][ T6917] FAT-fs (loop4): Directory bread(block 69) failed [ 277.088275][ T6917] FAT-fs (loop4): Directory bread(block 70) failed [ 277.099721][ T6917] FAT-fs (loop4): Directory bread(block 71) failed [ 277.108432][ T6917] FAT-fs (loop4): Directory bread(block 72) failed [ 277.115416][ T6917] FAT-fs (loop4): Directory bread(block 73) failed [ 277.437694][ T6917] Process accounting resumed [ 279.357086][ T6933] loop4: detected capacity change from 0 to 2048 [ 279.489064][ T6935] loop1: detected capacity change from 0 to 1024 [ 279.509478][ T6933] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 279.517690][ T6933] UDF-fs: Scanning with blocksize 512 failed [ 279.577410][ T6937] loop0: detected capacity change from 0 to 512 [ 279.578277][ T6919] loop2: detected capacity change from 0 to 32768 [ 279.605588][ T6933] UDF-fs: warning (device loop4): udf_fill_super: No partition found (2) [ 279.630130][ T6919] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.318 (6919) [ 279.708166][ T6919] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 279.719390][ T6919] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 279.759896][ T6937] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 279.773019][ T6937] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 279.787704][ T6933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.322'. [ 279.807953][ T6935] hfsplus: xattr searching failed [ 279.822392][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 279.823313][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 279.835262][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 279.846908][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 279.858539][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 279.868941][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 279.879471][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 279.889774][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 279.899664][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 279.911251][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 279.943795][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 279.954532][ T6919] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 279.978587][ T30] audit: type=1800 audit(1758544687.524:20): pid=6937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.325" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 280.068820][ T6919] BTRFS error (device loop2): open_ctree failed: -12 [ 280.434430][ T5815] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.822106][ T5876] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 281.004256][ T5876] usb 4-1: Using ep0 maxpacket: 8 [ 281.095046][ T5876] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 281.103890][ T5876] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 281.114053][ T5876] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 281.124725][ T5876] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 281.134933][ T5876] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 281.148283][ T5876] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 281.157656][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.017939][ T5876] usb 4-1: usb_control_msg returned -32 [ 282.024281][ T5876] usbtmc 4-1:16.0: can't read capabilities [ 282.782329][ T5875] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 282.996598][ T5875] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 283.006109][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.015213][ T5875] usb 2-1: Product: syz [ 283.019568][ T5875] usb 2-1: Manufacturer: syz [ 283.024970][ T5875] usb 2-1: SerialNumber: syz [ 283.064338][ T5875] usb 2-1: config 0 descriptor?? [ 283.360259][ T6985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.337'. [ 283.369879][ T6985] netlink: 20 bytes leftover after parsing attributes in process `syz.0.337'. [ 283.446562][ T5875] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 283.528714][ T3938] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.563160][ T3938] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.609525][ T3938] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.637835][ T3938] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.662496][ T5872] usb 4-1: USB disconnect, device number 3 [ 283.713158][ C0] vcan0: j1939_tp_rxtimer: 0xffff888014d84800: rx timeout, send abort [ 283.968587][ T6991] Bluetooth: MGMT ver 1.23 [ 284.213930][ C0] vcan0: j1939_tp_rxtimer: 0xffff888014d85e00: rx timeout, send abort [ 284.230607][ C0] vcan0: j1939_tp_rxtimer: 0xffff888014d84800: abort rx timeout. Force session deactivation [ 284.494812][ T5876] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 284.722658][ C0] vcan0: j1939_tp_rxtimer: 0xffff888014d85e00: abort rx timeout. Force session deactivation [ 284.734479][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 284.746994][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 284.757748][ T5876] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 284.767577][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.972585][ T5876] usb 5-1: config 0 descriptor?? [ 285.237846][ T5875] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 285.272379][ T5875] usb 2-1: USB disconnect, device number 6 [ 285.512121][ T5876] cm6533_jd 0003:0D8C:0022.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 286.012722][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 286.021383][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 286.295593][ T5876] usb 5-1: USB disconnect, device number 2 [ 287.062375][ T7016] loop0: detected capacity change from 0 to 4096 [ 287.108265][ T7016] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512). [ 287.286699][ T7023] netlink: 32 bytes leftover after parsing attributes in process `syz.4.352'. [ 287.977842][ T7031] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 288.328991][ T7028] loop2: detected capacity change from 0 to 32768 [ 288.411898][ T7028] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 288.422148][ T7028] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 288.535855][ T7041] Bluetooth: hci0: unsupported parameter 65431 [ 288.542462][ T7041] Bluetooth: hci0: unsupported parameter 65431 [ 288.933083][ T7028] XFS (loop2): Ending clean mount [ 288.954842][ T7028] XFS (loop2): Quotacheck needed: Please wait. [ 288.996869][ T7028] XFS (loop2): Quotacheck: Done. [ 289.105009][ T5819] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 289.341509][ T5875] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 289.544694][ T5875] usb 5-1: Using ep0 maxpacket: 32 [ 289.573976][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 289.587174][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 289.598012][ T5875] usb 5-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 289.607554][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.952952][ T5875] usb 5-1: config 0 descriptor?? [ 290.538125][ T5875] magicmouse 0003:05AC:0265.0003: item fetching failed at offset 6/7 [ 290.601745][ T5875] magicmouse 0003:05AC:0265.0003: magicmouse hid parse failed [ 290.612452][ T5875] magicmouse 0003:05AC:0265.0003: probe with driver magicmouse failed with error -22 [ 290.731602][ T5875] usb 5-1: USB disconnect, device number 3 [ 291.488167][ T7058] loop0: detected capacity change from 0 to 40427 [ 291.512517][ T7058] F2FS-fs (loop0): invalid crc value [ 291.833454][ T7058] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 291.853521][ T7058] F2FS-fs (loop0): Start checkpoint disabled! [ 291.904184][ T7058] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 294.227729][ T7085] loop4: detected capacity change from 0 to 32768 [ 294.262545][ T7085] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.373 (7085) [ 294.303476][ T7085] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 294.314094][ T7085] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 294.404040][ T7087] serio: Serial port ttyS3 [ 294.486006][ T7085] BTRFS info (device loop4): setting nodatasum [ 294.492532][ T7085] BTRFS info (device loop4): setting nodatacow [ 294.503303][ T7085] BTRFS info (device loop4): enabling free space tree [ 294.512179][ T7085] BTRFS info (device loop4): max_inline set to 0 [ 294.837743][ T5821] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 297.257207][ T7121] loop1: detected capacity change from 0 to 32768 [ 297.532469][ T7121] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io [ 297.532602][ T7121] allowing incompatible features above 0.0: (unknown version) [ 297.532684][ T7121] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 297.580789][ T7121] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 297.589866][ T7121] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 297.599549][ T7121] bcachefs (loop1): Version upgrade required: [ 297.599549][ T7121] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 297.599549][ T7121] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 297.599549][ T7121] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 297.732332][ T7121] bcachefs (loop1): dropping and reconstructing all alloc info [ 297.745871][ T7124] loop0: detected capacity change from 0 to 32768 [ 297.754763][ T7124] XFS: ikeep mount option is deprecated. [ 297.760869][ T7124] XFS: noikeep mount option is deprecated. [ 297.829137][ T7124] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 297.867399][ T7121] bcachefs (loop1): accounting_read... done [ 297.925088][ T7121] bcachefs (loop1): alloc_read... done [ 297.937882][ T7121] bcachefs (loop1): snapshots_read... done [ 297.955823][ T7121] bcachefs (loop1): check_allocations... done [ 298.110234][ T7121] bcachefs (loop1): going read-write [ 298.116435][ T7121] bcachefs (loop1): insufficient writeable journal devices available: have 0, need 1 [ 298.116435][ T7121] rw journal devs: [ 298.202962][ T7121] bcachefs (loop1): done starting filesystem [ 298.239661][ T7124] XFS (loop0): Ending clean mount [ 298.263670][ T5827] Bluetooth: hci1: command 0x0406 tx timeout [ 298.270286][ T5109] Bluetooth: hci2: command 0x0406 tx timeout [ 298.276817][ T5109] Bluetooth: hci3: command 0x0406 tx timeout [ 298.292676][ T7124] XFS (loop0): Quotacheck needed: Please wait. [ 298.341122][ T7124] XFS (loop0): Quotacheck: Done. [ 298.471268][ T5829] bcachefs (loop1): shutting down [ 298.476466][ T5829] bcachefs (loop1): going read-only [ 298.482651][ T5829] bcachefs (loop1): finished waiting for writes to stop [ 298.509669][ T5829] bcachefs (loop1): flushing journal and stopping allocators, journal seq 10 [ 298.582310][ T5829] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 10 [ 298.649443][ T5829] bcachefs (loop1): unclean shutdown complete, journal seq 10 [ 298.668902][ T5815] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 298.742497][ T5829] bcachefs (loop1): done going read-only, filesystem not clean [ 298.873250][ T5829] bcachefs (loop1): shutdown complete [ 300.348552][ T7164] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 302.002025][ T7177] loop2: detected capacity change from 0 to 7 [ 302.023670][ T7177] Dev loop2: unable to read RDB block 7 [ 302.029929][ T7177] loop2: unable to read partition table [ 302.121456][ T7177] loop2: partition table beyond EOD, truncated [ 302.127983][ T7177] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 302.912692][ T7185] block nbd3: NBD_DISCONNECT [ 302.917814][ T7185] block nbd3: Send disconnect failed -107 [ 302.935768][ T7184] block nbd3: Disconnected due to user request. [ 302.943389][ T7184] block nbd3: shutting down sockets [ 303.805140][ T7188] loop2: detected capacity change from 0 to 32768 [ 303.994528][ T7194] loop1: detected capacity change from 0 to 32768 [ 304.059014][ T7188] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io [ 304.059143][ T7188] allowing incompatible features above 0.0: (unknown version) [ 304.059222][ T7188] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 304.107761][ T7188] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 304.117486][ T7188] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 304.132751][ T7188] bcachefs (loop2): Version upgrade required: [ 304.132751][ T7188] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 304.132751][ T7188] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 304.132751][ T7188] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 304.230322][ T7188] bcachefs (loop2): dropping and reconstructing all alloc info [ 304.285837][ T7188] bcachefs (loop2): accounting_read... done [ 304.297371][ T7188] bcachefs (loop2): alloc_read... done [ 304.307749][ T7188] bcachefs (loop2): snapshots_read... [ 304.343813][ T7194] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 304.343941][ T7194] allowing incompatible features above 0.0: (unknown version) [ 304.344018][ T7194] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 304.387106][ T7194] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 304.395671][ T7194] bcachefs (loop1): initializing new filesystem [ 304.413173][ T7194] bcachefs (loop1): going read-write [ 304.448574][ T7194] bcachefs (loop1): marking superblocks [ 304.476210][ T7188] done [ 304.479144][ T7188] bcachefs (loop2): check_allocations... [ 304.501560][ T7194] bcachefs (loop1): initializing freespace [ 304.537215][ T7194] bcachefs (loop1): done initializing freespace [ 304.557400][ T7194] bcachefs (loop1): reading snapshots table [ 304.563862][ T7194] bcachefs (loop1): reading snapshots done [ 304.678870][ T7188] done [ 304.684316][ T7194] bcachefs (loop1): loop1: Superblock write was silently dropped! (seq 0 expected 42) [ 304.698934][ T7194] bcachefs (loop1): done starting filesystem [ 304.707708][ T7188] bcachefs (loop2): going read-write [ 304.713666][ T7188] bcachefs (loop2): insufficient writeable journal devices available: have 0, need 1 [ 304.713666][ T7188] rw journal devs: [ 304.790741][ T7188] bcachefs (loop2): done starting filesystem [ 305.102012][ T5875] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 305.155507][ T5829] bcachefs (loop1): shutting down [ 305.163125][ T5829] bcachefs (loop1): going read-only [ 305.176752][ T5829] bcachefs (loop1): finished waiting for writes to stop [ 305.188907][ T5819] bcachefs (loop2): shutting down [ 305.194925][ T5819] bcachefs (loop2): going read-only [ 305.207612][ T5819] bcachefs (loop2): finished waiting for writes to stop [ 305.258508][ T5819] bcachefs (loop2): flushing journal and stopping allocators, journal seq 10 [ 305.269290][ T5829] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3 [ 305.293819][ T5819] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 10 [ 305.301031][ T5875] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 305.313986][ T5875] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 305.323437][ T5875] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 305.334461][ T5875] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 305.350979][ T5819] bcachefs (loop2): unclean shutdown complete, journal seq 10 [ 305.402036][ T5875] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 305.411676][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 305.419588][ T5819] bcachefs (loop2): done going read-only, filesystem not clean [ 305.419844][ T5875] usb 1-1: SerialNumber: syz [ 305.467456][ T7223] loop3: detected capacity change from 0 to 764 [ 305.476124][ T5819] bcachefs (loop2): shutdown complete [ 305.537296][ T5829] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3 [ 305.583622][ T7223] rock: directory entry would overflow storage [ 305.590252][ T7223] rock: sig=0x4f50, size=4, remaining=3 [ 305.596762][ T7223] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 305.646323][ T5829] bcachefs (loop1): clean shutdown complete, journal seq 4 [ 305.682914][ T7223] rock: directory entry would overflow storage [ 305.689461][ T7223] rock: sig=0x4f50, size=4, remaining=3 [ 305.691106][ T5875] usb 1-1: 0:2 : does not exist [ 305.695480][ T7223] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 305.701088][ T5875] usb 1-1: unit 5 not found! [ 305.710945][ T5829] bcachefs (loop1): marking filesystem clean [ 305.829396][ T5829] bcachefs (loop1): shutdown complete [ 305.856639][ T5875] usb 1-1: USB disconnect, device number 5 [ 308.051704][ T7240] loop0: detected capacity change from 0 to 32768 [ 308.060793][ T7240] btrfs: Deprecated parameter 'usebackuproot' [ 308.067157][ T7240] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 308.077054][ T7240] btrfs: Deprecated parameter 'usebackuproot' [ 308.083456][ T7240] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 308.126223][ T7240] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.414 (7240) [ 308.159864][ T7240] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 308.170637][ T7240] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 308.179570][ T7240] workqueue: max_active 40574 requested for btrfs-worker is out of range, clamping between 1 and 2048 [ 308.196784][ T7240] workqueue: max_active 40574 requested for btrfs-delalloc is out of range, clamping between 1 and 2048 [ 308.227785][ T7244] loop2: detected capacity change from 0 to 512 [ 308.228184][ T7240] workqueue: max_active 40574 requested for btrfs-endio is out of range, clamping between 1 and 2048 [ 308.241237][ T7244] EXT4-fs: Ignoring removed i_version option [ 308.251996][ T7244] EXT4-fs: Ignoring removed nobh option [ 308.260287][ T7244] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 308.261071][ T7240] workqueue: max_active 40574 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048 [ 308.301691][ T7240] workqueue: max_active 40574 requested for btrfs-rmw is out of range, clamping between 1 and 2048 [ 308.330209][ T7240] workqueue: max_active 40574 requested for btrfs-endio-write is out of range, clamping between 1 and 2048 [ 308.359173][ T7240] workqueue: max_active 40574 requested for btrfs-compressed-write is out of range, clamping between 1 and 2048 [ 308.411508][ T7244] EXT4-fs (loop2): 1 truncate cleaned up [ 308.419382][ T7244] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 308.519563][ T7240] BTRFS info (device loop0): rebuilding free space tree [ 308.572062][ T7240] BTRFS info (device loop0): setting nodatasum [ 308.578512][ T7240] BTRFS info (device loop0): enabling ssd optimizations [ 308.586393][ T7240] BTRFS info (device loop0): disabling tree log [ 308.592954][ T7240] BTRFS info (device loop0): turning on async discard [ 308.599908][ T7240] BTRFS info (device loop0): enabling free space tree [ 308.607128][ T7240] BTRFS info (device loop0): force clearing of disk cache [ 308.614622][ T7240] BTRFS info (device loop0): doing ref verification [ 308.621908][ T7240] BTRFS info (device loop0): trying to use backup root at mount time [ 308.838014][ T5815] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 308.928326][ T5819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.520771][ T5875] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 310.717712][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 310.729249][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 310.739563][ T5875] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 310.752992][ T5875] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 310.762507][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.884978][ T5875] usb 1-1: config 0 descriptor?? [ 311.365836][ T5875] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 311.775563][ T7269] loop4: detected capacity change from 0 to 32768 [ 311.954201][ C0] plantronics 0003:047F:FFFF.0004: hid_field_extract() called with n (132) > 32! (syz.1.407) [ 312.018208][ T7269] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 312.187926][ T5875] usb 1-1: USB disconnect, device number 6 [ 312.326209][ T7273] loop1: detected capacity change from 0 to 32768 [ 312.593993][ T7273] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=crc64,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io [ 312.594125][ T7273] allowing incompatible features above 0.0: (unknown version) [ 312.594206][ T7273] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 312.640604][ T7273] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 312.649714][ T7273] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 312.659252][ T7273] bcachefs (loop1): Version upgrade required: [ 312.659252][ T7273] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 312.659252][ T7273] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 312.659252][ T7273] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 312.688189][ T7300] loop2: detected capacity change from 0 to 1024 [ 312.733036][ C0] vkms_vblank_simulate: vblank timer overrun [ 312.798695][ T7273] bcachefs (loop1): dropping and reconstructing all alloc info [ 312.867320][ T7300] EXT4-fs: Ignoring removed nomblk_io_submit option [ 312.988743][ T7300] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 313.076579][ T5821] ocfs2: Unmounting device (7,4) on (node local) [ 313.102642][ T7273] bcachefs (loop1): accounting_read... done [ 313.158526][ T7273] bcachefs (loop1): alloc_read... done [ 313.182735][ T7273] bcachefs (loop1): snapshots_read... done [ 313.268910][ T7273] bcachefs (loop1): check_allocations... [ 313.634434][ T5819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.857905][ T7273] done [ 313.932609][ T7273] bcachefs (loop1): going read-write [ 313.985446][ T7273] bcachefs (loop1): bch2_journal_reclaim_start(): error creating journal reclaim thread EINTR [ 313.996752][ T7273] bcachefs (loop1): flushing journal and stopping allocators, journal seq 10 [ 314.032428][ T7273] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 10 [ 314.084818][ T7314] netlink: 'syz.2.429': attribute type 30 has an invalid length. [ 314.130939][ T7273] bcachefs (loop1): unclean shutdown complete, journal seq 11 [ 314.140666][ T7273] bcachefs (loop1): error in recovery: EINTR [ 314.140746][ T7273] emergency read only at seq 11 [ 314.152605][ T7273] bcachefs (loop1): bch2_fs_start(): error starting filesystem EINTR [ 314.165095][ T7273] bcachefs (loop1): shutting down [ 314.236793][ T7273] bcachefs (loop1): shutdown complete [ 314.302618][ T5876] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 314.487435][ T5876] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 314.498062][ T5876] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 314.540782][ T5876] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 314.550774][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.561845][ T5876] usb 1-1: Product: syz [ 314.567173][ T5876] usb 1-1: Manufacturer: syz [ 314.576672][ T5876] usb 1-1: SerialNumber: syz [ 314.647553][ T1887] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 314.755591][ T7320] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 314.801249][ T1887] usb 5-1: Using ep0 maxpacket: 16 [ 314.883589][ T5876] usb 1-1: 0:2 : does not exist [ 314.893549][ T1887] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 314.901873][ T1887] usb 5-1: config 0 has no interface number 0 [ 314.908347][ T1887] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 314.920003][ T1887] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 314.951004][ T5876] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 314.962033][ T1887] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 314.972166][ T1887] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 314.985019][ T1887] usb 5-1: Product: syz [ 314.989367][ T1887] usb 5-1: SerialNumber: syz [ 315.066125][ T5876] usb 1-1: USB disconnect, device number 7 [ 315.075535][ T1887] usb 5-1: config 0 descriptor?? [ 315.128305][ T1887] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 315.137929][ T1887] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input6 [ 315.306052][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 315.314894][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 315.324322][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 315.332782][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 315.340704][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 315.348238][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 315.355762][ T1887] usb 5-1: USB disconnect, device number 4 [ 315.362390][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 315.362513][ C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 315.386432][ T1887] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 315.738722][ T7334] loop2: detected capacity change from 0 to 64 [ 316.572850][ T7333] loop3: detected capacity change from 0 to 40427 [ 316.586527][ T7333] F2FS-fs (loop3): build fault injection rate: 14 [ 316.593567][ T7333] F2FS-fs (loop3): build fault injection type: 0x3bfe8c [ 316.627068][ T7333] F2FS-fs (loop3): invalid crc value [ 316.645504][ C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of bio_endio+0xeb1/0x1010 [ 316.690287][ C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of bio_endio+0xeb1/0x1010 [ 316.955333][ T7333] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 316.964708][ T7333] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 316.979065][ T7333] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 317.018748][ T7333] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 317.203533][ T7350] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_file_write_iter+0x2405/0x49a0 [ 317.311470][ T7273] bcachefs: bch2_fs_get_tree() error: EINTR [ 317.571544][ T5824] syz-executor: attempt to access beyond end of device [ 317.571544][ T5824] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 317.586151][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 317.586282][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 317.586362][ T5824] Call Trace: [ 317.586417][ T5824] [ 317.586463][ T5824] __dump_stack+0x26/0x30 [ 317.586627][ T5824] dump_stack_lvl+0x1df/0x270 [ 317.586796][ T5824] dump_stack+0x1e/0x25 [ 317.586936][ T5824] f2fs_handle_critical_error+0xa6f/0xc20 [ 317.587162][ T5824] f2fs_stop_checkpoint+0x65/0x80 [ 317.587347][ T5824] f2fs_write_end_io+0x101c/0x1bc0 [ 317.587520][ T5824] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 317.587648][ T5824] bio_endio+0xeb1/0x1010 [ 317.587805][ T5824] submit_bio_noacct+0x213/0x2750 [ 317.588009][ T5824] submit_bio+0x57c/0x630 [ 317.588168][ T5824] f2fs_submit_write_bio+0x92/0x250 [ 317.588342][ T5824] __submit_merged_bio+0x16f/0x6a0 [ 317.588511][ T5824] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 317.588674][ T5824] __submit_merged_write_cond+0x458/0x9a0 [ 317.588860][ T5824] f2fs_write_data_pages+0x4bb2/0x5480 [ 317.589171][ T5824] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 317.589325][ T5824] ? folios_put_refs+0x21/0xb10 [ 317.589486][ T5824] ? filter_irq_stacks+0x49/0x190 [ 317.589630][ T5824] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 317.589789][ T5824] ? stack_depot_save_flags+0x35/0x7b0 [ 317.589916][ T5824] ? kmsan_get_metadata+0xfb/0x160 [ 317.590069][ T5824] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 317.590209][ T5824] ? kmsan_get_metadata+0xfb/0x160 [ 317.590358][ T5824] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 317.590499][ T5824] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 317.590677][ T5824] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 317.590852][ T5824] do_writepages+0x3f2/0x860 [ 317.590986][ T5824] ? _raw_spin_unlock+0x30/0x50 [ 317.591136][ T5824] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 317.591337][ T5824] filemap_fdatawrite+0x207/0x260 [ 317.591554][ T5824] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 317.591733][ T5824] f2fs_write_checkpoint+0xfe2/0x2b00 [ 317.592001][ T5824] kill_f2fs_super+0x2ff/0x970 [ 317.592160][ T5824] ? __pfx_kill_f2fs_super+0x10/0x10 [ 317.592301][ T5824] deactivate_locked_super+0xcb/0x3c0 [ 317.592463][ T5824] deactivate_super+0x12f/0x140 [ 317.592607][ T5824] cleanup_mnt+0x6fb/0x780 [ 317.592787][ T5824] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 317.592936][ T5824] ? __pfx___cleanup_mnt+0x10/0x10 [ 317.593102][ T5824] __cleanup_mnt+0x22/0x30 [ 317.593270][ T5824] task_work_run+0x206/0x2b0 [ 317.593430][ T5824] exit_to_user_mode_loop+0x2a6/0x330 [ 317.593589][ T5824] do_syscall_64+0x1e3/0x210 [ 317.593719][ T5824] ? irqentry_exit+0x16/0x60 [ 317.593884][ T5824] ? clear_bhb_loop+0x40/0x90 [ 317.594024][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.594169][ T5824] RIP: 0033:0x7fbe243901f7 [ 317.594266][ T5824] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 317.594374][ T5824] RSP: 002b:00007ffeeb0a0e88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 317.594497][ T5824] RAX: 0000000000000000 RBX: 00007fbe24411d7d RCX: 00007fbe243901f7 [ 317.594580][ T5824] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeeb0a0f40 [ 317.594667][ T5824] RBP: 00007ffeeb0a0f40 R08: 0000000000000000 R09: 0000000000000000 [ 317.594748][ T5824] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeeb0a1fd0 [ 317.594830][ T5824] R13: 00007fbe24411d7d R14: 000000000004d782 R15: 00007ffeeb0a2010 [ 317.594945][ T5824] [ 317.946837][ T5824] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 318.326402][ T7355] loop2: detected capacity change from 0 to 32768 [ 318.652972][ T7355] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names [ 318.653125][ T7355] allowing incompatible features above 0.0: (unknown version) [ 318.653207][ T7355] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 318.708277][ T7355] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 318.716747][ T7355] bcachefs (loop2): initializing new filesystem [ 318.736713][ T7355] bcachefs (loop2): going read-write [ 318.895523][ T7355] bcachefs (loop2): marking superblocks [ 318.956658][ T7355] bcachefs (loop2): initializing freespace [ 318.989525][ T7355] bcachefs (loop2): done initializing freespace [ 319.009325][ T7355] bcachefs (loop2): reading snapshots table [ 319.015775][ T7355] bcachefs (loop2): reading snapshots done [ 319.144245][ T7355] bcachefs (loop2): done starting filesystem [ 319.315918][ T5819] bcachefs (loop2): shutting down [ 319.322036][ T5819] bcachefs (loop2): going read-only [ 319.327517][ T5819] bcachefs (loop2): finished waiting for writes to stop [ 319.427569][ T5819] bcachefs (loop2): flushing journal and stopping allocators, journal seq 3 [ 319.607992][ T5819] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3 [ 319.636573][ T5819] bcachefs (loop2): clean shutdown complete, journal seq 4 [ 319.649839][ T5819] bcachefs (loop2): marking filesystem clean [ 319.779370][ T5819] bcachefs (loop2): shutdown complete [ 320.417723][ T1887] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 320.597158][ T1887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.613145][ T1887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.626136][ T1887] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 320.636033][ T1887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.649109][ T7385] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 320.727128][ T1887] usb 1-1: config 0 descriptor?? [ 321.145208][ T7390] Illegal XDP return value 4000607322 on prog (id 50) dev N/A, expect packet loss! [ 321.247612][ T1887] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 321.255577][ T1887] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 321.336298][ T1887] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0005/input/input7 [ 321.421452][ T1887] cm6533_jd 0003:0D8C:0022.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 321.481862][ T1887] usb 1-1: USB disconnect, device number 8 [ 322.113323][ T7398] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 322.434370][ T7396] loop1: detected capacity change from 0 to 32768 [ 322.469104][ T7400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.458'. [ 322.503866][ T7396] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.456 (7396) [ 322.531858][ T7396] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 322.542438][ T7396] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 322.742030][ T7396] BTRFS info (device loop1): setting nodatasum [ 322.748517][ T7396] BTRFS info (device loop1): setting nodatacow [ 322.755162][ T7396] BTRFS info (device loop1): enabling free space tree [ 322.767316][ T7396] BTRFS info (device loop1): max_inline set to 0 [ 323.327533][ T7421] loop0: detected capacity change from 0 to 2048 [ 323.421549][ T7421] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 323.535695][ T30] audit: type=1800 audit(1758544731.084:21): pid=7421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.460" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 323.774053][ T7432] mmap: syz.2.447 (7432) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 323.883756][ T7432] loop2: detected capacity change from 0 to 256 [ 324.024584][ T5829] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 324.183971][ T5815] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 325.453492][ T1887] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 325.584650][ T7438] loop0: detected capacity change from 0 to 32768 [ 325.615039][ T7438] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 325.623653][ T7438] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 325.670701][ T1887] usb 2-1: Using ep0 maxpacket: 32 [ 325.689557][ T7438] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 1ms [ 325.693875][ T1887] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 325.706202][ T1887] usb 2-1: config 0 has no interface number 0 [ 325.712643][ T1887] usb 2-1: config 0 interface 12 has no altsetting 0 [ 325.730646][ T5872] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 325.738253][ T5872] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 325.842321][ T1887] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 325.852523][ T1887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.866472][ T1887] usb 2-1: Product: syz [ 325.871093][ T1887] usb 2-1: Manufacturer: syz [ 325.875862][ T1887] usb 2-1: SerialNumber: syz [ 325.993021][ T1887] usb 2-1: config 0 descriptor?? [ 326.127658][ T5872] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 389ms [ 326.136331][ T5872] gfs2: fsid=syz:syz.0: jid=0: Done [ 326.144080][ T7438] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 327.440855][ T5872] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 327.569362][ T1887] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 327.583733][ T1887] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 327.592927][ T1887] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 327.602722][ T1887] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 327.646309][ T1887] usb 2-1: USB disconnect, device number 7 [ 327.684209][ T5872] usb 3-1: Using ep0 maxpacket: 8 [ 327.775307][ T5872] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 327.786342][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.795259][ T5872] usb 3-1: Product: syz [ 327.799699][ T5872] usb 3-1: Manufacturer: syz [ 327.804988][ T5872] usb 3-1: SerialNumber: syz [ 327.894496][ T5872] usb 3-1: config 0 descriptor?? [ 328.160104][ T5872] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 328.590825][ T7481] comedi: valid board names for 8255 driver are: [ 328.599608][ T7481] 8255 [ 328.603075][ T7481] comedi: valid board names for vmk80xx driver are: [ 328.610674][ T7481] vmk80xx [ 328.613984][ T7481] comedi: valid board names for usbduxsigma driver are: [ 328.622372][ T7481] usbduxsigma [ 328.626030][ T7481] comedi: valid board names for usbduxfast driver are: [ 328.633661][ T7481] usbduxfast [ 328.637484][ T7481] comedi: valid board names for usbdux driver are: [ 328.644571][ T7481] usbdux [ 328.647997][ T7481] comedi: valid board names for ni6501 driver are: [ 328.654931][ T7481] ni6501 [ 328.658137][ T7481] comedi: valid board names for dt9812 driver are: [ 328.665208][ T7481] dt9812 [ 328.669141][ T7481] comedi: valid board names for ni_labpc_cs driver are: [ 328.676767][ T7481] ni_labpc_cs [ 328.680541][ T7481] comedi: valid board names for ni_daq_700 driver are: [ 328.687800][ T7481] ni_daq_700 [ 328.691550][ T7481] comedi: valid board names for labpc_pci driver are: [ 328.700709][ T7481] labpc_pci [ 328.704260][ T7481] comedi: valid board names for adl_pci9118 driver are: [ 328.712203][ T7481] pci9118dg [ 328.715668][ T7481] pci9118hg [ 328.719212][ T7481] pci9118hr [ 328.722773][ T7481] comedi: valid board names for 8255_pci driver are: [ 328.729806][ T7481] 8255_pci [ 328.733439][ T7481] comedi: valid board names for s526 driver are: [ 328.740169][ T7481] s526 [ 328.744044][ T7481] comedi: valid board names for multiq3 driver are: [ 328.751232][ T7481] multiq3 [ 328.754614][ T7481] comedi: valid board names for pcmuio driver are: [ 328.761487][ T7481] pcmuio48 [ 328.765037][ T7481] pcmuio96 [ 328.768695][ T7481] comedi: valid board names for pcmmio driver are: [ 328.775992][ T7481] pcmmio [ 328.779298][ T7481] comedi: valid board names for pcmda12 driver are: [ 328.787393][ T7481] pcmda12 [ 328.791065][ T7481] comedi: valid board names for pcmad driver are: [ 328.798889][ T7481] pcmad12 [ 328.803807][ T7481] pcmad16 [ 328.807365][ T7481] comedi: valid board names for ni_labpc driver are: [ 328.816125][ T7481] lab-pc-1200 [ 328.820634][ T7481] lab-pc-1200ai [ 328.825249][ T7481] lab-pc+ [ 328.829544][ T7481] comedi: valid board names for atmio16 driver are: [ 328.837242][ T7481] atmio16 [ 328.840770][ T7481] atmio16d [ 328.844119][ T7481] comedi: valid board names for ni_at_ao driver are: [ 328.851562][ T7481] at-ao-6 [ 328.855001][ T7481] at-ao-10 [ 328.858309][ T7481] comedi: valid board names for ni_at_a2150 driver are: [ 328.865643][ T7481] ni_at_a2150 [ 328.869410][ T7481] comedi: valid board names for adq12b driver are: [ 328.876870][ T7481] adq12b [ 328.880509][ T7481] comedi: valid board names for mpc624 driver are: [ 328.888311][ T7481] mpc624 [ 328.892002][ T7481] comedi: valid board names for c6xdigio driver are: [ 328.899686][ T7481] c6xdigio [ 328.905731][ T7481] comedi: valid board names for aio_iiro_16 driver are: [ 328.914203][ T7481] aio_iiro_16 [ 328.917732][ T7481] comedi: valid board names for aio_aio12_8 driver are: [ 328.925714][ T7481] aio_aio12_8 [ 328.929346][ T7481] aio_ai12_8 [ 328.932979][ T7481] aio_ao12_4 [ 328.936501][ T7481] comedi: valid board names for fl512 driver are: [ 328.943268][ T7481] fl512 [ 328.946971][ T7481] comedi: valid board names for dmm32at driver are: [ 328.954302][ T7481] dmm32at [ 328.957594][ T7481] comedi: valid board names for dt282x driver are: [ 328.965507][ T7481] dt2821 [ 328.968835][ T7481] dt2821-f [ 328.972364][ T7481] dt2821-g [ 328.975703][ T7481] dt2823 [ 328.978943][ T7481] dt2824-pgh [ 328.982825][ T7481] dt2824-pgl [ 328.986365][ T7481] dt2825 [ 328.989486][ T7481] dt2827 [ 328.992697][ T7481] dt2828 [ 328.995859][ T7481] dt2829 [ 328.999029][ T7481] dt21-ez [ 329.002453][ T7481] dt23-ez [ 329.005635][ T7481] dt24-ez [ 329.011332][ T7481] dt24-ez-pgl [ 329.015411][ T7481] comedi: valid board names for dt2817 driver are: [ 329.023083][ T7481] dt2817 [ 329.026419][ T7481] comedi: valid board names for dt2815 driver are: [ 329.034488][ T7481] dt2815 [ 329.038128][ T7481] comedi: valid board names for dt2814 driver are: [ 329.044981][ T7481] dt2814 [ 329.048228][ T7481] comedi: valid board names for dt2811 driver are: [ 329.055364][ T7481] dt2811-pgh [ 329.058879][ T7481] dt2811-pgl [ 329.062502][ T7481] comedi: valid board names for dt2801 driver are: [ 329.070144][ T7481] dt2801 [ 329.073844][ T7481] comedi: valid board names for das6402 driver are: [ 329.080996][ T7481] das6402-12 [ 329.084520][ T7481] das6402-16 [ 329.088458][ T7481] comedi: valid board names for das1800 driver are: [ 329.097693][ T7481] das-1701st [ 329.101884][ T7481] das-1701st-da [ 329.105945][ T7481] das-1702st [ 329.111179][ T7481] das-1702st-da [ 329.115913][ T7481] das-1702hr [ 329.119672][ T7481] das-1702hr-da [ 329.124462][ T7481] das-1701ao [ 329.128165][ T7481] das-1702ao [ 329.131915][ T7481] das-1801st [ 329.135378][ T7481] das-1801st-da [ 329.139108][ T7481] das-1802st [ 329.143098][ T7481] das-1802st-da [ 329.147178][ T7481] das-1802hr [ 329.150903][ T7481] das-1802hr-da [ 329.154851][ T7481] das-1801hc [ 329.158300][ T7481] das-1802hc [ 329.162697][ T7481] das-1801ao [ 329.166534][ T7481] das-1802ao [ 329.169990][ T7481] comedi: valid board names for das800 driver are: [ 329.177026][ T7481] das-800 [ 329.180327][ T7481] cio-das800 [ 329.184114][ T7481] das-801 [ 329.187268][ T7481] cio-das801 [ 329.190827][ T7481] das-802 [ 329.193977][ T7481] cio-das802 [ 329.197384][ T7481] cio-das802/16 [ 329.201171][ T7481] comedi: valid board names for isa-das08 driver are: [ 329.208243][ T7481] isa-das08 [ 329.213766][ T7481] das08-pgm [ 329.217117][ T7481] das08-pgh [ 329.221190][ T7481] das08-pgl [ 329.224542][ T7481] das08-aoh [ 329.229797][ T7481] das08-aol [ 329.234425][ T7481] das08-aom [ 329.238461][ T7481] das08/jr-ao [ 329.242619][ T7481] das08jr-16-ao [ 329.246425][ T7481] pc104-das08 [ 329.250051][ T7481] das08jr/16 [ 329.253751][ T7481] comedi: valid board names for das16m1 driver are: [ 329.262390][ T7481] das16m1 [ 329.265832][ T7481] comedi: valid board names for dac02 driver are: [ 329.274172][ T7481] dac02 [ 329.277863][ T7481] comedi: valid board names for rti802 driver are: [ 329.285902][ T7481] rti802 [ 329.289585][ T7481] comedi: valid board names for rti800 driver are: [ 329.296551][ T7481] rti800 [ 329.299978][ T7481] rti815 [ 329.303595][ T7481] comedi: valid board names for pcm3724 driver are: [ 329.310711][ T7481] pcm3724 [ 329.315476][ T7481] comedi: valid board names for pcl818 driver are: [ 329.323760][ T7481] pcl818l [ 329.327027][ T7481] pcl818h [ 329.330198][ T7481] pcl818hd [ 329.333578][ T7481] pcl818hg [ 329.336899][ T7481] pcl818 [ 329.340045][ T7481] pcl718 [ 329.343278][ T7481] pcm3718 [ 329.346507][ T7481] comedi: valid board names for pcl816 driver are: [ 329.353282][ T7481] pcl816 [ 329.356353][ T7481] pcl814b [ 329.359587][ T7481] comedi: valid board names for pcl812 driver are: [ 329.367322][ T7481] pcl812 [ 329.370705][ T7481] pcl812pg [ 329.374380][ T7481] acl8112pg [ 329.378087][ T7481] acl8112dg [ 329.382547][ T7481] acl8112hg [ 329.386422][ T7481] a821pgl [ 329.389664][ T7481] a821pglnda [ 329.393224][ T7481] a821pgh [ 329.397219][ T7481] a822pgl [ 329.400561][ T7481] a822pgh [ 329.404064][ T7481] a823pgl [ 329.408083][ T7481] a823pgh [ 329.411997][ T7481] pcl813 [ 329.417182][ T7481] pcl813b [ 329.421273][ T7481] acl8113 [ 329.424601][ T7481] iso813 [ 329.427673][ T7481] acl8216 [ 329.431065][ T7481] a826pg [ 329.434389][ T7481] comedi: valid board names for pcl730 driver are: [ 329.441320][ T7481] pcl730 [ 329.444474][ T7481] iso730 [ 329.447541][ T7481] acl7130 [ 329.450904][ T7481] pcm3730 [ 329.454051][ T7481] pcl725 [ 329.457136][ T7481] p8r8dio [ 329.460488][ T7481] acl7225b [ 329.464002][ T7481] p16r16dio [ 329.467388][ T7481] pcl733 [ 329.470857][ T7481] pcl734 [ 329.474082][ T7481] opmm-1616-xt [ 329.477794][ T7481] pearl-mm-p [ 329.483081][ T7481] ir104-pbf [ 329.486521][ T7481] comedi: valid board names for pcl726 driver are: [ 329.493578][ T7481] pcl726 [ 329.496919][ T7481] pcl727 [ 329.500005][ T7481] pcl728 [ 329.503596][ T7481] acl6126 [ 329.507265][ T7481] acl6128 [ 329.511081][ T7481] comedi: valid board names for pcl724 driver are: [ 329.519855][ T7481] pcl724 [ 329.523823][ T7481] pcl722 [ 329.527094][ T7481] pcl731 [ 329.530281][ T7481] acl7122 [ 329.533957][ T7481] acl7124 [ 329.537383][ T7481] pet48dio [ 329.541558][ T7481] pcmio48 [ 329.544763][ T7481] onyx-mm-dio [ 329.548553][ T7481] comedi: valid board names for pcl711 driver are: [ 329.555694][ T7481] pcl711 [ 329.558860][ T7481] pcl711b [ 329.562398][ T7481] acl8112hg [ 329.565833][ T7481] acl8112dg [ 329.569162][ T7481] comedi: valid board names for amplc_pc263 driver are: [ 329.577230][ T7481] pc263 [ 329.580574][ T7481] comedi: valid board names for amplc_pc236 driver are: [ 329.587752][ T7481] pc36at [ 329.591155][ T7481] comedi: valid board names for amplc_dio200 driver are: [ 329.598426][ T7481] pc212e [ 329.601611][ T7481] pc214e [ 329.604690][ T7481] pc215e [ 329.608042][ T7481] pc218e [ 329.611424][ T7481] pc272e [ 329.614774][ T7481] comedi: valid board names for comedi_parport driver are: [ 329.624448][ T7481] comedi_parport [ 329.629203][ T7481] comedi: valid board names for comedi_test driver are: [ 329.639679][ T7481] comedi_test [ 329.644192][ T7481] comedi: valid board names for comedi_bond driver are: [ 329.652255][ T7481] comedi_bond [ 329.868212][ T5872] gspca_sunplus: reg_w_riv err -71 [ 329.874890][ T5872] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 329.914315][ T5872] usb 3-1: USB disconnect, device number 3 [ 330.897829][ T7503] netlink: 20 bytes leftover after parsing attributes in process `syz.3.487'. [ 331.019302][ T7507] loop1: detected capacity change from 0 to 64 [ 331.171729][ T1887] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 331.208763][ T7510] overlayfs: upper fs needs to support d_type. [ 331.239277][ T7510] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 331.246898][ T7510] overlayfs: failed to set xattr on upper [ 331.253358][ T7510] overlayfs: ...falling back to redirect_dir=nofollow. [ 331.262069][ T7510] overlayfs: ...falling back to index=off. [ 331.268200][ T7510] overlayfs: ...falling back to uuid=null. [ 331.375014][ T1887] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 331.386139][ T1887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.421542][ T1887] usb 3-1: config 0 descriptor?? [ 331.508697][ T1887] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 331.944792][ T1887] cpia1 3-1:0.0: unexpected state after lo power cmd: 00 [ 332.219787][ T7507] evm: overlay not supported [ 332.359092][ T1887] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0) [ 332.387588][ T7514] loop0: detected capacity change from 0 to 32768 [ 332.403497][ T7514] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.492 (7514) [ 332.424594][ T7514] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 332.437237][ T7514] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 332.585592][ T1887] usb 3-1: USB disconnect, device number 4 [ 332.612203][ T7514] BTRFS info (device loop0): rebuilding free space tree [ 332.649319][ T7514] BTRFS info (device loop0): disabling free space tree [ 332.658598][ T7514] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 332.669684][ T7514] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 332.703604][ T7514] BTRFS info (device loop0): enabling ssd optimizations [ 332.711391][ T7514] BTRFS info (device loop0): force clearing of disk cache [ 332.718890][ T7514] BTRFS info (device loop0): enabling auto defrag [ 332.726362][ T7514] BTRFS info (device loop0): doing ref verification [ 332.726963][ T5829] Trying to free block not in datazone [ 332.784785][ T5829] Trying to free block not in datazone [ 332.830258][ T5829] Trying to free block not in datazone [ 333.057902][ T5815] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 333.119023][ T7536] netlink: 'syz.3.495': attribute type 13 has an invalid length. [ 333.129049][ T7536] netlink: 'syz.3.495': attribute type 17 has an invalid length. [ 333.169318][ T7537] loop1: detected capacity change from 0 to 1024 [ 333.243414][ T7537] EXT4-fs: Ignoring removed nomblk_io_submit option [ 333.744040][ T7537] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 333.981100][ T7536] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 334.350304][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 335.553362][ T7556] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 335.573879][ T7551] loop1: detected capacity change from 0 to 40427 [ 335.622694][ T7551] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 335.632972][ T7551] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 335.647228][ T7551] F2FS-fs (loop1): invalid crc value [ 335.716176][ T7557] syz_tun: left allmulticast mode [ 335.723141][ T7557] syz_tun: left promiscuous mode [ 335.731261][ T7557] bridge0: port 3(syz_tun) entered disabled state [ 336.032574][ T7557] bridge_slave_0: left allmulticast mode [ 336.038814][ T7557] bridge_slave_0: left promiscuous mode [ 336.046476][ T7557] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.081824][ T7551] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 336.096850][ T7551] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 336.111960][ T7551] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 336.229940][ T7557] bridge_slave_1: left allmulticast mode [ 336.236619][ T7557] bridge_slave_1: left promiscuous mode [ 336.243386][ T7557] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.268500][ T7551] F2FS-fs (loop1): Stopped filesystem due to reason: 0 [ 336.574241][ T7557] bond0: (slave bond_slave_0): Releasing backup interface [ 336.689642][ T7557] bond0: (slave bond_slave_1): Releasing backup interface [ 336.762315][ T7557] team0: Port device team_slave_0 removed [ 336.815517][ T7557] team0: Port device team_slave_1 removed [ 336.827031][ T7557] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 336.834886][ T7557] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 336.919650][ T7557] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 336.927495][ T7557] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 338.405508][ T7569] loop2: detected capacity change from 0 to 32768 [ 338.441516][ T7569] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 338.486696][ T7569] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 338.596855][ T30] audit: type=1800 audit(1758544746.144:22): pid=7569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.506" name="file1" dev="loop2" ino=17058 res=0 errno=0 [ 338.956594][ T7574] netlink: 28 bytes leftover after parsing attributes in process `syz.1.505'. [ 338.968159][ T7574] netlink: 'syz.1.505': attribute type 7 has an invalid length. [ 338.976290][ T7574] netlink: 'syz.1.505': attribute type 8 has an invalid length. [ 338.984447][ T7574] netlink: 4 bytes leftover after parsing attributes in process `syz.1.505'. [ 339.126451][ T5819] ocfs2: Unmounting device (7,2) on (node local) [ 339.891826][ T5875] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 340.082901][ T5875] usb 2-1: Using ep0 maxpacket: 16 [ 340.123138][ T5875] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 340.131882][ T5875] usb 2-1: config 0 has no interface number 0 [ 340.138164][ T5875] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 340.148488][ T5875] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 340.158781][ T5875] usb 2-1: config 0 interface 41 has no altsetting 0 [ 340.343661][ T5875] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 340.354115][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.362617][ T5875] usb 2-1: Product: syz [ 340.366953][ T5875] usb 2-1: Manufacturer: syz [ 340.372272][ T5875] usb 2-1: SerialNumber: syz [ 340.463595][ T5875] usb 2-1: config 0 descriptor?? [ 340.472282][ T7576] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 340.492008][ T7576] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 340.640924][ T1887] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 340.752324][ T7576] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 340.760229][ T7576] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 340.830094][ T1887] usb 5-1: config 1 has an invalid interface number: 105 but max is 0 [ 340.838853][ T1887] usb 5-1: config 1 has no interface number 0 [ 340.845491][ T1887] usb 5-1: config 1 interface 105 has no altsetting 0 [ 340.925624][ T1887] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 340.935335][ T1887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.943769][ T1887] usb 5-1: Product: syz [ 340.948106][ T1887] usb 5-1: Manufacturer: syz [ 340.953092][ T1887] usb 5-1: SerialNumber: syz [ 341.418981][ T5875] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 341.437235][ T7593] netlink: 'syz.2.515': attribute type 4 has an invalid length. [ 341.541884][ T7593] netlink: 'syz.2.515': attribute type 4 has an invalid length. [ 341.702963][ T7595] loop0: detected capacity change from 0 to 2048 [ 341.746724][ T7595] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 342.147842][ T1887] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32 [ 342.235267][ T1887] aqc111 5-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, a0:b4:1c:e0:4e:4f [ 342.455064][ T1887] usb 5-1: USB disconnect, device number 5 [ 342.463888][ T1887] aqc111 5-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 342.690972][ T5875] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 342.701978][ T5875] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71 [ 342.712582][ T5875] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 342.735392][ T5875] usb 2-1: USB disconnect, device number 8 [ 342.744316][ T1887] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 342.754729][ T1887] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 342.764828][ T1887] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 343.824641][ T7604] loop1: detected capacity change from 0 to 32768 [ 343.835254][ T7604] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.520 (7604) [ 343.863377][ T7604] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 343.875105][ T7604] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 343.968629][ T7600] loop3: detected capacity change from 0 to 8192 [ 344.046627][ T7600] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 344.109725][ T7604] BTRFS info (device loop1): setting nodatasum [ 344.116295][ T7604] BTRFS info (device loop1): setting nodatacow [ 344.123437][ T7604] BTRFS info (device loop1): enabling free space tree [ 344.131381][ T7604] BTRFS info (device loop1): max_inline set to 0 [ 344.517610][ T5829] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 344.634917][ T7611] loop0: detected capacity change from 0 to 32768 [ 345.416901][ T7629] loop2: detected capacity change from 0 to 32768 [ 345.456242][ T7629] (syz.2.526,7629,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 345.471848][ T7629] (syz.2.526,7629,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 345.543972][ T7629] JBD2: Ignoring recovery information on journal [ 345.705126][ T7629] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 345.825137][ T7636] netlink: 'syz.3.528': attribute type 6 has an invalid length. [ 346.068479][ T5819] ocfs2: Unmounting device (7,2) on (node local) [ 347.314857][ T7643] loop1: detected capacity change from 0 to 40427 [ 347.354421][ T7643] F2FS-fs (loop1): build fault injection rate: 14 [ 347.361260][ T7643] F2FS-fs (loop1): build fault injection type: 0x724 [ 347.381352][ T7643] F2FS-fs (loop1): invalid crc value [ 347.400001][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 347.407069][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 347.450138][ T7650] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 347.458153][ T7650] IPv6: NLM_F_CREATE should be set when creating new route [ 347.484446][ T7643] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0xd0b/0x1e80 [ 347.735348][ T7643] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 347.760950][ T7643] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 347.794095][ T7643] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0xe78/0x2fc0 [ 347.826385][ T7643] F2FS-fs (loop1): inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0xde1/0x2fc0 [ 347.919134][ T5829] syz-executor: attempt to access beyond end of device [ 347.919134][ T5829] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 347.934310][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 347.934452][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 347.934529][ T5829] Call Trace: [ 347.934577][ T5829] [ 347.934626][ T5829] __dump_stack+0x26/0x30 [ 347.934788][ T5829] dump_stack_lvl+0x1df/0x270 [ 347.934963][ T5829] dump_stack+0x1e/0x25 [ 347.935111][ T5829] f2fs_handle_critical_error+0xa6f/0xc20 [ 347.935336][ T5829] f2fs_stop_checkpoint+0x65/0x80 [ 347.935524][ T5829] f2fs_write_end_io+0x101c/0x1bc0 [ 347.935694][ T5829] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 347.935824][ T5829] bio_endio+0xeb1/0x1010 [ 347.935989][ T5829] submit_bio_noacct+0x213/0x2750 [ 347.936193][ T5829] submit_bio+0x57c/0x630 [ 347.936354][ T5829] f2fs_submit_write_bio+0x92/0x250 [ 347.936533][ T5829] __submit_merged_bio+0x16f/0x6a0 [ 347.936705][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 347.936877][ T5829] __submit_merged_write_cond+0x458/0x9a0 [ 347.937073][ T5829] f2fs_write_data_pages+0x4bb2/0x5480 [ 347.937394][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 347.937556][ T5829] ? folios_put_refs+0x21/0xb10 [ 347.937721][ T5829] ? filter_irq_stacks+0x49/0x190 [ 347.937858][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 347.938020][ T5829] ? stack_depot_save_flags+0x35/0x7b0 [ 347.938155][ T5829] ? kmsan_get_metadata+0xfb/0x160 [ 347.938316][ T5829] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 347.938466][ T5829] ? kmsan_get_metadata+0xfb/0x160 [ 347.938615][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 347.938769][ T5829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 347.938973][ T5829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 347.939157][ T5829] do_writepages+0x3f2/0x860 [ 347.939306][ T5829] ? _raw_spin_unlock+0x30/0x50 [ 347.939468][ T5829] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 347.939763][ T5829] filemap_fdatawrite+0x207/0x260 [ 347.940033][ T5829] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 347.940221][ T5829] f2fs_write_checkpoint+0xfe2/0x2b00 [ 347.940487][ T5829] kill_f2fs_super+0x2ff/0x970 [ 347.940648][ T5829] ? __pfx_kill_f2fs_super+0x10/0x10 [ 347.940794][ T5829] deactivate_locked_super+0xcb/0x3c0 [ 347.941084][ T5829] deactivate_super+0x12f/0x140 [ 347.941237][ T5829] cleanup_mnt+0x6fb/0x780 [ 347.941407][ T5829] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 347.941569][ T5829] ? __pfx___cleanup_mnt+0x10/0x10 [ 347.941759][ T5829] __cleanup_mnt+0x22/0x30 [ 347.941938][ T5829] task_work_run+0x206/0x2b0 [ 347.942101][ T5829] exit_to_user_mode_loop+0x2a6/0x330 [ 347.942268][ T5829] do_syscall_64+0x1e3/0x210 [ 347.942396][ T5829] ? irqentry_exit+0x16/0x60 [ 347.942560][ T5829] ? clear_bhb_loop+0x40/0x90 [ 347.942698][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.942843][ T5829] RIP: 0033:0x7f7654f901f7 [ 347.942951][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 347.943067][ T5829] RSP: 002b:00007ffc3a073818 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 347.943193][ T5829] RAX: 0000000000000000 RBX: 00007f7655011d7d RCX: 00007f7654f901f7 [ 347.943281][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3a0738d0 [ 347.943365][ T5829] RBP: 00007ffc3a0738d0 R08: 0000000000000000 R09: 0000000000000000 [ 347.943449][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3a074960 [ 347.943538][ T5829] R13: 00007f7655011d7d R14: 0000000000054e9f R15: 00007ffc3a0749a0 [ 347.943660][ T5829] [ 348.300720][ T5829] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 348.307922][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 348.308064][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 348.308144][ T5829] Call Trace: [ 348.308191][ T5829] [ 348.308238][ T5829] __dump_stack+0x26/0x30 [ 348.308415][ T5829] dump_stack_lvl+0x1df/0x270 [ 348.308583][ T5829] dump_stack+0x1e/0x25 [ 348.308747][ T5829] f2fs_handle_critical_error+0xa6f/0xc20 [ 348.308968][ T5829] f2fs_stop_checkpoint+0x65/0x80 [ 348.309157][ T5829] f2fs_write_end_io+0x101c/0x1bc0 [ 348.309335][ T5829] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 348.309467][ T5829] bio_endio+0xeb1/0x1010 [ 348.309628][ T5829] submit_bio_noacct+0x213/0x2750 [ 348.309836][ T5829] submit_bio+0x57c/0x630 [ 348.309998][ T5829] f2fs_submit_write_bio+0x92/0x250 [ 348.310176][ T5829] __submit_merged_bio+0x16f/0x6a0 [ 348.310355][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.310504][ T5829] __submit_merged_write_cond+0x458/0x9a0 [ 348.310761][ T5829] f2fs_write_data_pages+0x4bb2/0x5480 [ 348.311080][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.311242][ T5829] ? folios_put_refs+0x21/0xb10 [ 348.311408][ T5829] ? filter_irq_stacks+0x49/0x190 [ 348.311537][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.311706][ T5829] ? stack_depot_save_flags+0x35/0x7b0 [ 348.311841][ T5829] ? kmsan_get_metadata+0xfb/0x160 [ 348.312001][ T5829] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 348.312149][ T5829] ? kmsan_get_metadata+0xfb/0x160 [ 348.312300][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.312456][ T5829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 348.312650][ T5829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 348.312847][ T5829] do_writepages+0x3f2/0x860 [ 348.312990][ T5829] ? _raw_spin_unlock+0x30/0x50 [ 348.313147][ T5829] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 348.313362][ T5829] filemap_fdatawrite+0x207/0x260 [ 348.313690][ T5829] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 348.313878][ T5829] f2fs_write_checkpoint+0xfe2/0x2b00 [ 348.314154][ T5829] kill_f2fs_super+0x2ff/0x970 [ 348.314321][ T5829] ? __pfx_kill_f2fs_super+0x10/0x10 [ 348.314468][ T5829] deactivate_locked_super+0xcb/0x3c0 [ 348.314648][ T5829] deactivate_super+0x12f/0x140 [ 348.314901][ T5829] cleanup_mnt+0x6fb/0x780 [ 348.315079][ T5829] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 348.315244][ T5829] ? __pfx___cleanup_mnt+0x10/0x10 [ 348.315437][ T5829] __cleanup_mnt+0x22/0x30 [ 348.315615][ T5829] task_work_run+0x206/0x2b0 [ 348.315839][ T5829] exit_to_user_mode_loop+0x2a6/0x330 [ 348.316013][ T5829] do_syscall_64+0x1e3/0x210 [ 348.316143][ T5829] ? irqentry_exit+0x16/0x60 [ 348.316307][ T5829] ? clear_bhb_loop+0x40/0x90 [ 348.316452][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.316600][ T5829] RIP: 0033:0x7f7654f901f7 [ 348.316700][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 348.316816][ T5829] RSP: 002b:00007ffc3a073818 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 348.316942][ T5829] RAX: 0000000000000000 RBX: 00007f7655011d7d RCX: 00007f7654f901f7 [ 348.317037][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3a0738d0 [ 348.317121][ T5829] RBP: 00007ffc3a0738d0 R08: 0000000000000000 R09: 0000000000000000 [ 348.317204][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3a074960 [ 348.317292][ T5829] R13: 00007f7655011d7d R14: 0000000000054e9f R15: 00007ffc3a0749a0 [ 348.317417][ T5829] [ 348.676089][ T5829] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 348.724981][ T7654] loop4: detected capacity change from 0 to 40427 [ 348.763804][ T7654] F2FS-fs (loop4): invalid crc value [ 348.834946][ T7655] input: syz1 as /devices/virtual/input/input8 [ 349.163870][ T7654] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 349.192933][ T7654] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 349.349456][ T5821] syz-executor: attempt to access beyond end of device [ 349.349456][ T5821] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 349.351623][ T5875] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 349.364582][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 349.364718][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 349.364794][ T5821] Call Trace: [ 349.364842][ T5821] [ 349.364888][ T5821] __dump_stack+0x26/0x30 [ 349.365049][ T5821] dump_stack_lvl+0x1df/0x270 [ 349.365211][ T5821] dump_stack+0x1e/0x25 [ 349.365352][ T5821] f2fs_handle_critical_error+0xa6f/0xc20 [ 349.365576][ T5821] f2fs_stop_checkpoint+0x65/0x80 [ 349.365755][ T5821] f2fs_write_end_io+0x101c/0x1bc0 [ 349.365927][ T5821] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 349.366055][ T5821] bio_endio+0xeb1/0x1010 [ 349.366217][ T5821] submit_bio_noacct+0x213/0x2750 [ 349.366423][ T5821] submit_bio+0x57c/0x630 [ 349.366582][ T5821] f2fs_submit_write_bio+0x92/0x250 [ 349.366756][ T5821] __submit_merged_bio+0x16f/0x6a0 [ 349.366921][ T5821] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 349.367086][ T5821] __submit_merged_write_cond+0x458/0x9a0 [ 349.367280][ T5821] f2fs_write_data_pages+0x4bb2/0x5480 [ 349.367620][ T5821] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 349.367779][ T5821] ? folios_put_refs+0x21/0xb10 [ 349.367943][ T5821] ? filter_irq_stacks+0x49/0x190 [ 349.368066][ T5821] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 349.368223][ T5821] ? stack_depot_save_flags+0x35/0x7b0 [ 349.368357][ T5821] ? kmsan_get_metadata+0xfb/0x160 [ 349.368521][ T5821] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 349.368665][ T5821] ? kmsan_get_metadata+0xfb/0x160 [ 349.368811][ T5821] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 349.368962][ T5821] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 349.369144][ T5821] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 349.369328][ T5821] do_writepages+0x3f2/0x860 [ 349.369469][ T5821] ? _raw_spin_unlock+0x30/0x50 [ 349.369629][ T5821] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 349.369833][ T5821] filemap_fdatawrite+0x207/0x260 [ 349.370058][ T5821] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 349.370224][ T5821] f2fs_write_checkpoint+0xfe2/0x2b00 [ 349.370493][ T5821] kill_f2fs_super+0x2ff/0x970 [ 349.370660][ T5821] ? __pfx_kill_f2fs_super+0x10/0x10 [ 349.370800][ T5821] deactivate_locked_super+0xcb/0x3c0 [ 349.370960][ T5821] deactivate_super+0x12f/0x140 [ 349.371101][ T5821] cleanup_mnt+0x6fb/0x780 [ 349.371264][ T5821] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 349.371424][ T5821] ? __pfx___cleanup_mnt+0x10/0x10 [ 349.371599][ T5821] __cleanup_mnt+0x22/0x30 [ 349.371764][ T5821] task_work_run+0x206/0x2b0 [ 349.371911][ T5821] exit_to_user_mode_loop+0x2a6/0x330 [ 349.372067][ T5821] do_syscall_64+0x1e3/0x210 [ 349.372188][ T5821] ? irqentry_exit+0x16/0x60 [ 349.372350][ T5821] ? clear_bhb_loop+0x40/0x90 [ 349.372483][ T5821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.372625][ T5821] RIP: 0033:0x7f43be9901f7 [ 349.372725][ T5821] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 349.372839][ T5821] RSP: 002b:00007ffd39f0a898 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 349.372962][ T5821] RAX: 0000000000000000 RBX: 00007f43bea11d7d RCX: 00007f43be9901f7 [ 349.373049][ T5821] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd39f0a950 [ 349.373132][ T5821] RBP: 00007ffd39f0a950 R08: 0000000000000000 R09: 0000000000000000 [ 349.373219][ T5821] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd39f0b9e0 [ 349.373310][ T5821] R13: 00007f43bea11d7d R14: 0000000000055416 R15: 00007ffd39f0ba20 [ 349.373429][ T5821] [ 349.385182][ T5821] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 349.480862][ T5832] Bluetooth: hci4: command 0x0406 tx timeout [ 349.841143][ T5875] usb 1-1: Using ep0 maxpacket: 8 [ 349.862962][ T5875] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 349.872407][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.881013][ T5875] usb 1-1: Product: syz [ 349.885332][ T5875] usb 1-1: Manufacturer: syz [ 349.890087][ T5875] usb 1-1: SerialNumber: syz [ 349.974830][ T5875] usb 1-1: config 0 descriptor?? [ 350.251323][ T5875] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 351.094790][ T5875] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 351.147165][ T5875] usb 1-1: USB disconnect, device number 9 [ 351.322485][ T7679] comedi comedi3: comedi_config --init_data is deprecated [ 351.428730][ T7684] trusted_key: syz.1.536 sent an empty control message without MSG_MORE. [ 351.834485][ T7688] netlink: 'syz.4.538': attribute type 13 has an invalid length. [ 352.930807][ T1887] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 353.156757][ T1887] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 353.167601][ T1887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.243760][ T7696] loop1: detected capacity change from 0 to 40427 [ 353.256752][ T7696] F2FS-fs (loop1): build fault injection rate: 690 [ 353.266422][ T7696] F2FS-fs (loop1): invalid crc value [ 353.313010][ T1887] usb 4-1: config 0 descriptor?? [ 353.329855][ T1887] gspca_main: spca508-2.14.0 probing 8086:0110 [ 353.541956][ T7696] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 353.556545][ T7696] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 353.588602][ T1887] gspca_spca508: reg_read err -32 [ 353.636032][ T1887] gspca_spca508: reg_read err -32 [ 353.661292][ T1887] gspca_spca508: reg_read err -32 [ 353.696462][ T5829] syz-executor: attempt to access beyond end of device [ 353.696462][ T5829] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 353.711371][ T5829] CPU: 1 UID: 0 PID: 5829 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 353.711508][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 353.711586][ T5829] Call Trace: [ 353.711633][ T5829] [ 353.711678][ T5829] __dump_stack+0x26/0x30 [ 353.711846][ T5829] dump_stack_lvl+0x1df/0x270 [ 353.712012][ T5829] dump_stack+0x1e/0x25 [ 353.712159][ T5829] f2fs_handle_critical_error+0xa6f/0xc20 [ 353.712381][ T5829] f2fs_stop_checkpoint+0x65/0x80 [ 353.712572][ T5829] f2fs_write_end_io+0x101c/0x1bc0 [ 353.712749][ T5829] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 353.712877][ T5829] bio_endio+0xeb1/0x1010 [ 353.713039][ T5829] submit_bio_noacct+0x213/0x2750 [ 353.713244][ T5829] submit_bio+0x57c/0x630 [ 353.713413][ T5829] f2fs_submit_write_bio+0x92/0x250 [ 353.713593][ T5829] __submit_merged_bio+0x16f/0x6a0 [ 353.713766][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 353.713935][ T5829] __submit_merged_write_cond+0x458/0x9a0 [ 353.714134][ T5829] f2fs_write_data_pages+0x4bb2/0x5480 [ 353.714461][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 353.714625][ T5829] ? folios_put_refs+0x21/0xb10 [ 353.714790][ T5829] ? filter_irq_stacks+0x49/0x190 [ 353.714920][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 353.715098][ T5829] ? stack_depot_save_flags+0x35/0x7b0 [ 353.715231][ T5829] ? kmsan_get_metadata+0xfb/0x160 [ 353.715395][ T5829] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 353.715542][ T5829] ? kmsan_get_metadata+0xfb/0x160 [ 353.715698][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 353.715844][ T5829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 353.716023][ T5829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 353.716195][ T5829] do_writepages+0x3f2/0x860 [ 353.716327][ T5829] ? _raw_spin_unlock+0x30/0x50 [ 353.716481][ T5829] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 353.716673][ T5829] filemap_fdatawrite+0x207/0x260 [ 353.716889][ T5829] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 353.717053][ T5829] f2fs_write_checkpoint+0xfe2/0x2b00 [ 353.717306][ T5829] kill_f2fs_super+0x2ff/0x970 [ 353.717461][ T5829] ? __pfx_kill_f2fs_super+0x10/0x10 [ 353.717595][ T5829] deactivate_locked_super+0xcb/0x3c0 [ 353.717747][ T5829] deactivate_super+0x12f/0x140 [ 353.717883][ T5829] cleanup_mnt+0x6fb/0x780 [ 353.718039][ T5829] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 353.718185][ T5829] ? __pfx___cleanup_mnt+0x10/0x10 [ 353.718350][ T5829] __cleanup_mnt+0x22/0x30 [ 353.718510][ T5829] task_work_run+0x206/0x2b0 [ 353.718664][ T5829] exit_to_user_mode_loop+0x2a6/0x330 [ 353.718816][ T5829] do_syscall_64+0x1e3/0x210 [ 353.718934][ T5829] ? irqentry_exit+0x16/0x60 [ 353.719086][ T5829] ? clear_bhb_loop+0x40/0x90 [ 353.719223][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.719350][ T5829] RIP: 0033:0x7f7654f901f7 [ 353.719449][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 353.719555][ T5829] RSP: 002b:00007ffc3a073818 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 353.719677][ T5829] RAX: 0000000000000000 RBX: 00007f7655011d7d RCX: 00007f7654f901f7 [ 353.719759][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3a0738d0 [ 353.719838][ T5829] RBP: 00007ffc3a0738d0 R08: 0000000000000000 R09: 0000000000000000 [ 353.719916][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3a074960 [ 353.719999][ T5829] R13: 00007f7655011d7d R14: 0000000000056545 R15: 00007ffc3a0749a0 [ 353.720113][ T5829] [ 353.720180][ T5829] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 354.115997][ T5829] CPU: 1 UID: 0 PID: 5829 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 354.116139][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 354.116216][ T5829] Call Trace: [ 354.116266][ T5829] [ 354.116312][ T5829] __dump_stack+0x26/0x30 [ 354.116483][ T5829] dump_stack_lvl+0x1df/0x270 [ 354.116648][ T5829] dump_stack+0x1e/0x25 [ 354.116782][ T5829] f2fs_handle_critical_error+0xa6f/0xc20 [ 354.116988][ T5829] f2fs_stop_checkpoint+0x65/0x80 [ 354.117168][ T5829] f2fs_write_end_io+0x101c/0x1bc0 [ 354.117341][ T5829] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 354.117475][ T5829] bio_endio+0xeb1/0x1010 [ 354.117625][ T5829] submit_bio_noacct+0x213/0x2750 [ 354.117814][ T5829] submit_bio+0x57c/0x630 [ 354.117957][ T5829] f2fs_submit_write_bio+0x92/0x250 [ 354.118123][ T5829] __submit_merged_bio+0x16f/0x6a0 [ 354.118285][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 354.118447][ T5829] __submit_merged_write_cond+0x458/0x9a0 [ 354.118642][ T5829] f2fs_write_data_pages+0x4bb2/0x5480 [ 354.118970][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 354.119135][ T5829] ? folios_put_refs+0x21/0xb10 [ 354.119304][ T5829] ? filter_irq_stacks+0x49/0x190 [ 354.119519][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 354.119708][ T5829] ? stack_depot_save_flags+0x35/0x7b0 [ 354.119854][ T5829] ? kmsan_get_metadata+0xfb/0x160 [ 354.120026][ T5829] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 354.120186][ T5829] ? kmsan_get_metadata+0xfb/0x160 [ 354.120346][ T5829] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 354.120502][ T5829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 354.120684][ T5829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 354.120866][ T5829] do_writepages+0x3f2/0x860 [ 354.121013][ T5829] ? _raw_spin_unlock+0x30/0x50 [ 354.121168][ T5829] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 354.121394][ T5829] filemap_fdatawrite+0x207/0x260 [ 354.121615][ T5829] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 354.121784][ T5829] f2fs_write_checkpoint+0xfe2/0x2b00 [ 354.122053][ T5829] kill_f2fs_super+0x2ff/0x970 [ 354.122218][ T5829] ? __pfx_kill_f2fs_super+0x10/0x10 [ 354.122363][ T5829] deactivate_locked_super+0xcb/0x3c0 [ 354.122534][ T5829] deactivate_super+0x12f/0x140 [ 354.122674][ T5829] cleanup_mnt+0x6fb/0x780 [ 354.122824][ T5829] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 354.122968][ T5829] ? __pfx___cleanup_mnt+0x10/0x10 [ 354.123133][ T5829] __cleanup_mnt+0x22/0x30 [ 354.123288][ T5829] task_work_run+0x206/0x2b0 [ 354.123450][ T5829] exit_to_user_mode_loop+0x2a6/0x330 [ 354.123603][ T5829] do_syscall_64+0x1e3/0x210 [ 354.123731][ T5829] ? irqentry_exit+0x16/0x60 [ 354.123887][ T5829] ? clear_bhb_loop+0x40/0x90 [ 354.124027][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.124168][ T5829] RIP: 0033:0x7f7654f901f7 [ 354.124272][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 354.124387][ T5829] RSP: 002b:00007ffc3a073818 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 354.124519][ T5829] RAX: 0000000000000000 RBX: 00007f7655011d7d RCX: 00007f7654f901f7 [ 354.124610][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3a0738d0 [ 354.124693][ T5829] RBP: 00007ffc3a0738d0 R08: 0000000000000000 R09: 0000000000000000 [ 354.124776][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3a074960 [ 354.124865][ T5829] R13: 00007f7655011d7d R14: 0000000000056545 R15: 00007ffc3a0749a0 [ 354.124989][ T5829] [ 354.475644][ T5829] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 354.485054][ T1887] gspca_spca508: reg_read err -32 [ 355.268316][ T7716] loop4: detected capacity change from 0 to 32768 [ 355.279102][ T1887] gspca_spca508: reg_read err -32 [ 355.343685][ T7716] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 355.490309][ T1887] gspca_spca508: reg write: error -71 [ 355.496726][ T1887] spca508 4-1:0.0: probe with driver spca508 failed with error -71 [ 355.510788][ T1887] usb 4-1: USB disconnect, device number 4 [ 355.917270][ T7716] XFS (loop4): Ending clean mount [ 355.978548][ T7716] XFS (loop4): Metadata CRC error detected at xfs_rmapbt_read_verify+0xaf/0x2d0, xfs_rmapbt block 0x14 [ 355.990528][ T7716] XFS (loop4): Unmount and run xfs_repair [ 355.996431][ T7716] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 356.004395][ T7716] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 356.013680][ T7716] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 80 ................ [ 356.023152][ T7716] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 356.032513][ T7716] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 356.059432][ T7716] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 356.068625][ T7716] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 356.077964][ T7716] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 356.087159][ T7716] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 356.096455][ T7716] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x14 len 4 error 74 [ 356.117071][ T7716] XFS (loop4): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x740/0xe70 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 356.132610][ T7716] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 356.420956][ T5821] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 356.565722][ T7740] loop3: detected capacity change from 0 to 512 [ 356.727191][ T7740] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 356.741014][ T7740] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 356.796578][ T7744] netlink: 32 bytes leftover after parsing attributes in process `syz.0.565'. [ 356.923830][ T7740] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #12: comm syz.3.562: invalid size [ 356.974805][ T7740] EXT4-fs (loop3): Remounting filesystem read-only [ 357.281381][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 357.301185][ T3881] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 357.312093][ T3881] Quota error (device loop3): write_blk: dquota write failed [ 357.319901][ T3881] Quota error (device loop3): free_dqentry: Can't write quota data block 5 [ 357.741075][ T1887] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 358.052097][ T1887] usb 3-1: Using ep0 maxpacket: 32 [ 358.078465][ T1887] usb 3-1: config 0 has no interfaces? [ 358.084772][ T1887] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 358.097965][ T1887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.134721][ T1887] usb 3-1: config 0 descriptor?? [ 358.337392][ T7774] loop3: detected capacity change from 0 to 128 [ 358.365724][ T1887] usb 3-1: USB disconnect, device number 5 [ 358.917236][ T4218] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.205546][ T4218] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.380698][ T4218] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.496809][ T4218] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.738055][ T4218] bridge_slave_1: left allmulticast mode [ 359.744331][ T4218] bridge_slave_1: left promiscuous mode [ 359.751398][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.772046][ T4218] bridge_slave_0: left allmulticast mode [ 359.777902][ T4218] bridge_slave_0: left promiscuous mode [ 359.784856][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.244905][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 360.277921][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 360.294914][ T4218] bond0 (unregistering): Released all slaves [ 361.030662][ T7787] loop1: detected capacity change from 0 to 32768 [ 361.413039][ T7787] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 361.413183][ T7787] allowing incompatible features above 0.0: (unknown version) [ 361.413256][ T7787] features: lz4 [ 361.449269][ T7787] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 361.457825][ T7787] bcachefs (loop1): initializing new filesystem [ 361.474475][ T7787] bcachefs (loop1): going read-write [ 361.549832][ T7787] bcachefs (loop1): marking superblocks [ 361.620842][ T7787] bcachefs (loop1): initializing freespace [ 361.644903][ T7787] bcachefs (loop1): done initializing freespace [ 361.667406][ T7787] bcachefs (loop1): reading snapshots table [ 361.675824][ T7787] bcachefs (loop1): reading snapshots done [ 361.841020][ T49] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 361.872217][ T49] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 361.901632][ T49] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 361.934516][ T5827] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 361.948156][ T5827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 361.974089][ T7787] bcachefs (loop1): done starting filesystem [ 362.219582][ T5829] bcachefs (loop1): shutting down [ 362.225031][ T5829] bcachefs (loop1): going read-only [ 362.231011][ T5829] bcachefs (loop1): finished waiting for writes to stop [ 362.244219][ T5829] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2 [ 362.297391][ T4218] hsr_slave_0: left promiscuous mode [ 362.321321][ T4218] hsr_slave_1: left promiscuous mode [ 362.329699][ T4218] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 362.337984][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 362.378544][ T4218] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 362.386529][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 362.441527][ T4218] veth1_macvtap: left promiscuous mode [ 362.447448][ T4218] veth0_macvtap: left promiscuous mode [ 362.453625][ T4218] veth1_vlan: left promiscuous mode [ 362.459255][ T4218] veth0_vlan: left promiscuous mode [ 362.471377][ T5829] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3 [ 362.522592][ T5829] bcachefs (loop1): clean shutdown complete, journal seq 4 [ 362.554969][ T5829] bcachefs (loop1): marking filesystem clean [ 362.788099][ T5829] bcachefs (loop1): shutdown complete [ 363.454650][ T7824] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 363.507598][ T4218] team0 (unregistering): Port device team_slave_1 removed [ 363.555268][ T4218] team0 (unregistering): Port device team_slave_0 removed [ 364.022517][ T5827] Bluetooth: hci3: command tx timeout [ 365.048585][ T7835] loop2: detected capacity change from 0 to 32768 [ 365.323392][ T7835] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 365.378980][ T30] audit: type=1800 audit(1758544772.924:23): pid=7835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.593" name="bus" dev="loop2" ino=17058 res=0 errno=0 [ 365.637032][ T7809] chnl_net:caif_netlink_parms(): no params data found [ 365.708660][ T5819] ocfs2: Unmounting device (7,2) on (node local) [ 365.986761][ T7846] loop4: detected capacity change from 0 to 512 [ 366.059015][ T7846] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 366.101802][ T5827] Bluetooth: hci3: command tx timeout [ 366.806983][ T7855] pimreg: entered allmulticast mode [ 366.844677][ T7809] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.853898][ T7809] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.862242][ T7809] bridge_slave_0: entered allmulticast mode [ 366.878948][ T7809] bridge_slave_0: entered promiscuous mode [ 366.932298][ T7857] pimreg: left allmulticast mode [ 367.144372][ T7809] bridge0: port 2(bridge_slave_1) entered blocking state [ 367.152222][ T7809] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.160129][ T7809] bridge_slave_1: entered allmulticast mode [ 367.170751][ T7809] bridge_slave_1: entered promiscuous mode [ 367.554331][ T7809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 367.657711][ T7809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 367.972526][ T7809] team0: Port device team_slave_0 added [ 367.990206][ T7809] team0: Port device team_slave_1 added [ 368.102610][ T7809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 368.109893][ T7809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 368.138905][ T7809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 368.246252][ T5827] Bluetooth: hci3: command tx timeout [ 368.373615][ T7809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 368.380882][ T7809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 368.407546][ T7809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 368.645096][ T7866] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.657292][ T7866] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 60225 - 0 [ 369.219295][ T7866] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.230298][ T7866] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 60225 - 0 [ 369.464284][ T7870] loop1: detected capacity change from 0 to 32768 [ 369.473582][ T7870] btrfs: Deprecated parameter 'usebackuproot' [ 369.479938][ T7870] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 369.497933][ T7870] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.603 (7870) [ 369.543914][ T7809] hsr_slave_0: entered promiscuous mode [ 369.554394][ T7809] hsr_slave_1: entered promiscuous mode [ 369.565769][ T7809] debugfs: 'hsr0' already exists in 'hsr' [ 369.572585][ T7809] Cannot create hsr debugfs directory [ 369.618287][ T7870] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 369.629294][ T7870] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 369.706072][ T7866] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.717131][ T7866] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 60225 - 0 [ 369.955750][ T7870] BTRFS info (device loop1): rebuilding free space tree [ 370.026849][ T7870] BTRFS info (device loop1): allowing degraded mounts [ 370.035236][ T7870] BTRFS info (device loop1): enabling ssd optimizations [ 370.042702][ T7870] BTRFS info (device loop1): turning on flush-on-commit [ 370.049912][ T7870] BTRFS info (device loop1): enabling free space tree [ 370.057102][ T7870] BTRFS info (device loop1): force clearing of disk cache [ 370.064490][ T7870] BTRFS info (device loop1): trying to use backup root at mount time [ 370.075838][ T7870] BTRFS info (device loop1): use zstd compression, level 3 [ 370.128322][ T7866] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.141077][ T7866] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 60225 - 0 [ 370.264980][ T5827] Bluetooth: hci3: command tx timeout [ 370.441714][ T5829] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 370.566903][ T7809] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 370.599328][ T7809] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 370.732271][ T3722] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 60225 - 0 [ 370.743150][ T3722] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 370.754229][ T7809] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 370.928507][ T3722] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 60225 - 0 [ 370.937889][ T3722] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 370.959205][ T3722] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 60225 - 0 [ 370.968523][ T3722] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 370.977265][ T7809] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 371.036812][ T3722] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 60225 - 0 [ 371.045540][ T3722] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 371.858901][ T7902] loop2: detected capacity change from 0 to 32768 [ 372.020905][ T7902] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 372.021055][ T7902] allowing incompatible features above 0.0: (unknown version) [ 372.021139][ T7902] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 372.066670][ T7902] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 372.075727][ T7902] bcachefs (loop2): initializing new filesystem [ 372.089412][ T7902] bcachefs (loop2): going read-write [ 372.123675][ T7902] bcachefs (loop2): marking superblocks [ 372.157283][ T7902] bcachefs (loop2): initializing freespace [ 372.176465][ T7902] bcachefs (loop2): done initializing freespace [ 372.191722][ T7902] bcachefs (loop2): reading snapshots table [ 372.197996][ T7902] bcachefs (loop2): reading snapshots done [ 372.291005][ T7902] bcachefs (loop2): done starting filesystem [ 372.812706][ T7918] loop4: detected capacity change from 0 to 32768 [ 372.847759][ T7918] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.613 (7918) [ 372.866754][ T7918] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 372.877545][ T7918] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 372.886513][ T7918] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 373.153316][ T5819] bcachefs (loop2): shutting down [ 373.158603][ T5819] bcachefs (loop2): going read-only [ 373.199151][ T7809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 373.240241][ T5819] bcachefs (loop2): finished waiting for writes to stop [ 373.276774][ T7918] BTRFS info (device loop4): rebuilding free space tree [ 373.281667][ T7809] 8021q: adding VLAN 0 to HW filter on device team0 [ 373.318968][ T7918] BTRFS info (device loop4): disabling free space tree [ 373.320874][ T5819] bcachefs (loop2): flushing journal and stopping allocators, journal seq 3 [ 373.326370][ T7918] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 373.348901][ T7918] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 373.391701][ T4069] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.399193][ T4069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 373.434929][ T7918] BTRFS info (device loop4): enabling ssd optimizations [ 373.442713][ T7918] BTRFS info (device loop4): turning on sync discard [ 373.451420][ T7918] BTRFS info (device loop4): enabling disk space caching [ 373.458655][ T7918] BTRFS info (device loop4): force clearing of disk cache [ 373.466882][ T7918] BTRFS info (device loop4): enabling auto defrag [ 373.474922][ T7918] BTRFS info (device loop4): doing ref verification [ 373.483240][ T4218] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.490892][ T4218] bridge0: port 2(bridge_slave_1) entered forwarding state [ 373.689466][ T5819] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3 [ 373.738449][ T7936] loop0: detected capacity change from 0 to 4096 [ 373.807920][ T5819] bcachefs (loop2): clean shutdown complete, journal seq 4 [ 373.815601][ T7809] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 373.815708][ T7809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 373.930016][ T5819] bcachefs (loop2): marking filesystem clean [ 373.944636][ T7940] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 373.954468][ T5821] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 374.004467][ T30] audit: type=1800 audit(1758544781.544:24): pid=7936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.615" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 374.044924][ T5819] bcachefs (loop2): shutdown complete [ 375.214989][ T7809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 376.219219][ T7964] comedi comedi3: comedi_config --init_data is deprecated [ 377.538783][ T7809] veth0_vlan: entered promiscuous mode [ 377.632606][ T7809] veth1_vlan: entered promiscuous mode [ 377.878502][ T7809] veth0_macvtap: entered promiscuous mode [ 377.942520][ T7809] veth1_macvtap: entered promiscuous mode [ 378.133244][ T7809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 378.242794][ T7809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 378.324333][ T3794] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.366857][ T3794] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.409727][ T3794] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.450185][ T3794] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.523611][ T8015] comedi comedi3: comedi_config --init_data is deprecated [ 379.697744][ T8023] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input9 [ 380.818523][ T8045] random: crng reseeded on system resumption [ 380.892927][ T8049] bridge0: port 1(syz_tun) entered blocking state [ 380.899851][ T8049] bridge0: port 1(syz_tun) entered disabled state [ 380.916926][ T8049] syz_tun: entered allmulticast mode [ 380.928360][ T8049] syz_tun: entered promiscuous mode [ 380.936910][ T8049] bridge0: port 1(syz_tun) entered blocking state [ 380.943845][ T8049] bridge0: port 1(syz_tun) entered forwarding state [ 381.666724][ C0] ===================================================== [ 381.674084][ C0] BUG: KMSAN: uninit-value in can_receive+0x12c/0x4a0 [ 381.681136][ C0] can_receive+0x12c/0x4a0 [ 381.685703][ C0] can_rcv+0x1ff/0x3b0 [ 381.689908][ C0] __netif_receive_skb+0x474/0xac0 [ 381.695309][ C0] process_backlog+0x485/0xa00 [ 381.700226][ C0] __napi_poll+0xda/0x8a0 [ 381.704882][ C0] net_rx_action+0xa59/0x1ac0 [ 381.709701][ C0] handle_softirqs+0x166/0x6e0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 381.714699][ C0] __do_softirq+0x14/0x1b [ 381.719201][ C0] do_softirq+0x99/0x100 [ 381.723705][ C0] __local_bh_enable_ip+0xa1/0xb0 [ 381.728879][ C0] netif_rx+0xdb/0x3f0 [ 381.733254][ C0] can_send+0x11a1/0x1390 [ 381.737717][ C0] raw_sendmsg+0x1796/0x1e90 [ 381.742525][ C0] __sock_sendmsg+0x333/0x3d0 [ 381.747367][ C0] ____sys_sendmsg+0x7e0/0xd80 [ 381.752404][ C0] ___sys_sendmsg+0x271/0x3b0 [ 381.757254][ C0] __x64_sys_sendmsg+0x211/0x3e0 [ 381.762439][ C0] x64_sys_call+0x1dfd/0x3e20 [ 381.767292][ C0] do_syscall_64+0xd9/0x210 [ 381.771996][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.778061][ C0] [ 381.780587][ C0] Uninit was created at: [ 381.785033][ C0] __kmalloc_node_track_caller_noprof+0x96d/0x12f0 [ 381.791825][ C0] kmalloc_reserve+0x22f/0x4b0 [ 381.796760][ C0] pskb_expand_head+0x1fc/0x1610 [ 381.802012][ C0] do_xdp_generic+0xa79/0x1690 [ 381.806949][ C0] __netif_receive_skb_core+0x2524/0x6df0 [ 381.812941][ C0] __netif_receive_skb+0xcc/0xac0 [ 381.818158][ C0] process_backlog+0x485/0xa00 [ 381.823193][ C0] __napi_poll+0xda/0x8a0 [ 381.827724][ C0] net_rx_action+0xa59/0x1ac0 [ 381.832706][ C0] handle_softirqs+0x166/0x6e0 [ 381.837605][ C0] __do_softirq+0x14/0x1b [ 381.842255][ C0] [ 381.844661][ C0] CPU: 0 UID: 0 PID: 8062 Comm: syz.2.646 Not tainted syzkaller #0 PREEMPT(none) [ 381.854079][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 381.864330][ C0] ===================================================== [ 381.871515][ C0] Disabling lock debugging due to kernel taint [ 381.877767][ C0] Kernel panic - not syncing: kmsan.panic set ... [ 381.884321][ C0] CPU: 0 UID: 0 PID: 8062 Comm: syz.2.646 Tainted: G B syzkaller #0 PREEMPT(none) [ 381.895279][ C0] Tainted: [B]=BAD_PAGE [ 381.899509][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 381.909763][ C0] Call Trace: [ 381.913149][ C0] [ 381.916073][ C0] __dump_stack+0x26/0x30 [ 381.920571][ C0] dump_stack_lvl+0x53/0x270 [ 381.925329][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 381.931349][ C0] dump_stack+0x1e/0x25 [ 381.935683][ C0] vpanic+0x361/0xc50 [ 381.939842][ C0] panic+0x15d/0x160 [ 381.943967][ C0] kmsan_report+0x31c/0x320 [ 381.948813][ C0] ? __msan_warning+0x1b/0x30 [ 381.953641][ C0] ? can_receive+0x12c/0x4a0 [ 381.958400][ C0] ? can_rcv+0x1ff/0x3b0 [ 381.962790][ C0] ? __netif_receive_skb+0x474/0xac0 [ 381.968284][ C0] ? process_backlog+0x485/0xa00 [ 381.973371][ C0] ? __napi_poll+0xda/0x8a0 [ 381.978061][ C0] ? net_rx_action+0xa59/0x1ac0 [ 381.983050][ C0] ? handle_softirqs+0x166/0x6e0 [ 381.988220][ C0] ? __do_softirq+0x14/0x1b [ 381.992916][ C0] ? do_softirq+0x99/0x100 [ 381.997464][ C0] ? __local_bh_enable_ip+0xa1/0xb0 [ 382.002834][ C0] ? netif_rx+0xdb/0x3f0 [ 382.007218][ C0] ? can_send+0x11a1/0x1390 [ 382.011839][ C0] ? raw_sendmsg+0x1796/0x1e90 [ 382.016724][ C0] ? __sock_sendmsg+0x333/0x3d0 [ 382.021699][ C0] ? ____sys_sendmsg+0x7e0/0xd80 [ 382.026788][ C0] ? ___sys_sendmsg+0x271/0x3b0 [ 382.031793][ C0] ? __x64_sys_sendmsg+0x211/0x3e0 [ 382.037089][ C0] ? x64_sys_call+0x1dfd/0x3e20 [ 382.042219][ C0] ? do_syscall_64+0xd9/0x210 [ 382.047074][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.053300][ C0] ? kmsan_get_metadata+0xfb/0x160 [ 382.058561][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 382.064524][ C0] ? __netif_receive_skb_core+0x6670/0x6df0 [ 382.070596][ C0] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 382.077071][ C0] ? kmsan_get_metadata+0xfb/0x160 [ 382.082338][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 382.088303][ C0] ? kmsan_get_metadata+0xfb/0x160 [ 382.093554][ C0] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 382.100012][ C0] ? kmsan_get_metadata+0xfb/0x160 [ 382.105325][ C0] __msan_warning+0x1b/0x30 [ 382.109958][ C0] can_receive+0x12c/0x4a0 [ 382.114507][ C0] can_rcv+0x1ff/0x3b0 [ 382.118866][ C0] ? __pfx_can_rcv+0x10/0x10 [ 382.123566][ C0] __netif_receive_skb+0x474/0xac0 [ 382.128851][ C0] ? kmsan_get_metadata+0xfb/0x160 [ 382.134133][ C0] process_backlog+0x485/0xa00 [ 382.139104][ C0] ? __pfx_process_backlog+0x10/0x10 [ 382.144523][ C0] __napi_poll+0xda/0x8a0 [ 382.149014][ C0] ? kmsan_get_metadata+0xfb/0x160 [ 382.154274][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 382.160239][ C0] net_rx_action+0xa59/0x1ac0 [ 382.165036][ C0] ? kmsan_get_metadata+0xfb/0x160 [ 382.170321][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 382.176324][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 382.181558][ C0] handle_softirqs+0x166/0x6e0 [ 382.186480][ C0] __do_softirq+0x14/0x1b [ 382.190970][ C0] do_softirq+0x99/0x100 [ 382.195327][ C0] [ 382.198322][ C0] [ 382.201317][ C0] __local_bh_enable_ip+0xa1/0xb0 [ 382.206472][ C0] netif_rx+0xdb/0x3f0 [ 382.210718][ C0] can_send+0x11a1/0x1390 [ 382.215205][ C0] raw_sendmsg+0x1796/0x1e90 [ 382.219991][ C0] ? __pfx_raw_sendmsg+0x10/0x10 [ 382.225061][ C0] ? __pfx_raw_sendmsg+0x10/0x10 [ 382.230153][ C0] __sock_sendmsg+0x333/0x3d0 [ 382.234983][ C0] ____sys_sendmsg+0x7e0/0xd80 [ 382.240112][ C0] ___sys_sendmsg+0x271/0x3b0 [ 382.244988][ C0] ? __rcu_read_unlock+0x6d/0xd0 [ 382.250067][ C0] ? __fget_files+0x3b4/0x4a0 [ 382.254908][ C0] ? __fget_files+0x3b9/0x4a0 [ 382.259760][ C0] ? kmsan_get_metadata+0xfb/0x160 [ 382.265013][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 382.270997][ C0] __x64_sys_sendmsg+0x211/0x3e0 [ 382.276114][ C0] ? kmsan_get_metadata+0xfb/0x160 [ 382.281383][ C0] x64_sys_call+0x1dfd/0x3e20 [ 382.286655][ C0] do_syscall_64+0xd9/0x210 [ 382.291290][ C0] ? irqentry_exit+0x16/0x60 [ 382.296037][ C0] ? clear_bhb_loop+0x40/0x90 [ 382.300932][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.306954][ C0] RIP: 0033:0x7f377a18eec9 [ 382.311463][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.331201][ C0] RSP: 002b:00007f377b0dc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 382.339755][ C0] RAX: ffffffffffffffda RBX: 00007f377a3e6090 RCX: 00007f377a18eec9 [ 382.347833][ C0] RDX: 0000000000004040 RSI: 0000200000000240 RDI: 0000000000000003 [ 382.355905][ C0] RBP: 00007f377a211f91 R08: 0000000000000000 R09: 0000000000000000 [ 382.363974][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 382.372041][ C0] R13: 00007f377a3e6128 R14: 00007f377a3e6090 R15: 00007ffd9a63bca8 [ 382.380182][ C0] [ 382.383689][ C0] Kernel Offset: disabled [ 382.388053][ C0] Rebooting in 86400 seconds..