last executing test programs:

2m57.94197856s ago: executing program 2 (id=5978):
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x0, 0xc8}}}, 0x6)
syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000240), 0x1, 0x1a7, &(0x7f0000000640)="$eJzs0LFrE2EYx/Hv894luQoqUXGoYAMWzwvV3qXq4BScIvTAwUUwaEjPpnhRm8tgS4tdpCDV/gs61VEFBUHEgnNxEBzkXLpJMxQHUZCT610G/4a+n+F+9zzw8rzv04nmoxLwd3epTZ09Bof4jGACY5L1lMrybV7/yHM9Cy7n9VqeL/IcjRYW77TCMOhVLlUo/9cAflYo/0kyYdCLXnFcMRDqyNfdpXZLbvkkdbpqxqc8TfUJRpN55ymj5kGO3cQgsde4osjGHZ7sd+9PRguLZ+e6rdlgNrhbq01ddM+77gULCAP3DeI8FsUzlnF8Sj4jzjKFJo+2zANMCOJ0VGxIdUCxyfqWcebUxADl7JAgfLQHlN5ZnYq6xmmsG+mDGhwVnmP4jE8zojC5PRcGbgO5ql6LZ34xfxUU1ophnGvfC2dWryv5Xdyoy44l3jYF26NW9ZhKV8MRNlmNGY9pxGzEbH9nTN6nU4Z7NVfS78u8OsFJKPKg1e/3vCJ8EtunZvtJkjxMV8omau9eZfiQn8mDb8MfTdM0TdM0TdM0bR/4FwAA//+e/G5Y")

2m57.643674132s ago: executing program 2 (id=5983):
r0 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000001c0)='iocharsetE\x9d^\xd2`\xf6\x8d\f\x16v\xa8\xc8=\x8ek\x14\x81E\xfe\x02c\xed\x18\x10A\xe8\xd2y\x85\xda\xbf\xe4>Z\xdb\xd4\xc6\xc8K\r\xda\x1bL\xc1\x92vr?=V\v\x81\xe0\x88\xce\'_\x11\x87ga}@\x91l\xd6]K\xbc\x13\xcd&\x97\xea\x91\x1f\x86S\xf1,%\xba\xa1(\x1b\x0eE\xc3\xeb#R\x1c\x9f\xb3\xb6?\xbeQ:~\xa2\x9b\xae\a$\x1c\xea\xdb=\x8d\x84P\xf4\x85V\xdc\xf9\xa4\x9c\xcb\xb6m\xb0\x18V\xf3\\#9w\x84T\xc6Gy7\x90U\xceH\xc7\xa8\x17\x9a\x19\xa3\xff\xe1?Z\xad\xd9<\xa0\x15&\xa7\x01\xdb*xh\xa1\xec\xd7\xa0\x06B\xcb\xa8,\xc5\xbc5', 0x0)

2m57.369511384s ago: executing program 2 (id=5988):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000064000000030a01010000000000000000010000000900030073797a300000000014000480080002400000000208000140000000000900010073797a300000000008000a40000000021c0008800c00024000000000000000000c0001"], 0xac}}, 0x0)

2m57.059120377s ago: executing program 2 (id=5993):
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f6465636f6d706f73652c6e6c733d63703733372c626172726965722c747970653df268d6512c706172743d307830303030303030303030302c00"], 0x3, 0x6bf, &(0x7f0000000a80)="$eJzs3V2IXGf9B/DvmWxmM/lDum3TNH8RsjRQtMFkN0NNBKFRRHIRJOhNb5dk0yzZpGWzlbSImahV8Mor6YUXFYkXFUFEhApCsV4LQm+8yn3AOy8Cvqycl9md3Z1sZvOys7afD5w5zzPPc57nd34558zMmSwT4FPr7KvZ20uRs8fO3Sjrd253F+/c7l7tl5NMJmklE/UqRScpPkrOpF7y/+WTzXDF/eZ5+e4HxcS773fr2kSzVP1bW223ydCevWTfamVPkum6+K+Rh900XrVU41xYG+8hFatxlwk72k8cjNvKJr21xtYDNx/9vAV2rZv16+YmU8n+1K+u5fuANFeHB18ZxqGzrrbltan3pGMBAACAJ2/oZ/lBT93LvdzIgZ0JBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Zivo3A4tmafXL0yn6v//fHvhN/faYw31E71yqVt98atyBAAAAAAAAAMAjOXIv93IjB/r1laL6zv+FqnKwevy/vJnrmc9SjudG5rKc5SxlNsnUwEDtG3PLy0uzm7f8acotV1ZWbjZbnhy65cn1cfU2Bjrsfxps6gQAAAAAAAAAn1rfy9m17/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA3KJI99apaDvbLU2lNJNmXpF1Mr3ZvjzXYR1KH/uG4wwAAAICdc6D4T11YKarP/Ieqz/378mauZTkLWc5i5nOxuhdQf3Ru/bXXXbxzu3u1XDYP+JW/b2v+asTU9x6GzzxT9XhudYuz+Xq+lWOZzvksZSHfzlyWM5/pfK0qzaXIVHP3YurO7U76sW6O98y62vmNsR0ZKJfxHa4i6eRSFqrYjudCux96q+l3eGC237eTDTPeKrNTvNIYMUcXm3W5Rz9p1rvDVLXne1czMtPkvszG04N535z7bR4nG2eaTWv1HtTBtVnK6saZHirn+5v1DuR62K20P96/+/pM9H5c1vpH36Gtc558/uM/nb/cunbl8qXrx3bPYfSQNh4T3YFMPD9SJhbLTPQeIRP7HiX+x6fdZKO+im7vavlCte2BLOQbeT0XM59TmclsTmcmX8rJdHNyIK/PbZ3X6lxrbe9cO/q5ptBJ8qNmvaMm79dQ5vXpgbwOXummqrbBZ9ay9MwIWSraGZ6lvw0NZeIzTaGc4/sDrzjjtzETswOZeHbrTPz83ytJri9eu7J0ee6NEed7sVmXp+0766/Rv3gsO7R9ze6Wx8sz5T9WWflh1h0dZduz/bYN+Wo337hMNIOta2unOp/rtgedqeVIh24NG6lue37oLN2q7fBA27p3OXk9i6vvQgDYtVrZ/9L+dudu5y+d9zo/6FzunNv31cnTk59tZ++fJ/6w5zetX7a+XLyU9/LdHBh3rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Elw/a23r8wtLs4v7cJCWiN0/nVGH/DW0KZ+Kupn2o9rL/65MrypnuzDX409vY+10D+QJrc6on6bZItx2uMIvpPkyU5xZLTOmdiBXZ7MkKZzq890ktZqPEmu7JIfuAOehBPLV984cf2tt7+wcHXutfnX5q+dPH3qlVPdL87ePHFpYXF+pn4cd5TAk7DxfSkAAAAAAAAAAACw++3EX1kMmbbojWFfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9NZ1/N3l6KzM4cnynrd253F8ulX17rOZGklaT4TlJ8lJxJvWRqYLjifvO8fPeDn7347vvdtbEm+v3LQT8e6Pq7f6ysbHMves2S6SR7mvWDTY403oWB8XrbDKxWrGamTNjRfuJg3P4bAAD//9mbBys=")
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)

2m56.758770709s ago: executing program 2 (id=5998):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="7000000010000304000000080000000000007400", @ANYRES32=0x0, @ANYBLOB="11000000000000004000128009000100697069700000000030000280080049ab", @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="05000a00000000000500040005000000050005"], 0x70}}, 0x0)

2m56.214601493s ago: executing program 2 (id=6006):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@utf8no}, {@utf8no}, {@fat=@codepage={'codepage', 0x3d, '864'}}, {@shortname_lower}, {@utf8no}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@fat=@flush}, {@iocharset={'iocharset', 0x3d, 'cp949'}}]}, 0x1, 0x216, &(0x7f0000000e00)="$eJzs3bFqU1EYB/CvttVSkHQQiiJ4xcUpNBX3FKkgBhQlg04Wm6IksWAg0A6tTr6EvoKOroKDuPoCIkgVXOzWQYjUGxtb0jZS01vM77fkg3v+95zvEnLIkJN7Z+vV+cXGwvr6WoyNDcVIMYqxMRQTcSyGI/UkAID/yUarFd9bqazXAgAcDvs/AAyeHvf/m4e4JACgz3z/B4DBc/vO3eszpdLsrSQZi6g/a5ab5fQ1vT6zEA+jFpWYilz8iGhtSeur10qzU8mmLxNRrq+286vN8vD2fCFyMdE9X0hS2/OjMd7OfxyPSkxHLk51z093zR+Pixf+mD8fufhwPxajFvOxme3kVwpJcuVGaUf+xK9xAAAAAAAAAAAAAAAAAAAAAADQD/lkS9fze/L53a6n+d7PB9p5Ps9InBnJtncAAAAAAAAAAAAAAAAAAAA4KhpLy9W5Wq3yeK/i0fuXb/cb02Mx1J73oPc5eHHy/Ofnu495+jfP598Wb85l+Vh6LN6tPTh9qTF5+aisZ2m5OrrXW+tbLqJPs7/KtPffXe87ePJFce71yqevvd45gw8jAAAAAAAAAAAAAAAAAAAYcJ0f/Wa9EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADITuf///tXZN0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8DAAA///UmKDH")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x275a, 0x0)

2m55.711300696s ago: executing program 32 (id=6006):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@utf8no}, {@utf8no}, {@fat=@codepage={'codepage', 0x3d, '864'}}, {@shortname_lower}, {@utf8no}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@fat=@flush}, {@iocharset={'iocharset', 0x3d, 'cp949'}}]}, 0x1, 0x216, &(0x7f0000000e00)="$eJzs3bFqU1EYB/CvttVSkHQQiiJ4xcUpNBX3FKkgBhQlg04Wm6IksWAg0A6tTr6EvoKOroKDuPoCIkgVXOzWQYjUGxtb0jZS01vM77fkg3v+95zvEnLIkJN7Z+vV+cXGwvr6WoyNDcVIMYqxMRQTcSyGI/UkAID/yUarFd9bqazXAgAcDvs/AAyeHvf/m4e4JACgz3z/B4DBc/vO3eszpdLsrSQZi6g/a5ab5fQ1vT6zEA+jFpWYilz8iGhtSeur10qzU8mmLxNRrq+286vN8vD2fCFyMdE9X0hS2/OjMd7OfxyPSkxHLk51z093zR+Pixf+mD8fufhwPxajFvOxme3kVwpJcuVGaUf+xK9xAAAAAAAAAAAAAAAAAAAAAADQD/lkS9fze/L53a6n+d7PB9p5Ps9InBnJtncAAAAAAAAAAAAAAAAAAAA4KhpLy9W5Wq3yeK/i0fuXb/cb02Mx1J73oPc5eHHy/Ofnu495+jfP598Wb85l+Vh6LN6tPTh9qTF5+aisZ2m5OrrXW+tbLqJPs7/KtPffXe87ePJFce71yqevvd45gw8jAAAAAAAAAAAAAAAAAAAYcJ0f/Wa9EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADITuf///tXZN0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8DAAA///UmKDH")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x275a, 0x0)

3.009841587s ago: executing program 4 (id=8085):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r0, 0x84, 0x82, &(0x7f00000010c0)=""/4111, &(0x7f0000000200)=0x100f)

2.57205383s ago: executing program 4 (id=8088):
r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0xff600000, 0x0)
fcntl$notify(r0, 0x3, 0x0)

2.57144527s ago: executing program 1 (id=8097):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x1}, 0xc)

2.346337882s ago: executing program 4 (id=8090):
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000080)={0x0, 0x3, 0x0, {0x9, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [], 0x3}}})

2.103284034s ago: executing program 4 (id=8091):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000202010800000000000000000a0000031800028014000180070001"], 0x2c}, 0x1, 0x0, 0x0, 0x4000801}, 0x48000)

1.764927446s ago: executing program 4 (id=8094):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x5, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0xe2}, [@call={0x85, 0x0, 0x0, 0x13}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.639390767s ago: executing program 1 (id=8098):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000010a80)=@raw={'raw\x00', 0x8, 0x3, 0xa08, 0x100, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x970, 0xffffffff, 0xffffffff, 0x970, 0xffffffff, 0x3, 0x0, {[{{@ip={@broadcast, @private, 0x0, 0x0, 'batadv0\x00', 'batadv_slave_0\x00', {}, {}, 0x21}, 0x6, 0xa0, 0x100, 0x0, {}, [@common=@inet=@dccp={{0x30}, {[], [], 0x3d8}}]}, @common=@SET={0x60}}, {{@ip={@loopback, @dev, 0x0, 0x0, 'veth0_virt_wifi\x00', 'bond_slave_0\x00'}, 0x0, 0x850, 0x870, 0x0, {}, [@common=@unspec=@u32={{0x7e0}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa68)

1.563041408s ago: executing program 4 (id=8099):
syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x3, 0x114d, 0x2000000000000000, 0x3, 0x6, 0x4, 0xa5ca, 0xfffffffffffffffd})

1.447629809s ago: executing program 1 (id=8101):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000680), 0x200, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000006c0)={'syz_tun\x00', 0x219518b687782b97})

1.404686779s ago: executing program 0 (id=8102):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=@bridge_delneigh={0x1c, 0x1d, 0x1, 0x70bd29, 0x25dfdbfb, {0xbecc5636359290e6, 0x0, 0x0, 0x0, 0x0, 0x42, 0xb}}, 0x1c}, 0x1, 0x0, 0x0, 0xc4}, 0x0)

1.22006943s ago: executing program 3 (id=8104):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
rt_sigaction(0x19, 0x0, 0x0, 0x8, &(0x7f0000000440))

1.215592061s ago: executing program 1 (id=8105):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=@newlink={0x54, 0x10, 0x1, 0x70bd25, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x4710c}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0x8, 0x6, 0x400}}]}]}, @IFLA_LINKMODE={0x5, 0x11, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x0)

1.115616621s ago: executing program 5 (id=8106):
r0 = syz_open_dev$vim2m(&(0x7f0000000180), 0xffffffff, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x10, 0x1, 0x1, "7e0efe3287fdaced3d4fd6e8c46a2ca55aab2500000000b482b200", 0x38416761})

1.115216541s ago: executing program 0 (id=8107):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x7, 0x11, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080), &(0x7f00000002c0), 0x4e, r0, 0x0, 0x1c000000007400}, 0x38)

936.772083ms ago: executing program 0 (id=8108):
r0 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x4, r0, r0, 0x0, 0x0)

933.014453ms ago: executing program 3 (id=8109):
r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0xc0a40)
ioctl$CEC_RECEIVE(r0, 0xc0386106, &(0x7f00000000c0)={0x4f, 0xfffffffffffffffe, 0x7fffffff, 0x6, 0x4, 0x3, "24e7bda1c399f46f9bbd2c675b88050c", 0x9, 0xb, 0x3, 0x89, 0x0, 0x3, 0x7})

851.337263ms ago: executing program 5 (id=8110):
r0 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000040)={0x1, 0x2, 0x1, 0xffffffff})

850.975903ms ago: executing program 1 (id=8111):
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r0, 0x10d, 0x5, &(0x7f00000002c0), &(0x7f00000005c0)=0xadf9bf1313919bd9)

749.785934ms ago: executing program 3 (id=8112):
r0 = syz_open_dev$video(&(0x7f00000000c0), 0x1, 0x402)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100)={0x2, 0x2, @stop_pts=0x6})

704.883934ms ago: executing program 5 (id=8113):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000000301010100000000000000000a0000000c0019800800010088000000100001800c000280040001"], 0x30}}, 0x0)

647.385215ms ago: executing program 0 (id=8114):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="d80000001b000100feffffff00000000ac1414aa0000000000000000000000000a01010100000000000000000000000000000000000000400200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000000000000000000100000000000000000000000000000000000000000000000000000000000002000000000000000000000000000c0008000800083f8489ba"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)

547.264345ms ago: executing program 3 (id=8115):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f00000005c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x97}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

507.388486ms ago: executing program 1 (id=8116):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xbd, 0x16, 0xf, 0x40, 0x8086, 0x110, 0xbfad, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x12, 0x24}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000280)={0x1c, &(0x7f00000005c0), 0x0, 0x0})

403.687077ms ago: executing program 5 (id=8117):
recvmsg(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000002200)=[{0x0}], 0x1, 0x0, 0x0, 0x407006}, 0x0)
syz_clone3(&(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x5c)

384.089817ms ago: executing program 0 (id=8118):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x5c}}, 0x0)

343.583157ms ago: executing program 3 (id=8119):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002d0001000000000000600000030100800c00020000000000"], 0x114}], 0x1, 0x0, 0x0, 0x40005}, 0x0)

195.296008ms ago: executing program 0 (id=8120):
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./bus\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x36c, &(0x7f00000023c0)="$eJzs3c9rK1UUwPGTNMlL8nhNFqIoSC++jW6GNroWg7wHQsBHXyO2gjBtJxoyJmUmVCNi25Vbce9KcFG6s+CioP0HunGnGxHcdSO4sAt1ZH4lk2SSpjE1vvb7gZKbe++Z3Jt7C2fSTub87c8/aNRsraa3JZlVkhARuRApSlJCieAx6ZUzErUvL939/cfnH69Xs36Felhee7mklFpc+u7DT3JBt5M7clZ89/y30q9nT589e/732vt1W9Vt1Wy1la42Wz+39U3TUNt1u6Ep9cg0dNtQ9aZtWH77N8FxzNbOTkfpze17+R3LsG2lNzuqYXRUu6XaVkfp7+n1ptI0Td3Lyzjpsa23RfVwdVUvTxm8NePB4JpYlqMviEhuqKV6OJcBAQCAuRrM/5NuSj9N/r8hi5XKg1Xldu7l/0cvnLbvvnW8GOT/J5m4/P+Vn/xj9eX/7ulEL/9v+ecHtcvz/y9lovzfN5wR3S5T5//FaxgMprOUGapK9D2zrLKeD35/PQfvHC17BfJ/AAAAAAAAAAAAAAAAAAAAAACeBBeOU3AcpxA+hj+9SwiC57iRsiPW/47b5q6+w/rfZI/XNyTrXbjnrrH52W51t+o/Bh1ORcQU4y9nkLs3wiuPlKso35t7QfzebnXBaynXpO7Gy4oUpOjtp0i84zx8o/JgRfmC+O5lSvlofEkK8lQ0/ltvd7rxpf744PUz8uL9SLwmBflhS1piyrYX2Xv9T1eUev3NykB8zusnIr/854sCAAAAAMCMaaor9vxd00a1+98yUq55HxMZsiwF+TP+/H459vw8VXguNe/ZAwAAAABwO9idjxu6JA3LK5hmXCEnI5viC7mrdE711aRFJLZzZqAmPe7IC5EZTjgMPSP+HUyuNNOYwlfhu3qVqPAfKdyBd5uCO6rIdOMJ5+/VJFLTTsc0E/vibYD9aFNSJghPDQ5+ya1QsZ3vjzzOQTCRbk34sVFmxPssj4aPkxyzE9JDNU5iug3wzBdf//Fv90+v8OpxsAM+urzzgWk4ezLJogwU3JcYbuL2OAAAAMAN1Ev6w5rXos3RG4lEb5bDX+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJihmXxR2SWFec8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+L/4JwAA//94DPMO")
truncate(&(0x7f0000000080)='./file2\x00', 0x9673)

147.695348ms ago: executing program 5 (id=8121):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/snmp6\x00')
read$FUSE(r0, &(0x7f0000004800)={0x2020}, 0x2020)

14.49434ms ago: executing program 5 (id=8122):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="5400020029000b05d25a806f8c6394f90424fc602f0011002f2f0100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

0s ago: executing program 3 (id=8123):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001200576d100000000000000007000000", @ANYRES32=0x0, @ANYBLOB="000002000255000008001d00ca0e00000a0001"], 0x3c}}, 0x0)

kernel console output (not intermixed with test programs):

ned by syz.1.6747 (20521)
[  776.237469][T20521] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  776.267096][T20521] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  776.289596][T20526] loop5: detected capacity change from 0 to 32768
[  776.299852][T20521] BTRFS info (device loop1): using free space tree
[  776.405488][T20526] XFS (loop5): Mounting V5 Filesystem
[  776.528106][T20526] XFS (loop5): Ending clean mount
[  776.599241][T18580] XFS (loop5): Unmounting Filesystem
[  776.646965][T20521] BTRFS info (device loop1): enabling ssd optimizations
[  776.836320][ T4248] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  777.042996][T20586] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  777.071624][T20586] overlayfs: missing 'lowerdir'
[  777.443751][ T5042] usb 1-1: new high-speed USB device number 120 using dummy_hcd
[  777.623772][ T5042] usb 1-1: Using ep0 maxpacket: 32
[  777.637489][ T5042] usb 1-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  777.693740][ T5042] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.718246][ T5042] usb 1-1: config 0 descriptor??
[  777.737688][ T5042] gspca_main: sq930x-2.14.0 probing 041e:403c
[  777.940839][T20592] syz.1.6767 (20592): /proc/20591/oom_adj is deprecated, please use /proc/20591/oom_score_adj instead.
[  778.158411][ T5042] gspca_sq930x: ucbus_write failed -71
[  778.166666][ T5042] sq930x: probe of 1-1:0.0 failed with error -71
[  778.200151][ T5042] usb 1-1: USB disconnect, device number 120
[  778.683657][  T951] usb 2-1: new full-speed USB device number 115 using dummy_hcd
[  778.885534][  T951] usb 2-1: config 0 has an invalid interface number: 176 but max is 2
[  778.909501][  T951] usb 2-1: config 0 has no interface number 1
[  778.926240][  T951] usb 2-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  778.946776][  T951] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.967801][  T951] usb 2-1: config 0 descriptor??
[  779.145657][T20610] loop4: detected capacity change from 0 to 32768
[  779.192453][  T951] qcserial 2-1:0.2: Qualcomm USB modem converter detected
[  779.193880][T20610] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.6777 (20610)
[  779.265376][T20633] loop0: detected capacity change from 0 to 16
[  779.271663][T20610] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  779.302177][T20633] erofs: (device loop0): mounted with root inode @ nid 36.
[  779.315213][T20610] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  779.340483][T20633] erofs: (device loop0): z_erofs_fill_inode_lazy: unknown HEAD1 format 12 for nid 36, please upgrade kernel
[  779.353933][T20610] BTRFS info (device loop4): using free space tree
[  779.373643][T20633] erofs: (device loop0): z_erofs_fill_inode_lazy: unknown HEAD1 format 12 for nid 36, please upgrade kernel
[  779.385717][T20633] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-95]
[  779.479798][ T4295] usb 2-1: USB disconnect, device number 115
[  779.547806][ T4295] qcserial 2-1:0.2: device disconnected
[  779.724597][T20610] BTRFS info (device loop4): enabling ssd optimizations
[  779.873805][T20669] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6798'.
[  779.938900][ T4255] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  780.118027][T20672] netlink: zone id is out of range
[  780.123200][T20672] netlink: zone id is out of range
[  780.179768][T20672] netlink: set zone limit has 4 unknown bytes
[  780.734424][T20688] loop3: detected capacity change from 0 to 1024
[  780.826402][T20688] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  780.832084][T20670] loop5: detected capacity change from 0 to 32768
[  780.844567][   T27] audit: type=1326 audit(2000000130.972:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20691 comm="syz.4.6800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4812d8d169 code=0x7ffc0000
[  780.904623][   T27] audit: type=1326 audit(2000000130.972:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20691 comm="syz.4.6800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4812d8d169 code=0x7ffc0000
[  780.945983][   T27] audit: type=1326 audit(2000000131.062:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20691 comm="syz.4.6800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f4812d8d169 code=0x7ffc0000
[  780.990629][T20688] EXT4-fs error (device loop3): __ext4_remount:6611: comm syz.3.6808: Abort forced by user
[  781.055918][T20688] EXT4-fs (loop3): re-mounted. Quota mode: writeback.
[  781.099802][   T27] audit: type=1326 audit(2000000131.062:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20691 comm="syz.4.6800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4812d8d169 code=0x7ffc0000
[  781.213556][   T27] audit: type=1326 audit(2000000131.062:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20691 comm="syz.4.6800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4812d8d169 code=0x7ffc0000
[  781.285088][ T4260] EXT4-fs (loop3): unmounting filesystem.
[  781.823026][T20717] loop0: detected capacity change from 0 to 22
[  781.875235][T20717] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  781.923723][ T4336] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  781.944576][T20717] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  782.115409][ T4336] usb 6-1: config 0 has an invalid interface number: 176 but max is 2
[  782.129274][ T4336] usb 6-1: config 0 has no interface number 1
[  782.148644][ T4336] usb 6-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  782.181226][ T4336] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  782.217738][ T4336] usb 6-1: config 0 descriptor??
[  782.417205][T20737] loop0: detected capacity change from 0 to 1024
[  782.443984][ T4336] qcserial 6-1:0.2: Qualcomm USB modem converter detected
[  782.454448][T20737] EXT4-fs: Ignoring removed oldalloc option
[  782.480477][T20737] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  782.566973][T20737] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended
[  782.616780][T20743] loop3: detected capacity change from 0 to 2048
[  782.656982][  T951] usb 6-1: USB disconnect, device number 7
[  782.664291][  T951] qcserial 6-1:0.2: device disconnected
[  782.673012][T20737] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  782.696868][T20737] fscrypt (loop0, inode 15): Error -61 getting encryption context
[  782.735883][T20743] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  782.748392][ T4249] EXT4-fs (loop0): unmounting filesystem.
[  782.825254][T20721] loop4: detected capacity change from 0 to 32768
[  782.931835][ T4260] EXT4-fs (loop3): unmounting filesystem.
[  782.938198][T20721] XFS (loop4): Mounting V5 Filesystem
[  782.978289][T20751] 8021q: adding VLAN 0 to HW filter on device bond3
[  783.058006][T20760] device gre1 entered promiscuous mode
[  783.129406][T20721] XFS (loop4): Ending clean mount
[  783.152053][T20721] XFS (loop4): Quotacheck needed: Please wait.
[  783.265369][T20721] XFS (loop4): Quotacheck: Done.
[  783.471580][T20772] loop3: detected capacity change from 0 to 1024
[  783.472379][ T4255] XFS (loop4): Unmounting Filesystem
[  783.559179][T20774] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on
[  783.710189][   T11] hfsplus: b-tree write err: -5, ino 4
[  784.223635][  T951] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[  784.277931][T20798] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6853'.
[  784.302154][T20798] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6853'.
[  784.424780][  T951] usb 1-1: Using ep0 maxpacket: 16
[  784.440405][  T951] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  784.479252][  T951] usb 1-1: config 0 has an invalid descriptor of length 236, skipping remainder of the config
[  784.508874][T20808] hsr0: VLAN not yet supported
[  784.517938][  T951] usb 1-1: config 0 has no interface number 0
[  784.562709][  T951] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  784.582396][  T951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  784.612040][  T951] usb 1-1: Product: syz
[  784.622179][  T951] usb 1-1: Manufacturer: syz
[  784.637440][  T951] usb 1-1: SerialNumber: syz
[  784.660805][  T951] usb 1-1: config 0 descriptor??
[  784.898112][  T951] usb 1-1: Found UVC 0.00 device syz (046d:08d3)
[  784.907284][  T951] usb 1-1: No valid video chain found.
[  784.928015][T20820] netlink: 'syz.4.6864': attribute type 6 has an invalid length.
[  785.133155][   T14] usb 1-1: USB disconnect, device number 121
[  785.351178][ T5042] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[  785.399991][T20807] loop5: detected capacity change from 0 to 32768
[  785.497809][T20807] XFS (loop5): Mounting V5 Filesystem
[  785.545358][ T5042] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  785.554311][T20807] XFS (loop5): Ending clean mount
[  785.562374][ T5042] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  785.570942][T20807] XFS (loop5): Quotacheck needed: Please wait.
[  785.603161][ T5042] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  785.623945][ T5042] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  785.655091][T20824] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  785.702140][T20807] XFS (loop5): Quotacheck: Done.
[  785.742227][T20822] loop3: detected capacity change from 0 to 40427
[  785.801717][T20822] F2FS-fs (loop3): invalid crc value
[  785.859367][T18580] XFS (loop5): Unmounting Filesystem
[  785.864853][T20822] F2FS-fs (loop3): Found nat_bits in checkpoint
[  786.073507][T20822] F2FS-fs (loop3): recover fsync data on readonly fs
[  786.076747][  T951] usb 2-1: USB disconnect, device number 116
[  786.096984][T20822] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  786.236447][T20822] F2FS-fs (loop3): Corrupted max_depth of 3: 1025
[  786.263741][T20822] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  786.288723][T20853] loop4: detected capacity change from 0 to 4096
[  786.315511][T20853] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512)
[  786.425340][T20853] ntfs3: Couldn't remount rw because journal is not replayed. Please umount/remount instead
[  786.425340][T20853] 
[  786.685322][T20859] loop0: detected capacity change from 0 to 4096
[  786.848064][T20861] loop4: detected capacity change from 0 to 8192
[  786.858449][T20865] netlink: 'syz.3.6880': attribute type 30 has an invalid length.
[  786.883181][T20861] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  786.964773][T20861] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  786.974746][T20861] REISERFS (device loop4): using ordered data mode
[  786.981438][T20861] reiserfs: using flush barriers
[  787.087956][T20861] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  787.146219][T20861] REISERFS (device loop4): checking transaction log (loop4)
[  787.166217][T20861] REISERFS (device loop4): Using tea hash to sort names
[  787.191981][T20861] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  787.468664][T20878] loop1: detected capacity change from 0 to 256
[  787.546096][T20878] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  787.616454][T20880] loop0: detected capacity change from 0 to 2048
[  787.661860][T20883] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  787.707779][T20885] loop4: detected capacity change from 0 to 256
[  787.716066][T20880] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  787.774564][T20880] Remounting filesystem read-only
[  787.779958][T20885] FAT-fs (loop4): Directory bread(block 64) failed
[  787.792792][T20880] NILFS (loop0): error -2 truncating bmap (ino=16)
[  787.803515][T20885] FAT-fs (loop4): Directory bread(block 65) failed
[  787.843480][T20885] FAT-fs (loop4): Directory bread(block 66) failed
[  787.850088][T20885] FAT-fs (loop4): Directory bread(block 67) failed
[  787.870294][T20885] FAT-fs (loop4): Directory bread(block 68) failed
[  787.877845][T20885] FAT-fs (loop4): Directory bread(block 69) failed
[  787.884937][T20885] FAT-fs (loop4): Directory bread(block 70) failed
[  787.891600][T20885] FAT-fs (loop4): Directory bread(block 71) failed
[  787.898774][T20885] FAT-fs (loop4): Directory bread(block 72) failed
[  787.905886][T20885] FAT-fs (loop4): Directory bread(block 73) failed
[  787.923483][ T4295] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  787.966668][ T4249] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer
[  788.123496][ T4295] usb 2-1: Using ep0 maxpacket: 32
[  788.130504][ T4295] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  788.147484][  T951] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  788.163516][ T4295] usb 2-1: config 0 has no interface number 0
[  788.190359][ T4295] usb 2-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68
[  788.223711][ T4295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  788.232323][ T4295] usb 2-1: Product: syz
[  788.237194][ T4295] usb 2-1: Manufacturer: syz
[  788.241838][ T4295] usb 2-1: SerialNumber: syz
[  788.264308][ T4295] usb 2-1: config 0 descriptor??
[  788.276790][ T4295] hub 2-1:0.89: bad descriptor, ignoring hub
[  788.293205][ T4295] hub: probe of 2-1:0.89 failed with error -5
[  788.311925][ T4295] option 2-1:0.89: GSM modem (1-port) converter detected
[  788.328379][ T4295] usb 2-1: GSM modem (1-port) converter now attached to ttyUSB0
[  788.365943][  T951] usb 6-1: Using ep0 maxpacket: 32
[  788.373217][  T951] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  788.401090][  T951] usb 6-1: config 0 has no interface number 0
[  788.420135][  T951] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  788.453242][  T951] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  788.488859][  T951] usb 6-1: Product: syz
[  788.517976][  T951] usb 6-1: Manufacturer: syz
[  788.522656][  T951] usb 6-1: SerialNumber: syz
[  788.541136][  T951] usb 6-1: config 0 descriptor??
[  788.564903][  T951] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  788.593609][  T951] usb 6-1: selecting invalid altsetting 1
[  788.603835][  T951] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  788.629005][  T951] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  788.655877][  T951] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  788.688015][  T951] usb 6-1: media controller created
[  788.728694][  T951] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  788.779376][ T4295] usb 2-1: USB disconnect, device number 117
[  788.802399][ T4295] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  788.813460][ T5042] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[  788.822303][ T4295] option 2-1:0.89: device disconnected
[  788.976972][T20914] loop4: detected capacity change from 0 to 4096
[  789.000065][  T951] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  789.012533][ T5042] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  789.036332][T20914] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512)
[  789.046369][ T5042] usb 1-1: config 220 descriptor has 1 excess byte, ignoring
[  789.054818][ T5042] usb 1-1: config 220 has no interface number 2
[  789.061735][ T5042] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  789.093521][ T5042] usb 1-1: config 220 interface 0 has no altsetting 0
[  789.125180][  T951] usb 6-1: USB disconnect, device number 8
[  789.148792][ T5042] usb 1-1: config 220 interface 76 has no altsetting 0
[  789.159811][ T5042] usb 1-1: config 220 interface 1 has no altsetting 0
[  789.188695][ T5042] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  789.206218][ T5042] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  789.226992][ T5042] usb 1-1: Product: syz
[  789.231980][ T5042] usb 1-1: Manufacturer: syz
[  789.239315][ T5042] usb 1-1: SerialNumber: syz
[  789.439256][T20918] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6907'.
[  789.458174][T20918] 0ªX¹¦À: renamed from caif0
[  789.478713][ T5042] usb 1-1: selecting invalid altsetting 0
[  789.491085][ T5042] usb 1-1: Found UVC 7.01 device syz (8086:0b07)
[  789.499112][ T5042] usb 1-1: No valid video chain found.
[  789.544668][ T5042] usb 1-1: selecting invalid altsetting 0
[  789.550657][ T5042] usbtest: probe of 1-1:220.1 failed with error -22
[  789.569291][T20918] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  789.575664][T20912] loop3: detected capacity change from 0 to 32768
[  789.588057][ T5042] usb 1-1: USB disconnect, device number 122
[  789.731734][T20925] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6908'.
[  789.773631][T20912] XFS (loop3): Mounting V5 Filesystem
[  789.837364][T20925] device geneve2 entered promiscuous mode
[  789.892434][T20912] XFS (loop3): Ending clean mount
[  790.024087][ T4260] XFS (loop3): Unmounting Filesystem
[  790.057645][T20936] loop5: detected capacity change from 0 to 2048
[  790.101545][ T4265] udevd[4265]: incorrect nilfs2 checksum on /dev/loop5
[  790.111583][T20936] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  790.169586][T20937] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  790.173598][ T5042] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[  790.417583][T20937] NILFS (loop5): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  790.432226][ T5042] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  790.438682][T20937] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=4)
[  790.460184][ T5042] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  790.488698][T20937] Remounting filesystem read-only
[  790.493862][ T5042] usb 2-1: Product: syz
[  790.493887][ T5042] usb 2-1: Manufacturer: syz
[  790.493906][ T5042] usb 2-1: SerialNumber: syz
[  790.514560][ T5042] usb 2-1: config 0 descriptor??
[  790.528984][T18580] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  790.734037][ T5042] hso 2-1:0.0: Can't find BULK IN endpoint
[  790.741242][ T5042] usb-storage 2-1:0.0: USB Mass Storage device detected
[  790.981217][ T4291] usb 2-1: USB disconnect, device number 118
[  790.992453][T20957] netlink: 'syz.4.6919': attribute type 7 has an invalid length.
[  791.053942][T20957] netlink: 'syz.4.6919': attribute type 5 has an invalid length.
[  791.102121][T20957] netlink: 17 bytes leftover after parsing attributes in process `syz.4.6919'.
[  791.401217][T20969] loop3: detected capacity change from 0 to 512
[  791.519942][T20969] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  791.559746][T20969] ext4 filesystem being mounted at /1391/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  791.624799][ T4260] EXT4-fs (loop3): unmounting filesystem.
[  791.891644][T20990] xt_CT: You must specify a L4 protocol and not use inversions on it
[  792.361551][T21003] loop1: detected capacity change from 0 to 2048
[  792.423075][T21003] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  792.454173][T21003] ext4 filesystem being mounted at /1368/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  792.693138][ T4248] EXT4-fs (loop1): unmounting filesystem.
[  793.321434][T21038] loop4: detected capacity change from 0 to 8
[  793.336775][T21038] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  793.399615][T21038] cramfs: Error -3 while decompressing!
[  793.407801][T21038] cramfs: ffffffff9754d568(26)->ffff888049411000(4096)
[  793.421580][T21038] cramfs: Error -5 while decompressing!
[  793.427650][T21038] cramfs: ffffffff9754d582(26)->ffff888049412000(4096)
[  793.441910][T21038] cramfs: Error -3 while decompressing!
[  793.450254][T21038] cramfs: ffffffff9754d59c(16)->ffff888049413000(4096)
[  793.457903][T21038] cramfs: Error -3 while decompressing!
[  793.464032][T21038] cramfs: ffffffff9754d568(26)->ffff888049411000(4096)
[  794.513482][ T5042] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[  794.708316][ T5042] usb 2-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55
[  794.733051][ T5042] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  794.756776][ T5042] usb 2-1: Product: syz
[  794.763037][T21065] device geneve2 entered promiscuous mode
[  794.772065][ T5042] usb 2-1: Manufacturer: syz
[  794.786497][ T5042] usb 2-1: SerialNumber: syz
[  794.807610][ T5042] usb 2-1: config 0 descriptor??
[  794.829792][ T5042] gspca_main: sonixb-2.14.0 probing 0c45:6005
[  794.852321][T21040] loop0: detected capacity change from 0 to 32768
[  794.884800][T21040] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.6961 (21040)
[  794.984212][T21040] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  795.003096][T21040] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  795.022387][T21040] BTRFS info (device loop0): using free space tree
[  795.255348][ T5042] usb 2-1: USB disconnect, device number 119
[  795.298902][T21040] BTRFS info (device loop0): enabling ssd optimizations
[  795.408361][ T4249] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  795.753467][ T4295] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  795.762452][T21055] loop4: detected capacity change from 0 to 32768
[  795.835725][T21055] 
[  795.835725][T21055]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  795.835725][T21055] 
[  795.980967][ T4295] usb 6-1: config 0 has an invalid interface number: 52 but max is 0
[  795.988446][T21063] loop3: detected capacity change from 0 to 32768
[  795.997907][T21055] ea_get: invalid extended attribute
[  796.005227][ T4295] usb 6-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config
[  796.038555][T21063] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  796.063373][ T4295] usb 6-1: config 0 has no interface number 0
[  796.067883][T21055] ffff88806feadfb0: 30 00 07 00 00 00 00 00 00 00 65 72 2e 78 61 74  0.........er.xat
[  796.089856][T21063] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  796.100167][ T4295] usb 6-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 14385, setting to 64
[  796.130256][T21063] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  796.142698][T21055] ffff88806feadfc0: 74 72 31 00 78 61 74 74 72 31 00 0b 06 00 75 73  tr1.xattr1....us
[  796.162837][ T4291] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  796.170142][ T4295] usb 6-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  796.193307][ T4291] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  796.201848][T21055] ffff88806feadfd0: 65 72 2e 78 61 74 74 72 32 00 78 61 74 74 72 32  er.xattr2.xattr2
[  796.223351][ T4295] usb 6-1: config 0 interface 52 has no altsetting 0
[  796.249747][ T4295] usb 6-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00
[  796.259386][T21097] tmpfs: Bad value for 'mpol'
[  796.271666][ T4295] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=35
[  796.281491][ T4295] usb 6-1: SerialNumber: syz
[  796.296173][ T4295] usb 6-1: config 0 descriptor??
[  796.369258][ T4291] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 175ms
[  796.400589][ T4291] gfs2: fsid=syz:syz.0: jid=0: Done
[  796.406024][T21063] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  796.459984][T21063] gfs2: fsid=syz:syz.0: gfs2_check_dirent: gfs2_dirent too small (not first in block)
[  796.498036][ T4255] 
[  796.498036][ T4255]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  796.498036][ T4255] 
[  796.517653][ T4295] input: USB Synaptics Device 06cb:0003 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.52/input/input56
[  796.542322][T21063] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  796.542322][T21063]   inode = 12 2341
[  796.542322][T21063]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  796.589082][ T4255] 
[  796.589082][ T4255]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  796.589082][ T4255] 
[  796.675845][T21063] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  796.719542][T21063] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:21063 [syz.3.6971] __gfs2_lookup+0xa0/0x270
[  796.796778][T21063] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  796.821209][ T4291] usb 6-1: USB disconnect, device number 9
[  796.821216][    C0] synaptics_usb 6-1:0.52: synusb_irq - usb_submit_urb failed with result: -19
[  796.867002][T21063] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  796.888236][T21063] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  796.911198][T21063] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  796.964918][T21063] gfs2: fsid=syz:syz.0: File system withdrawn
[  796.971057][T21063] CPU: 1 PID: 21063 Comm: syz.3.6971 Not tainted 6.1.131-syzkaller #0
[  796.979260][T21063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  796.989378][T21063] Call Trace:
[  796.992705][T21063]  <TASK>
[  796.995675][T21063]  dump_stack_lvl+0x1e3/0x2cb
[  797.000425][T21063]  ? nf_tcp_handle_invalid+0x647/0x647
[  797.005920][T21063]  ? panic+0x764/0x764
[  797.010002][T21063]  ? kobject_uevent_env+0x54a/0x8c0
[  797.015238][T21063]  gfs2_withdraw+0xfcb/0x1550
[  797.020018][T21063]  ? gfs2_lm+0x230/0x230
[  797.024311][T21063]  ? gfs2_dirent_scan+0x276/0x640
[  797.029378][T21063]  ? panic+0x764/0x764
[  797.033493][T21063]  ? gfs2_consist_inode_i+0xf1/0x110
[  797.038820][T21063]  gfs2_dirent_scan+0x512/0x640
[  797.043722][T21063]  ? gfs2_dirent_search+0x8c0/0x8c0
[  797.048972][T21063]  gfs2_dirent_search+0x30a/0x8c0
[  797.054067][T21063]  ? gfs2_dirent_search+0x8c0/0x8c0
[  797.059314][T21063]  ? inode_dio_wait+0x2a9/0x340
[  797.064244][T21063]  ? generic_permission+0x21c/0x4f0
[  797.069491][T21063]  ? gfs2_dir_search+0x2f0/0x2f0
[  797.074489][T21063]  ? gfs2_permission+0x401/0x4d0
[  797.079479][T21063]  gfs2_dir_search+0xae/0x2f0
[  797.084215][T21063]  ? do_filldir_main+0x520/0x520
[  797.089388][T21063]  ? inode_go_held+0xe6/0x1f0
[  797.094120][T21063]  ? gfs2_glock_wait+0x216/0x2a0
[  797.099108][T21063]  gfs2_lookupi+0x447/0x630
[  797.103710][T21063]  ? gfs2_lookup_simple+0x170/0x170
[  797.108970][T21063]  ? __gfs2_lookup+0xa0/0x270
[  797.113706][T21063]  ? __d_lookup+0x8b/0x790
[  797.118189][T21063]  __gfs2_lookup+0xa0/0x270
[  797.122815][T21063]  ? gfs2_atomic_open+0x220/0x220
[  797.127909][T21063]  ? __d_lookup+0x6d6/0x790
[  797.132650][T21063]  gfs2_atomic_open+0x9a/0x220
[  797.137481][T21063]  path_openat+0xf4e/0x2e60
[  797.142045][T21063]  ? gfs2_rename2+0x25a0/0x25a0
[  797.146951][T21063]  ? do_filp_open+0x480/0x480
[  797.151788][T21063]  do_filp_open+0x230/0x480
[  797.156382][T21063]  ? vfs_tmpfile+0x4a0/0x4a0
[  797.161059][T21063]  ? _raw_spin_unlock+0x24/0x40
[  797.165965][T21063]  ? alloc_fd+0x5a0/0x640
[  797.170362][T21063]  do_sys_openat2+0x13b/0x4f0
[  797.175096][T21063]  ? do_sys_open+0x220/0x220
[  797.179728][T21063]  ? blkcg_maybe_throttle_current+0x1ac/0xa30
[  797.185868][T21063]  __x64_sys_openat+0x243/0x290
[  797.190771][T21063]  ? __ia32_sys_open+0x270/0x270
[  797.195800][T21063]  ? syscall_enter_from_user_mode+0x2e/0x230
[  797.201827][T21063]  ? lockdep_hardirqs_on+0x94/0x130
[  797.207073][T21063]  ? syscall_enter_from_user_mode+0x2e/0x230
[  797.213103][T21063]  do_syscall_64+0x3b/0xb0
[  797.217562][T21063]  ? clear_bhb_loop+0x45/0xa0
[  797.222290][T21063]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  797.228229][T21063] RIP: 0033:0x7f88f6d8d169
[  797.232670][T21063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  797.252524][T21063] RSP: 002b:00007f88f7cbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  797.260995][T21063] RAX: ffffffffffffffda RBX: 00007f88f6fa5fa0 RCX: 00007f88f6d8d169
[  797.269009][T21063] RDX: 00000000001a10c1 RSI: 0000400000000140 RDI: ffffffffffffff9c
[  797.277024][T21063] RBP: 00007f88f6e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  797.285040][T21063] R10: 9c37611dc13d0d83 R11: 0000000000000246 R12: 0000000000000000
[  797.293261][T21063] R13: 0000000000000000 R14: 00007f88f6fa5fa0 R15: 00007ffded869958
[  797.301296][T21063]  </TASK>
[  797.328196][T21115] netlink: 284 bytes leftover after parsing attributes in process `syz.0.6988'.
[  797.870943][T21133] loop4: detected capacity change from 0 to 16
[  797.903984][T21133] erofs: (device loop4): mounted with root inode @ nid 36.
[  798.557072][T21156] ieee802154 phy0 wpan0: encryption failed: -22
[  798.657747][T21162] tmpfs: Bad value for 'mpol'
[  798.805638][T21166] netlink: 'syz.0.7013': attribute type 2 has an invalid length.
[  798.853362][T21166] netlink: 'syz.0.7013': attribute type 1 has an invalid length.
[  798.861533][T21166] netlink: 224 bytes leftover after parsing attributes in process `syz.0.7013'.
[  799.123630][T21174] loop3: detected capacity change from 0 to 4096
[  799.163129][T21174] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512)
[  799.400710][T21189] loop0: detected capacity change from 0 to 16
[  799.487037][T21189] erofs: (device loop0): mounted with root inode @ nid 36.
[  799.541561][T21189] erofs: (device loop0): init_inode_xattrs: xattr_isize 12 of nid 86 is not supported yet
[  799.634048][T21192] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  799.703032][T21198] loop5: detected capacity change from 0 to 256
[  800.938044][T21245] loop4: detected capacity change from 0 to 256
[  801.153467][ T4295] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[  801.343285][ T4295] usb 4-1: Using ep0 maxpacket: 16
[  801.352970][ T4295] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  801.383149][ T4295] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.391217][ T4295] usb 4-1: Product: syz
[  801.453521][ T4295] usb 4-1: Manufacturer: syz
[  801.473106][ T4295] usb 4-1: SerialNumber: syz
[  801.513288][ T4295] r8152-cfgselector 4-1: config 0 descriptor??
[  801.931516][T21282] loop0: detected capacity change from 0 to 1024
[  801.964589][ T4295] r8152-cfgselector 4-1: Unknown version 0x0000
[  801.971033][ T4295] r8152-cfgselector 4-1: bad CDC descriptors
[  801.995081][ T4295] r8152-cfgselector 4-1: Unknown version 0x0000
[  802.032249][ T4295] r8152-cfgselector 4-1: USB disconnect, device number 122
[  802.376052][T21265] loop1: detected capacity change from 0 to 32768
[  803.180158][T21288] loop4: detected capacity change from 0 to 32768
[  803.210980][T21317] loop1: detected capacity change from 0 to 512
[  803.379951][T21317] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  803.421311][T21317] ext4 filesystem being mounted at /1394/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  803.616884][T21317] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  803.683486][T21317] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  803.701276][T21332] loop4: detected capacity change from 0 to 1024
[  803.732822][T21317] EXT4-fs error (device loop1): ext4_acquire_dquot:6795: comm syz.1.7079: Failed to acquire dquot type 0
[  803.796757][T21332] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  803.823609][T21332] EXT4-fs error (device loop4): __ext4_remount:6611: comm syz.4.7082: Abort forced by user
[  803.849768][T21332] EXT4-fs (loop4): Remounting filesystem read-only
[  803.863140][T21332] EXT4-fs (loop4): re-mounted. Quota mode: writeback.
[  803.912096][T21340] NILFS (nullb0): couldn't find nilfs on the device
[  803.922946][ T4248] EXT4-fs (loop1): unmounting filesystem.
[  803.999603][ T4255] EXT4-fs (loop4): unmounting filesystem.
[  804.478552][T21358] loop5: detected capacity change from 0 to 64
[  804.830291][T21337] loop3: detected capacity change from 0 to 32768
[  804.875542][T21337] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.7087 (21337)
[  804.939420][T21337] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  804.970123][T21337] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  805.033352][T21337] BTRFS info (device loop3): using free space tree
[  805.413204][T21337] BTRFS info (device loop3): enabling ssd optimizations
[  805.622521][ T4260] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  805.661272][T21415] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7117'.
[  806.605940][T21441] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7130'.
[  806.961963][T21450] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvtap0, syncid = 1, id = 0
[  807.202079][T21431] loop5: detected capacity change from 0 to 32768
[  807.218245][T21433] loop1: detected capacity change from 0 to 32768
[  807.243173][T21433] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.7126 (21433)
[  807.327545][T21433] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  807.353044][T21433] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  807.392270][T21433] BTRFS info (device loop1): using free space tree
[  807.587319][T21471] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7141'.
[  807.683559][T21433] BTRFS info (device loop1): enabling ssd optimizations
[  807.929144][ T4248] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  808.019423][T21496] loop3: detected capacity change from 0 to 1024
[  808.144118][T21496] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  808.386684][T21496] EXT4-fs error (device loop3): ext4_generic_delete_entry:2729: inode #2: block 16: comm syz.3.7147: bad entry in directory: inode out of bounds - offset=0, inode=1538, rec_len=12, size=1024 fake=1
[  808.551700][T21496] EXT4-fs error (device loop3) in ext4_delete_entry:2800: Corrupt filesystem
[  808.573979][T21496] EXT4-fs warning (device loop3): ext4_rename_delete:3778: inode #2: comm syz.3.7147: Deleting old file: nlink 1, error=-117
[  808.590232][T21511] device sit0 entered promiscuous mode
[  808.635437][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  808.636386][T21511] netlink: 'syz.1.7150': attribute type 1 has an invalid length.
[  808.641805][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  808.713308][T21511] netlink: 1 bytes leftover after parsing attributes in process `syz.1.7150'.
[  808.845453][ T4260] EXT4-fs (loop3): unmounting filesystem.
[  809.262292][T21533] loop5: detected capacity change from 0 to 128
[  809.352033][T21533] FAT-fs (loop5): Directory bread(block 11554) failed
[  809.376562][T21533] FAT-fs (loop5): Directory bread(block 11555) failed
[  809.404572][T21533] FAT-fs (loop5): Directory bread(block 11556) failed
[  809.415010][T21533] FAT-fs (loop5): Directory bread(block 11557) failed
[  809.422556][T21533] FAT-fs (loop5): Directory bread(block 11558) failed
[  809.472378][T21533] FAT-fs (loop5): Directory bread(block 11559) failed
[  809.491786][T21539] netlink: 'syz.3.7167': attribute type 1 has an invalid length.
[  809.503307][T21533] FAT-fs (loop5): Directory bread(block 11560) failed
[  809.517663][T21541] xt_hashlimit: size too large, truncated to 1048576
[  809.521144][T21533] FAT-fs (loop5): Directory bread(block 11561) failed
[  809.539136][T21539] netlink: 220 bytes leftover after parsing attributes in process `syz.3.7167'.
[  809.550138][T21541] xt_hashlimit: max too large, truncated to 1048576
[  809.558270][T21533] FAT-fs (loop5): Directory bread(block 11562) failed
[  809.568414][T21537] loop4: detected capacity change from 0 to 4096
[  809.575136][T21539] NCSI netlink: No device for ifindex 130997362
[  809.581514][T21533] FAT-fs (loop5): Directory bread(block 11563) failed
[  809.603680][T21537] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512)
[  810.068710][T21556] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7176'.
[  810.264351][T21561] vim2m vim2m.0: Fourcc format (0x31384142) invalid.
[  810.289869][T21563] loop1: detected capacity change from 0 to 256
[  810.570832][T21575] loop4: detected capacity change from 0 to 16
[  810.623407][T21575] erofs: (device loop4): mounted with root inode @ nid 36.
[  810.659512][T21575] erofs: (device loop4): init_inode_xattrs: xattr_isize 12 of nid 86 is not supported yet
[  810.836343][T21579] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7188'.
[  811.198800][T21593] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method
[  812.120902][T21630] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7211'.
[  812.240737][T21635] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7213'.
[  813.467345][T21678] SET target dimension over the limit!
[  813.521798][T21644] loop3: detected capacity change from 0 to 32768
[  813.539437][T21644] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.7218 (21644)
[  813.618641][T21644] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  813.649821][T21644] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  813.689342][T21644] BTRFS info (device loop3): using free space tree
[  814.064714][T21712] loop5: detected capacity change from 0 to 64
[  814.099015][T21644] BTRFS info (device loop3): enabling ssd optimizations
[  814.334357][ T4260] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  814.452136][T21724] loop0: detected capacity change from 0 to 512
[  814.571013][T21724] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  814.663398][T21724] EXT4-fs (loop0): 1 truncate cleaned up
[  814.743614][T21724] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  814.824018][T21735] loop1: detected capacity change from 0 to 4096
[  814.847658][T21735] NILFS (loop1): invalid segment: Checksum error in segment payload
[  814.875728][T21724] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2186: inode #15: comm syz.0.7250: corrupted in-inode xattr
[  814.896803][T21735] NILFS (loop1): trying rollback from an earlier position
[  814.925891][T21724] EXT4-fs warning (device loop0): ext4_xattr_set_entry:1723: inode #15: comm syz.0.7250: unable to update i_inline_off
[  814.927097][T21735] NILFS (loop1): norecovery option specified, skipping roll-forward recovery
[  814.955586][T21724] EXT4-fs error (device loop0): ext4_xattr_ibody_get:603: inode #15: comm syz.0.7250: corrupted in-inode xattr
[  815.049615][T21735] NILFS (loop1): couldn't remount because the filesystem is in an incomplete recovery state
[  815.236953][ T4249] EXT4-fs (loop0): unmounting filesystem.
[  815.356502][T21745] loop3: detected capacity change from 0 to 1024
[  815.401435][T21745] EXT4-fs: Ignoring removed bh option
[  815.426688][T21750] netlink: 84 bytes leftover after parsing attributes in process `syz.0.7260'.
[  815.469983][T21745] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  815.791078][ T4260] EXT4-fs (loop3): unmounting filesystem.
[  816.556304][T21794] netlink: 216 bytes leftover after parsing attributes in process `syz.1.7281'.
[  816.772180][T21802] IPv6: sit2: Disabled Multicast RS
[  816.984749][T21810] netlink: 'syz.0.7289': attribute type 1 has an invalid length.
[  817.022778][T21810] netlink: 'syz.0.7289': attribute type 1 has an invalid length.
[  817.157897][T21814] loop1: detected capacity change from 0 to 2048
[  817.190437][T21814] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  817.272415][T21817] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  817.311388][T21814] syz.1.7290: attempt to access beyond end of device
[  817.311388][T21814] loop1: rw=0, sector=262216, nr_sectors = 2 limit=2048
[  817.343333][T21814] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=1)
[  817.402938][  T951] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[  817.576547][T21800] loop4: detected capacity change from 0 to 32768
[  817.637020][  T951] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  817.667011][T21800] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  817.691453][  T951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  817.729073][  T951] usb 4-1: Product: syz
[  817.789051][  T951] usb 4-1: Manufacturer: syz
[  817.822869][  T951] usb 4-1: SerialNumber: syz
[  817.824674][T21833] loop0: detected capacity change from 0 to 4096
[  817.834988][T21833] EXT4-fs: Ignoring removed nomblk_io_submit option
[  817.859195][  T951] usb 4-1: config 0 descriptor??
[  817.863327][T21833] EXT4-fs (loop0): Test dummy encryption mode enabled
[  817.900668][T21833] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  817.973291][T21833] EXT4-fs (loop0): unmounting filesystem.
[  818.071819][ T4255] ocfs2: Unmounting device (7,4) on (node local)
[  818.111326][  T951] usb 4-1: ignoring: probably an ADSL modem
[  818.328873][  T951] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19!
[  818.367391][  T951] usb 4-1: USB disconnect, device number 123
[  818.413361][T21824] loop5: detected capacity change from 0 to 32768
[  818.441576][T21824] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop5 scanned by syz.5.7295 (21824)
[  818.529613][T21824] BTRFS info (device loop5): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  818.591089][T21824] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  818.605835][T21824] BTRFS info (device loop5): enabling ssd optimizations
[  818.623223][T21824] BTRFS info (device loop5): turning off barriers
[  818.629864][T21847] netlink: 'syz.0.7305': attribute type 1 has an invalid length.
[  818.649488][T21824] BTRFS info (device loop5): use no compression
[  818.666441][T21824] BTRFS info (device loop5): using free space tree
[  818.674236][T21847] xfrm0 speed is unknown, defaulting to 1000
[  819.456991][T21883] sg_write: data in/out 1184723571/1 bytes for SCSI command 0x4d-- guessing data in;
[  819.456991][T21883]    program syz.3.7315 not setting count and/or reply_len properly
[  819.494107][T18580] BTRFS info (device loop5): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  819.533436][T21885] IPv6: sit2: Disabled Multicast RS
[  819.734336][T21889] loop4: detected capacity change from 0 to 1024
[  819.972349][T21887] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7316'.
[  820.007092][T21891] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7319'.
[  820.380098][T21897] loop3: detected capacity change from 0 to 2048
[  820.499758][T21897] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.7323: bad orphan inode 8192
[  820.583903][T21897] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  820.808991][ T4260] EXT4-fs (loop3): unmounting filesystem.
[  821.009340][T21922] loop3: detected capacity change from 0 to 1024
[  821.357403][T21930] loop3: detected capacity change from 0 to 512
[  821.426999][T21930] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  821.531709][T21930] EXT4-fs (loop3): 1 truncate cleaned up
[  821.542681][T21930] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  821.576846][T21936] loop5: detected capacity change from 0 to 1024
[  821.587975][T21930] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2186: inode #15: comm syz.3.7334: corrupted in-inode xattr
[  821.633137][T21930] EXT4-fs warning (device loop3): ext4_xattr_set_entry:1723: inode #15: comm syz.3.7334: unable to update i_inline_off
[  821.688712][T21914] loop1: detected capacity change from 0 to 32768
[  821.698876][T21930] EXT4-fs error (device loop3): ext4_xattr_ibody_get:603: inode #15: comm syz.3.7334: corrupted in-inode xattr
[  821.719699][T21932] loop0: detected capacity change from 0 to 4096
[  821.735040][T21914] XFS: attr2 mount option is deprecated.
[  821.751142][T21932] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[  821.811717][T21932] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  821.830433][T21914] XFS (loop1): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent.
[  821.881437][T21918] loop4: detected capacity change from 0 to 32768
[  821.905273][T21918] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  821.923294][T21918] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  821.941442][ T4260] EXT4-fs (loop3): unmounting filesystem.
[  821.957875][T21914] XFS (loop1): Quotacheck needed: Please wait.
[  821.959411][T21918] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  822.001677][T21932] ntfs3: loop0: ino=1e, "file1" attr_set_size
[  822.018717][ T4590] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  822.026011][ T4590] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  822.091131][ T4590] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 65ms
[  822.133978][ T4590] gfs2: fsid=syz:syz.0: jid=0: Done
[  822.139380][T21918] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  822.181298][T21914] XFS (loop1): Quotacheck: Done.
[  822.215177][T21914] XFS (loop1): syz.1.7327 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported
[  822.227485][T21918] gfs2: fsid=syz:syz.0: gfs2_check_dirent: gfs2_dirent too small (not first in block)
[  822.248175][T21918] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  822.248175][T21918]   inode = 12 2341
[  822.248175][T21918]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  822.329766][T21918] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  822.359373][T21918] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:21918 [syz.4.7331] __gfs2_lookup+0xa0/0x270
[  822.376879][T21918] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  822.393140][ T4248] XFS (loop1): Unmounting Filesystem
[  822.394011][T21918] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  822.438962][T21918] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  822.498450][T21918] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  822.517616][T21918] gfs2: fsid=syz:syz.0: File system withdrawn
[  822.531018][T21918] CPU: 1 PID: 21918 Comm: syz.4.7331 Not tainted 6.1.131-syzkaller #0
[  822.539242][T21918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  822.549340][T21918] Call Trace:
[  822.552648][T21918]  <TASK>
[  822.555609][T21918]  dump_stack_lvl+0x1e3/0x2cb
[  822.560381][T21918]  ? nf_tcp_handle_invalid+0x647/0x647
[  822.565885][T21918]  ? panic+0x764/0x764
[  822.570028][T21918]  ? kobject_uevent_env+0x54a/0x8c0
[  822.575283][T21918]  gfs2_withdraw+0xfcb/0x1550
[  822.580028][T21918]  ? gfs2_lm+0x230/0x230
[  822.584328][T21918]  ? gfs2_dirent_scan+0x276/0x640
[  822.589445][T21918]  ? panic+0x764/0x764
[  822.593648][T21918]  ? gfs2_consist_inode_i+0xf1/0x110
[  822.598983][T21918]  gfs2_dirent_scan+0x512/0x640
[  822.603884][T21918]  ? gfs2_dirent_search+0x8c0/0x8c0
[  822.609142][T21918]  gfs2_dirent_search+0x30a/0x8c0
[  822.614233][T21918]  ? gfs2_dirent_search+0x8c0/0x8c0
[  822.619470][T21918]  ? inode_dio_wait+0x2a9/0x340
[  822.624358][T21918]  ? generic_permission+0x21c/0x4f0
[  822.629604][T21918]  ? gfs2_dir_search+0x2f0/0x2f0
[  822.634589][T21918]  ? gfs2_permission+0x401/0x4d0
[  822.639572][T21918]  gfs2_dir_search+0xae/0x2f0
[  822.644298][T21918]  ? do_filldir_main+0x520/0x520
[  822.649282][T21918]  ? inode_go_held+0xe6/0x1f0
[  822.654006][T21918]  ? gfs2_glock_wait+0x216/0x2a0
[  822.658995][T21918]  gfs2_lookupi+0x447/0x630
[  822.663549][T21918]  ? gfs2_lookup_simple+0x170/0x170
[  822.668784][T21918]  ? __gfs2_lookup+0xa0/0x270
[  822.673497][T21918]  ? __d_lookup+0x8b/0x790
[  822.677967][T21918]  __gfs2_lookup+0xa0/0x270
[  822.682517][T21918]  ? gfs2_atomic_open+0x220/0x220
[  822.687577][T21918]  ? __d_lookup+0x6d6/0x790
[  822.692109][T21918]  gfs2_atomic_open+0x9a/0x220
[  822.696996][T21918]  path_openat+0xf4e/0x2e60
[  822.701552][T21918]  ? gfs2_rename2+0x25a0/0x25a0
[  822.706442][T21918]  ? do_filp_open+0x480/0x480
[  822.711161][T21918]  do_filp_open+0x230/0x480
[  822.715689][T21918]  ? vfs_tmpfile+0x4a0/0x4a0
[  822.720315][T21918]  ? _raw_spin_unlock+0x24/0x40
[  822.725177][T21918]  ? alloc_fd+0x5a0/0x640
[  822.729532][T21918]  do_sys_openat2+0x13b/0x4f0
[  822.734232][T21918]  ? do_sys_open+0x220/0x220
[  822.738837][T21918]  ? blkcg_maybe_throttle_current+0x1ac/0xa30
[  822.744936][T21918]  __x64_sys_openat+0x243/0x290
[  822.749803][T21918]  ? __ia32_sys_open+0x270/0x270
[  822.754755][T21918]  ? syscall_enter_from_user_mode+0x2e/0x230
[  822.760841][T21918]  ? lockdep_hardirqs_on+0x94/0x130
[  822.766060][T21918]  ? syscall_enter_from_user_mode+0x2e/0x230
[  822.772066][T21918]  do_syscall_64+0x3b/0xb0
[  822.776496][T21918]  ? clear_bhb_loop+0x45/0xa0
[  822.781195][T21918]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  822.787108][T21918] RIP: 0033:0x7f4812d8d169
[  822.791557][T21918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  822.811199][T21918] RSP: 002b:00007f4813cd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  822.819634][T21918] RAX: ffffffffffffffda RBX: 00007f4812fa5fa0 RCX: 00007f4812d8d169
[  822.827639][T21918] RDX: 00000000001a10c1 RSI: 0000400000000140 RDI: ffffffffffffff9c
[  822.835742][T21918] RBP: 00007f4812e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  822.843727][T21918] R10: 9c37611dc13d0d83 R11: 0000000000000246 R12: 0000000000000000
[  822.851712][T21918] R13: 0000000000000000 R14: 00007f4812fa5fa0 R15: 00007ffd2a0cea38
[  822.859711][T21918]  </TASK>
[  823.151391][T21971] netlink: 'syz.3.7350': attribute type 1 has an invalid length.
[  823.171475][T21970] xt_hashlimit: max too large, truncated to 1048576
[  823.177201][T21971] netlink: 224 bytes leftover after parsing attributes in process `syz.3.7350'.
[  823.195844][T21970] xt_hashlimit: overflow, rate too high: 0
[  823.545823][T21981] loop4: detected capacity change from 0 to 512
[  823.568270][T21981] EXT4-fs: Ignoring removed oldalloc option
[  823.586489][T21981] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b802e02d, mo2=0002]
[  823.646085][T21981] System zones: 1-12
[  823.665155][T21981] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.7353: invalid indirect mapped block 1 (level 1)
[  823.682521][T21981] EXT4-fs (loop4): Remounting filesystem read-only
[  823.696613][T21981] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.7353: invalid indirect mapped block 7 (level 2)
[  823.796641][T21981] EXT4-fs (loop4): Remounting filesystem read-only
[  823.818813][T21981] EXT4-fs (loop4): 1 truncate cleaned up
[  823.850084][T21981] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  824.223336][T21999] netlink: 'syz.3.7365': attribute type 1 has an invalid length.
[  824.298960][ T4255] EXT4-fs (loop4): unmounting filesystem.
[  824.320762][T22001] netlink: 'syz.1.7366': attribute type 10 has an invalid length.
[  824.494599][T22001] device veth0_vlan left promiscuous mode
[  824.588760][T22001] device veth0_vlan entered promiscuous mode
[  824.629378][T22001] team0: Device veth0_vlan failed to register rx_handler
[  824.831560][ T4308] bridge0: port 3(macvlan1) entered disabled state
[  824.990696][T21995] loop0: detected capacity change from 0 to 32768
[  825.044842][T21995] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.7363 (21995)
[  825.084458][T22017] loop3: detected capacity change from 0 to 512
[  825.096620][T21995] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  825.123371][T21995] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  825.139165][T22017] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  825.155391][T21995] BTRFS info (device loop0): turning off barriers
[  825.177795][T21995] BTRFS info (device loop0): turning on sync discard
[  825.203291][T21995] BTRFS info (device loop0): use zlib compression, level 3
[  825.236774][T21995] BTRFS info (device loop0): ignoring data csums
[  825.250442][T22017] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  825.278169][T21995] BTRFS info (device loop0): metadata ratio 1
[  825.286078][T21995] BTRFS info (device loop0): force zlib compression, level 3
[  825.294867][T21995] BTRFS info (device loop0): using free space tree
[  825.483571][ T4260] EXT4-fs (loop3): unmounting filesystem.
[  825.671314][T21995] BTRFS info (device loop0: state C): enabling ssd optimizations
[  825.941036][ T4249] BTRFS info (device loop0: state C): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  826.226217][T22069] loop1: detected capacity change from 0 to 2048
[  826.281348][T22073] x_tables: unsorted underflow at hook 3
[  826.289761][T22069] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  826.359908][T22067] loop4: detected capacity change from 0 to 8192
[  826.419299][T22067] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  826.446469][T22067] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[  826.488549][T22067] REISERFS (device loop4): using ordered data mode
[  826.516734][T22067] reiserfs: using flush barriers
[  826.531180][T22067] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  826.548159][T22067] REISERFS (device loop4): checking transaction log (loop4)
[  826.561039][T22067] REISERFS (device loop4): Using r5 hash to sort names
[  826.574457][T22067] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  826.589141][T22067] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  826.842597][ T7579] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[  827.055263][ T7579] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  827.078332][ T7579] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  827.114944][ T7579] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  827.147232][ T7579] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.193036][T22071] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  827.239722][T22094] syz.1.7400 uses old SIOCAX25GETINFO
[  827.592427][ T7055] usb 4-1: USB disconnect, device number 124
[  827.689465][T22107] libceph: resolve '400' (ret=-3): failed
[  827.722888][T22108] loop0: detected capacity change from 0 to 512
[  827.736901][T22108] EXT4-fs: Ignoring removed orlov option
[  827.779618][T22108] EXT4-fs (loop0): orphan cleanup on readonly fs
[  827.803005][T22108] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  827.837468][T22108] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it
[  827.870523][T22108] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.7407: Corrupt directory, running e2fsck is recommended
[  827.946057][T22108] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  827.956179][T22108] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2186: inode #15: comm syz.0.7407: corrupted in-inode xattr
[  827.968801][T22108] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.7407: couldn't read orphan inode 15 (err -117)
[  828.013338][T22108] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  828.093719][T22121] loop4: detected capacity change from 0 to 8
[  828.124988][T22120] loop1: detected capacity change from 0 to 1024
[  828.172376][T22108] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  828.217116][T22108] EXT4-fs (loop0): re-mounted. Quota mode: writeback.
[  828.260378][T22124] Illegal XDP return value 4294967274 on prog  (id 394) dev N/A, expect packet loss!
[  828.327608][ T4249] EXT4-fs (loop0): unmounting filesystem.
[  828.482624][ T7579] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[  828.694516][ T7579] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  828.721339][ T7579] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  828.732308][ T7579] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  828.751353][ T7579] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  828.769044][ T7579] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  828.797732][ T7579] usb 2-1: config 0 descriptor??
[  828.810319][ T7579] gspca_main: spca561-2.14.0 probing abcd:cdee
[  829.015244][ T7579] spca561: probe of 2-1:0.0 failed with error -22
[  829.036949][ T7579] usb 2-1: MIDIStreaming interface descriptor not found
[  829.097626][ T7579] usb 2-1: USB disconnect, device number 120
[  829.401424][T22152] netlink: 'syz.3.7428': attribute type 5 has an invalid length.
[  829.461583][T22137] loop5: detected capacity change from 0 to 32768
[  829.503093][T22137] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.7421 (22137)
[  829.566959][T22137] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  829.602987][T22137] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  829.630045][T22137] BTRFS info (device loop5): turning on flush-on-commit
[  829.669099][T22137] BTRFS info (device loop5): enabling disk space caching
[  829.712658][T22137] BTRFS info (device loop5): turning off barriers
[  829.732625][T22137] BTRFS info (device loop5): doing ref verification
[  829.739410][T22137] BTRFS info (device loop5): enabling auto defrag
[  829.768164][T22137] BTRFS info (device loop5): force clearing of disk cache
[  829.788218][T22163] loop0: detected capacity change from 0 to 256
[  829.813291][T22137] BTRFS info (device loop5): turning on sync discard
[  829.820102][T22137] BTRFS info (device loop5): using default commit interval 30s
[  829.882544][T22137] BTRFS info (device loop5): disk space caching is enabled
[  829.890108][T22163] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011ded, chksum : 0x9858084d, utbl_chksum : 0xe619d30d)
[  830.082703][T22176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7436'.
[  830.091777][T22176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7436'.
[  830.209134][T22137] BTRFS info (device loop5): enabling ssd optimizations
[  830.254973][T22137] BTRFS info (device loop5): rebuilding free space tree
[  830.345944][T22155] loop4: detected capacity change from 0 to 32768
[  830.358000][T22137] BTRFS info (device loop5): disabling free space tree
[  830.383006][T22155] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by syz.4.7429 (22155)
[  830.385661][T22137] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  830.449808][T22155] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  830.451678][T22137] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  830.481503][T22155] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  830.538844][T22155] BTRFS info (device loop4): turning off barriers
[  830.591831][T22155] BTRFS info (device loop4): turning on sync discard
[  830.638225][T22155] BTRFS info (device loop4): use zlib compression, level 3
[  830.655934][T22155] BTRFS info (device loop4): ignoring data csums
[  830.662397][T22155] BTRFS info (device loop4): metadata ratio 1
[  830.712749][T22155] BTRFS info (device loop4): force zlib compression, level 3
[  830.741097][T22155] BTRFS info (device loop4): using free space tree
[  830.761248][T18580] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  830.979871][T22198] loop1: detected capacity change from 0 to 4096
[  831.014637][T22198] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00
[  831.049301][T22198] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00
[  831.098061][T22198] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00
[  831.166437][T22155] BTRFS info (device loop4: state C): enabling ssd optimizations
[  831.198067][T22198] ntfs3: loop1: try to read out of volume at offset 0x3fffffc0c00
[  831.256651][T22198] ntfs3: loop1: try to read out of volume at offset 0x3fffffc1c00
[  831.299197][T22198] ntfs3: loop1: try to read out of volume at offset 0x3fffffc2c00
[  831.330538][T22198] ntfs3: loop1: try to read out of volume at offset 0x3fffffc4c00
[  831.358510][T22198] ntfs3: loop1: try to read out of volume at offset 0x3fffffc8c00
[  831.396265][T22198] ntfs3: loop1: try to read out of volume at offset 0x3fffffd0c00
[  831.418977][T22198] ntfs3: loop1: try to read out of volume at offset 0x3fffffe0c00
[  831.570306][T22190] loop3: detected capacity change from 0 to 32768
[  831.619851][T22190] XFS: ikeep mount option is deprecated.
[  831.654671][T22190] XFS: noikeep mount option is deprecated.
[  831.690418][ T4255] BTRFS info (device loop4: state C): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  831.904138][T22235] loop0: detected capacity change from 0 to 64
[  832.203622][T22190] XFS (loop3): Mounting V5 Filesystem
[  832.415205][T22190] XFS (loop3): Ending clean mount
[  832.432886][T22190] XFS (loop3): Quotacheck needed: Please wait.
[  832.600321][T22190] XFS (loop3): Quotacheck: Done.
[  832.701036][T22255] loop0: detected capacity change from 0 to 256
[  832.781726][ T4260] XFS (loop3): Unmounting Filesystem
[  833.307446][T22275] loop4: detected capacity change from 0 to 764
[  833.881551][T22294] sctp: [Deprecated]: syz.4.7475 (pid 22294) Use of int in maxseg socket option.
[  833.881551][T22294] Use struct sctp_assoc_value instead
[  834.022685][ T5044] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  834.212873][ T5044] usb 2-1: Using ep0 maxpacket: 16
[  834.229689][ T5044] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  834.242079][ T5044] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  834.254374][ T5044] usb 2-1: config 0 has no interface number 0
[  834.263538][ T5044] usb 2-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  834.267068][T22309] dlm: no local IP address has been set
[  834.273005][ T5044] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  834.288436][ T5044] usb 2-1: Product: syz
[  834.293208][ T5044] usb 2-1: Manufacturer: syz
[  834.298007][ T5044] usb 2-1: SerialNumber: syz
[  834.309172][T22309] dlm: cannot start dlm midcomms -107
[  834.313711][ T5044] usb 2-1: config 0 descriptor??
[  834.332333][ T5044] usb 2-1: Found UVC 0.00 device syz (046c:14e8)
[  834.350774][ T5044] usb 2-1: No valid video chain found.
[  834.356515][   T22] usb 4-1: new full-speed USB device number 125 using dummy_hcd
[  834.507041][T22317] loop5: detected capacity change from 0 to 64
[  834.536784][ T5044] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  834.560725][   T22] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  834.581209][ T4589] usb 2-1: USB disconnect, device number 121
[  834.581296][   T22] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  834.635271][   T22] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  834.673127][   T22] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  834.689642][   T22] usb 4-1: SerialNumber: syz
[  834.712253][   T22] usb 4-1: 0:2 : does not exist
[  834.720427][T22322] loop5: detected capacity change from 0 to 128
[  834.752509][ T5044] usb 5-1: Using ep0 maxpacket: 16
[  834.762872][ T5044] usb 5-1: config 0 has an invalid interface number: 237 but max is 0
[  834.780431][ T5044] usb 5-1: config 0 has no interface number 0
[  834.819380][ T5044] usb 5-1: config 0 interface 237 has no altsetting 0
[  834.840209][ T5044] usb 5-1: New USB device found, idVendor=0e41, idProduct=5057, bcdDevice= 6.ad
[  834.840244][T22325] loop0: detected capacity change from 0 to 256
[  834.857192][ T5044] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  834.887411][ T5044] usb 5-1: Product: syz
[  834.891678][ T5044] usb 5-1: Manufacturer: syz
[  834.896579][ T5044] usb 5-1: SerialNumber: syz
[  834.946614][ T5044] usb 5-1: config 0 descriptor??
[  834.964352][ T5044] snd_usb_podhd 5-1:0.237: Line 6 POD HD300 found
[  835.139130][ T4589] usb 4-1: USB disconnect, device number 125
[  835.166973][ T5044] snd_usb_podhd 5-1:0.237: cannot get proper max packet size
[  835.193343][ T5044] snd_usb_podhd 5-1:0.237: Line 6 POD HD300 now disconnected
[  835.220856][ T5044] snd_usb_podhd: probe of 5-1:0.237 failed with error -22
[  835.393095][   T22] usb 5-1: USB disconnect, device number 117
[  836.109564][T22368] loop4: detected capacity change from 0 to 512
[  836.127421][T22368] EXT4-fs: Ignoring removed orlov option
[  836.161957][T22368] EXT4-fs (loop4): orphan cleanup on readonly fs
[  836.181082][T22363] loop0: detected capacity change from 0 to 4096
[  836.187801][T22368] EXT4-fs warning (device loop4): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  836.200554][T22368] EXT4-fs warning (device loop4): dx_probe:881: Enable large directory feature to access it
[  836.211313][T22368] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.7508: Corrupt directory, running e2fsck is recommended
[  836.250809][T22368] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2
[  836.262794][T22368] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2186: inode #15: comm syz.4.7508: corrupted in-inode xattr
[  836.275650][T22368] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.7508: couldn't read orphan inode 15 (err -117)
[  836.288721][T22368] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  836.302527][ T4263] Bluetooth: hci2: command 0x0406 tx timeout
[  836.342611][T22368] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  836.419374][T22368] EXT4-fs (loop4): re-mounted. Quota mode: writeback.
[  836.603462][ T4255] EXT4-fs (loop4): unmounting filesystem.
[  836.802479][T22385] loop4: detected capacity change from 0 to 64
[  836.998192][T22389] loop5: detected capacity change from 0 to 4096
[  837.060795][T22389] ntfs: volume version 3.1.
[  837.140370][T22365] loop1: detected capacity change from 0 to 32768
[  837.158170][T22389] ntfs: (device loop5): ntfs_setattr(): Changes in user/group/mode are not supported yet, ignoring.
[  837.180840][ T4589] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[  837.249115][T22365] ERROR: (device loop1): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt
[  837.249115][T22365] 
[  837.273744][T22365] ERROR: (device loop1): remounting filesystem as read-only
[  837.281241][T22365] ERROR: (device loop1): jfs_rename: 
[  837.281241][T22365] 
[  837.401019][ T4589] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  837.436186][ T4248] ERROR: (device loop1): xtTruncate: XT_GETPAGE: xtree page corrupt
[  837.436186][ T4248] 
[  837.451450][ T4589] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  837.474392][ T4589] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.536337][ T4589] gspca_main: stv0680-2.14.0 probing 041e:4007
[  837.682157][T22409] loop5: detected capacity change from 0 to 1024
[  837.732169][T22405] loop0: detected capacity change from 0 to 4096
[  837.751577][T22405] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[  837.802322][T22405] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  837.921515][   T75] hfsplus: b-tree write err: -5, ino 4
[  838.240427][T22423] loop4: detected capacity change from 0 to 1024
[  838.582579][ T4594] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[  838.631629][ T4589] stv0680 4-1:4.0: STV(e): camera ping failed!!
[  838.765004][T22438] netlink: 6 bytes leftover after parsing attributes in process `syz.0.7541'.
[  838.795110][T22438] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  838.805903][ T4594] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  838.833262][ T4589] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  838.841508][ T4589] stv0680 4-1:4.0: last error: 0,  command = 0x0
[  838.858436][ T4594] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  838.880372][ T4589] usb 4-1: USB disconnect, device number 126
[  838.888845][ T4594] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  838.922576][ T4594] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  838.931809][ T4594] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  838.952606][ T4594] usb 5-1: config 0 descriptor??
[  838.986650][ T4594] gspca_main: spca561-2.14.0 probing abcd:cdee
[  839.144016][T22431] loop5: detected capacity change from 0 to 32768
[  839.167761][ T4594] spca561: probe of 5-1:0.0 failed with error -22
[  839.191019][ T4594] usb 5-1: MIDIStreaming interface descriptor not found
[  839.221423][T22431] CIFS mount error: No usable UNC path provided in device string!
[  839.221423][T22431] 
[  839.253627][ T4594] usb 5-1: USB disconnect, device number 118
[  839.260808][T22431] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  839.479999][T22450] tmpfs: Bad value for 'mpol'
[  839.718185][ T4375] udevd[4375]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  840.140146][T22473] loop0: detected capacity change from 0 to 8
[  840.148564][T22473] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  840.213824][T22473] cramfs: Error -3 while decompressing!
[  840.220144][T22473] cramfs: ffffffff97551568(26)->ffff888041f53000(4096)
[  840.237474][T22473] cramfs: Error -3 while decompressing!
[  840.245205][T22473] cramfs: ffffffff97551582(26)->ffff888068d88000(4096)
[  840.253124][T22473] cramfs: Error -3 while decompressing!
[  840.258800][T22473] cramfs: ffffffff9755159c(16)->ffff888068d89000(4096)
[  840.285433][T22473] cramfs: Error -3 while decompressing!
[  840.291134][T22473] cramfs: ffffffff97551568(26)->ffff888041f53000(4096)
[  840.328139][   T27] audit: type=1800 audit(2000000190.453:131): pid=22473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.7558" name="file2" dev="loop0" ino=348 res=0 errno=0
[  840.550645][T22487] loop0: detected capacity change from 0 to 512
[  840.645597][T22487] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a000c018, mo2=0002]
[  840.697939][T22487] System zones: 0-2, 18-18, 34-35
[  840.749029][T22487] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  840.781984][T22487] ext4 filesystem being mounted at /1619/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  840.987089][ T4249] EXT4-fs (loop0): unmounting filesystem.
[  841.282059][T22485] loop5: detected capacity change from 0 to 40427
[  841.338491][T22485] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x3ffff
[  841.383515][T22512] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7576'.
[  841.385361][T22485] F2FS-fs (loop5): invalid crc value
[  841.451347][T22485] F2FS-fs (loop5): Found nat_bits in checkpoint
[  841.564429][T22485] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  841.650727][T22523] sctp: [Deprecated]: syz.0.7580 (pid 22523) Use of int in max_burst socket option.
[  841.650727][T22523] Use struct sctp_assoc_value instead
[  841.699650][T22485] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  842.196942][T22540] netlink: 'syz.3.7588': attribute type 10 has an invalid length.
[  842.340845][T22545] loop0: detected capacity change from 0 to 512
[  842.365483][T22545] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  842.440254][T22545] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  842.451682][T22540] device veth0_vlan left promiscuous mode
[  842.458211][T22545] ext4 filesystem being mounted at /1624/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  842.547081][T22540] device veth0_vlan entered promiscuous mode
[  842.558703][T22540] team0: Device veth0_vlan failed to register rx_handler
[  842.730813][ T4249] EXT4-fs (loop0): unmounting filesystem.
[  843.037636][T22560] loop0: detected capacity change from 0 to 4096
[  843.047340][T22560] EXT4-fs: Ignoring removed nomblk_io_submit option
[  843.100805][T22560] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  843.146665][T22566] netlink: 6 bytes leftover after parsing attributes in process `syz.1.7600'.
[  843.184095][T22566] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  843.238599][T22566] infiniband syz0: set active
[  843.246906][ T5044] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[  843.271608][T22566] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  843.292372][ T4594] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[  843.300772][ T7055] lo speed is unknown, defaulting to 1000
[  843.313265][ T4249] EXT4-fs (loop0): unmounting filesystem.
[  843.422078][T22571] loop0: detected capacity change from 0 to 8
[  843.464328][ T5044] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  843.475228][ T4265] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  843.492404][ T4594] usb 5-1: Using ep0 maxpacket: 32
[  843.499897][ T4594] usb 5-1: unable to get BOS descriptor or descriptor too short
[  843.509140][ T5044] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[  843.535939][ T5044] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  843.538909][ T4594] usb 5-1: config 128 has an invalid interface number: 127 but max is 3
[  843.559259][T22573] loop1: detected capacity change from 0 to 1764
[  843.565981][ T5044] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  843.588782][ T4594] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  843.589867][ T5044] usb 4-1: config 0 descriptor??
[  843.632793][ T4594] usb 5-1: config 128 has 1 interface, different from the descriptor's value: 4
[  843.666478][ T4594] usb 5-1: config 128 has no interface number 0
[  843.670695][T22576] loop0: detected capacity change from 0 to 8
[  843.687488][T22576] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  843.696538][ T4594] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  843.727542][T22576] cramfs: Error -3 while decompressing!
[  843.738706][ T4594] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  843.752709][T22576] cramfs: ffffffff9754d568(26)->ffff888051184000(4096)
[  843.759717][T22576] cramfs: bad data blocksize 3288329103
[  843.766815][ T4594] usb 5-1: config 128 interface 127 has no altsetting 0
[  843.782433][T22576] cramfs: Error -3 while decompressing!
[  843.798819][ T4594] usb 5-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  843.813249][T22576] cramfs: ffffffff9754d568(26)->ffff888051184000(4096)
[  843.833944][   T27] audit: type=1800 audit(2000000193.963:132): pid=22576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.7604" name="file2" dev="loop0" ino=348 res=0 errno=0
[  843.872466][ T4594] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  843.890902][ T4594] usb 5-1: Product: syz
[  843.901080][ T4594] usb 5-1: Manufacturer: syz
[  843.918839][ T4594] usb 5-1: SerialNumber: syz
[  844.075112][ T5044] Bluetooth: Can't get version to change to load ram patch err
[  844.091946][ T5044] Bluetooth: Loading patch file failed
[  844.107932][ T5044] ath3k: probe of 4-1:0.0 failed with error -71
[  844.119703][ T5044] usb 4-1: USB disconnect, device number 127
[  844.155055][T22582] xt_nat: multiple ranges no longer supported
[  844.200329][ T4594] usb 5-1: USB disconnect, device number 119
[  844.288227][T22584] loop0: detected capacity change from 0 to 16
[  844.322867][T22584] erofs: (device loop0): mounted with root inode @ nid 36.
[  844.449660][T22586] netlink: 'syz.0.7609': attribute type 10 has an invalid length.
[  844.465006][ T4265] udevd[4265]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  844.600437][T22586] device veth0_vlan left promiscuous mode
[  844.681787][T22586] device veth0_vlan entered promiscuous mode
[  844.778916][T22586] team0: Device veth0_vlan failed to register rx_handler
[  844.903034][T22595] loop3: detected capacity change from 0 to 1024
[  844.918293][T22595] EXT4-fs: Ignoring removed nomblk_io_submit option
[  844.937387][T22598] loop1: detected capacity change from 0 to 22
[  844.945257][T22595] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  844.993075][T22598] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  845.041511][T22595] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  845.120424][T22598] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  845.299823][ T4260] EXT4-fs (loop3): unmounting filesystem.
[  845.602613][T22599] loop4: detected capacity change from 0 to 32768
[  845.637150][T22599] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.7615 (22599)
[  845.710575][T22599] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  845.757698][T22599] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  845.817236][T22599] BTRFS info (device loop4): turning on flush-on-commit
[  845.827103][T22619] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7623'.
[  845.847022][T22599] BTRFS info (device loop4): enabling disk space caching
[  845.882430][T22599] BTRFS info (device loop4): turning off barriers
[  845.912408][T22599] BTRFS info (device loop4): doing ref verification
[  845.941764][T22599] BTRFS info (device loop4): enabling auto defrag
[  845.962317][T22599] BTRFS info (device loop4): force clearing of disk cache
[  845.969576][T22599] BTRFS info (device loop4): turning on sync discard
[  846.030310][T22599] BTRFS info (device loop4): using default commit interval 30s
[  846.061381][T22599] BTRFS info (device loop4): disk space caching is enabled
[  846.084494][T22625] x_tables: ip_tables: icmp match: only valid for protocol 1
[  846.178246][T22632] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7629'.
[  846.188165][T22632] netlink: get zone limit has 8 unknown bytes
[  846.520709][T22599] BTRFS info (device loop4): enabling ssd optimizations
[  846.550490][T22599] BTRFS info (device loop4): rebuilding free space tree
[  846.562320][   T26] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  846.630885][T22612] loop1: detected capacity change from 0 to 40427
[  846.658163][T22612] F2FS-fs (loop1): Invalid log sectorsize (131081)
[  846.666199][T22599] BTRFS info (device loop4): disabling free space tree
[  846.685826][T22599] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  846.692543][T22612] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  846.707689][T22612] F2FS-fs (loop1): invalid crc value
[  846.720469][T22599] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  846.750606][T22612] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  846.763680][   T26] usb 4-1: Using ep0 maxpacket: 8
[  846.771126][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  846.822224][   T26] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  846.873957][   T26] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  846.890062][T22658] xt_CT: No such helper "snmp"
[  846.905513][   T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.945899][   T26] usb 4-1: Product: syz
[  846.966160][   T26] usb 4-1: Manufacturer: syz
[  846.970855][   T26] usb 4-1: SerialNumber: syz
[  847.004377][   T26] usb 4-1: config 0 descriptor??
[  847.051712][ T4255] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  847.066335][T22612] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  847.081286][T22612] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  847.444836][ T4589] usb 4-1: USB disconnect, device number 2
[  847.625241][T22677] ieee802154 phy0 wpan0: encryption failed: -22
[  847.741367][T22679] loop4: detected capacity change from 0 to 1024
[  847.779723][T22679] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only.
[  848.270624][T22695] ipt_REJECT: ECHOREPLY no longer supported.
[  848.362740][  T126] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[  848.408769][T22700] loop0: detected capacity change from 0 to 256
[  848.448793][T22700] FAT-fs (loop0): Directory bread(block 64) failed
[  848.474595][T22700] FAT-fs (loop0): Directory bread(block 65) failed
[  848.502922][T22700] FAT-fs (loop0): Directory bread(block 66) failed
[  848.519870][T22700] FAT-fs (loop0): Directory bread(block 67) failed
[  848.536960][T22700] FAT-fs (loop0): Directory bread(block 68) failed
[  848.544502][T22700] FAT-fs (loop0): Directory bread(block 69) failed
[  848.551327][T22700] FAT-fs (loop0): Directory bread(block 70) failed
[  848.558091][  T126] usb 5-1: Using ep0 maxpacket: 16
[  848.558627][T22700] FAT-fs (loop0): Directory bread(block 71) failed
[  848.570679][T22700] FAT-fs (loop0): Directory bread(block 72) failed
[  848.578036][T22700] FAT-fs (loop0): Directory bread(block 73) failed
[  848.578205][  T126] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  848.615729][  T126] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  848.650788][  T126] usb 5-1: config 0 has no interface number 0
[  848.667892][  T126] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  848.681316][  T126] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  848.689772][  T126] usb 5-1: Product: syz
[  848.694366][  T126] usb 5-1: Manufacturer: syz
[  848.709979][  T126] usb 5-1: SerialNumber: syz
[  848.727404][  T126] usb 5-1: config 0 descriptor??
[  848.878715][T22711] loop5: detected capacity change from 0 to 8
[  848.904165][T22709] loop1: detected capacity change from 0 to 1024
[  848.906242][T22711] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  848.945798][  T126] usb 5-1: Found UVC 0.00 device syz (046d:08f3)
[  848.953987][  T126] usb 5-1: No valid video chain found.
[  848.991335][T22711] cramfs: Error -3 while decompressing!
[  848.997184][T22711] cramfs: ffffffff9754d568(26)->ffff88804e578000(4096)
[  849.006237][T22711] cramfs: Error -3 while decompressing!
[  849.011948][T22711] cramfs: ffffffff9754d582(26)->ffff88804f400000(4096)
[  849.014816][  T126] usb 5-1: USB disconnect, device number 120
[  849.019010][T22711] cramfs: Error -3 while decompressing!
[  849.031055][T22711] cramfs: ffffffff9754d59c(16)->ffff88804f401000(4096)
[  849.033818][T22709] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  849.038164][T22711] cramfs: Error -3 while decompressing!
[  849.052774][T22711] cramfs: ffffffff9754d568(26)->ffff88804e578000(4096)
[  849.076491][T22715] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 440: padding at end of block bitmap is not set
[  849.191949][T22717] loop0: detected capacity change from 0 to 2048
[  849.304822][T22722] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  849.336484][ T4248] EXT4-fs (loop1): unmounting filesystem.
[  849.781539][T22738] loop5: detected capacity change from 0 to 64
[  850.012274][T21947] kworker/u4:8: attempt to access beyond end of device
[  850.012274][T21947] loop5: rw=1, sector=268435468, nr_sectors = 2 limit=64
[  850.036226][T22746] loop1: detected capacity change from 0 to 512
[  850.045220][T21947] Buffer I/O error on dev loop5, logical block 134217734, lost async page write
[  850.093765][T22746] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  850.217866][T22746] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.7672: casefold flag without casefold feature
[  850.314429][T22746] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.7672: couldn't read orphan inode 15 (err -117)
[  850.342581][T22746] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  850.360498][T22756] loop4: detected capacity change from 0 to 16
[  850.410814][T22756] erofs: (device loop4): EXPERIMENTAL compressed inline data feature in use. Use at your own risk!
[  850.416011][T22746] EXT4-fs error (device loop1): ext4_map_blocks:634: inode #2: block 4: comm syz.1.7672: lblock 0 mapped to illegal pblock 4 (length 1)
[  850.460323][T22756] erofs: (device loop4): mounted with root inode @ nid 36.
[  850.521028][T22756] syz.4.7676: attempt to access beyond end of device
[  850.521028][T22756] loop4: rw=0, sector=1049256, nr_sectors = 128 limit=16
[  850.622254][T22752] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  850.685813][T22760] netlink: 'syz.5.7678': attribute type 5 has an invalid length.
[  850.727860][T22760] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7678'.
[  850.748856][ T4248] EXT4-fs (loop1): unmounting filesystem.
[  850.795350][T22731] loop0: detected capacity change from 0 to 32768
[  850.944353][T22731] XFS (loop0): Mounting V5 Filesystem
[  851.085954][T22754] loop3: detected capacity change from 0 to 40427
[  851.102664][T22754] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  851.111390][T22754] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  851.145384][T22731] XFS (loop0): Ending clean mount
[  851.190561][T22754] F2FS-fs (loop3): invalid crc_offset: 33558524
[  851.193672][T22776] xt_l2tp: v2 sid > 0xffff: 262144
[  851.263634][T22754] F2FS-fs (loop3): Found nat_bits in checkpoint
[  851.385628][ T4249] XFS (loop0): Unmounting Filesystem
[  851.434313][T22754] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  851.441722][T22754] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  851.559536][ T5045] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[  851.603273][T22792] netlink: 208 bytes leftover after parsing attributes in process `syz.5.7688'.
[  851.762186][ T5045] usb 5-1: Using ep0 maxpacket: 8
[  851.769274][ T5045] usb 5-1: config 0 has an invalid interface number: 33 but max is 1
[  851.808276][ T5045] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  851.849912][ T5045] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  851.879554][ T5045] usb 5-1: config 0 has no interface number 0
[  851.891041][ T5045] usb 5-1: config 0 interface 33 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  851.910894][T22798] netlink: 64 bytes leftover after parsing attributes in process `syz.1.7692'.
[  851.928365][T22798] netlink: 64 bytes leftover after parsing attributes in process `syz.1.7692'.
[  851.931580][ T5045] usb 5-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1
[  851.972113][ T5045] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  851.991980][ T5045] usb 5-1: Product: syz
[  852.034279][ T5045] usb 5-1: Manufacturer: syz
[  852.038950][ T5045] usb 5-1: SerialNumber: syz
[  852.082970][ T5045] usb 5-1: config 0 descriptor??
[  852.104087][ T5045] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx
[  852.311573][ T2308] pvrusb2: Invalid write control endpoint
[  852.330397][ T2308] usb 5-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2
[  852.391446][ T2308] usb 5-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw
[  852.478989][T22810] netlink: 'syz.5.7698': attribute type 1 has an invalid length.
[  852.570289][ T5045] usb 5-1: USB disconnect, device number 121
[  852.859377][T22814] loop1: detected capacity change from 0 to 4096
[  852.889972][T22820] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7693'.
[  852.926961][T22814] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  852.964482][T22814] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  852.965001][T22814] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  852.965033][T22814] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  852.965093][T22814] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  852.966445][T22814] ntfs: volume version 3.1.
[  852.968824][T22814] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  852.969030][T22814] ntfs: (device loop1): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  852.969533][T22814] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  852.969559][T22814] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  852.969579][T22814] ntfs: (device loop1): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[  853.335382][T22834] IPv6: Can't replace route, no match found
[  853.554747][T22842] RDS: rds_bind could not find a transport for ::ffff:172.20.20.0, load rds_tcp or rds_rdma?
[  853.590694][ T4594] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[  853.782107][ T4594] usb 2-1: Using ep0 maxpacket: 32
[  853.794991][ T4594] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe
[  853.842116][ T4594] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.850176][ T4594] usb 2-1: Product: syz
[  853.881262][ T4594] usb 2-1: Manufacturer: syz
[  853.898472][ T4594] usb 2-1: SerialNumber: syz
[  853.904006][T22854] SET target dimension over the limit!
[  853.909946][T22853] netlink: 'syz.5.7718': attribute type 1 has an invalid length.
[  853.942592][ T4594] usb 2-1: config 0 descriptor??
[  854.174590][ T4594] snd-usb-6fire 2-1:0.0: unknown device firmware state received from device:
[  854.197776][ T4594] eb 00 00 00 00 00 00 00 
[  854.212711][ T4594] snd-usb-6fire: probe of 2-1:0.0 failed with error -5
[  854.396709][ T7579] usb 2-1: USB disconnect, device number 122
[  854.556280][T22868] loop0: detected capacity change from 0 to 8192
[  854.611170][T22868] syz.0.7726: attempt to access beyond end of device
[  854.611170][T22868] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  854.671481][T22868] Buffer I/O error on dev loop0, logical block 57847, async page read
[  854.728970][T22868] syz.0.7726: attempt to access beyond end of device
[  854.728970][T22868] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  854.780103][T22868] Buffer I/O error on dev loop0, logical block 57847, async page read
[  855.179400][T22892] netlink: 'syz.4.7736': attribute type 1 has an invalid length.
[  855.212200][T22892] netlink: 'syz.4.7736': attribute type 1 has an invalid length.
[  855.307987][T22891] loop3: detected capacity change from 0 to 4096
[  855.443112][T22891] ntfs3: loop3: ino=5, "/" directory corrupted
[  855.482248][T22891] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  855.641065][T22875] loop5: detected capacity change from 0 to 32768
[  855.737388][T22875] ERROR: (device loop5): diAllocAG: nfreeinos = 0, but iag on freelist
[  855.737388][T22875] 
[  855.805234][T22875] ERROR: (device loop5): remounting filesystem as read-only
[  855.832077][T22875] ialloc: diAlloc returned -5!
[  855.981530][T22904] loop3: detected capacity change from 0 to 4096
[  856.011988][T22904] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512)
[  856.089259][T22904] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  856.192226][ T7055] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[  856.363367][ T4260] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22.
[  856.398884][ T7055] usb 2-1: Using ep0 maxpacket: 16
[  856.404277][ T7055] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  856.404314][ T7055] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  856.404338][ T7055] usb 2-1: Product: syz
[  856.404357][ T7055] usb 2-1: Manufacturer: syz
[  856.404376][ T7055] usb 2-1: SerialNumber: syz
[  856.406315][ T7055] usb 2-1: config 0 descriptor??
[  856.409520][ T7055] visor 2-1:0.0: Sony Clie 3.5 converter detected
[  856.614088][ T7055] usb 2-1: clie_3_5_startup: get config number bad return length: 0
[  856.632772][ T7055] visor: probe of 2-1:0.0 failed with error -5
[  856.831413][ T7055] usb 2-1: USB disconnect, device number 123
[  857.912860][T22955] loop1: detected capacity change from 0 to 512
[  857.969681][T22955] EXT4-fs (loop1): orphan cleanup on readonly fs
[  858.017763][T22958] x_tables: duplicate underflow at hook 2
[  858.075737][T22955] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #4: comm syz.1.7768: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 32767, max 0(0), depth 0(0)
[  858.102469][T22955] EXT4-fs error (device loop1): ext4_quota_enable:6989: comm syz.1.7768: Bad quota inode: 4, type: 1
[  858.157881][T22955] EXT4-fs warning (device loop1): ext4_enable_quotas:7030: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  858.187971][T22940] loop3: detected capacity change from 0 to 32768
[  858.194736][T22955] EXT4-fs (loop1): Cannot turn on quotas: error -117
[  858.201471][T22955] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  858.302327][T22940] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  858.345297][ T4248] EXT4-fs (loop1): unmounting filesystem.
[  858.347865][T22940] OCFS2: ERROR (device loop3): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 256 but claims that 2046 are free
[  858.491234][T22940] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  858.562204][T22940] OCFS2: File system is now read-only.
[  858.578073][T22940] (syz.3.7761,22940,1):ocfs2_search_chain:1761 ERROR: status = -30
[  858.612020][T22940] (syz.3.7761,22940,1):ocfs2_search_chain:1871 ERROR: status = -30
[  858.622318][T22940] (syz.3.7761,22940,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30
[  858.630952][T22940] (syz.3.7761,22940,1):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30
[  858.648018][T22940] (syz.3.7761,22940,1):ocfs2_claim_new_inode:2216 ERROR: status = -30
[  858.682094][T22940] (syz.3.7761,22940,1):ocfs2_claim_new_inode:2231 ERROR: status = -30
[  858.700595][T22940] (syz.3.7761,22940,1):ocfs2_mknod_locked:639 ERROR: status = -30
[  858.747809][T22940] (syz.3.7761,22940,1):ocfs2_mknod:385 ERROR: status = -30
[  858.781110][T22940] (syz.3.7761,22940,1):ocfs2_mknod:502 ERROR: status = -30
[  858.807632][T22940] (syz.3.7761,22940,1):ocfs2_create:676 ERROR: status = -30
[  858.948988][T22984] loop4: detected capacity change from 0 to 1024
[  858.976022][ T4260] ocfs2: Unmounting device (7,3) on (node local)
[  859.010988][T22989] loop1: detected capacity change from 0 to 1024
[  859.020618][T22984] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  859.074686][T22989] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  859.124973][T22989] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  859.134485][T22984] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  859.210043][ T4255] EXT4-fs (loop4): unmounting filesystem.
[  859.260735][T22989] EXT4-fs (loop1): orphan cleanup on readonly fs
[  859.300094][T22989] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.7783: Inode bitmap for bg 0 marked uninitialized
[  859.340567][T22989] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  859.394609][T22989] EXT4-fs error (device loop1): ext4_search_dir:1549: inode #2: block 16: comm syz.1.7783: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  859.414383][T22995] 9pnet: Could not find request transport: 0xffffffffffffffff
[  859.646572][ T4248] EXT4-fs (loop1): unmounting filesystem.
[  859.806063][T23010] usb usb8: usbfs: process 23010 (syz.3.7794) did not claim interface 0 before use
[  860.109868][T23018] loop5: detected capacity change from 0 to 4096
[  860.113745][T23025] loop3: detected capacity change from 0 to 164
[  860.266332][T23018] ntfs3: loop5: ino=5, "/" directory corrupted
[  860.294600][T23018] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  860.647572][T23040] loop1: detected capacity change from 0 to 256
[  860.701164][T23040] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x3eebdab2, utbl_chksum : 0xe619d30d)
[  860.786323][T23040] syz.1.7808: attempt to access beyond end of device
[  860.786323][T23040] loop1: rw=0, sector=4280, nr_sectors = 1 limit=256
[  860.834838][T23038] loop4: detected capacity change from 0 to 4096
[  860.884669][T23038] __ntfs_error: 7 callbacks suppressed
[  860.884692][T23038] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  860.915244][T23038] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  860.985958][T23038] ntfs: (device loop4): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  861.056827][T23038] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  861.097891][T23038] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  861.128594][T23051] loop0: detected capacity change from 0 to 256
[  861.137535][T23038] ntfs: volume version 3.1.
[  861.158991][T23038] ntfs: (device loop4): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  861.208848][T23038] ntfs: (device loop4): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  861.233934][T23051] FAT-fs (loop0): Directory bread(block 64) failed
[  861.280761][T23051] FAT-fs (loop0): Directory bread(block 65) failed
[  861.292289][T23038] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  861.309033][T23051] FAT-fs (loop0): Directory bread(block 66) failed
[  861.321894][T23038] ntfs: (device loop4): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  861.331723][T23051] FAT-fs (loop0): Directory bread(block 67) failed
[  861.350879][T23051] FAT-fs (loop0): Directory bread(block 68) failed
[  861.357597][T23038] ntfs: (device loop4): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[  861.368214][T23051] FAT-fs (loop0): Directory bread(block 69) failed
[  861.399696][T23051] FAT-fs (loop0): Directory bread(block 70) failed
[  861.418407][T23051] FAT-fs (loop0): Directory bread(block 71) failed
[  861.452350][T23051] FAT-fs (loop0): Directory bread(block 72) failed
[  861.480822][T23051] FAT-fs (loop0): Directory bread(block 73) failed
[  861.571448][T23060] netlink: 'syz.1.7818': attribute type 1 has an invalid length.
[  861.591650][T23060] netlink: 56 bytes leftover after parsing attributes in process `syz.1.7818'.
[  861.797306][T23042] loop3: detected capacity change from 0 to 32768
[  861.873012][T23042] 
[  861.873012][T23042]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  861.873012][T23042] 
[  861.946443][T23067] loop0: detected capacity change from 0 to 2048
[  861.949362][T23042] ERROR: (device loop3): diWrite: ixpxd invalid
[  861.949362][T23042] 
[  861.988765][T23042] ERROR: (device loop3): txCommit: 
[  861.988765][T23042] 
[  862.032924][T23067] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  862.101159][T23067] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  862.136095][ T4260] 
[  862.136095][ T4260]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  862.136095][ T4260] 
[  862.197653][ T4260] 
[  862.197653][ T4260]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  862.197653][ T4260] 
[  862.338697][ T4249] EXT4-fs (loop0): unmounting filesystem.
[  862.735304][T23096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7826'.
[  862.757492][T23096] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7826'.
[  862.952159][ T5044] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[  863.146446][ T5044] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  863.178467][ T5044] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  863.210658][ T5044] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  863.291949][ T5044] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  863.301140][ T5044] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.331950][ T5044] usb 2-1: Product: syz
[  863.336186][ T5044] usb 2-1: Manufacturer: syz
[  863.340851][ T5044] usb 2-1: SerialNumber: syz
[  863.386229][ T5044] cdc_ncm 2-1:1.0: invalid descriptor buffer length
[  863.400783][T23117] loop0: detected capacity change from 0 to 1024
[  863.421970][ T5044] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  863.428834][ T5044] cdc_ncm 2-1:1.0: bind() failure
[  863.504085][T23117] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  863.621342][ T7055] usb 2-1: USB disconnect, device number 124
[  863.648056][ T4302] hfsplus: b-tree write err: -5, ino 4
[  863.710080][T23124] loop5: detected capacity change from 0 to 2048
[  863.761646][T23124] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  863.838433][T23129] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  864.015675][T23134] xt_cgroup: xt_cgroup: no path or classid specified
[  864.272159][ T7055] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[  864.464700][ T7055] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  864.516145][ T7055] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  864.553759][ T7055] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  864.581882][ T7055] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  864.605667][T23133] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  864.779665][T23160] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7865'.
[  864.853699][T23158] loop3: detected capacity change from 0 to 4096
[  864.893991][ T7055] usb 1-1: USB disconnect, device number 123
[  864.973902][T23158] ntfs: volume version 3.1.
[  865.537188][T23184] netlink: 920 bytes leftover after parsing attributes in process `syz.4.7877'.
[  865.560873][T23178] xfrm0 speed is unknown, defaulting to 1000
[  865.577858][T23178] lo speed is unknown, defaulting to 1000
[  865.587219][T23184] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7877'.
[  866.478653][T23208] loop4: detected capacity change from 0 to 512
[  866.515052][T23183] loop1: detected capacity change from 0 to 32768
[  866.522695][T23208] EXT4-fs: Ignoring removed oldalloc option
[  866.529918][T23211] loop0: detected capacity change from 0 to 1024
[  866.550515][T23208] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  866.567655][T23211] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  866.621444][T23211] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  866.650254][T23208] EXT4-fs (loop4): 1 truncate cleaned up
[  866.679551][T23216] loop5: detected capacity change from 0 to 128
[  866.695792][T23211] EXT4-fs (loop0): orphan cleanup on readonly fs
[  866.702967][T23208] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  866.741748][T23211] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.7891: Inode bitmap for bg 0 marked uninitialized
[  866.757622][T23216] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  866.768243][T23208] EXT4-fs error (device loop4): ext4_get_verity_descriptor_location:300: inode #15: comm syz.4.7889: verity file has no extents
[  866.782919][T23211] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  866.838674][T23211] EXT4-fs error (device loop0): ext4_search_dir:1549: inode #2: block 16: comm syz.0.7891: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  866.859116][T23208] fs-verity (loop4, inode 15): Error -117 getting verity descriptor size
[  866.860668][T23216] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  867.025490][ T4255] EXT4-fs (loop4): unmounting filesystem.
[  867.119992][ T4249] EXT4-fs (loop0): unmounting filesystem.
[  867.200706][T23224] loop3: detected capacity change from 0 to 8
[  868.028521][T23251] loop4: detected capacity change from 0 to 1024
[  868.048175][T23251] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  868.072820][T23251] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  868.170719][T23251] EXT4-fs (loop4): orphan cleanup on readonly fs
[  868.173031][T23257] loop1: detected capacity change from 0 to 1024
[  868.200112][T23251] EXT4-fs error (device loop4): ext4_read_inode_bitmap:168: comm syz.4.7909: Inode bitmap for bg 0 marked uninitialized
[  868.213890][T23257] EXT4-fs: Ignoring removed bh option
[  868.219591][T23251] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  868.229216][T23257] EXT4-fs: inline encryption not supported
[  868.249812][T23251] EXT4-fs error (device loop4): ext4_search_dir:1549: inode #2: block 16: comm syz.4.7909: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  868.325323][T23257] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000]
[  868.402539][T23257] EXT4-fs error (device loop1): ext4_map_blocks:634: inode #3: block 2: comm syz.1.7912: lblock 2 mapped to illegal pblock 2 (length 1)
[  868.419880][ T4255] EXT4-fs (loop4): unmounting filesystem.
[  868.493965][T23257] __quota_error: 6 callbacks suppressed
[  868.493989][T23257] Quota error (device loop1): qtree_write_dquot: dquota write failed
[  868.551882][T23257] EXT4-fs error (device loop1): ext4_map_blocks:634: inode #3: block 48: comm syz.1.7912: lblock 0 mapped to illegal pblock 48 (length 1)
[  868.581970][ T4594] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  868.598016][T23257] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  868.615261][T23257] EXT4-fs error (device loop1): ext4_acquire_dquot:6795: comm syz.1.7912: Failed to acquire dquot type 0
[  868.623114][T23269] IPv6: Can't replace route, no match found
[  868.637309][T23257] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5885: Corrupt filesystem
[  868.659041][T23257] EXT4-fs error (device loop1): ext4_evict_inode:279: inode #11: comm syz.1.7912: mark_inode_dirty error
[  868.696901][T23257] EXT4-fs warning (device loop1): ext4_evict_inode:282: couldn't mark inode dirty (err -117)
[  868.719665][T23257] EXT4-fs (loop1): 1 orphan inode deleted
[  868.735401][   T11] EXT4-fs error (device loop1): ext4_map_blocks:634: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1)
[  868.741942][T23257] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  868.796723][ T4594] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  868.812273][   T11] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  868.828730][ T4594] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  868.853436][   T11] EXT4-fs error (device loop1): ext4_release_dquot:6818: comm kworker/u4:1: Failed to release dquot type 0
[  868.881830][ T4594] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  868.893269][ T4594] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  868.904517][ T4594] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  868.923305][ T4594] usb 6-1: New USB device found, idVendor=a9cd, idProduct=cdee, bcdDevice= 5.b9
[  868.923613][T23257] EXT4-fs (loop1): unmounting filesystem.
[  868.937457][ T4594] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  868.950007][ T4594] usb 6-1: config 0 descriptor??
[  868.972112][T23257] EXT4-fs error (device loop1): __ext4_get_inode_loc:4506: comm syz.1.7912: Invalid inode table block 1 in block_group 0
[  868.987963][ T4594] usb 6-1: MIDIStreaming interface descriptor not found
[  868.998212][T23257] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5885: Corrupt filesystem
[  869.029500][T23257] EXT4-fs error (device loop1): ext4_quota_off:7084: inode #3: comm syz.1.7912: mark_inode_dirty error
[  869.230822][ T7579] usb 6-1: USB disconnect, device number 10
[  869.358068][T23289] loop0: detected capacity change from 0 to 16
[  869.375229][T23289] erofs: (device loop0): mounted with root inode @ nid 36.
[  869.407869][T23289] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  869.462654][T23291] loop3: detected capacity change from 0 to 128
[  869.469579][T23289] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -24 in[52, 4044] out[1851]
[  869.479763][T23291] hpfs: bad mount options.
[  869.490323][T23289] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[  869.533092][ T4242] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  869.619056][T23291] loop3: detected capacity change from 0 to 2048
[  869.672297][T23291] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  869.695177][T23296] netlink: 'syz.1.7931': attribute type 10 has an invalid length.
[  869.711862][T23296] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  869.726896][T23296] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  869.747912][ T4265] udevd[4265]: incorrect nilfs2 checksum on /dev/loop3
[  869.752148][T23298] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  869.763444][T23291] NILFS (loop3): error -116 getting root inode
[  869.785955][T23296] infiniband syz0: set active
[  869.819640][T23296] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  869.860805][T23301] usb usb8: usbfs: process 23301 (syz.0.7932) did not claim interface 0 before use
[  869.870563][ T7055] lo speed is unknown, defaulting to 1000
[  870.066451][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  870.072918][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  870.276921][T23314] loop0: detected capacity change from 0 to 256
[  870.313047][T23314] exfat: Deprecated parameter 'utf8'
[  870.357156][T23314] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d)
[  870.460736][T23317] loop1: detected capacity change from 0 to 4096
[  870.487817][T23317] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512)
[  870.575216][T23317] ntfs3: loop1: ntfs_sync_fs r=1a failed, -22.
[  870.581464][T23317] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  870.631291][T23317] ntfs3: loop1: ntfs_evict_inode r=1a failed, -22.
[  871.679733][T23360] overlayfs: missing 'lowerdir'
[  872.360580][T23377] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7966'.
[  872.602971][T23388] xt_NFQUEUE: number of total queues is 0
[  873.128971][T23399] netlink: 40 bytes leftover after parsing attributes in process `syz.4.7977'.
[  873.297001][T23383] loop1: detected capacity change from 0 to 40427
[  873.370169][T23389] loop5: detected capacity change from 0 to 32768
[  873.375626][T23383] F2FS-fs (loop1): invalid crc value
[  873.432395][T23383] F2FS-fs (loop1): Found nat_bits in checkpoint
[  873.444641][T23389] 
[  873.444641][T23389]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  873.444641][T23389] 
[  873.534561][T23389] 
[  873.534561][T23389]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  873.534561][T23389] 
[  873.540240][T23383] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1
[  873.568306][T23389] 
[  873.568306][T23389]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  873.568306][T23389] 
[  873.575843][T23408] loop4: detected capacity change from 0 to 4096
[  873.586411][T23383] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  873.611719][T23408] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512)
[  873.660143][  T106] 
[  873.660143][  T106]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  873.660143][  T106] 
[  873.739789][T23413] netlink: 'syz.3.7982': attribute type 95 has an invalid length.
[  873.769223][ T4308] 
[  873.769223][ T4308]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  873.769223][ T4308] 
[  873.793058][ T4308] 
[  873.793058][ T4308]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  873.793058][ T4308] 
[  873.807440][  T107] 
[  873.807440][  T107]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  873.807440][  T107] 
[  873.829745][T18580] 
[  873.829745][T18580]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  873.829745][T18580] 
[  873.847072][T18580] 
[  873.847072][T18580]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  873.847072][T18580] 
[  874.306838][T23425] loop0: detected capacity change from 0 to 512
[  874.317825][T23421] loop3: detected capacity change from 0 to 1764
[  874.433840][T23425] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  874.514791][T23425] ext4 filesystem being mounted at /1704/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  874.609822][T23425] EXT4-fs error (device loop0): ext4_empty_dir:3145: inode #12: block 32: comm syz.0.7989: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  874.715221][T23425] EXT4-fs (loop0): Remounting filesystem read-only
[  874.731798][T23425] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #12: comm syz.0.7989: directory missing '.'
[  874.812333][T23442] bridge_slave_1: mtu greater than device maximum
[  874.879949][ T4249] EXT4-fs (loop0): unmounting filesystem.
[  874.894226][T23446] raw_sendmsg: syz.1.7996 forgot to set AF_INET. Fix it!
[  875.048454][T23451] Error parsing options; rc = [-22]
[  875.110277][T23454] i2c i2c-0: Invalid block write size 33
[  875.216015][T23458] netlink: 68 bytes leftover after parsing attributes in process `syz.0.8003'.
[  876.147430][T23489] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8018'.
[  876.557681][T23477] loop5: detected capacity change from 0 to 32768
[  876.582246][T23477] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.8009 (23477)
[  876.651007][T23477] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  876.687995][T23477] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  876.720922][T23477] BTRFS info (device loop5): force clearing of disk cache
[  876.751682][T23477] BTRFS info (device loop5): force zlib compression, level 3
[  876.751723][T23477] BTRFS info (device loop5): enabling auto defrag
[  876.751785][T23477] BTRFS info (device loop5): max_inline at 0
[  876.751809][T23477] BTRFS info (device loop5): enabling disk space caching
[  876.751828][T23477] BTRFS info (device loop5): disk space caching is enabled
[  877.021692][T23477] BTRFS info (device loop5): enabling ssd optimizations
[  877.107675][T23477] BTRFS info (device loop5): rebuilding free space tree
[  877.180373][T23477] BTRFS info (device loop5): disabling free space tree
[  877.201857][T23477] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  877.224410][T23537] loop4: detected capacity change from 0 to 64
[  877.226383][T23477] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  877.299006][T23539] loop0: detected capacity change from 0 to 256
[  877.360901][T23535] loop1: detected capacity change from 0 to 4096
[  877.386805][T23541] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  877.395565][T23535] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512)
[  877.506103][T18580] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  878.399844][T23564] netlink: 'syz.1.8044': attribute type 21 has an invalid length.
[  878.601439][T23571] loop4: detected capacity change from 0 to 1764
[  878.840379][T23577] loop0: detected capacity change from 0 to 4096
[  878.879885][T23577] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512)
[  879.179769][T23591] loop3: detected capacity change from 0 to 256
[  879.262424][T23595] program syz.4.8058 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  879.323033][T23597] netlink: 'syz.5.8059': attribute type 1 has an invalid length.
[  879.330846][T23597] netlink: 112865 bytes leftover after parsing attributes in process `syz.5.8059'.
[  879.360776][T23599] loop0: detected capacity change from 0 to 128
[  879.394346][T23599] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  879.472074][T23599] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  879.504006][T23601] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8062'.
[  879.517568][T23599] FAT-fs (loop0): Filesystem has been set read-only
[  879.649092][ T4249] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  880.073206][T23619] netlink: 'syz.4.8070': attribute type 1 has an invalid length.
[  880.081042][T23619] netlink: 228 bytes leftover after parsing attributes in process `syz.4.8070'.
[  880.102517][T23623] loop0: detected capacity change from 0 to 128
[  880.165764][T23623] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c018, mo2=0002]
[  880.186833][T23623] System zones: 1-3, 19-19, 35-36
[  880.241361][T23623] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  880.260245][T23621] loop5: detected capacity change from 0 to 4096
[  880.325761][T23621] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512)
[  880.342145][T23623] ext4 filesystem being mounted at /1719/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  880.347292][T23605] loop1: detected capacity change from 0 to 32768
[  880.392148][T23605] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.8061 (23605)
[  880.460134][T23605] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  880.514104][T23605] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  880.519658][T23623] EXT4-fs warning (device loop0): ext4_group_extend:1899: can't read last block, resize aborted
[  880.572462][T23605] BTRFS info (device loop1): force zlib compression, level 3
[  880.580012][T23605] BTRFS info (device loop1): force clearing of disk cache
[  880.659441][T23605] BTRFS info (device loop1): setting nodatasum
[  880.687941][T23605] BTRFS info (device loop1): use zlib compression, level 3
[  880.741564][T23605] BTRFS info (device loop1): allowing degraded mounts
[  880.778009][ T4249] EXT4-fs (loop0): unmounting filesystem.
[  880.781497][T23605] BTRFS info (device loop1): enabling disk space caching
[  880.821535][T23605] BTRFS info (device loop1): disk space caching is enabled
[  881.187524][T23605] BTRFS info (device loop1): enabling ssd optimizations
[  881.220390][T23605] BTRFS info (device loop1): rebuilding free space tree
[  881.283459][T23605] BTRFS info (device loop1): disabling free space tree
[  881.303189][T23605] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  881.352705][T23605] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  881.799187][T23629] loop4: detected capacity change from 0 to 32768
[  881.986761][T23605] BTRFS info (device loop1): balance: start -f -ssoft,profiles=system|single|raid0|raid1|dup|raid10|raid5|raid6|raid1c3|raid1c4|0xfffefffffffff800,usage=828928688128,usage=0..193,vrange=5..4294967296,limit=9223372036854775808
[  882.011112][    C1] vkms_vblank_simulate: vblank timer overrun
[  882.021743][ T4594] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[  882.124686][T23605] BTRFS info (device loop1): balance: ended with status: 0
[  882.231584][ T4594] usb 1-1: Using ep0 maxpacket: 16
[  882.239977][ T4594] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  882.292291][ T4594] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0
[  882.308587][ T4594] usb 1-1: config 0 interface 0 has no altsetting 0
[  882.338888][ T4248] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  882.351534][ T4594] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  882.381090][ T4594] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  882.398971][ T4594] usb 1-1: Product: syz
[  882.422619][ T4594] usb 1-1: Manufacturer: syz
[  882.456997][ T4594] usb 1-1: SerialNumber: syz
[  882.493111][ T4594] usb 1-1: config 0 descriptor??
[  882.676880][T23680] loop3: detected capacity change from 0 to 4096
[  882.708719][T23680] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512)
[  882.954642][ T4594] usb 1-1: USB disconnect, device number 124
[  883.004854][T23686] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8091'.
[  883.018227][T23686] netlink: 'syz.4.8091': attribute type 1 has an invalid length.
[  883.193376][T23691] netlink: 'syz.3.8092': attribute type 2 has an invalid length.
[  883.906450][T23714] bridge0: port 4(netdevsim0) entered disabled state
[  883.940957][T23714] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  884.386353][T23732] netlink: 'syz.5.8113': attribute type 1 has an invalid length.
[  884.398320][T23733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8114'.
[  884.692801][T23703] loop4: detected capacity change from 0 to 32768
[  884.735351][T23703] (syz.4.8099,23703,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  884.769694][T23703] (syz.4.8099,23703,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  884.816759][T23744] netlink: 'syz.3.8119': attribute type 2 has an invalid length.
[  884.847568][T23744] netlink: 244 bytes leftover after parsing attributes in process `syz.3.8119'.
[  884.864062][ T5043] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[  884.867121][T23703] JBD2: Ignoring recovery information on journal
[  884.905086][T23749] loop0: detected capacity change from 0 to 128
[  884.923192][T23749] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  884.943947][T23703] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  885.009975][T23752] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8123'.
[  885.021158][T23752] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8123'.
[  885.056965][T23749] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  885.083620][ T5043] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  885.086999][T23703] 
[  885.095689][T23703] ======================================================
[  885.103006][T23703] WARNING: possible circular locking dependency detected
[  885.107714][T23754] netlink: 114704 bytes leftover after parsing attributes in process `syz.5.8122'.
[  885.110554][T23703] 6.1.131-syzkaller #0 Not tainted
[  885.120699][ T5043] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.125048][T23703] ------------------------------------------------------
[  885.125061][T23703] syz.4.8099/23703 is trying to acquire lock:
[  885.125075][T23703] ffff8880551ec2c8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x202/0x2a0
[  885.125143][T23703] 
[  885.125143][T23703] but task is already holding lock:
[  885.125150][T23703] ffff88804e9420a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x2a0/0xb60
[  885.125202][T23703] 
[  885.125202][T23703] which lock already depends on the new lock.
[  885.125202][T23703] 
[  885.125210][T23703] 
[  885.125210][T23703] the existing dependency chain (in reverse order) is:
[  885.125217][T23703] 
[  885.125217][T23703] -> #6
[  885.164884][T23754] ieee80211 !!
: Selected rate control algorithm 'minstrel_ht'
[  885.167812][T23703]  (&dquot->dq_lock){+.+.}-{3:3}:
[  885.167851][T23703]        lock_acquire+0x1f8/0x5a0
[  885.186259][ T5043] usb 2-1: config 0 descriptor??
[  885.188197][T23703]        __mutex_lock+0x132/0xd80
[  885.188237][T23703]        dquot_commit+0x57/0x510
[  885.205405][ T5043] gspca_main: spca508-2.14.0 probing 8086:0110
[  885.209724][T23703]        ext4_write_dquot+0x1fd/0x360
[  885.209755][T23703]        mark_all_dquot_dirty+0xf7/0x400
[  885.209788][T23703]        __dquot_free_space+0x956/0xe70
[  885.247832][T23749] FAT-fs (loop0): Filesystem has been set read-only
[  885.252476][T23703]        ext4_free_blocks+0x1fb4/0x3020
[  885.252510][T23703]        ext4_ext_remove_space+0x25c6/0x4f40
[  885.252542][T23703]        ext4_ext_truncate+0x201/0x360
[  885.252574][T23703]        ext4_truncate+0xa1d/0x1290
[  885.252600][T23703]        ext4_evict_inode+0xb68/0x1150
[  885.252627][T23703]        evict+0x529/0x930
[  885.252655][T23703]        ext4_orphan_cleanup+0xb70/0x1400
[  885.252683][T23703]        ext4_fill_super+0x84b2/0x89e0
[  885.252715][T23703]        get_tree_bdev+0x3fe/0x620
[  885.267768][T23749] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  885.270951][T23703]        vfs_get_tree+0x88/0x270
[  885.270989][T23703]        do_new_mount+0x2ba/0xb40
[  885.290841][T23749] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  885.293295][T23703]        __se_sys_mount+0x2d5/0x3c0
[  885.293335][T23703]        do_syscall_64+0x3b/0xb0
[  885.293355][T23703]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  885.293380][T23703] 
[  885.293380][T23703] -> #5 (&ei->i_data_sem){++++}-{3:3}:
[  885.293413][T23703]        lock_acquire+0x1f8/0x5a0
[  885.293443][T23703]        down_write+0x36/0x60
[  885.293472][T23703]        ext4_map_blocks+0x955/0x1cb0
[  885.293499][T23703]        ext4_writepages+0x1643/0x3de0
[  885.293529][T23703]        do_writepages+0x3a2/0x670
[  885.391843][T23703]        __writeback_single_inode+0x15d/0x11e0
[  885.398057][T23703]        writeback_sb_inodes+0xc2b/0x1b20
[  885.403822][T23703]        __writeback_inodes_wb+0x114/0x400
[  885.409678][T23703]        wb_writeback+0x4b1/0xe10
[  885.414744][T23703]        wb_workfn+0xc9e/0x1020
[  885.419634][T23703]        process_one_work+0x917/0x1260
[  885.425150][T23703]        worker_thread+0xa47/0x1200
[  885.430392][T23703]        kthread+0x28d/0x320
[  885.435144][T23703]        ret_from_fork+0x1f/0x30
[  885.440124][T23703] 
[  885.440124][T23703] -> #4 (jbd2_handle){++++}-{0:0}:
[  885.447482][T23703]        lock_acquire+0x1f8/0x5a0
[  885.452759][T23703]        start_this_handle+0x1f71/0x21b0
[  885.458450][T23703]        jbd2__journal_start+0x2d1/0x5c0
[  885.464152][T23703]        jbd2_journal_start+0x25/0x30
[  885.469682][T23703]        ocfs2_start_trans+0x3c0/0x6f0
[  885.475240][T23703]        ocfs2_shutdown_local_alloc+0x214/0xa90
[  885.481529][T23703]        ocfs2_dismount_volume+0x1fb/0x960
[  885.487477][T23703]        generic_shutdown_super+0x130/0x340
[  885.493415][T23703]        kill_block_super+0x7a/0xe0
[  885.499128][T23703]        deactivate_locked_super+0xa0/0x110
[  885.505783][T23703]        cleanup_mnt+0x490/0x520
[  885.511044][T23703]        task_work_run+0x246/0x300
[  885.517065][T23703]        exit_to_user_mode_loop+0xde/0x100
[  885.523634][T23703]        exit_to_user_mode_prepare+0xb1/0x140
[  885.531048][T23703]        syscall_exit_to_user_mode+0x60/0x270
[  885.538090][T23703]        do_syscall_64+0x47/0xb0
[  885.546292][T23703]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  885.553351][T23703] 
[  885.553351][T23703] -> #3 (&journal->j_trans_barrier){.+.+}-{3:3}:
[  885.562232][T23703]        lock_acquire+0x1f8/0x5a0
[  885.567521][T23703]        down_read+0xad/0xa30
[  885.572393][T23703]        ocfs2_start_trans+0x3b5/0x6f0
[  885.578936][T23703]        ocfs2_shutdown_local_alloc+0x214/0xa90
[  885.587460][T23703]        ocfs2_dismount_volume+0x1fb/0x960
[  885.594981][T23703]        generic_shutdown_super+0x130/0x340
[  885.600910][T23703]        kill_block_super+0x7a/0xe0
[  885.606161][T23703]        deactivate_locked_super+0xa0/0x110
[  885.612097][T23703]        cleanup_mnt+0x490/0x520
[  885.617093][T23703]        task_work_run+0x246/0x300
[  885.622266][T23703]        exit_to_user_mode_loop+0xde/0x100
[  885.628121][T23703]        exit_to_user_mode_prepare+0xb1/0x140
[  885.631801][ T5043] gspca_spca508: reg_read err -71
[  885.634199][T23703]        syscall_exit_to_user_mode+0x60/0x270
[  885.645343][T23703]        do_syscall_64+0x47/0xb0
[  885.646675][ T5043] gspca_spca508: reg_read err -71
[  885.650296][T23703]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  885.650332][T23703] 
[  885.650332][T23703] -> #2 (
[  885.660748][ T5043] gspca_spca508: reg_read err -71
[  885.661750][T23703] sb_internal#3){.+.+}-{0:0}:
[  885.661784][T23703]        lock_acquire+0x1f8/0x5a0
[  885.661822][T23703]        ocfs2_start_trans+0x2b0/0x6f0
[  885.661855][T23703]        ocfs2_write_info+0x124/0x3a0
[  885.661877][T23703]        dquot_set_dqinfo+0x488/0x6f0
[  885.661896][T23703]        quota_setinfo+0x3d6/0x4f0
[  885.669590][ T5043] gspca_spca508: reg_read err -71
[  885.672017][T23703]        __se_sys_quotactl+0x2b1/0x770
[  885.672049][T23703]        do_syscall_64+0x3b/0xb0
[  885.672069][T23703]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  885.672095][T23703] 
[  885.672095][T23703] -> #1 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}:
[  885.672130][T23703]        lock_acquire+0x1f8/0x5a0
[  885.678042][ T5043] gspca_spca508: reg write: error -71
[  885.681841][T23703]        down_write+0x36/0x60
[  885.681880][T23703]        ocfs2_lock_global_qf+0x221/0x2a0
[  885.681908][T23703]        ocfs2_write_info+0xd2/0x3a0
[  885.681927][T23703]        dquot_set_dqinfo+0x488/0x6f0
[  885.681947][T23703]        quota_setinfo+0x3d6/0x4f0
[  885.681968][T23703]        __se_sys_quotactl+0x2b1/0x770
[  885.681987][T23703]        do_syscall_64+0x3b/0xb0
[  885.682005][T23703]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  885.688905][ T5043] spca508: probe of 2-1:0.0 failed with error -71
[  885.692839][T23703] 
[  885.692839][T23703] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}:
[  885.692892][T23703]        validate_chain+0x1661/0x5950
[  885.692918][T23703]        __lock_acquire+0x125b/0x1f80
[  885.692948][T23703]        lock_acquire+0x1f8/0x5a0
[  885.692978][T23703]        down_write+0x36/0x60
[  885.693008][T23703]        ocfs2_lock_global_qf+0x202/0x2a0
[  885.693030][T23703]        ocfs2_acquire_dquot+0x2ad/0xb60
[  885.693052][T23703]        dqget+0x762/0xe90
[  885.693081][T23703]        dquot_set_dqblk+0x27/0xf20
[  885.693114][T23703]        quota_setquota+0x6d3/0x840
[  885.693137][T23703]        __se_sys_quotactl+0x2b1/0x770
[  885.693159][T23703]        do_syscall_64+0x3b/0xb0
[  885.693178][T23703]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  885.716512][ T5043] usb 2-1: USB disconnect, device number 125
[  885.719113][T23703] 
[  885.719113][T23703] other info that might help us debug this:
[  885.719113][T23703] 
[  885.719123][T23703] Chain exists of:
[  885.719123][T23703]   &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7 --> &ei->i_data_sem --> &dquot->dq_lock
[  885.719123][T23703] 
[  885.903952][T23703]  Possible unsafe locking scenario:
[  885.903952][T23703] 
[  885.911414][T23703]        CPU0                    CPU1
[  885.916806][T23703]        ----                    ----
[  885.922210][T23703]   lock(&dquot->dq_lock);
[  885.926638][T23703]                                lock(&ei->i_data_sem);
[  885.933590][T23703]                                lock(&dquot->dq_lock);
[  885.940545][T23703]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7);
[  885.948009][T23703] 
[  885.948009][T23703]  *** DEADLOCK ***
[  885.948009][T23703] 
[  885.956174][T23703] 2 locks held by syz.4.8099/23703:
[  885.961380][T23703]  #0: ffff88807df000e0 (&type->s_umount_key#107){++++}-{3:3}, at: user_get_super+0x11a/0x250
[  885.972669][T23703]  #1: ffff88804e9420a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x2a0/0xb60
[  885.982791][T23703] 
[  885.982791][T23703] stack backtrace:
[  885.988695][T23703] CPU: 0 PID: 23703 Comm: syz.4.8099 Not tainted 6.1.131-syzkaller #0
[  885.996894][T23703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  886.006988][T23703] Call Trace:
[  886.010270][T23703]  <TASK>
[  886.013245][T23703]  dump_stack_lvl+0x1e3/0x2cb
[  886.017956][T23703]  ? nf_tcp_handle_invalid+0x647/0x647
[  886.023501][T23703]  ? print_circular_bug+0x12b/0x1a0
[  886.028722][T23703]  check_noncircular+0x2fa/0x3b0
[  886.033669][T23703]  ? add_chain_block+0x850/0x850
[  886.038671][T23703]  ? lockdep_lock+0x11f/0x2a0
[  886.043601][T23703]  ? _find_first_zero_bit+0xd0/0x100
[  886.048994][T23703]  validate_chain+0x1661/0x5950
[  886.053874][T23703]  ? reacquire_held_locks+0x660/0x660
[  886.059447][T23703]  ? ocfs2_read_blocks_sync+0xcd0/0xcd0
[  886.065391][T23703]  ? look_up_lock_class+0x77/0x140
[  886.070535][T23703]  ? register_lock_class+0x100/0x990
[  886.075995][T23703]  ? ocfs2_read_inode_block+0x148/0x1d0
[  886.081715][T23703]  ? is_dynamic_key+0x260/0x260
[  886.086698][T23703]  ? mark_lock+0x9a/0x340
[  886.091041][T23703]  __lock_acquire+0x125b/0x1f80
[  886.095924][T23703]  lock_acquire+0x1f8/0x5a0
[  886.100451][T23703]  ? ocfs2_lock_global_qf+0x202/0x2a0
[  886.105838][T23703]  ? read_lock_is_recursive+0x10/0x10
[  886.111252][T23703]  ? ocfs2_lock_global_qf+0x1cb/0x2a0
[  886.116724][T23703]  ? __might_sleep+0xb0/0xb0
[  886.121353][T23703]  ? do_raw_spin_lock+0x14a/0x370
[  886.126418][T23703]  ? do_raw_spin_unlock+0x137/0x8a0
[  886.131835][T23703]  down_write+0x36/0x60
[  886.136028][T23703]  ? ocfs2_lock_global_qf+0x202/0x2a0
[  886.141427][T23703]  ocfs2_lock_global_qf+0x202/0x2a0
[  886.146684][T23703]  ? lock_buffer+0x80/0x80
[  886.151206][T23703]  ? trace_contention_end+0x61/0x170
[  886.156901][T23703]  ocfs2_acquire_dquot+0x2ad/0xb60
[  886.162198][T23703]  ? ocfs2_destroy_dquot+0x40/0x40
[  886.167363][T23703]  ? percpu_counter_add_batch+0x142/0x160
[  886.173136][T23703]  dqget+0x762/0xe90
[  886.177084][T23703]  dquot_set_dqblk+0x27/0xf20
[  886.181825][T23703]  ? __might_fault+0xbd/0x110
[  886.186551][T23703]  quota_setquota+0x6d3/0x840
[  886.191325][T23703]  ? quota_getnextquota+0x6b0/0x6b0
[  886.196998][T23703]  ? bpf_lsm_capable+0x5/0x10
[  886.201873][T23703]  ? security_capable+0x86/0xb0
[  886.206759][T23703]  ? do_quotactl+0x4e1/0x6c0
[  886.211374][T23703]  __se_sys_quotactl+0x2b1/0x770
[  886.216361][T23703]  ? __x64_sys_quotactl+0xa0/0xa0
[  886.221435][T23703]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  886.227806][T23703]  ? print_irqtrace_events+0x210/0x210
[  886.233281][T23703]  ? print_irqtrace_events+0x210/0x210
[  886.239362][T23703]  ? syscall_enter_from_user_mode+0x2e/0x230
[  886.245371][T23703]  ? lockdep_hardirqs_on+0x94/0x130
[  886.250778][T23703]  ? syscall_enter_from_user_mode+0x2e/0x230
[  886.256924][T23703]  do_syscall_64+0x3b/0xb0
[  886.261384][T23703]  ? clear_bhb_loop+0x45/0xa0
[  886.266265][T23703]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  886.272181][T23703] RIP: 0033:0x7f4812d8d169
[  886.276642][T23703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  886.296521][T23703] RSP: 002b:00007f4813cd7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  886.304947][T23703] RAX: ffffffffffffffda RBX: 00007f4812fa5fa0 RCX: 00007f4812d8d169
[  886.312938][T23703] RDX: 0000000000000000 RSI: 0000400000000040 RDI: ffffffff80000801
[  886.320917][T23703] RBP: 00007f4812e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  886.328969][T23703] R10: 0000400000000100 R11: 0000000000000246 R12: 0000000000000000
[  886.336954][T23703] R13: 0000000000000000 R14: 00007f4812fa5fa0 R15: 00007ffd2a0cea38
[  886.344970][T23703]  </TASK>
[  886.379028][ T4255] ocfs2: Unmounting device (7,4) on (node local)