last executing test programs: 3.726340595s ago: executing program 2 (id=5877): r0 = syz_open_dev$video(&(0x7f0000000040), 0xd, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x1, @vbi={0x7, 0xb21, 0x0, 0x47425247, [0x0, 0x3], [0x0, 0x4]}}) 3.577584387s ago: executing program 2 (id=5881): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_pauseparam={0x13, 0x2, 0x80000001, 0x4}}) 3.40057611s ago: executing program 2 (id=5883): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote}, {@in6=@remote, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0xa, 0x2}}, 0xf0}}, 0x0) 3.264436712s ago: executing program 2 (id=5884): syz_mount_image$iso9660(&(0x7f0000000200), &(0x7f0000000000)='./file0\x00', 0x2000004, &(0x7f0000000040)={[{@cruft}, {@hide}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}]}, 0x1, 0xaa3, &(0x7f00000017c0)="$eJzs3c1vHHfdAPDvrF9iu1WbtnnaPlHbTFKldds8ztp+mijqgSb22nHxC7IdqZFATdU4KIpFUQtSGyHFFYgTFRVCSICEUI+cKpUDvaDc4MiJAxJU/AOo4pQiYNDM7tq79q43cTZ2Uj4faz1v39/bzOz8vOvd+QX3sizLiscOl8/9ajcry93nzOSnH370fv54by36oydeTH4TMRARaUTvv4pzpW9icnFhrkNGVyIuRMT1iCQi9kV12sZg09KFSH4Y928sX4/k5/F4i2QDt9g4Osr4r7bX5x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANyVJibL5dEkZmfmz72atlcMAb7N9np2nxSjfiefdCo2iUjyRwwM1If6fvzAxuZH819H4onq0hPVkb8H4up9j+5/6ZHeUj39NhXaFW+/e/XK66urK2/VlvelaV/HRPvueLVuXf/Okk1X5meWFmbmTk9X0pmlhfTUiRPl42enltKpmagsnV9arsylE4uV08sLi+nwxHPp6KlT42ll5PzCufnpyZHZSn3lyf8bK5dPpK+MfKVyenFpYf74KyNLE2dnZmdn5qeLmHxzHnMyPxG/PLOcLldOz6XppcurK+OdKpkHjbbckjQHjXXKaaw8NjY6OjYYJ1489eLJcrm3tmJstL6ivElsidj7k5Zu+8VNR/6669dvuA2lWv8fszET83EuXo205c9ETMZiLMRci23JRn71/v/o8cq25Tb2//Ve/vGNzQej6P+fqi491a7/b1PXzj9ZVs15p+nXW772blyNK/F6rMZqrMRbt5tj1hObavb55ph/Zlm2g5zTPM9DjfvgtlufxnRUYj5mYikWYibm4nRMx3f/Wm3BQqRxKk7EiSjHa3E2pmIp0piKmZiNSizF+ViK5agUZ9RELEYljViOhViMNIZjIp6LNEbjVAzGeKRRiZE4HwtxLuZjOibjdJHLpbhc7Pfxbeq4HjR6M0Fj2wRt6cxvr//P7sa/BNmxzn/6F7p16YbbltX6//62AVl9bnhi12oFAAAAdNP//j4eOPDw7/4c0RdPFu/LT83MVsp7XS0AAACgi4qP6z2RT/qyiHgykhav/0t7VDkAAACgK5LiO3ZJRAzFoepc9ZtQPeFDAAAAAPAFUfz//6l8MpTPHYpk/U4oF1pEAgAAAPegjvfYr73sX9smYiBq97RML1anF2sRtfv8Dk3NzFZGJhZmXxqNZ4q7DBTfNNiSW09E0ld8/eD5OFyNOjxUnQ415ziQR42OvDQaz8eRWkOGn84nTw+3iByrRj5bjXx2m8jxPPImrN3+ngeAvXNka3/8edZ0j/3OfyE8H8eqEccO9vZHRO/BFj1reaNn7d2LhgIA6zqPsdMcca2WrrH////89X9zp97U/z8cl/6dr1yJkXgj3ozVuBjHim8bFJ84aCr3qx/U3jNY/xhCOY51eDegHvuHk6U41uH9gKGGgV6OdXhHoBobX4sYv4NHAAB235E2/XC7/r+IiPrHAav9/7GG1/+x9fX/+tBCK75SCAB3hfUR7Ls6k/U0rtnrNgIAzfTSAAAAAAAAAAAAAAAAAAAAAAAAAAAA0H1dve3/wA6T/6U2rl91Tdb98QhazwzW9kF9zbVb2hvvvf3u1R9FROOmUt6IO1PnoqbdzbnUhXyyiNit47V7M7E/Ysd7NVpt6o+IO175wW4U8XltpvrcKG138Ti37VYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuAUlET6v1pYh9EVGOiOO7X6s7Z22vK7D7vtS4kNyIG/FOPLB31QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GKq3f+/FNXpfdVV0VuKOBoRFyIi2+s6dtONva5AlwzuMF3D/f/zYx5ZEr3Vwx5J38Tk4sJcfviLsR9Kn3740fuPNSffd7PlFIGlTYNL1ErYHPvL++tzDxWphiZX3r7yrTe/mU6eiVL0x5nlqdnJuenFlzeSPJp8HJFG9VGX1zd/fOfobz9o0fKP85a2trncqWLnTG4t97FWqduVW2pX3LrLqytjedRy5dXlb3/j8jsNmx6OwxFPD0cMN5f09fzRuoVxOPq2rOvfmE0+S76fPBA/iQvF8c/3RpIl+SF6sKju4KXLqysjb7y5erFNnfbHoYi4GDEQtfRt67S+qw8V15OWirOu1JeXWi6C8l8HOrSxtfUxLi7Wcxxt04aHilNmqNaG/qY2lNqUmbZvQ7HDG/b7+jFPGpJUazReq1F/NNfokXimxZHO9kW03wvPtDjSHSWfJX9KzsYf43sN43+U8uN/NGv/7GzO4mg0nyltI0vVyKLlY40bXtsc+bef3lTtWw5Tw636QfXEryk1XP9rx2pn16OBzeVkSevrUU1DieNtSmz9vNh0ddh8VrS/5hY90oFNKWpXn7aJqvU8UI1qU8//iRcieg9G045trueW3vqF9leU5vQvb1qfXSsmO33+/ywZjr/HmvF/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu18S0dNqfSniaETsry+nEdktZLuv3YbSUHKrVeyqtfVf97gDxe9S07r3OidLbsSN7NqdqhQAAAAAAAAAu+3M5KcffvR+/ij+H99zI8tq/99PI3ojYn/y48GYXFyY65BRX8SFiLiezw+0C/pHVtW8Nk8X928sX4/IHtx5kwCADv4TAAD//9qNdKM=") openat$incfs(0xffffffffffffff9c, &(0x7f00000001c0)='.log\x00', 0x0, 0x0) 2.992503966s ago: executing program 2 (id=5886): r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204408, &(0x7f0000000080)={[{@compress_force}, {@clear_cache}, {@nodatasum}, {@ref_verify}, {}, {@skip_balance}]}, 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, 0x0) 1.433391319s ago: executing program 0 (id=5897): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000280)={{0x4, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}) 1.284043911s ago: executing program 3 (id=5901): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0xbb) 1.247178522s ago: executing program 0 (id=5902): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f00000000c0), 0x4) 1.246960852s ago: executing program 2 (id=5903): syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=") quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000340)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000d00)={0x7, 0x5, 0x0, 0xffffffff, 0x80000000, 0x4, 0xfffffffffffffff8, 0x6, 0xf4}) 1.113374344s ago: executing program 0 (id=5906): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="4200000003"], 0x42) 1.112834384s ago: executing program 3 (id=5907): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x2cf1389d, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000180)={0x1, 0x0, {0x0, 0x0, 0x300e, 0x0, 0x0, 0x2, 0x0, 0x1}}) 989.980135ms ago: executing program 3 (id=5910): r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f0000001100)={'nat\x00', 0x0, 0x0, 0xfffffd86, [], 0x2, 0x0, 0x0}, &(0x7f0000001180)=0x108) 962.465696ms ago: executing program 0 (id=5911): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000a80)=@newtaction={0x12, 0x30, 0xb, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1b, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x20000005}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) 879.433887ms ago: executing program 4 (id=5912): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7ffffffffffffffb, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc040564a, &(0x7f0000000000)={0x0, 0x1, 0x1014, 0xffffffffffffffff, 0x0, 0x0}) 775.947738ms ago: executing program 0 (id=5914): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@func_proto={0x0, 0x1, 0x0, 0xd, 0xa, [{0xc, 0x1}]}, @enum={0x0, 0x1, 0x0, 0x6, 0x4, [{0x2}]}]}, {0x0, [0x61, 0x2e]}}, &(0x7f0000000f40)=""/4089, 0x44, 0xff9, 0x1, 0x0, 0x0, @void, @value}, 0x28) 733.574799ms ago: executing program 3 (id=5915): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x8917, 0x0) 732.963369ms ago: executing program 4 (id=5916): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)={0x28, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000080) 622.485691ms ago: executing program 3 (id=5918): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_G_INPUT(r0, 0x80045626, &(0x7f0000000080)) 540.417452ms ago: executing program 0 (id=5919): syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fe07124081173809499b0102030109022400010000000009040000028b8647000905e8ff00090000000905", @ANYRES16], 0x0) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 533.796372ms ago: executing program 4 (id=5920): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x405, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0xfffffffe}]}}}]}, 0x40}}, 0x0) 426.121294ms ago: executing program 4 (id=5921): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x2cf1389d, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000180)={0x1, 0x0, {0x0, 0x0, 0x300e, 0x0, 0x0, 0x2, 0x0, 0x1}}) 423.080644ms ago: executing program 1 (id=5931): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000019300)=ANY=[@ANYBLOB="74000000000101040000000c0000000002000004240001801400018008000100e000000208000200ac141410070002"], 0x74}}, 0x0) 422.471484ms ago: executing program 3 (id=5922): splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe6, 0x0) syz_usb_connect(0x2, 0x5a, &(0x7f0000000c00)={{0x12, 0x1, 0x0, 0x4c, 0xb6, 0xe8, 0x10, 0x10c5, 0x819a, 0x9591, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x80, 0x6, 0x6, 0x3, 0x0, 0x0, 0x0, [], [{{0x9, 0x5, 0x5, 0x1, 0x400, 0x6, 0x7, 0x1}}, {{0x9, 0x5, 0x7, 0x0, 0x8, 0x4, 0xc4, 0xf}}, {{0x9, 0x5, 0xf, 0xc, 0x200, 0x1, 0x1, 0x10}}, {{0x9, 0x5, 0x8, 0x3, 0x40, 0x19, 0x0, 0x3}}, {{0x9, 0x5, 0xb, 0x3, 0x8, 0x24, 0x86, 0x7}}, {{0x9, 0x5, 0x6, 0x8, 0x3ff, 0x6, 0x7, 0x8}}]}}]}}]}}, 0x0) 369.914985ms ago: executing program 4 (id=5923): r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000440)={0x1, @win={{0x3ff, 0x6, 0x32315842}, 0x0, 0xffffffff, 0x0, 0x1539fdcf, 0x0}}) 315.590375ms ago: executing program 4 (id=5924): syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x8082, &(0x7f00000000c0)={[{@gid_forget}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@anchor={'anchor', 0x3d, 0x3ff}}, {@shortad}, {@rootdir={'rootdir', 0x3d, 0xa}}, {@shortad}, {@uid_forget}, {@umask={'umask', 0x3d, 0x2000005}}]}, 0x1, 0xc4a, &(0x7f0000001b40)="$eJzs3VFsXeddAPD/d3Id2ykQb91CCyvcARpp1pQ0yeqsQeWGuoZJaWrN8d4m+ca+CVd1bMt2WFoG83jhgYdJCPGwJ0tQIQ0xVQwh3jBQpO2lD6hPPFmgVhPiwUKT+jQuOud+175O0jap7cRpf7/25n/uOf/vnO/7zuk5qeXvfAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARPz2ixdOPZMedC0AgPvp0uRXT532/AeAT5TL/v8fAAAAAAAAAAAAAAAOuhRFPBopFi9tpunqe9fQxfb8jZtTY+N3LjacqpKHqvzyM/TM6TNnv/Ts6Lle/ODye+3xeHny8oX6CwvXF5day8ut2frUfHtmYbZ113vYbflbnag6oH79lRuzV68u108/fWbH5psj7w4+cmzk/OiTJ5/o5U6NjY9P9uXUBj7y0W/zfiM8DkcRJyPFU9//cWpGRBG774sPuXb223DViBNVI6bGxquGzLWb8yvlxoleRxQR9b5CjV4f3YdzsSuNiNWy+mWFT5TNm1xsLjWvzLXqE82llfZKe2F+InVrW7anHkWcSxFrEbExePvuBqKIWqT47tHNdCUiDvX64YvVwOD3r0exj228C2U96wMRa8VDcM4OsMEo4qVI8ZM3i5gp+yx/4gsRL5XxHyJeL+PzEam8MM5GvFNdR8MPuObshVoU8afl+T+/mWar+0HvvnLxa/WvzF9d6Mvt3Vce+ufD/XTA701DUUSzuuNvpo/+lx0AAAAAAAAAAAAAAAAA9tpwFPF4pHjx33+/Glcc1bj0o+dHf2fkZ/vHjD/2Ifspc5+OiNXi7sbkHs5DiCfSREp3NZbYHIX7YSiK+MM8/u/bD7oyAAAAAAAAAAAAAAAAAAAAn2hFvB0pnnvreFqL/jnF2/PX6pebV+a6s8L25v7tzZne6XQ69dSNjRync1zNcS3H9Rw3cowil8+xkeN0jqs5ruW4nuNGjnEol8+xkeN0jqs5ruW4nuNGjlHL5XNs5Did42qOazmu57iRYxyQuXsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5Oiijip5HiO9/YTJEiohExHd24PtjLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAepMFUxA8iRf13G1vrahGRqn+7jpd/nI3G4TJ+OhqjZXw+GhdybFax1vj2A6g/uzOQivhRpBgcemPrhOfzP9D9tnUZxOvf3P72C7VuPNTbOPLu4CPHjp4fHf+lx95vOd2pAicutudv3KxPjY2PT/atruWjf7pv3Ug+brE3TScill997ZXm3FxrycInY6HWXajFnu55OGJvd7h3C7XuQr5fxQOvz3L5oL19U+PBV2znQlT3/jves/nYKJ//70SK33jrP3oP/N7z/2e637ae8PHeH20//5+7dUf79Px/tG/dc/lvIwO1iKGV64sDxyKGll997WT7evNa61pr/uypU18eHf3ymVMDhyOGrrbnWn1Lu+4qAAAAAAAAAAAAAAAAgPsrFfFbkaL5o81Uj4ib1XitkfOjT5584lAcqsZb7Ri39fLk5Qv1FxauLy61lpdbs/Wp+fbMwmzrbg83VA33mhob35fGfKjhfa7/8NALC4uvLrWv/d7KHbcfGbpwZXllqTlz580xHEVEo3/NiarCU2PjVaXn2s35qujEHg3MHEhF/GekmDlbT5/P6/L4vzK8PdCX2z/+f7VvfbW8T+P/PnXLcVIq4r1I8et/9lh8vqrnkbitz3LeX0WKE+c+l/PicJnXq0P3vQLdkYHvdbr+7qc7c3ttf3Q795l7692Drzz/RyPFD/7ke/Ered3O9z9sj//sP/9Hbt3RPp3/z/StO7LjfQW7bjr5/J+MFM8/+kb8al73Qe//KKLT6Xwr4nhO3no/x96e/62L7rN9qSPRPe6v7VnrAQAAAAAAAAAAHl4DqYi/jhRPjNfSs3nd3fz+3+ytO9qn3//7+b51s/dpvqJddyoAAAAAHBADqYi3I8W1lTe2xlD3jf/eOf7zN7fnXh9Lt2ytfs73c9V7A/by53/9RvJxp3ffbAAAAAAAAAAAAAAAAAAAADhQUiri2Tyf+vSHzKe+Hile/O+ncl46Vub15oEfqf4curQwf/LC3NzCTHOleWWuVZ9cbM60yrKfiRSbf/m5XLao5lfvzTffneN9qNOea50qc5cixfjf9HK7c7H35ibvzgfenYu9zP1UpPivv92Z25vH+rPbuafL3L+IFF//xzvnHtvOPVPmfi9S/PDr9V7ukTK3937U7jtJh2ox13p6ZmHutlehAgAAAAAAAAAAAAAAAAAAwL0aSEX8caT4n+trsZqH/ef5/3sz8Nd6ua9/s2++/1vcrOb5H6nm/3+/5Y8y///InrUUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHimKeC1SLF7aTOuD5feuoYvt+Rs3p8bG+5M7W0vDqSp5qMovP0PPnD5z9kvPjp7rxTuV3z+Px8uTly/UX1i4vrjUWl5uzdan5tszC7Otu97Dbstvd13XiaoD6tdfuTF79epy/fTTZ3Zsvjny7uAjx0bOjz558ole7tTY+PhkX05t4B6Ofk+V23Y4ivjzSPHU93+c/nkwoojd98Udr537Z7hqxImqEVNj41VD5trN+ZVy40SvI4qIel+hRq+P7sO52JVGxGpZ/bLCJ8rmTS42l5pX5lr1iebSSnulvTA/kbq1LdtTjyLOpVhdi4iNwa29/F9vYSCKeCVSfPfoZvqXwYhDvX744qXJr546fcvB/2l7sbgPbf0AZT3rAxFrxUNwzg6wwSji7yPFT948Hv86GFGL7ie+EPFSf+LzEam8MM5GvDP4wKrLHqtFEf9bnv/zm+nNwfJ+0LuvXPxa/SvzVxf6cnv3lYP0fOjc+7U4vAeHvXsH/N40FEX8sLrjb6Z/8981AAAAAAAAAAAAAAAAwAFSxC9GiufeOp6q8cFbY4rb89fql5tX5rrD+npj/+oRf1DGTqfTqadubOQ4neNqjms5/nLO38jfo8jlc2zkOJ3jao5rOa7nuJFjHMrlc2zkOJ3jao5rOa7nuJFj1KrQ6XS+1S1fy+VzXM1xrRZRlOXz940c44CM3QMAAAAAAAAAAAAAAAAAAD5eiuqfFN/5xmaq5lJtRExHN66bD/Rj7/8DAAD//y8yBuM=") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1021, 0x1) 314.860186ms ago: executing program 1 (id=5925): r0 = syz_open_procfs(0x0, &(0x7f0000000c40)='map_files\x00') getdents(r0, 0x0, 0x3b) 224.713577ms ago: executing program 1 (id=5926): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$afs(&(0x7f0000000040)=@cell={0x25, '', 'syz0', '.backup'}, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) 168.622477ms ago: executing program 1 (id=5927): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d424000000000000002900000002000000", 0xfe60) 109.655518ms ago: executing program 1 (id=5928): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f0000000140)}, 0x20) 0s ago: executing program 1 (id=5929): r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f0000002380)={0x0, 0x2, @start={0x0, 0x1, "7f83710d20e122eb8f3b3e8d00f9d5dd2e9725610e7d7c2677efd4cac6a6f79c2b2ee7c6f443147088fb2c753ca177e93f9739ed48550a729170bb56ad02579a56cb615e37dfc99b1366910b3c54a98d6d89933356f6110c303f6fe6e5d98b8dc3cb2d7c753a11c96899943220ba025d00cb57641c7519052155bc14caeb76b1b017bbc0c1b8158eae24bb8286bfa4f904b5e23cc15de6398492ab17737dc829bae0072d404a69e215f3d077a881a5bef1da06729839c52664d33fc766738cbf355ad09d3a0efcd043bfafa762548344c5a1d49a4a98e613241ce7427a27c480f8bf12af34a832525bfabfdd2e12cf2071cce9ea9b999d8c3b0bf49aba0edb88b5a9ceba619b801f74b552991ff71dfc4292a1b6cc14568905697913324516d3a6a051f9b1d7cc8d0c45117e96d9c26c53beb136fdde9e811a5b0bf3c0660b5fc21a95204814f9d0f4cdbeb08773d4322c934bc5cb59558f9e8f1bd0d2baadd69b245ad0abe31a06fddc69f72d7fe82b83ab979049fce96bda53de158aa7ce90026d61376c1608172fd2dcca9be0e7c2b3ed4e33d0d29e92d4a22fc9f35a4f66f60fac8e8bf4dfa1b7464e7603734d2e7e8b9cf59eaf05569a4b70aa3b9e513d8d8252f5349e5a3f4194d436f5da762e8ff9c42800ce33ffbc0befedc3b5034bbb2c40679883674f8a0f0080326b6a388cc7936ddc18c33ff4c7843e2679fe8785d000b399599aeed7f7851630b418895fa5192c2dcae47326a5642530dab2b20142fe136d8b1a40db19b32aef8550e5cec12042c058e8d2d84c6f738b81f3047b366df4e067fbbcb21f819c16d2cf3e72e20e3499877306e2b8ae7dddae1d53b69da16ba7ed44e4cbdc1c1ccaa798dc6ec185694e270a91f5d1a7309d251c135a6a728bd35e6d726706c81ab601910d283b5ba98d77899988eb2889ccf37b3e8e144b8612996db1f865ad6c1d9ce7bdf08a4202849c0010e1272c334f8e0010faab071130b0786df02f7e90653dfc5209e5e76e6a4ea37c94fda99e216b8b27464bb985e1165de223778e75ad67ae08009e6801c47fbdece2352773fefa94251993f5d4b745fbd832c53e2dbfcb38f0628b4299ec5f7fffc216bfeb89bc744ee33042543a2a9b2832d54cc77ab41f7853d6dc48ac549f3e5cc25b2e52b30548a5e17155ebf2aa43cc97299e865ba264d16420098d7df436c7a6b93baaf25a85e7419c6fcf1aa6e7bb3552cd75faaa5fe657536e80fd774a4d44ef4f61e07b3f7dbfba37401ab516d707503d0a5f916fd20ca06f6972e087ce72fa8981c1605328bd5ca3be86477e67469cb0fda125a7d2d9da17df68290b4014367f26cb7383e14b5bede69fa2feed4b1e59b337ba84bb913b510e1a1b52c0cf44083834cdffbf6a1d53857266d34e71c8457f092d3e14947e8a577fa93184534181cffdcea517", "f6a420743231ab2ae74c2813b1b5899383bd9c9524a2707acc1109c673b4807638479ec194964cb4c600eb0447a75943226e29573321c3107c7effdaa4943e75cc13a4294e5d438e9abdec9110384f4d6eaf329f0a51d54f1885e22735d117ba62286ccb2d4cbdeaf0c27bba2a006eca39b48dcd8d205a83a828acaca1e46ac1fa9b3d5364016fdfd5b1c549009e017b8f28ed8d63467bdbbffe640ca5400081d7642e93a74f0f115b50ffd33536f1f52a328d2a3715c4795e1af4db4573458105234cf4e85d310027bea8e14467b4a915f13198d0947bbb7ecf4b15ee2d1c0eb07c8c835989eafb0ac942f53b1b14aaca0f0ceebf77fb9438fa47bb53601a9124c430a29731bf5e1eb7babf3059b0b18ff6b4029c5e64fbb9e85c23beb8c7b943fb2a8cc4a233d5b7c86312ac5b23eac5dcc333be3d356e1f5227314f012c3a5a7f504ccfc19771782b8600790c9503f58900875f75d141882fe20525060d079369876564497f951b507645b3776b0419e2272ee2ec3847a765105eea6d54a9f4d4ddc0a2dae7d537c7a0ff837e2d161599d99a15c030c192dafa6a2b71f3ed6e3a6cb9258ce5013662623571c5498efecb9af53a608bb903b5d6e715d2a5c110d119485f89e23a740979db3398e1c67f7d6d9a39d8ad92e0a2fd25a0ff9ef4c4cb07089f20d1861b103e1d228f9d868091035af653126bbc6b1c6ab397bfd230118e73345c28f8365ea21a952d78faf94dd071b7cdb1e62a913b9c0a8b46965132f5a24dbab81833746c18b4f90ad6d35f4eeb5c09aa6b0a85c7237dc9aea95d2baf11a58682b4774d913bc6ce8c84b903b1d5a01043676e47d19dada6008ca816fe32b80aa0b88db14293bbae9990c42fffab07d4c44ba62417eaf933eea34bb8a3bcc42ea0ff479269580644b077171d2c10e266ea645337a24493c1f4f92abac228f7594ecb7e7f6c0ba37abf629ca0d9760bfadcfd87198998078880acb76a96c842f74a7c7b7f7000e8839ddf759d9fa669b90d8a6220b61bbf9e5adc61bcd0d19ca8b78244a6ecfec3a27a2e1db1586b4f1afc91847f1ce35d231075ebaf24abaa05646ebcbc3e52a0a48de904bd3bc588f9d587122b3ae78ddbaf7d1d4642b9cee8cdd9a4d2738003be355c8782cac536c97637e77e895b46d108bb5260e3a7754604b4354c7b023e917378b869196f89a01bbaafbf08e49ce160b049eaa648075f6e611e280601f65d5790825d189a911c0559a0ead4004c8268dd8ceebcc44d3baa7c140937c3451c1eb37f0eec62f9fa9cc0516ec3b95a327e0af7686afbd279d7638fd9371b5129c5e9832a41219dc89ad6fa61849111b18153cb24053ec08a8ff84efe5e3c0f738d998fdf9979b47a3ff1e18cdd5b6d3c2c92b4525e4181508e44510220399aedb56f753b56e591cd6a4a5d3f111770b78fe868"}, [0x3, 0x6, 0xe465, 0x8, 0x1, 0x8, 0x7, 0x7, 0xd4, 0x5, 0x8001, 0xf7a3, 0x7f, 0x0, 0x4, 0x1000, 0x8, 0xfffffffffffffffd, 0x7ff, 0x6, 0x7f, 0x9, 0x7fff, 0xfffffffffffffffd, 0x8, 0x2, 0x7, 0x8, 0xafdd, 0x7, 0x8d7b, 0x0, 0x8, 0x4, 0x200, 0x7fffffffffffffff, 0x58c7, 0x5, 0x100000000, 0x17, 0xdb6f, 0xf1, 0xffffffffffffffff, 0x2b7e3189, 0xf20, 0xfffffffffffffff8, 0xd40d, 0x6, 0xfff, 0x3, 0x3, 0xf7cc, 0x7, 0x7, 0xffffffffffffffce, 0x1b9f26f4, 0x100000001, 0xf, 0xa, 0xd, 0x5, 0x7, 0x3, 0x1]}) kernel console output (not intermixed with test programs): 75] usb 3-1: Product: syz [ 279.452912][ T4375] usb 3-1: Manufacturer: syz [ 279.457986][ T4375] usb 3-1: SerialNumber: syz [ 279.553841][T12728] netlink: 'syz.3.3829': attribute type 1 has an invalid length. [ 279.796313][ T4375] usb 3-1: USB disconnect, device number 20 [ 280.000502][T12750] CIFS mount error: No usable UNC path provided in device string! [ 280.000502][T12750] [ 280.052242][T12750] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 280.108317][T12758] netlink: 'syz.1.3844': attribute type 1 has an invalid length. [ 280.637718][T12782] loop4: detected capacity change from 0 to 4096 [ 280.699488][T12795] mmap: syz.3.3862 (12795): VmData 175878144 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 280.769464][T12801] loop1: detected capacity change from 0 to 164 [ 280.807993][T12782] __ntfs_error: 5 callbacks suppressed [ 280.808015][T12782] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 280.830017][T12801] ISOFS: unable to read i-node block [ 280.868411][T12801] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 280.877962][T12782] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 280.951793][T12782] ntfs: (device loop4): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 281.004400][T12782] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 281.072177][T12782] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 281.103916][T12782] ntfs: volume version 3.1. [ 281.152664][T12782] ntfs: (device loop4): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 281.260589][T12782] ntfs: (device loop4): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 281.404621][T12782] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 281.481764][T12782] ntfs: (device loop4): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 281.552701][T12782] ntfs: (device loop4): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 281.709860][T12811] syz.3.3870 (12811) used greatest stack depth: 19696 bytes left [ 281.801807][ T4373] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 281.884731][T12829] loop3: detected capacity change from 0 to 4096 [ 281.958482][T12807] loop0: detected capacity change from 0 to 32768 [ 282.041338][ T4373] usb 3-1: Using ep0 maxpacket: 8 [ 282.161345][ T4373] usb 3-1: config 0 has an invalid interface number: 176 but max is 0 [ 282.169954][ T4373] usb 3-1: config 0 has no interface number 0 [ 282.361378][ T4373] usb 3-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=43.f5 [ 282.371072][ T4373] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.411329][ T4373] usb 3-1: Product: syz [ 282.415521][ T4373] usb 3-1: Manufacturer: syz [ 282.420120][ T4373] usb 3-1: SerialNumber: syz [ 282.454378][ T4373] usb 3-1: config 0 descriptor?? [ 282.732824][ T4373] empeg 3-1:0.176: empeg converter detected [ 282.738889][ T4373] usb 3-1: active config #0 != 1 ?? [ 282.765091][ T4373] usb 3-1: USB disconnect, device number 21 [ 282.918114][T12807] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.3868 (12807) [ 283.029782][T12807] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 283.071429][T12807] BTRFS info (device loop0): force zlib compression, level 3 [ 283.079046][T12807] BTRFS info (device loop0): force clearing of disk cache [ 283.141526][T12807] BTRFS info (device loop0): setting nodatasum [ 283.147747][T12807] BTRFS info (device loop0): use zlib compression, level 3 [ 283.240807][T12807] BTRFS info (device loop0): allowing degraded mounts [ 283.281354][T12807] BTRFS info (device loop0): enabling disk space caching [ 283.313723][T12807] BTRFS info (device loop0): disk space caching is enabled [ 283.340372][T12807] BTRFS info (device loop0): has skinny extents [ 283.391402][ T4682] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 283.721526][T12807] BTRFS info (device loop0): enabling ssd optimizations [ 283.733446][T12807] BTRFS info (device loop0): clearing free space tree [ 283.777840][T12807] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 283.827467][T12807] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 283.838442][ T4682] usb 2-1: config index 0 descriptor too short (expected 4114, got 18) [ 283.882806][ T1108] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 284.023126][ T4682] usb 2-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 284.058022][ T4682] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.067084][ T4682] usb 2-1: Product: syz [ 284.071643][ T4682] usb 2-1: Manufacturer: syz [ 284.076775][ T4682] usb 2-1: SerialNumber: syz [ 284.118366][ T4682] usb 2-1: config 0 descriptor?? [ 284.119370][T12889] loop2: detected capacity change from 0 to 4096 [ 284.182370][ T1108] usb 4-1: Using ep0 maxpacket: 8 [ 284.531838][ T1108] usb 4-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=a8.17 [ 284.541048][ T1108] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.581970][ T1108] usb 4-1: Product: syz [ 284.586191][ T1108] usb 4-1: Manufacturer: syz [ 284.590826][ T1108] usb 4-1: SerialNumber: syz [ 284.631563][ T4682] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 284.664228][ T1108] usb 4-1: config 0 descriptor?? [ 284.669852][ T4682] asix: probe of 2-1:0.0 failed with error -71 [ 284.689217][ T4682] usb 2-1: USB disconnect, device number 15 [ 284.722191][ T1108] hub 4-1:0.0: bad descriptor, ignoring hub [ 284.758257][ T1108] hub: probe of 4-1:0.0 failed with error -5 [ 284.798870][ T1108] gspca_main: jeilinj-2.14.0 probing 0979:0270 [ 284.820808][T12906] loop2: detected capacity change from 0 to 64 [ 284.895427][T12913] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3910'. [ 284.944240][ T4374] usb 4-1: USB disconnect, device number 18 [ 285.508181][T12947] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3926'. [ 285.660950][T12958] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3931'. [ 285.688143][T12961] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.3933'. [ 285.705951][T12958] netlink: 492 bytes leftover after parsing attributes in process `syz.4.3931'. [ 285.761346][T12961] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 285.846687][T12973] loop4: detected capacity change from 0 to 8 [ 285.957737][T12973] SQUASHFS error: xz decompression failed, data probably corrupt [ 285.967040][T12974] loop3: detected capacity change from 0 to 4096 [ 285.981792][T12973] SQUASHFS error: Failed to read block 0x108: -5 [ 285.988261][T12973] SQUASHFS error: Unable to read metadata cache entry [106] [ 286.014778][T12973] SQUASHFS error: Unable to read inode 0x11f [ 286.047008][T12974] __ntfs_error: 6 callbacks suppressed [ 286.047027][T12974] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 286.072209][T12974] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 286.080072][T12984] loop1: detected capacity change from 0 to 256 [ 286.108727][T12974] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 286.116263][T12986] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 286.147880][T12974] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 286.162015][T12974] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 286.175188][T12974] ntfs: volume version 3.1. [ 286.195627][T12974] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 286.244588][T12974] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 286.283565][T12974] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 286.297712][T12974] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 286.328637][T12974] ntfs: (device loop3): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 286.609478][T13002] netlink: 180 bytes leftover after parsing attributes in process `syz.3.3952'. [ 287.185290][T13023] loop4: detected capacity change from 0 to 4096 [ 287.268747][T13034] netlink: 'syz.0.3969': attribute type 25 has an invalid length. [ 287.482603][T13046] netlink: 'syz.3.3974': attribute type 24 has an invalid length. [ 287.536600][ T4170] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 287.561510][ T4170] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 287.631796][T13053] device bridge_slave_0 entered promiscuous mode [ 287.699225][T13053] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 287.849126][T13064] loop4: detected capacity change from 0 to 512 [ 287.926727][T13064] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 287.967052][T13064] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 288.103258][T13064] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 288.121262][T13064] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=1842c01c, mo2=0002] [ 288.130793][T13064] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80) [ 288.175461][T13064] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features [ 288.206298][T13064] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,noinit_itable,nomblk_io_submit,noblock_validity,data_err=abort,jqfmt=vfsold,jqfmt=vfsv0,barrier=0x000000000000d95a,debug,,errors=continue. Quota mode: none. [ 288.299033][T13064] EXT4-fs warning (device loop4): dx_probe:893: inode #2: comm syz.4.3983: dx entry: limit 65535 != root limit 120 [ 288.393389][T13064] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.3983: Corrupt directory, running e2fsck is recommended [ 288.524013][T13091] netlink: 88 bytes leftover after parsing attributes in process `syz.0.3995'. [ 288.911528][T13110] loop3: detected capacity change from 0 to 1024 [ 289.053475][T13117] device batadv_slave_0 entered promiscuous mode [ 289.100430][T13117] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 289.113314][T13067] loop1: detected capacity change from 0 to 32768 [ 289.161602][T13119] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4009'. [ 289.320619][T13129] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4014'. [ 289.461425][T13135] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4017'. [ 289.832960][T13157] loop2: detected capacity change from 0 to 8 [ 289.899362][T13157] SQUASHFS error: zlib decompression failed, data probably corrupt [ 289.919156][T13157] SQUASHFS error: Failed to read block 0x9b: -5 [ 289.947733][T13157] SQUASHFS error: Unable to read metadata cache entry [99] [ 289.968006][T13157] SQUASHFS error: Unable to read inode 0x127 [ 290.107519][T13167] program syz.1.4032 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 290.428059][T13179] loop1: detected capacity change from 0 to 1024 [ 290.478811][T13182] loop4: detected capacity change from 0 to 64 [ 290.508983][T13184] binder: 13183:13184 unknown command 0 [ 290.531328][T13184] binder: 13183:13184 ioctl c0306201 200000000280 returned -22 [ 290.550056][T13137] loop3: detected capacity change from 0 to 32768 [ 290.551051][T13186] loop2: detected capacity change from 0 to 2048 [ 290.762660][ C0] vkms_vblank_simulate: vblank timer overrun [ 290.798248][T13192] loop1: detected capacity change from 0 to 8 [ 291.109010][T13204] loop0: detected capacity change from 0 to 4096 [ 291.218260][T13214] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 291.255876][T13204] NILFS (loop0): bad btree root (ino=12): level = 7, flags = 0xff, nchildren = 0 [ 291.435874][T13225] loop3: detected capacity change from 0 to 4096 [ 291.506016][T13225] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 291.525822][T13233] netlink: 'syz.2.4066': attribute type 2 has an invalid length. [ 291.621556][T13225] ntfs3: loop3: failed to convert "c46c" to cp1255 [ 291.651937][T13239] __nla_validate_parse: 3 callbacks suppressed [ 291.651954][T13239] netlink: 17 bytes leftover after parsing attributes in process `syz.1.4068'. [ 291.688404][T13243] loop2: detected capacity change from 0 to 8 [ 292.041065][T13263] loop1: detected capacity change from 0 to 2048 [ 292.107834][T13269] loop0: detected capacity change from 0 to 256 [ 292.155268][T13276] netlink: 100 bytes leftover after parsing attributes in process `syz.4.4087'. [ 292.175570][T13263] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 292.183460][T13269] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x02a07125, utbl_chksum : 0xe619d30d) [ 292.285744][T13280] loop3: detected capacity change from 0 to 512 [ 292.521870][T13280] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,barrier=0x0000000000000007,grpjquota=,norecovery,usrquota,,errors=continue. Quota mode: writeback. [ 292.588906][T13302] loop2: detected capacity change from 0 to 512 [ 292.621391][T13280] ext4 filesystem being mounted at /784/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 292.694586][T13309] loop0: detected capacity change from 0 to 1024 [ 292.727166][T13280] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 292.780838][T13309] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 292.810490][T13302] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.4097: bg 0: block 248: padding at end of block bitmap is not set [ 292.845460][T13317] loop1: detected capacity change from 0 to 164 [ 292.883322][T13302] __quota_error: 7 callbacks suppressed [ 292.883339][T13302] Quota error (device loop2): write_blk: dquota write failed [ 292.896761][T13302] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 292.907112][T13302] EXT4-fs error (device loop2): ext4_acquire_dquot:6204: comm syz.2.4097: Failed to acquire dquot type 1 [ 292.920979][T13319] loop4: detected capacity change from 0 to 512 [ 292.947494][T13302] EXT4-fs (loop2): 1 truncate cleaned up [ 292.959618][T13317] iso9660: Corrupted directory entry in block 0 of inode 1792 [ 292.962579][T13302] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 292.982677][T13302] ext4 filesystem being mounted at /824/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 293.047813][T13319] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.4105: invalid block [ 293.133587][T13319] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.4105: invalid indirect mapped block 4294967295 (level 1) [ 293.143619][T13328] device ip6gre1 entered promiscuous mode [ 293.248886][T13319] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.4105: invalid indirect mapped block 4294967295 (level 1) [ 293.270898][T13330] loop1: detected capacity change from 0 to 65 [ 293.295116][T13319] EXT4-fs (loop4): 2 truncates cleaned up [ 293.302993][T13332] loop2: detected capacity change from 0 to 8 [ 293.321097][T13319] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,init_itable=0x0000000000004004,barrier=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 293.410705][T13330] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway [ 293.676314][T13348] tc_dump_action: action bad kind [ 293.827556][T13358] netlink: 'syz.4.4124': attribute type 3 has an invalid length. [ 293.833288][ T4682] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 294.085074][ T26] audit: type=1326 audit(1747271843.980:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13361 comm="syz.2.4126" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f65f011a969 code=0x0 [ 294.141674][ T4682] usb 1-1: Using ep0 maxpacket: 32 [ 294.240461][T13369] netlink: 'syz.4.4130': attribute type 7 has an invalid length. [ 294.261616][ T4682] usb 1-1: config 0 has an invalid interface number: 9 but max is 0 [ 294.291651][ T4682] usb 1-1: config 0 has no interface number 0 [ 294.461610][ T4682] usb 1-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 294.487038][ T4682] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.552496][ T4682] usb 1-1: Product: syz [ 294.586598][ T4682] usb 1-1: Manufacturer: syz [ 294.622389][ T4682] usb 1-1: SerialNumber: syz [ 294.684434][ T4682] usb 1-1: config 0 descriptor?? [ 294.735104][ T4682] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 295.142540][ T4682] gspca_topro: reg_w err -71 [ 295.191442][ T4682] gspca_topro: Sensor soi763a [ 295.221644][ T4682] usb 1-1: USB disconnect, device number 17 [ 295.326977][T13408] loop3: detected capacity change from 0 to 4096 [ 295.412499][T13408] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 296.081360][ T4683] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 296.254542][T13454] loop2: detected capacity change from 0 to 4096 [ 296.321390][T13454] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 296.341453][ T4683] usb 4-1: Using ep0 maxpacket: 8 [ 296.421107][T13454] ntfs3: loop2: failed to convert "c46c" to iso8859-15 [ 296.514252][ T4683] usb 4-1: unable to get BOS descriptor or descriptor too short [ 296.633323][ T4683] usb 4-1: config 0 has an invalid interface number: 88 but max is 0 [ 296.669682][ T4683] usb 4-1: config 0 has no interface number 0 [ 296.699946][ T4683] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 296.744922][ T4683] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 296.773644][ T4683] usb 4-1: config 0 interface 88 has no altsetting 0 [ 297.051445][ T4683] usb 4-1: string descriptor 0 read error: -22 [ 297.063899][ T4683] usb 4-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 297.113995][ T4683] usb 4-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 297.152714][ T4683] usb 4-1: config 0 descriptor?? [ 297.224922][ T4683] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.88/input/input18 [ 297.367170][T13520] loop4: detected capacity change from 0 to 64 [ 297.507340][ T4370] usb 4-1: USB disconnect, device number 19 [ 297.724153][T13541] tmpfs: Bad value for 'nr_blocks' [ 298.240721][T13558] device wlan1 entered promiscuous mode [ 298.273701][T13558] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 298.360918][T13564] ieee802154 phy0 wpan0: encryption failed: -22 [ 298.391524][T13565] binder: Bad value for 'max' [ 298.510655][T13528] loop1: detected capacity change from 0 to 32768 [ 298.618353][T13577] device sit0 entered promiscuous mode [ 298.649301][T13577] netlink: 'syz.4.4230': attribute type 3 has an invalid length. [ 298.697263][T13577] netlink: 1 bytes leftover after parsing attributes in process `syz.4.4230'. [ 298.707369][T13584] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4231'. [ 298.739999][T13528] XFS (loop1): Mounting V5 Filesystem [ 298.821863][ T4370] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 298.890239][T13538] loop2: detected capacity change from 0 to 40427 [ 298.916216][T13528] XFS (loop1): Ending clean mount [ 298.949485][T13528] XFS (loop1): Quotacheck needed: Please wait. [ 298.987937][T13597] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 299.026914][T13538] F2FS-fs (loop2): build fault injection attr: rate: 4, type: 0x1ffff [ 299.051686][T13538] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x4 [ 299.128297][T13538] F2FS-fs (loop2): invalid crc value [ 299.141500][ T4370] usb 1-1: not running at top speed; connect to a high speed hub [ 299.152486][T13538] F2FS-fs (loop2) : inject page alloc in f2fs_grab_cache_page of __get_meta_page+0x14e/0x440 [ 299.163464][T13528] XFS (loop1): Quotacheck: Done. [ 299.231958][T13538] F2FS-fs (loop2) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x3e6/0xa30 [ 299.232086][ T4370] usb 1-1: config 95 has an invalid interface number: 1 but max is 0 [ 299.271251][ T4370] usb 1-1: config 95 has no interface number 0 [ 299.281528][ T4370] usb 1-1: config 95 interface 1 has no altsetting 0 [ 299.291738][ T4174] XFS (loop1): Unmounting Filesystem [ 299.322776][T13538] F2FS-fs (loop2): Found nat_bits in checkpoint [ 299.441614][ T4370] usb 1-1: New USB device found, idVendor=0763, idProduct=2031, bcdDevice=ad.3f [ 299.458763][T13538] F2FS-fs (loop2) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x3e6/0xa30 [ 299.481859][ T4370] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.490070][ T4370] usb 1-1: Product: syz [ 299.494685][T13610] loop4: detected capacity change from 0 to 256 [ 299.505137][T13538] F2FS-fs (loop2) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x3e6/0xa30 [ 299.506287][ T4370] usb 1-1: Manufacturer: syz [ 299.518275][T13538] F2FS-fs (loop2) : inject page alloc in f2fs_grab_cache_page of __get_meta_page+0x14e/0x440 [ 299.534963][ T4370] usb 1-1: SerialNumber: syz [ 299.619906][T13538] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 299.679322][T13610] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 299.694986][T13616] loop3: detected capacity change from 0 to 256 [ 299.702044][T13538] F2FS-fs (loop2) : inject page alloc in f2fs_grab_cache_page of __get_node_page+0x110/0x880 [ 299.712783][T13610] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 299.811047][ T4171] F2FS-fs (loop2) : inject page alloc in f2fs_grab_cache_page of f2fs_grab_meta_page+0x66/0x1b0 [ 299.827252][T13610] attempt to access beyond end of device [ 299.827252][T13610] loop4: rw=524288, want=408, limit=256 [ 299.858238][T13616] FAT-fs (loop3): Directory bread(block 64) failed [ 299.900464][T13616] FAT-fs (loop3): Directory bread(block 65) failed [ 299.908107][T13616] FAT-fs (loop3): Directory bread(block 66) failed [ 299.927496][T13616] FAT-fs (loop3): Directory bread(block 67) failed [ 299.932369][T13610] attempt to access beyond end of device [ 299.932369][T13610] loop4: rw=524288, want=664, limit=256 [ 299.979529][T13616] FAT-fs (loop3): Directory bread(block 68) failed [ 299.999476][T13610] attempt to access beyond end of device [ 299.999476][T13610] loop4: rw=0, want=288, limit=256 [ 300.052683][T13616] FAT-fs (loop3): Directory bread(block 69) failed [ 300.059632][ T4370] usb 1-1: USB disconnect, device number 18 [ 300.065708][ T26] audit: type=1800 audit(1747271849.950:37): pid=13610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4243" name="file1" dev="loop4" ino=1048638 res=0 errno=0 [ 300.105634][T13616] FAT-fs (loop3): Directory bread(block 70) failed [ 300.137509][T13616] FAT-fs (loop3): Directory bread(block 71) failed [ 300.181434][T13616] FAT-fs (loop3): Directory bread(block 72) failed [ 300.208993][T13616] FAT-fs (loop3): Directory bread(block 73) failed [ 300.344327][T13628] loop4: detected capacity change from 0 to 64 [ 300.393100][ T4249] udevd[4249]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 300.591577][ T4682] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 300.876394][T13650] loop4: detected capacity change from 0 to 512 [ 300.921460][T13650] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 300.986818][T13650] EXT4-fs (loop4): 1 truncate cleaned up [ 301.001745][ T4682] usb 2-1: config 0 has an invalid interface number: 50 but max is 0 [ 301.009598][T13650] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nombcache,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,quota,,errors=continue. Quota mode: writeback. [ 301.020669][ T4682] usb 2-1: config 0 has no interface number 0 [ 301.036174][ T4682] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 301.100771][T13650] EXT4-fs error (device loop4): ext4_find_extent:893: inode #15: comm syz.4.4261: inode has invalid extent depth: 25964 [ 301.131858][T13650] fs-verity (loop4, inode 15): Error -117 getting verity descriptor size [ 301.251574][ T4682] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 301.271726][T13665] netlink: 'syz.3.4268': attribute type 1 has an invalid length. [ 301.291820][ T4682] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.299867][ T4682] usb 2-1: Product: syz [ 301.327925][ T4682] usb 2-1: Manufacturer: syz [ 301.337649][ T4682] usb 2-1: SerialNumber: syz [ 301.358125][ T4682] usb 2-1: config 0 descriptor?? [ 301.405642][ T4682] yurex 2-1:0.50: USB YUREX device now attached to Yurex #0 [ 301.528302][T13669] loop2: detected capacity change from 0 to 4096 [ 301.540895][T13669] ntfs3: Invalid value for gid. [ 301.595106][T13677] loop3: detected capacity change from 0 to 128 [ 301.671367][ C0] yurex 2-1:0.50: yurex_interrupt - overflow with length 8, actual length is 8 [ 301.884491][ T4375] usb 2-1: USB disconnect, device number 16 [ 301.901477][ T4375] yurex 2-1:0.50: USB YUREX #0 now disconnected [ 301.914018][T13685] loop2: detected capacity change from 0 to 16 [ 302.010707][T13685] erofs: (device loop2): mounted with root inode @ nid 36. [ 302.034580][T13652] loop0: detected capacity change from 0 to 32768 [ 302.161473][T13652] ERROR: (device loop0): dtSearch: DT_GETPAGE: dtree page corrupt [ 302.161473][T13652] [ 302.220994][T13652] ERROR: (device loop0): remounting filesystem as read-only [ 302.275586][T13652] jfs_lookup: dtSearch returned -5 [ 302.581383][ T4374] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 302.604719][T13715] netlink: 'syz.0.4291': attribute type 1 has an invalid length. [ 302.638005][T13715] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4291'. [ 302.759883][T13719] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4293'. [ 302.790660][T13719] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4293'. [ 302.836986][T13719] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4293'. [ 302.951652][ T4374] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 303.131654][ T4374] usb 4-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=21.78 [ 303.157141][T13737] loop0: detected capacity change from 0 to 2048 [ 303.163767][ T4374] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.179757][ T4374] usb 4-1: Product: syz [ 303.189900][ T4374] usb 4-1: Manufacturer: syz [ 303.199206][ T4374] usb 4-1: SerialNumber: syz [ 303.215216][ T4374] usb 4-1: config 0 descriptor?? [ 303.271879][T13737] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 303.640738][T13761] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 303.689109][T13761] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 303.691407][ T4374] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 303.736715][ T4374] asix 4-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 303.759560][T13767] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4316'. [ 303.764590][ T4374] asix: probe of 4-1:0.0 failed with error -71 [ 303.841395][ T4374] usb 4-1: USB disconnect, device number 20 [ 304.094143][T13787] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4326'. [ 304.398732][T13781] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 304.528332][T13797] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 304.564687][T13797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 304.577271][T13797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 304.939595][T13826] netlink: 'syz.3.4341': attribute type 21 has an invalid length. [ 304.958665][T13826] netlink: 'syz.3.4341': attribute type 6 has an invalid length. [ 305.003972][T13826] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4341'. [ 305.143674][T13833] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 305.171195][ T4375] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 305.411384][ T4375] usb 1-1: Using ep0 maxpacket: 16 [ 305.531549][ T4375] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 305.554463][ T4375] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 305.597262][ T4375] usb 1-1: config 0 has no interface number 0 [ 305.614105][T13862] netlink: 'syz.3.4354': attribute type 30 has an invalid length. [ 305.781690][ T4375] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 305.811584][ T4375] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.840654][ T4375] usb 1-1: Product: syz [ 305.858118][ T4375] usb 1-1: Manufacturer: syz [ 305.872771][T13877] loop1: detected capacity change from 0 to 512 [ 305.880236][ T4375] usb 1-1: SerialNumber: syz [ 305.902616][ T4375] usb 1-1: config 0 descriptor?? [ 305.946943][ T4375] usb 1-1: Found UVC 0.00 device syz (046d:08f3) [ 305.983089][T13890] loop4: detected capacity change from 0 to 128 [ 305.995885][T13884] loop2: detected capacity change from 0 to 512 [ 306.001816][ T4375] usb 1-1: No valid video chain found. [ 306.029177][T13877] EXT4-fs error (device loop1): ext4_orphan_get:1427: comm syz.1.4361: bad orphan inode 13 [ 306.100763][T13877] ext4_test_bit(bit=12, block=4) = 1 [ 306.120837][T13884] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000004739,inode_readahead_blks=0x0000000000000800,norecovery,,errors=continue. Quota mode: writeback. [ 306.144606][T13877] is_bad_inode(inode)=0 [ 306.149188][T13884] ext4 filesystem being mounted at /883/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 306.164292][T13877] NEXT_ORPHAN(inode)=0 [ 306.168309][ T4375] usb 1-1: USB disconnect, device number 19 [ 306.168399][T13877] max_ino=32 [ 306.168411][T13877] i_nlink=1 [ 306.206210][T13877] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 306.312802][T13877] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.4361: Unrecognised inode hash code 20 [ 306.359774][T13877] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.4361: Corrupt directory, running e2fsck is recommended [ 306.387371][T13877] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.4361: Unrecognised inode hash code 20 [ 306.417252][T13877] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.4361: Corrupt directory, running e2fsck is recommended [ 306.529848][T13916] netlink: 64 bytes leftover after parsing attributes in process `syz.4.4376'. [ 306.589150][T13919] netlink: 'syz.2.4373': attribute type 1 has an invalid length. [ 306.759896][T13928] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4380'. [ 306.862648][T13934] netlink: 'syz.0.4381': attribute type 5 has an invalid length. [ 306.899330][T13934] device ip6erspan0 entered promiscuous mode [ 307.053086][T13936] loop4: detected capacity change from 0 to 4096 [ 307.078451][T13947] netlink: 'syz.2.4386': attribute type 1 has an invalid length. [ 307.129920][T13936] NILFS (loop4): invalid segment: Checksum error in segment payload [ 307.146836][T13948] loop3: detected capacity change from 0 to 512 [ 307.178837][T13936] NILFS (loop4): trying rollback from an earlier position [ 307.225951][T13948] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 307.244849][T13936] NILFS (loop4): recovery cancelled because norecovery option was specified for a read/write mount [ 307.255905][T13948] EXT4-fs (loop3): Couldn't mount because of unsupported optional features (800) [ 307.308165][T13957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4390'. [ 307.391006][T13960] loop1: detected capacity change from 0 to 256 [ 307.467157][T13963] netlink: 'syz.0.4393': attribute type 21 has an invalid length. [ 307.504514][T13960] FAT-fs (loop1): Directory bread(block 64) failed [ 307.531403][T13963] netlink: 'syz.0.4393': attribute type 6 has an invalid length. [ 307.539482][T13960] FAT-fs (loop1): Directory bread(block 65) failed [ 307.568380][T13963] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4393'. [ 307.579129][T13960] FAT-fs (loop1): Directory bread(block 66) failed [ 307.588926][T13960] FAT-fs (loop1): Directory bread(block 67) failed [ 307.625226][T13960] FAT-fs (loop1): Directory bread(block 68) failed [ 307.646567][T13960] FAT-fs (loop1): Directory bread(block 69) failed [ 307.676211][T13960] FAT-fs (loop1): Directory bread(block 70) failed [ 307.711936][T13960] FAT-fs (loop1): Directory bread(block 71) failed [ 307.734173][T13975] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4397'. [ 307.751473][T13960] FAT-fs (loop1): Directory bread(block 72) failed [ 307.758204][T13960] FAT-fs (loop1): Directory bread(block 73) failed [ 307.824448][T13980] loop3: detected capacity change from 0 to 512 [ 308.008226][T13980] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000004739,inode_readahead_blks=0x0000000000000800,norecovery,,errors=continue. Quota mode: writeback. [ 308.052875][T13980] ext4 filesystem being mounted at /844/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 308.424327][T14005] netlink: 'syz.1.4407': attribute type 30 has an invalid length. [ 308.515085][T14008] cgroup: noprefix used incorrectly [ 308.605850][T14014] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 308.826765][T14026] loop1: detected capacity change from 0 to 512 [ 309.047312][T14026] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000004739,inode_readahead_blks=0x0000000000000800,norecovery,,errors=continue. Quota mode: writeback. [ 309.077240][T14026] ext4 filesystem being mounted at /919/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 309.356892][T14061] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 309.360924][T14059] loop1: detected capacity change from 0 to 764 [ 309.545157][T14068] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 309.607952][T14068] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 309.656538][T14068] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 309.861624][ T4682] Bluetooth: hci3: command 0x0405 tx timeout [ 310.393405][T14095] loop2: detected capacity change from 0 to 4096 [ 310.482218][T14095] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 310.510015][T14115] nvme_fabrics: unknown parameter or missing value 'ó' in ctrl creation request [ 310.620680][T14095] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 310.785967][T14064] loop0: detected capacity change from 0 to 40427 [ 310.896145][T14064] F2FS-fs (loop0): Invalid segment count (1) [ 310.928074][T14064] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 310.990960][T14064] F2FS-fs (loop0): invalid crc value [ 311.024695][T14064] F2FS-fs (loop0): Found nat_bits in checkpoint [ 311.032521][T14137] loop4: detected capacity change from 0 to 512 [ 311.098817][T14137] EXT4-fs (loop4): Ignoring removed nobh option [ 311.183236][T14064] F2FS-fs (loop0): recover fsync data on readonly fs [ 311.183840][T14137] EXT4-fs error (device loop4): ext4_do_update_inode:5203: inode #3: comm syz.4.4457: corrupted inode contents [ 311.203599][T14064] F2FS-fs (loop0): Try to recover 1th superblock, ret: -30 [ 311.227651][T14064] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 311.268295][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 311.275384][T14137] EXT4-fs error (device loop4): ext4_dirty_inode:6039: inode #3: comm syz.4.4457: mark_inode_dirty error [ 311.291231][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 311.324253][T14152] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 311.339141][T14137] EXT4-fs error (device loop4): ext4_do_update_inode:5203: inode #3: comm syz.4.4457: corrupted inode contents [ 311.380308][T14064] F2FS-fs (loop0): Try to recover all the superblocks, ret: 0 [ 311.391317][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 311.398074][T14137] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #3: comm syz.4.4457: mark_inode_dirty error [ 311.450452][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 311.470594][T14137] Quota error (device loop4): write_blk: dquota write failed [ 311.489577][T14137] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 311.510638][T14137] EXT4-fs error (device loop4): ext4_acquire_dquot:6204: comm syz.4.4457: Failed to acquire dquot type 0 [ 311.561608][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 311.594182][T14137] EXT4-fs error (device loop4): ext4_do_update_inode:5203: inode #16: comm syz.4.4457: corrupted inode contents [ 311.678573][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 311.739255][T14137] EXT4-fs error (device loop4): ext4_dirty_inode:6039: inode #16: comm syz.4.4457: mark_inode_dirty error [ 311.795601][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 311.842930][T14137] EXT4-fs error (device loop4): ext4_do_update_inode:5203: inode #16: comm syz.4.4457: corrupted inode contents [ 311.901739][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 311.932926][T14137] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.4457: mark_inode_dirty error [ 312.002339][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 312.008977][T14137] EXT4-fs error (device loop4): ext4_do_update_inode:5203: inode #16: comm syz.4.4457: corrupted inode contents [ 312.103754][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 312.131108][T14137] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 312.172854][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 312.196950][T14187] kAFS: unable to lookup cell 's@dÁHž9>Ö2Ï”yz1' [ 312.203549][T14137] EXT4-fs error (device loop4): ext4_do_update_inode:5203: inode #16: comm syz.4.4457: corrupted inode contents [ 312.258461][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 312.294684][T14137] EXT4-fs error (device loop4): ext4_truncate:4273: inode #16: comm syz.4.4457: mark_inode_dirty error [ 312.334850][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 312.381362][T14137] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 312.433368][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 312.468120][T14137] EXT4-fs (loop4): 1 truncate cleaned up [ 312.490873][T14200] loop2: detected capacity change from 0 to 1024 [ 312.509548][T14137] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nobh,. Quota mode: writeback. [ 312.554184][T14137] ext4 filesystem being mounted at /886/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 312.810938][T14137] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.4457: inode #59392: comm syz.4.4457: iget: illegal inode # [ 312.845560][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 312.899962][T14137] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.4457: error while reading EA inode 59392 err=-117 [ 312.961733][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 312.981387][T14137] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.4457: inode #59392: comm syz.4.4457: iget: illegal inode # [ 313.050795][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 313.079653][T14137] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.4457: error while reading EA inode 59392 err=-117 [ 313.125101][T14137] EXT4-fs (loop4): Remounting filesystem read-only [ 313.425279][T14244] loop4: detected capacity change from 0 to 8 [ 313.516005][T14246] loop2: detected capacity change from 0 to 1024 [ 313.591344][ T4682] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 313.854495][T14233] loop3: detected capacity change from 0 to 32768 [ 313.861277][ T4682] usb 2-1: Using ep0 maxpacket: 32 [ 313.889630][T14250] loop2: detected capacity change from 0 to 512 [ 313.963526][T14233] JBD2: Ignoring recovery information on journal [ 313.992531][ T4682] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 219 [ 314.021418][T14250] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nombcache,nolazytime,,errors=continue. Quota mode: writeback. [ 314.101375][T14250] ext4 filesystem being mounted at /912/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 314.173018][T14233] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 314.211538][ T4682] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 314.251326][ T4682] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.269803][ T4682] usb 2-1: Product: syz [ 314.310559][ T4682] usb 2-1: Manufacturer: syz [ 314.330985][ T4682] usb 2-1: SerialNumber: syz [ 314.361396][ T4682] usb 2-1: config 0 descriptor?? [ 314.391533][T14240] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 314.698636][ T1110] usb 2-1: USB disconnect, device number 17 [ 314.759644][ T4173] ocfs2: Unmounting device (7,3) on (node local) [ 314.835567][T14275] netlink: 209820 bytes leftover after parsing attributes in process `syz.2.4517'. [ 314.971286][ T4375] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 315.042171][T14281] loop2: detected capacity change from 0 to 1024 [ 315.099012][T14281] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 315.361589][ T4375] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 315.377151][ T4375] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 315.429393][ T4375] usb 1-1: config 220 has no interface number 2 [ 315.471652][ T4375] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 315.506704][ T4375] usb 1-1: config 220 interface 0 has no altsetting 0 [ 315.534608][ T4375] usb 1-1: config 220 interface 76 has no altsetting 0 [ 315.535647][T14296] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4530'. [ 315.554966][ T4375] usb 1-1: config 220 interface 1 has no altsetting 0 [ 315.580994][T14296] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4530'. [ 315.631970][T14296] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4530'. [ 315.731395][ T4375] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 315.745366][ T4375] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.769508][ T4375] usb 1-1: Product: syz [ 315.779473][ T4375] usb 1-1: Manufacturer: syz [ 315.803829][ T4375] usb 1-1: SerialNumber: syz [ 316.055336][T14322] loop3: detected capacity change from 0 to 512 [ 316.079972][T14321] loop4: detected capacity change from 0 to 2048 [ 316.148608][T14322] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 316.181469][T14321] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 316.181875][ T4375] usb 1-1: selecting invalid altsetting 0 [ 316.212605][ T4374] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 316.214869][T14322] ext4 filesystem being mounted at /874/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 316.221510][ T4375] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 316.271769][ T4375] usb 1-1: No valid video chain found. [ 316.283865][T14321] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 316.364411][ T4375] usb 1-1: selecting invalid altsetting 0 [ 316.391352][ T4375] usbtest: probe of 1-1:220.1 failed with error -22 [ 316.421728][ T4375] usb 1-1: USB disconnect, device number 20 [ 316.621567][ T4374] usb 2-1: config 0 has an invalid interface number: 114 but max is 0 [ 316.661863][ T4374] usb 2-1: config 0 has no interface number 0 [ 316.821510][ T4374] usb 2-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=13.67 [ 316.851535][ T4374] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.884528][ T4374] usb 2-1: Product: syz [ 316.888743][ T4374] usb 2-1: Manufacturer: syz [ 316.901252][ T4374] usb 2-1: SerialNumber: syz [ 316.945220][ T4374] usb 2-1: config 0 descriptor?? [ 317.144666][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.151177][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.167058][T14367] loop0: detected capacity change from 0 to 128 [ 317.218447][T14370] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4562'. [ 317.222284][ T4374] cdc_subset: probe of 2-1:0.114 failed with error -22 [ 317.250449][T14367] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 317.286012][T14367] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 317.470435][ T4374] usb 2-1: USB disconnect, device number 18 [ 317.944641][T14365] loop2: detected capacity change from 0 to 32768 [ 317.950466][T14389] loop4: detected capacity change from 0 to 4096 [ 317.965120][T14395] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4575'. [ 317.999034][T14389] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 318.177789][T14403] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4579'. [ 318.206314][T14389] ntfs3: loop4: failed to convert "c46c" to iso8859-1 [ 318.223863][T14403] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4579'. [ 318.251935][T14403] netlink: 31 bytes leftover after parsing attributes in process `syz.0.4579'. [ 318.275632][T14403] netlink: 'syz.0.4579': attribute type 2 has an invalid length. [ 318.288667][T14403] netlink: 31 bytes leftover after parsing attributes in process `syz.0.4579'. [ 318.391307][ T4370] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 318.501564][T14416] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 318.613666][T14416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.651221][ T4370] usb 2-1: Using ep0 maxpacket: 16 [ 318.691103][T14416] bond0: (slave lo): Enslaving as an active interface with an up link [ 318.711857][ T6132] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 318.825355][T14420] loop4: detected capacity change from 0 to 4096 [ 318.951565][ T4370] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 318.959831][T14420] ntfs: volume version 3.1. [ 318.967868][ T4370] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.998412][ T4370] usb 2-1: Product: syz [ 319.008905][ T4370] usb 2-1: Manufacturer: syz [ 319.009896][T14420] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Index buffer (VCN 0x0) of directory inode 0x5 has a size (4096) differing from the directory specified size (2048). Directory inode is corrupt or driver bug. [ 319.019999][T14420] ntfs: (device loop4): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 319.055930][T14439] program syz.3.4597 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 319.085733][ T4370] usb 2-1: SerialNumber: syz [ 319.095656][T14420] ntfs: (device loop4): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 319.121964][ T4370] r8152-cfgselector 2-1: config 0 descriptor?? [ 319.316445][T14420] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Index buffer (VCN 0x0) of directory inode 0x5 has a size (4096) differing from the directory specified size (2048). Directory inode is corrupt or driver bug. [ 319.372946][T14420] ntfs: (device loop4): ntfs_lookup(): ntfs_lookup_ino_by_name() failed with error code 5. [ 319.591300][ T4370] r8152-cfgselector 2-1: Unknown version 0x0000 [ 319.598012][ T4370] r8152-cfgselector 2-1: bad CDC descriptors [ 319.618403][T14467] xt_TCPMSS: Only works on TCP SYN packets [ 319.632051][ T4370] r8152-cfgselector 2-1: Unknown version 0x0000 [ 319.659317][ T4370] r8152-cfgselector 2-1: USB disconnect, device number 19 [ 319.818731][T14479] netlink: 'syz.3.4616': attribute type 1 has an invalid length. [ 319.861581][T14479] __nla_validate_parse: 1 callbacks suppressed [ 319.861596][T14479] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4616'. [ 319.943974][T14483] x_tables: ip_tables: osf match: only valid for protocol 6 [ 320.310320][T14507] loop1: detected capacity change from 0 to 8 [ 320.338129][T14510] netlink: zone id is out of range [ 320.410177][T14510] netlink: set zone limit has 4 unknown bytes [ 320.438466][T14507] SQUASHFS error: Failed to read block 0x906: -5 [ 320.470507][T14507] SQUASHFS error: Unable to read metadata cache entry [906] [ 320.491332][T14507] SQUASHFS error: Unable to read inode 0x8000087 [ 320.530618][T14518] loop0: detected capacity change from 0 to 512 [ 320.554889][T14522] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4639'. [ 320.596644][T14518] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 320.667194][T14518] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 320.719069][T14531] netlink: 'syz.1.4640': attribute type 1 has an invalid length. [ 320.727006][T14531] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.4640'. [ 320.727667][T14518] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.4636: invalid indirect mapped block 2683928664 (level 1) [ 320.808644][T14518] EXT4-fs (loop0): Remounting filesystem read-only [ 320.821785][T14518] EXT4-fs (loop0): 1 truncate cleaned up [ 320.838233][T14518] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.,. Quota mode: writeback. [ 321.029467][T14547] netlink: 'syz.2.4649': attribute type 12 has an invalid length. [ 321.048071][T14547] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4649'. [ 321.196531][T14550] delete_channel: no stack [ 321.229671][T14553] loop0: detected capacity change from 0 to 256 [ 321.273464][T14556] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 321.291354][ T4684] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 321.581272][ T4684] usb 4-1: Using ep0 maxpacket: 16 [ 321.667102][T14573] i2c i2c-0: Invalid block write size 34 [ 321.681618][ T4683] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 321.771531][ T4684] usb 4-1: unable to get BOS descriptor or descriptor too short [ 321.879131][ T4684] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 321.899932][ T4684] usb 4-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 321.906952][T14565] loop4: detected capacity change from 0 to 32768 [ 321.917169][ T4682] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 321.941475][ T4683] usb 3-1: Using ep0 maxpacket: 16 [ 322.046132][T14565] XFS (loop4): Mounting V5 Filesystem [ 322.070841][T14577] loop1: detected capacity change from 0 to 32768 [ 322.082889][ T4683] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 322.097633][T14577] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.4665 (14577) [ 322.127190][ T4683] usb 3-1: config 0 has no interface number 0 [ 322.134149][ T4684] usb 4-1: New USB device found, idVendor=0921, idProduct=1000, bcdDevice=3d.d1 [ 322.158002][ T4684] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.182663][ T4683] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 322.200076][ T4684] usb 4-1: Product: syz [ 322.204491][ T4684] usb 4-1: Manufacturer: syz [ 322.206365][T14565] XFS (loop4): Ending clean mount [ 322.209114][ T4684] usb 4-1: SerialNumber: syz [ 322.209866][ T4683] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 322.224868][T14565] XFS (loop4): Quotacheck needed: Please wait. [ 322.231613][ T4683] usb 3-1: config 0 interface 41 has no altsetting 0 [ 322.267530][T14577] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 322.281066][T14577] BTRFS info (device loop1): using free space tree [ 322.288506][T14577] BTRFS info (device loop1): has skinny extents [ 322.309741][T14565] XFS (loop4): Quotacheck: Done. [ 322.315316][ T4682] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 322.337780][ T4682] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 322.421629][ T4683] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 322.431736][ T4682] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 322.441073][ T4682] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 322.452382][ T4683] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.469689][ T4682] usb 1-1: SerialNumber: syz [ 322.495017][ T4683] usb 3-1: Product: syz [ 322.499332][ T4683] usb 3-1: Manufacturer: syz [ 322.504797][ T4683] usb 3-1: SerialNumber: syz [ 322.519833][ T4683] usb 3-1: config 0 descriptor?? [ 322.526843][ T4684] belkin_sa 4-1:2.0: Belkin / Peracom / GoHubs USB Serial Adapter converter detected [ 322.533582][T14577] BTRFS info (device loop1): enabling ssd optimizations [ 322.540131][ T4682] usb 1-1: 0:2 : does not exist [ 322.555743][ T4170] XFS (loop4): Unmounting Filesystem [ 322.558497][ T4684] usb 4-1: bcdDevice: 3dd1, bfc: 0 [ 322.566831][T14562] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 322.575400][T14562] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 322.599561][ T4684] usb 4-1: Belkin / Peracom / GoHubs USB Serial Adapter converter now attached to ttyUSB0 [ 322.619234][ T4684] usb 4-1: USB disconnect, device number 21 [ 322.823047][T14562] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 322.852708][T14562] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 322.859189][ T4684] belkin ttyUSB0: Belkin / Peracom / GoHubs USB Serial Adapter converter now disconnected from ttyUSB0 [ 322.884213][ T4684] belkin_sa 4-1:2.0: device disconnected [ 322.931966][ T4355] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop1 scanned by udevd (4355) [ 322.951270][ T4682] usb 1-1: USB disconnect, device number 21 [ 323.122891][ T4683] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): set LINK LED failed : -71 [ 323.133241][ T4683] CoreChips: probe of 3-1:0.41 failed with error -71 [ 323.190698][ T4683] usb 3-1: USB disconnect, device number 22 [ 323.961035][T14643] binder: 14642:14643 ioctl c0046209 e0ffff00000000 returned -22 [ 324.010177][T14650] loop2: detected capacity change from 0 to 1024 [ 324.267341][ T154] hfsplus: b-tree write err: -5, ino 4 [ 324.552186][T14675] loop3: detected capacity change from 0 to 64 [ 324.573371][T14677] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4698'. [ 324.846465][T14691] netlink: 'syz.0.4706': attribute type 1 has an invalid length. [ 325.573916][T14680] loop4: detected capacity change from 0 to 32768 [ 325.685755][T14728] netlink: 136 bytes leftover after parsing attributes in process `syz.3.4723'. [ 325.706817][T14728] netlink: 136 bytes leftover after parsing attributes in process `syz.3.4723'. [ 325.996533][T14742] loop3: detected capacity change from 0 to 64 [ 326.268780][T14752] mip6: mip6_rthdr_init_state: spi is not 0: 1 [ 326.285289][T14754] loop4: detected capacity change from 0 to 128 [ 326.487107][T14764] xt_bpf: check failed: parse error [ 326.571024][T14754] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 326.591448][T14754] ext4 filesystem being mounted at /934/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 326.673325][T14754] EXT4-fs error (device loop4): ext4_validate_inode_bitmap:106: comm syz.4.4733: Corrupt inode bitmap - block_group = 0, inode_bitmap = 19 [ 327.027734][T14799] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4753'. [ 327.194751][T14806] loop3: detected capacity change from 0 to 256 [ 327.259452][T14801] loop4: detected capacity change from 0 to 4096 [ 327.277692][T14806] exfat: Deprecated parameter 'namecase' [ 327.295071][T14811] device batadv_slave_0 entered promiscuous mode [ 327.319983][T14811] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 327.353571][T14806] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 327.517512][T14801] ntfs3: loop4: ino=5, "/" directory corrupted [ 327.547601][T14801] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 327.832164][T14827] netlink: 160 bytes leftover after parsing attributes in process `syz.2.4769'. [ 328.061854][T14843] netlink: 'syz.0.4775': attribute type 20 has an invalid length. [ 328.081465][T14845] netlink: 'syz.1.4776': attribute type 16 has an invalid length. [ 328.089506][T14845] netlink: 'syz.1.4776': attribute type 17 has an invalid length. [ 328.217729][T14845] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 328.259322][T14845] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 328.519512][T14869] loop0: detected capacity change from 0 to 8 [ 328.629035][T14869] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 328.911368][T14891] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4799'. [ 328.961426][T14891] tc_dump_action: action bad kind [ 329.065601][T14901] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4804'. [ 329.131287][ T4220] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 329.212594][T14911] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4808'. [ 329.225958][T14910] loop2: detected capacity change from 0 to 164 [ 329.234949][T14911] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4808'. [ 329.344598][T14913] loop3: detected capacity change from 0 to 4096 [ 329.368303][T14910] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 329.386353][ T4220] usb 2-1: Using ep0 maxpacket: 16 [ 329.412416][T14913] ntfs: (device loop3): parse_options(): Unrecognized mount option nlsyÂUÆ8859-14. [ 329.441328][ T6578] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 329.511577][ T4220] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 329.691453][ T4220] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 329.710870][ T4220] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.722617][ T6578] usb 5-1: Using ep0 maxpacket: 32 [ 329.761617][ T4220] usb 2-1: Product: syz [ 329.764089][T14927] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4817'. [ 329.781494][ T4220] usb 2-1: Manufacturer: syz [ 329.786138][ T4220] usb 2-1: SerialNumber: syz [ 329.824780][T14927] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4817'. [ 329.828193][ T4220] usb 2-1: config 0 descriptor?? [ 329.841641][ T6578] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 329.951306][ T4220] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 330.042705][ T6578] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 330.061233][ T6578] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.079849][ T6578] usb 5-1: Product: syz [ 330.084661][ T6578] usb 5-1: Manufacturer: syz [ 330.098706][ T6578] usb 5-1: SerialNumber: syz [ 330.106833][ T6578] usb 5-1: config 0 descriptor?? [ 330.162302][ T6578] usb 5-1: bad CDC descriptors [ 330.167543][ T6578] usb 5-1: unsupported MDLM descriptors [ 330.223722][T14942] 9pnet: p9_fd_create_unix (14942): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 330.323111][T14924] loop2: detected capacity change from 0 to 32768 [ 330.357042][T14948] SET target dimension over the limit! [ 330.445359][ T4675] usb 5-1: USB disconnect, device number 24 [ 330.610943][T14924] ERROR: (device loop2): dbAllocNext: Corrupt dmap page [ 330.610943][T14924] [ 330.658999][ T6578] usb 2-1: USB disconnect, device number 20 [ 330.669822][T14924] ialloc: diAlloc returned -5! [ 330.675215][ T6132] usb 2-1: Failed to submit usb control message: -71 [ 330.695905][ T6132] usb 2-1: unable to send the bmi data to the device: -71 [ 330.721201][ T6132] usb 2-1: unable to get target info from device [ 330.727799][ T6132] usb 2-1: could not get target info (-71) [ 330.787070][ T6132] usb 2-1: could not probe fw (-71) [ 330.906948][T14962] loop0: detected capacity change from 0 to 2048 [ 330.968161][T14962] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 331.353937][T14985] cgroup: Name too long [ 331.792975][T15019] dlm: plock device version mismatch: kernel (1.2.0), user (1952804395.1769107551.1915428975) [ 331.934528][T15029] __nla_validate_parse: 1 callbacks suppressed [ 331.934548][T15029] netlink: 256 bytes leftover after parsing attributes in process `syz.0.4866'. [ 332.167819][T15045] loop0: detected capacity change from 0 to 64 [ 332.171011][T15047] loop2: detected capacity change from 0 to 256 [ 332.264486][T15053] xt_TCPMSS: Only works on TCP SYN packets [ 332.344950][T15055] loop3: detected capacity change from 0 to 128 [ 332.402969][T15055] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 332.853862][T15083] xt_TCPMSS: Only works on TCP SYN packets [ 332.972606][T15080] loop2: detected capacity change from 0 to 4096 [ 333.068332][T15080] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match. Run ntfsfix or chkdsk. [ 333.148752][T15080] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 333.209377][T15080] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 333.252965][T15080] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 333.348391][T15080] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 333.377764][T15096] netlink: 'syz.3.4898': attribute type 12 has an invalid length. [ 333.421430][T15080] ntfs: volume version 3.1. [ 333.426305][T15080] ntfs: (device loop2): ntfs_read_locked_inode(): Inode is not in use! [ 333.460991][T15096] netlink: 'syz.3.4898': attribute type 12 has an invalid length. [ 333.507192][T15080] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 333.534549][T15096] netlink: 'syz.3.4898': attribute type 12 has an invalid length. [ 333.575783][T15080] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 333.669518][T15061] loop1: detected capacity change from 0 to 32768 [ 333.753406][T15080] ntfs: (device loop2): ntfs_read_locked_inode(): $INDEX_ROOT attribute is missing. [ 333.804233][T15104] loop3: detected capacity change from 0 to 24 [ 333.812664][T15061] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 334.072635][ T4174] ocfs2: Unmounting device (7,1) on (node local) [ 334.087681][T15114] loop0: detected capacity change from 0 to 512 [ 334.164342][T15114] EXT4-fs error (device loop0): ext4_get_journal_inode:5160: comm syz.0.4906: inode #196608: comm syz.0.4906: iget: illegal inode # [ 334.264896][T15114] EXT4-fs (loop0): no journal found [ 334.270164][T15114] EXT4-fs (loop0): can't get journal size [ 334.337251][T15114] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 334.348500][T15122] loop3: detected capacity change from 0 to 16 [ 334.416077][T15114] EXT4-fs (loop0): Errors on filesystem, clearing orphan list. [ 334.449361][T15122] erofs: (device loop3): mounted with root inode @ nid 36. [ 334.490991][T15114] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="jqfmt=vfsv0,noload,noblock_validity,grpjquota="errors=continue,resuid=0x0000000000000000,i_version,,errors=continue. Quota mode: writeback. [ 334.531950][T15122] erofs: (device loop3): erofs_read_inode: unsupported i_format 36 of nid 37 [ 334.694805][T15142] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.4919'. [ 334.751256][ T4675] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 334.782392][T15146] netlink: 'syz.3.4918': attribute type 10 has an invalid length. [ 334.790421][T15146] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 334.841039][T15146] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 334.938125][T15146] device batadv_slave_0 entered promiscuous mode [ 334.966783][T15146] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 335.041323][ T4675] usb 2-1: Using ep0 maxpacket: 32 [ 335.188270][ T4675] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 335.210658][ T4675] usb 2-1: config 0 has no interface number 0 [ 335.211488][T15166] netlink: 'syz.4.4929': attribute type 1 has an invalid length. [ 335.224963][ T4675] usb 2-1: config 0 interface 35 altsetting 2 endpoint 0x2 has an invalid bInterval 129, changing to 11 [ 335.281170][ T4675] usb 2-1: config 0 interface 35 has no altsetting 0 [ 335.398373][T15174] loop4: detected capacity change from 0 to 256 [ 335.461808][ T4675] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=6a.c2 [ 335.496577][ T4675] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.534949][T15174] FAT-fs (loop4): Directory bread(block 64) failed [ 335.561365][ T4675] usb 2-1: Product: syz [ 335.571572][ T4675] usb 2-1: Manufacturer: syz [ 335.574266][T15174] FAT-fs (loop4): Directory bread(block 65) failed [ 335.591385][ T4675] usb 2-1: SerialNumber: syz [ 335.631476][T15174] FAT-fs (loop4): Directory bread(block 66) failed [ 335.642236][ T4675] usb 2-1: config 0 descriptor?? [ 335.662224][T15174] FAT-fs (loop4): Directory bread(block 67) failed [ 335.669750][T15174] FAT-fs (loop4): Directory bread(block 68) failed [ 335.686184][T15174] FAT-fs (loop4): Directory bread(block 69) failed [ 335.695875][T15174] FAT-fs (loop4): Directory bread(block 70) failed [ 335.721799][T15174] FAT-fs (loop4): Directory bread(block 71) failed [ 335.728737][T15174] FAT-fs (loop4): Directory bread(block 72) failed [ 335.770535][T15174] FAT-fs (loop4): Directory bread(block 73) failed [ 335.803931][T15192] loop0: detected capacity change from 0 to 64 [ 335.911883][ T4675] usbtest 2-1:0.35: Linux gadget zero [ 335.917566][ T4675] usbtest 2-1:0.35: high-speed {control in/out int-out} tests (+alt) [ 336.160870][ T4220] usb 2-1: USB disconnect, device number 21 [ 336.335536][T15219] loop4: detected capacity change from 0 to 256 [ 336.408931][T15224] loop2: detected capacity change from 0 to 64 [ 336.425757][T15226] netlink: 'syz.0.4960': attribute type 5 has an invalid length. [ 336.441868][T15226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4960'. [ 336.490622][T15228] loop3: detected capacity change from 0 to 512 [ 336.542471][T15219] FAT-fs (loop4): Directory bread(block 64) failed [ 336.549172][T15219] FAT-fs (loop4): Directory bread(block 65) failed [ 336.560946][T15219] FAT-fs (loop4): Directory bread(block 66) failed [ 336.568295][T15219] FAT-fs (loop4): Directory bread(block 67) failed [ 336.576168][T15219] FAT-fs (loop4): Directory bread(block 68) failed [ 336.588984][T15228] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 336.628443][T15219] FAT-fs (loop4): Directory bread(block 69) failed [ 336.671491][T15228] EXT4-fs (loop3): 1 truncate cleaned up [ 336.675768][T15219] FAT-fs (loop4): Directory bread(block 70) failed [ 336.685853][T15219] FAT-fs (loop4): Directory bread(block 71) failed [ 336.694080][T15219] FAT-fs (loop4): Directory bread(block 72) failed [ 336.700921][T15219] FAT-fs (loop4): Directory bread(block 73) failed [ 336.708322][T15236] loop0: detected capacity change from 0 to 164 [ 336.719423][T15228] EXT4-fs (loop3): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000001,block_validity,debug_want_extra_isize=0x0000000000000068,quota,resuid=0x0000000000000000,lazytime,,errors=continue. Quota mode: writeback. [ 336.794819][T15239] loop1: detected capacity change from 0 to 2048 [ 336.943924][T15243] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 337.051773][T15239] NILFS error (device loop1): nilfs_check_page: bad entry in directory #12: rec_len is smaller than minimal - offset=1024, inode=0, rec_len=0, name_len=0 [ 337.171075][T15239] Remounting filesystem read-only [ 337.288941][T15256] loop3: detected capacity change from 0 to 4096 [ 337.347082][T15256] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 337.421381][ T4675] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 337.903634][ T4675] usb 3-1: unable to get BOS descriptor or descriptor too short [ 337.961653][ T4675] usb 3-1: not running at top speed; connect to a high speed hub [ 338.061616][ T4675] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 338.105717][ T4675] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 338.128266][T15291] loop3: detected capacity change from 0 to 1024 [ 338.141660][ T4675] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 338.171441][ T4675] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 338.201185][ T4675] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 338.421814][ T4675] usb 3-1: New USB device found, idVendor=045e, idProduct=043f, bcdDevice=fc.90 [ 338.459584][ T4675] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.510472][ T4675] usb 3-1: Product: syz [ 338.516873][ T4675] usb 3-1: Manufacturer: syz [ 338.531186][ T4675] usb 3-1: SerialNumber: syz [ 338.603993][ T4675] ipaq 3-1:1.0: PocketPC PDA converter detected [ 338.834117][ T4675] usb 3-1: PocketPC PDA converter now attached to ttyUSB0 [ 338.912867][T15284] loop4: detected capacity change from 0 to 32768 [ 338.958931][T15284] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.4987 (15284) [ 339.022164][T15284] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 339.057114][ T6578] usb 3-1: USB disconnect, device number 23 [ 339.071634][T15284] BTRFS info (device loop4): using free space tree [ 339.078392][T15284] BTRFS info (device loop4): has skinny extents [ 339.096866][ T6578] ipaq ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0 [ 339.125876][ T6578] ipaq 3-1:1.0: device disconnected [ 339.285102][T15284] BTRFS info (device loop4): enabling ssd optimizations [ 339.401392][ T2288] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 339.445218][T15351] netlink: 'syz.1.5008': attribute type 32 has an invalid length. [ 339.552809][T15318] loop0: detected capacity change from 0 to 32768 [ 339.577558][T15353] loop1: detected capacity change from 0 to 512 [ 339.632153][T15318] (syz.0.5001,15318,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 339.651259][ T2288] usb 4-1: Using ep0 maxpacket: 32 [ 339.700145][T15353] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 339.706708][T15318] (syz.0.5001,15318,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 339.731814][T15353] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 339.761445][T15353] EXT4-fs (loop1): 1 truncate cleaned up [ 339.781515][T15353] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,usrjquota="data=ordered,noload,grpid,grpjquota="init_itable,jqfmt=vfsold,noblock_validity,,errors=continue. Quota mode: writeback. [ 339.801496][ C0] vkms_vblank_simulate: vblank timer overrun [ 339.826065][T15318] JBD2: Ignoring recovery information on journal [ 339.915337][T15353] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 339.941504][ T2288] usb 4-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01 [ 339.961005][ T2288] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.971170][ T2288] usb 4-1: Product: syz [ 339.975652][ T2288] usb 4-1: Manufacturer: syz [ 339.980503][ T2288] usb 4-1: SerialNumber: syz [ 339.982737][T15318] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 340.009392][ T2288] usb 4-1: config 0 descriptor?? [ 340.259260][ T4172] ocfs2: Unmounting device (7,0) on (node local) [ 340.277735][ T2288] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19! [ 340.510551][ T4684] usb 4-1: USB disconnect, device number 22 [ 340.541427][ T4675] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 340.609917][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 340.609933][ T26] audit: type=1400 audit(1747271890.500:38): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-22 profile="unconfined" name="&" pid=15376 comm="syz.4.5020" [ 340.941642][ T4675] usb 3-1: New USB device found, idVendor=041e, idProduct=400c, bcdDevice=af.98 [ 340.967487][ T4675] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.977758][ T4675] usb 3-1: config 0 descriptor?? [ 341.053454][ T4675] pwc: Creative Labs Webcam 5 detected. [ 341.118359][T15406] xt_TCPMSS: Only works on TCP SYN packets [ 341.250389][T15417] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5039'. [ 341.299124][T15417] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5039'. [ 341.299851][ T4675] pwc: Failed to set LED on/off time (-71) [ 341.351287][ T4675] pwc: send_video_command error -71 [ 341.356645][ T4675] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 341.384731][ T4675] Philips webcam: probe of 3-1:0.0 failed with error -71 [ 341.411403][ T4675] usb 3-1: USB disconnect, device number 24 [ 341.454290][T15427] program syz.0.5044 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 341.967625][T15462] xt_socket: unknown flags 0xc [ 342.025685][T15466] loop3: detected capacity change from 0 to 256 [ 342.026063][ T4220] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 342.078402][T15468] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 342.111093][T15468] overlayfs: conflicting options: userxattr,metacopy=on [ 342.133267][T15466] FAT-fs (loop3): Directory bread(block 64) failed [ 342.139889][T15466] FAT-fs (loop3): Directory bread(block 65) failed [ 342.166859][T15466] FAT-fs (loop3): Directory bread(block 66) failed [ 342.182835][T15466] FAT-fs (loop3): Directory bread(block 67) failed [ 342.189884][T15466] FAT-fs (loop3): Directory bread(block 68) failed [ 342.201382][ T4675] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 342.206838][T15466] FAT-fs (loop3): Directory bread(block 69) failed [ 342.217366][T15466] FAT-fs (loop3): Directory bread(block 70) failed [ 342.248635][T15466] FAT-fs (loop3): Directory bread(block 71) failed [ 342.257337][T15466] FAT-fs (loop3): Directory bread(block 72) failed [ 342.270173][T15466] FAT-fs (loop3): Directory bread(block 73) failed [ 342.484747][ T4675] usb 1-1: Using ep0 maxpacket: 32 [ 342.591515][ T4220] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 342.600958][ T4220] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.632688][ T4675] usb 1-1: config 0 has an invalid interface number: 35 but max is 0 [ 342.652488][ T4675] usb 1-1: config 0 has no interface number 0 [ 342.664663][ T4220] usb 2-1: Product: syz [ 342.669078][ T4220] usb 2-1: Manufacturer: syz [ 342.683714][ T4220] usb 2-1: SerialNumber: syz [ 342.752123][ T4220] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 342.828530][T15476] loop2: detected capacity change from 0 to 32768 [ 342.841525][ T7] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 342.867078][T15490] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 342.884979][ T4675] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 342.895271][ T4675] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.909814][ T4675] usb 1-1: Product: syz [ 342.916886][ T4675] usb 1-1: Manufacturer: syz [ 342.927475][ T4675] usb 1-1: SerialNumber: syz [ 342.937389][ T4675] usb 1-1: config 0 descriptor?? [ 342.983813][ T4675] radio-si470x 1-1:0.35: could not find interrupt in endpoint [ 342.983869][ T4675] radio-si470x: probe of 1-1:0.35 failed with error -5 [ 343.101219][ T7] usb 5-1: Using ep0 maxpacket: 32 [ 343.147327][T15500] binder: BC_ACQUIRE_RESULT not supported [ 343.160318][T15500] binder: 15499:15500 ioctl c0306201 200000000580 returned -22 [ 343.207742][ T4675] radio-raremono 1-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 343.261540][ T7] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 343.304839][ T7] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 343.335178][ T7] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 343.351386][ T4220] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 343.355425][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.421793][ T4675] radio-raremono 1-1:0.35: raremono_cmd_main failed (-71) [ 343.439703][ T4675] radio-raremono 1-1:0.35: V4L2 device registered as radio48 [ 343.449819][ T7] hub 5-1:4.0: USB hub found [ 343.475918][ T4675] usb 1-1: USB disconnect, device number 22 [ 343.495175][ T4675] radio-raremono 1-1:0.35: Thanko's Raremono disconnected [ 343.661514][ T7] hub 5-1:4.0: config failed, hub has too many ports! (err -19) [ 343.813811][ T7] usb 2-1: USB disconnect, device number 22 [ 344.011693][ T6578] usb 5-1: USB disconnect, device number 25 [ 344.231222][ T4675] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 344.421419][ T4220] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 344.431372][ T4220] ath9k_htc: Failed to initialize the device [ 344.438178][ T7] usb 2-1: ath9k_htc: USB layer deinitialized [ 344.641585][ T4675] usb 3-1: config 0 has an invalid interface number: 29 but max is 0 [ 344.650403][ T4675] usb 3-1: config 0 has no interface number 0 [ 344.688070][ T4675] usb 3-1: config 0 interface 29 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 344.717384][ T4675] usb 3-1: config 0 interface 29 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 344.981629][ T4675] usb 3-1: New USB device found, idVendor=07fa, idProduct=0847, bcdDevice=60.e8 [ 345.001167][ T4675] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.026999][ T4675] usb 3-1: Product: syz [ 345.036540][T15573] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5115'. [ 345.046786][ T4675] usb 3-1: Manufacturer: syz [ 345.056899][T15574] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5116'. [ 345.078545][ T4675] usb 3-1: SerialNumber: syz [ 345.091186][ T4675] usb 3-1: config 0 descriptor?? [ 345.101651][T15573] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5115'. [ 345.122037][T15524] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 345.130457][T15573] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5115'. [ 345.159529][T15573] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5115'. [ 345.172248][ T4675] HFC-S_USB: probe of 3-1:0.29 failed with error -5 [ 345.407918][ T4220] usb 3-1: USB disconnect, device number 25 [ 345.957495][ T4675] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 346.006731][T15631] netlink: 'syz.0.5144': attribute type 24 has an invalid length. [ 346.215718][T15642] loop1: detected capacity change from 0 to 256 [ 346.387880][T15650] loop0: detected capacity change from 0 to 256 [ 346.394667][ T4675] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 346.411159][ T4675] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.445982][ T4675] usb 5-1: config 0 descriptor?? [ 346.515865][ T4675] cp210x 5-1:0.0: cp210x converter detected [ 346.744810][ T4675] usb 5-1: cp210x converter now attached to ttyUSB0 [ 346.882787][T15680] loop1: detected capacity change from 0 to 256 [ 346.958398][ T4675] usb 5-1: USB disconnect, device number 26 [ 346.989430][ T4675] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 347.021312][ T4675] cp210x 5-1:0.0: device disconnected [ 347.043326][T15680] FAT-fs (loop1): Directory bread(block 64) failed [ 347.050031][T15680] FAT-fs (loop1): Directory bread(block 65) failed [ 347.101077][T15690] loop0: detected capacity change from 0 to 512 [ 347.103141][T15680] FAT-fs (loop1): Directory bread(block 66) failed [ 347.155188][T15680] FAT-fs (loop1): Directory bread(block 67) failed [ 347.162459][T15680] FAT-fs (loop1): Directory bread(block 68) failed [ 347.170768][T15680] FAT-fs (loop1): Directory bread(block 69) failed [ 347.180778][T15680] FAT-fs (loop1): Directory bread(block 70) failed [ 347.188051][T15680] FAT-fs (loop1): Directory bread(block 71) failed [ 347.211298][T15680] FAT-fs (loop1): Directory bread(block 72) failed [ 347.213290][T15690] EXT4-fs (loop0): Ignoring removed bh option [ 347.231345][T15680] FAT-fs (loop1): Directory bread(block 73) failed [ 347.259109][T15690] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 347.329062][T15690] EXT4-fs (loop0): 1 truncate cleaned up [ 347.337630][T15690] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 347.372413][T15690] overlayfs: missing 'workdir' [ 347.426481][T15704] loop3: detected capacity change from 0 to 256 [ 347.508672][T15704] FAT-fs (loop3): Directory bread(block 64) failed [ 347.517637][T15704] FAT-fs (loop3): Directory bread(block 65) failed [ 347.524873][T15704] FAT-fs (loop3): Directory bread(block 66) failed [ 347.540715][T15704] FAT-fs (loop3): Directory bread(block 67) failed [ 347.567150][T15704] FAT-fs (loop3): Directory bread(block 68) failed [ 347.584332][T15704] FAT-fs (loop3): Directory bread(block 69) failed [ 347.593784][T15709] loop2: detected capacity change from 0 to 16 [ 347.606446][T15704] FAT-fs (loop3): Directory bread(block 70) failed [ 347.614305][T15704] FAT-fs (loop3): Directory bread(block 71) failed [ 347.621667][T15704] FAT-fs (loop3): Directory bread(block 72) failed [ 347.628284][T15704] FAT-fs (loop3): Directory bread(block 73) failed [ 347.656113][T15709] erofs: (device loop2): mounted with root inode @ nid 36. [ 347.997382][T15722] block device autoloading is deprecated. It will be removed in Linux 5.19 [ 348.159589][T15740] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5198'. [ 348.597757][T15770] loop2: detected capacity change from 0 to 764 [ 348.715137][T15770] Symlink component flag not implemented [ 348.720914][T15770] Symlink component flag not implemented (7) [ 348.991242][T15798] loop1: detected capacity change from 0 to 512 [ 349.081890][T15798] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 349.152601][T15798] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 349.191561][T15812] netlink: 766 bytes leftover after parsing attributes in process `syz.4.5231'. [ 349.291558][T15798] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.5226: bg 0: block 251: padding at end of block bitmap is not set [ 349.318072][T15818] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5233'. [ 349.361433][T15818] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5233'. [ 349.370562][T15818] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5233'. [ 349.381704][T15798] Quota error (device loop1): write_blk: dquota write failed [ 349.428351][T15798] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 349.449194][T15798] EXT4-fs error (device loop1): ext4_acquire_dquot:6204: comm syz.1.5226: Failed to acquire dquot type 0 [ 349.824225][T15832] loop4: detected capacity change from 0 to 2048 [ 349.960702][T15832] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 350.047224][T15832] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 350.157394][T15832] UDF-fs: unknown compression code (0) [ 350.793545][T15872] loop0: detected capacity change from 0 to 1024 [ 350.833806][T15875] netlink: 494 bytes leftover after parsing attributes in process `syz.4.5263'. [ 350.974118][ T154] hfsplus: b-tree write err: -5, ino 4 [ 351.299810][T15894] loop2: detected capacity change from 0 to 1024 [ 351.313231][T15897] loop1: detected capacity change from 0 to 512 [ 351.389135][T15886] loop0: detected capacity change from 0 to 8192 [ 351.418216][T15840] loop3: detected capacity change from 0 to 40427 [ 351.431206][T15894] hfsplus: trying to free free bnode 0(1) [ 351.485040][T15886] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 351.534351][T15840] F2FS-fs (loop3): invalid crc value [ 351.567514][ T6132] hfsplus: b-tree write err: -5, ino 4 [ 351.573861][T15905] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5277'. [ 351.590770][T15897] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,barrier=0x0000000000001000,grpjquota=,norecovery,dioread_lock,,errors=continue. Quota mode: writeback. [ 351.647300][T15840] F2FS-fs (loop3): Found nat_bits in checkpoint [ 351.664606][T15897] ext4 filesystem being mounted at /1067/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 351.948317][T15840] F2FS-fs (loop3): Start checkpoint disabled! [ 352.129899][T15840] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 352.192527][T15924] loop1: detected capacity change from 0 to 1764 [ 352.458926][T15938] device bridge2 entered promiscuous mode [ 352.663996][T15946] loop2: detected capacity change from 0 to 8 [ 352.881368][T15954] netlink: 'syz.3.5290': attribute type 15 has an invalid length. [ 352.918316][T15954] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5290'. [ 353.207394][T15976] loop1: detected capacity change from 0 to 512 [ 353.396814][T15976] EXT4-fs (loop1): mounted filesystem without journal. Opts: noquota,barrier=0x0000000000001003,errors=remount-ro,noauto_da_alloc,dioread_lock,. Quota mode: writeback. [ 353.500613][T15976] ext4 filesystem being mounted at /1074/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 353.626173][T15996] netlink: zone id is out of range [ 353.633621][T15976] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz.1.5309: corrupted xattr block 19 [ 353.652262][T15996] netlink: zone id is out of range [ 353.668680][T15967] loop3: detected capacity change from 0 to 32768 [ 353.724445][T15976] EXT4-fs (loop1): Remounting filesystem read-only [ 353.885432][T15999] loop4: detected capacity change from 0 to 4096 [ 353.957462][T15999] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 354.382645][T16022] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5334'. [ 354.703590][ T6578] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 354.811269][ T4675] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 355.061353][ T4675] usb 3-1: Using ep0 maxpacket: 8 [ 355.071598][ T6578] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 355.080171][ T6578] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 355.102199][ T6578] usb 4-1: config 220 has no interface number 2 [ 355.109518][ T6578] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 355.129528][ T6578] usb 4-1: config 220 interface 0 has no altsetting 0 [ 355.136778][ T6578] usb 4-1: config 220 interface 76 has no altsetting 0 [ 355.150343][ T6578] usb 4-1: config 220 interface 1 has no altsetting 0 [ 355.204347][T16048] IPv6: sit3: Disabled Multicast RS [ 355.221516][ T4675] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 355.241514][ T4675] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 355.304137][ T4675] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 355.334431][ T4675] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 355.346293][ T6578] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 355.368990][ T6578] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.382404][ T4675] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 355.401234][ T4675] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 355.403958][ T6578] usb 4-1: Product: syz [ 355.412567][ T4675] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.433794][ T6578] usb 4-1: Manufacturer: syz [ 355.438822][ T6578] usb 4-1: SerialNumber: syz [ 355.474349][ T4675] usb 3-1: config 0 descriptor?? [ 355.498425][T16062] loop0: detected capacity change from 0 to 1024 [ 355.505973][T16028] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 355.528397][T16062] EXT4-fs (loop0): #clusters per group too big: 24576 [ 355.759217][T16074] loop1: detected capacity change from 0 to 8 [ 355.816704][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.824637][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.835832][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.842194][ T6578] usb 4-1: selecting invalid altsetting 0 [ 355.844031][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.856913][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.864495][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.872335][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.879618][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.886938][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.889947][ T6578] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 355.894176][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.894208][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.894235][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.894261][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.894287][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.894316][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.894349][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.894374][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.919859][T16074] SQUASHFS error: Failed to read block 0x1ec: -5 [ 355.923004][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.976411][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.981260][ T6578] usb 4-1: No valid video chain found. [ 355.983936][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 355.996909][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 356.004365][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 356.011942][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 356.016391][T16074] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 356.019555][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 356.035084][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 356.042613][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 356.049817][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 356.057219][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 356.071206][ T4185] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 356.092733][ T6578] usb 4-1: selecting invalid altsetting 0 [ 356.098618][ T6578] usbtest: probe of 4-1:220.1 failed with error -22 [ 356.153914][ T1110] usb 3-1: USB disconnect, device number 26 [ 356.193501][ T6578] usb 4-1: USB disconnect, device number 23 [ 356.201653][T16086] loop0: detected capacity change from 0 to 24 [ 356.500767][T16097] dns_resolver: Unsupported content type (98) [ 356.758050][T16120] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5379'. [ 356.770572][T16121] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.5381'. [ 356.808056][T16120] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5379'. [ 356.809193][T16121] openvswitch: netlink: ct_state flags 00030000 unsupported [ 356.919816][T16125] loop3: detected capacity change from 0 to 1764 [ 357.285765][T16141] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5391'. [ 357.878903][T16164] netlink: 'syz.3.5402': attribute type 1 has an invalid length. [ 357.907437][T16164] netlink: 'syz.3.5402': attribute type 3 has an invalid length. [ 357.958279][T16164] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5402'. [ 357.987039][T16164] NCSI netlink: No device for ifindex 52229 [ 358.015216][T16129] loop4: detected capacity change from 0 to 32768 [ 358.048153][T16133] loop1: detected capacity change from 0 to 32768 [ 358.091919][T16129] XFS: ikeep mount option is deprecated. [ 358.134515][T16178] loop2: detected capacity change from 0 to 16 [ 358.190994][T16129] XFS (loop4): Mounting V5 Filesystem [ 358.197654][T16178] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 358.209182][T16173] loop0: detected capacity change from 0 to 4096 [ 358.354932][ T4345] udevd[4345]: incorrect cramfs checksum on /dev/loop2 [ 358.544080][T16173] ntfs3: loop0: ino=5, "/" directory corrupted [ 358.563330][T16173] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 358.573429][T16129] XFS (loop4): Ending clean mount [ 358.702299][T16129] XFS (loop4): Quotacheck needed: Please wait. [ 358.784528][T16204] loop3: detected capacity change from 0 to 8 [ 358.881837][T16129] XFS (loop4): Quotacheck: Done. [ 358.888215][T16129] XFS (loop4): Unmounting Filesystem [ 358.895103][T16204] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 358.930407][T16209] program syz.2.5419 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 359.028925][ T4345] udevd[4345]: incorrect cramfs checksum on /dev/loop3 [ 359.038812][T16209] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 359.054051][T16204] cramfs: Error -3 while decompressing! [ 359.092767][T16204] cramfs: ffffffff961c9228(26)->ffff88805387c000(4096) [ 359.136154][T16204] cramfs: Error -3 while decompressing! [ 359.198812][ T4249] udevd[4249]: incorrect cramfs checksum on /dev/loop3 [ 359.208176][T16204] cramfs: ffffffff961c9242(26)->ffff88805387d000(4096) [ 359.247898][T16204] cramfs: Error -3 while decompressing! [ 359.269859][T16204] cramfs: ffffffff961c925c(16)->ffff8880514a0000(4096) [ 359.287650][T16221] overlayfs: conflicting options: userxattr,redirect_dir=off [ 359.288113][T16204] cramfs: Error -3 while decompressing! [ 359.346842][T16204] cramfs: ffffffff961c9228(26)->ffff88805387c000(4096) [ 359.373626][T16223] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.5426'. [ 359.384457][T16223] openvswitch: netlink: Flow key attribute not present in set flow. [ 359.529304][T16232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5431'. [ 359.624536][T16235] loop3: detected capacity change from 0 to 512 [ 359.710462][T16235] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 359.813980][T16235] EXT4-fs (loop3): 1 truncate cleaned up [ 359.819881][T16235] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,discard,journal_ioprio=0x0000000000000003,errors=remount-ro,lazytime,minixdf,noquota,usrjquota=,. Quota mode: none. [ 359.982760][T16235] EXT4-fs error (device loop3): ext4_get_verity_descriptor_location:299: inode #15: comm syz.3.5432: verity file has no extents [ 360.027769][T16235] EXT4-fs (loop3): Remounting filesystem read-only [ 360.053266][T16235] fs-verity (loop3, inode 15): Error -117 getting verity descriptor size [ 360.390091][T16280] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5453'. [ 360.428003][T16286] netlink: 'syz.2.5454': attribute type 21 has an invalid length. [ 360.460961][T16286] netlink: 128 bytes leftover after parsing attributes in process `syz.2.5454'. [ 360.471570][T16286] netlink: 'syz.2.5454': attribute type 4 has an invalid length. [ 360.479426][T16286] netlink: 'syz.2.5454': attribute type 5 has an invalid length. [ 360.501778][T16276] XFS (nullb0): Invalid superblock magic number [ 360.565592][T16286] netlink: 3 bytes leftover after parsing attributes in process `syz.2.5454'. [ 361.071376][T16323] netlink: 'syz.4.5472': attribute type 11 has an invalid length. [ 361.457334][T16348] kernel profiling enabled (shift: 17) [ 361.816047][T16372] bridge0: port 1(veth0_to_bridge) entered blocking state [ 361.830721][T16372] bridge0: port 1(veth0_to_bridge) entered disabled state [ 361.840879][T16372] device veth0_to_bridge entered promiscuous mode [ 361.867968][T16372] bridge0: port 1(veth0_to_bridge) entered blocking state [ 361.875295][T16372] bridge0: port 1(veth0_to_bridge) entered forwarding state [ 362.005418][T16382] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 362.090956][T16386] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5501'. [ 362.449811][T16409] netlink: 'syz.3.5511': attribute type 1 has an invalid length. [ 362.511262][T16409] netlink: 'syz.3.5511': attribute type 2 has an invalid length. [ 362.554405][T16409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5511'. [ 362.833667][T16430] loop0: detected capacity change from 0 to 64 [ 362.935645][T16436] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5525'. [ 363.076539][T16438] loop1: detected capacity change from 0 to 512 [ 363.203917][T16438] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 363.245415][T16438] ext4 filesystem being mounted at /1119/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 363.357235][T16425] loop3: detected capacity change from 0 to 32768 [ 363.388521][T16425] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.5519 (16425) [ 363.439896][T16425] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 363.480719][T16425] BTRFS info (device loop3): force zlib compression, level 3 [ 363.489742][T16425] BTRFS info (device loop3): force clearing of disk cache [ 363.516267][T16425] BTRFS info (device loop3): setting nodatasum [ 363.565971][T16425] BTRFS info (device loop3): allowing degraded mounts [ 363.577417][T16450] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5531'. [ 363.577594][T16425] BTRFS info (device loop3): enabling disk space caching [ 363.615459][T16425] BTRFS info (device loop3): disk space caching is enabled [ 363.633871][T16425] BTRFS info (device loop3): has skinny extents [ 364.049393][T16440] loop0: detected capacity change from 0 to 32768 [ 364.062319][T16425] BTRFS info (device loop3): clearing free space tree [ 364.079723][T16425] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 364.130263][T16425] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 364.233741][T16440] ERROR: (device loop0): dbAllocAG: unable to allocate blocks [ 364.233741][T16440] [ 364.312178][T16498] xt_NFQUEUE: number of total queues is 0 [ 364.556054][T16505] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 364.900336][T16519] netlink: 'syz.0.5555': attribute type 21 has an invalid length. [ 365.068648][T16525] xt_bpf: check failed: parse error [ 365.084167][T16527] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5560'. [ 365.248805][T16531] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5562'. [ 365.297100][T16531] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5562'. [ 365.315260][T16536] device ip6erspan0 entered promiscuous mode [ 365.317539][T16531] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5562'. [ 365.338358][T16535] loop0: detected capacity change from 0 to 256 [ 365.696405][T16553] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5572'. [ 365.751267][T16553] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 365.998602][T16575] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 366.052106][T16579] loop1: detected capacity change from 0 to 256 [ 366.373303][T16605] loop3: detected capacity change from 0 to 64 [ 366.386318][T16604] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 366.543938][ T1092] block nbd0: Attempted send on invalid socket [ 366.550352][ T1092] blk_update_request: I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 366.567852][ T1092] block nbd0: Attempted send on invalid socket [ 366.574481][ T1092] blk_update_request: I/O error, dev nbd0, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 366.924225][T16639] loop4: detected capacity change from 0 to 4096 [ 366.973708][T16639] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 367.049365][T16639] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,grpquota,init_itable,user_xattr,nomblk_io_submit,,errors=continue. Quota mode: writeback. [ 367.101511][T16654] netlink: 'syz.2.5621': attribute type 13 has an invalid length. [ 367.228407][T16639] Quota error (device loop4): do_check_range: Getting dqdh_prev_free 16715264 out of range 0-8 [ 367.280611][T16639] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 367.311491][T16639] EXT4-fs error (device loop4): ext4_acquire_dquot:6204: comm syz.4.5614: Failed to acquire dquot type 0 [ 367.336400][T16662] loop3: detected capacity change from 0 to 512 [ 367.345904][T16654] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 367.355568][T16636] loop1: detected capacity change from 0 to 32768 [ 367.385582][T16654] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 367.451142][T16636] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.5613 (16636) [ 367.522915][T16662] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 367.552940][T16672] netlink: 'syz.2.5630': attribute type 3 has an invalid length. [ 367.587329][T16636] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 367.625701][T16662] ext4 filesystem being mounted at /1084/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 367.638997][T16636] BTRFS info (device loop1): force zlib compression, level 3 [ 367.681535][T16636] BTRFS info (device loop1): force clearing of disk cache [ 367.761410][T16636] BTRFS info (device loop1): setting nodatasum [ 367.767784][T16636] BTRFS info (device loop1): allowing degraded mounts [ 367.800182][T16636] BTRFS info (device loop1): enabling disk space caching [ 367.881432][T16636] BTRFS info (device loop1): disk space caching is enabled [ 367.921333][T16636] BTRFS info (device loop1): has skinny extents [ 368.048148][T16693] loop2: detected capacity change from 0 to 256 [ 368.082169][T16699] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5640'. [ 368.452383][T16636] BTRFS info (device loop1): clearing free space tree [ 368.461776][T16636] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 368.481624][T16636] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 368.910528][T16734] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 369.368092][T16756] loop0: detected capacity change from 0 to 256 [ 369.665223][T16766] loop3: detected capacity change from 0 to 1024 [ 369.797882][T16776] libceph: resolve '0' (ret=-3): failed [ 369.981715][T16778] loop1: detected capacity change from 0 to 4096 [ 370.057466][T16778] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 370.160790][T16778] ntfs3: loop1: failed to convert "c46c" to macinuit [ 370.621022][T16829] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5694'. [ 370.677721][T16829] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 370.818802][T16843] delete_channel: no stack [ 370.971002][T16848] 8021q: adding VLAN 0 to HW filter on device bond1 [ 371.005899][T16855] loop3: detected capacity change from 0 to 256 [ 371.082000][T16861] netlink: 'syz.1.5710': attribute type 2 has an invalid length. [ 371.176698][T16855] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 371.258627][T16870] delete_channel: no stack [ 371.307525][T16873] program syz.4.5714 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 371.379441][T16879] overlayfs: missing 'lowerdir' [ 371.512270][T16887] xt_nat: multiple ranges no longer supported [ 371.548392][T16893] tmpfs: Bad value for 'mpol' [ 371.572565][ T26] audit: type=1400 audit(1747271921.460:39): apparmor="DENIED" operation="stack" info="label not found" error=-2 profile="unconfined" name=22 pid=16889 comm="syz.1.5723" [ 371.574402][T16890] loop3: detected capacity change from 0 to 764 [ 371.616721][T16895] CIFS mount error: No usable UNC path provided in device string! [ 371.616721][T16895] [ 371.654709][T16895] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 372.097372][T16929] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5740'. [ 372.177909][T16933] loop2: detected capacity change from 0 to 2048 [ 372.204292][T16937] binder: 16935:16937 ioctl c018620c 200000000100 returned -22 [ 372.285519][T16941] loop3: detected capacity change from 0 to 256 [ 372.293915][T16942] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 372.339489][T16933] NILFS error (device loop2): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=203 [ 372.373685][T16933] Remounting filesystem read-only [ 372.581400][ T1110] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 372.677644][T16958] netlink: 'syz.1.5754': attribute type 11 has an invalid length. [ 372.831039][ T1110] usb 1-1: Using ep0 maxpacket: 16 [ 372.951499][ T1110] usb 1-1: config 0 has no interfaces? [ 373.011447][T16974] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 373.027343][ T4684] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 373.048469][T16976] netlink: 72 bytes leftover after parsing attributes in process `syz.3.5764'. [ 373.111596][ T1110] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 373.138862][ T1110] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.191316][ T1110] usb 1-1: Product: syz [ 373.217675][ T1110] usb 1-1: Manufacturer: syz [ 373.222529][T16980] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5766'. [ 373.269375][ T1110] usb 1-1: SerialNumber: syz [ 373.305144][T16984] loop4: detected capacity change from 0 to 24 [ 373.312188][T16983] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 373.331266][ T4684] usb 3-1: Using ep0 maxpacket: 16 [ 373.331326][ T1110] r8152-cfgselector 1-1: config 0 descriptor?? [ 373.382244][T16984] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 373.435519][T16984] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 373.463882][ T4684] usb 3-1: config 0 has an invalid interface number: 35 but max is 0 [ 373.501214][ T4684] usb 3-1: config 0 has no interface number 0 [ 373.507445][ T4684] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 373.540249][ T4684] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 373.551305][T16984] VFS: Lookup of 'file0' in romfs loop4 would have caused loop [ 373.621987][ T1110] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 373.623187][T16994] loop3: detected capacity change from 0 to 512 [ 373.685748][T16996] loop4: detected capacity change from 0 to 64 [ 373.694658][T16992] loop1: detected capacity change from 0 to 4096 [ 373.737220][T16994] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 373.743974][T16992] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 373.749506][T16994] ext4 filesystem being mounted at /1115/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 373.790372][T16992] ntfs3: loop1: Failed to load $Extend. [ 373.801328][ T4684] usb 3-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=ec.5c [ 373.810480][ T4684] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.846467][ T4370] usb 1-1: USB disconnect, device number 23 [ 373.856279][T16994] EXT4-fs error (device loop3): ext4_get_verity_descriptor_location:338: inode #15: comm syz.3.5773: verity file corrupted; can't find descriptor [ 373.914037][ T4684] usb 3-1: Product: syz [ 373.918266][ T4684] usb 3-1: Manufacturer: syz [ 373.942651][T16994] fs-verity (loop3, inode 15): Error -117 getting verity descriptor size [ 373.951703][ T4684] usb 3-1: SerialNumber: syz [ 373.960418][ T4684] usb 3-1: config 0 descriptor?? [ 374.038037][ T4684] cypress_m8 3-1:0.35: Nokia CA-42 V2 Adapter converter detected [ 374.252173][ T4684] usb 3-1: Nokia CA-42 V2 Adapter converter now attached to ttyUSB0 [ 374.258931][T17011] loop3: detected capacity change from 0 to 256 [ 374.287745][T17011] exfat: Deprecated parameter 'utf8' [ 374.320398][T17011] exfat: Deprecated parameter 'utf8' [ 374.346591][T17011] exfat: Deprecated parameter 'utf8' [ 374.403722][T17011] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x4899f300, utbl_chksum : 0xe619d30d) [ 374.492194][ T4370] usb 3-1: USB disconnect, device number 27 [ 374.551714][ T4370] nokiaca42v2 ttyUSB0: Nokia CA-42 V2 Adapter converter now disconnected from ttyUSB0 [ 374.562108][T17019] netlink: 'syz.0.5784': attribute type 2 has an invalid length. [ 374.569870][T17019] netlink: 'syz.0.5784': attribute type 3 has an invalid length. [ 374.596289][ T4370] cypress_m8 3-1:0.35: device disconnected [ 374.606866][T17021] ieee802154 phy0 wpan0: encryption failed: -22 [ 374.615848][T17019] netlink: 76 bytes leftover after parsing attributes in process `syz.0.5784'. [ 374.664228][T17025] xt_hashlimit: max too large, truncated to 1048576 [ 374.692893][T17025] Timeout policy `syz1' can only be used by L3 protocol number 25944 [ 374.876946][T17032] netlink: 'syz.3.5790': attribute type 13 has an invalid length. [ 375.078630][T17032] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 375.087633][T17039] loop0: detected capacity change from 0 to 256 [ 375.119098][T17032] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 375.197451][T17032] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 375.404238][T17032] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 375.530190][T17059] Zero length message leads to an empty skb [ 375.614052][ T150] block nbd4: Attempted send on invalid socket [ 375.620403][ T150] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 375.632266][T17061] hpfs: hpfs_map_sector(): read error [ 375.656336][T17023] loop1: detected capacity change from 0 to 32768 [ 375.701268][ T4370] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 375.785511][T17067] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5807'. [ 376.061456][ T4370] usb 1-1: config 0 has an invalid interface number: 83 but max is 0 [ 376.081297][ T4370] usb 1-1: config 0 has no interface number 0 [ 376.088057][ T4370] usb 1-1: config 0 interface 83 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 376.145801][ T4370] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61 [ 376.175362][ T4370] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.208732][ T4370] usb 1-1: config 0 descriptor?? [ 376.253390][ T4370] ttusbir 1-1:0.83: cannot find expected altsetting [ 376.468762][ T1110] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 376.534675][ T4370] usb 1-1: USB disconnect, device number 24 [ 376.553932][T17103] loop3: detected capacity change from 0 to 256 [ 376.696022][ T26] audit: type=1400 audit(1747271926.590:40): apparmor="DENIED" operation="change_profile" info="label not found" error=-22 profile="unconfined" name="&" pid=17107 comm="syz.1.5828" [ 376.813280][T17112] netlink: 'syz.2.5830': attribute type 2 has an invalid length. [ 376.821055][T17112] netlink: 'syz.2.5830': attribute type 1 has an invalid length. [ 376.861540][ T1110] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 376.891223][ T1110] usb 5-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 376.918492][ T1110] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.958940][ T1110] usb 5-1: config 0 descriptor?? [ 376.994030][T17122] delete_channel: no stack [ 377.116591][T17130] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5839'. [ 377.290755][T17141] netlink: 'syz.0.5843': attribute type 10 has an invalid length. [ 377.468090][ T1110] usb 5-1: USB disconnect, device number 27 [ 377.583678][T17152] loop0: detected capacity change from 0 to 2048 [ 377.676632][T17152] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 377.830381][T17169] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5861'. [ 377.994975][T17180] ip6t_srh: unknown srh match flags 4001 [ 378.118646][T17176] loop3: detected capacity change from 0 to 4096 [ 378.152060][T17190] netlink: 'syz.0.5869': attribute type 29 has an invalid length. [ 378.196358][T17176] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 378.314964][T17176] ntfs3: loop3: failed to convert "c46c" to macinuit [ 378.594262][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.600615][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.704438][T17218] loop0: detected capacity change from 0 to 256 [ 378.761281][ T4684] usb 5-1: new full-speed USB device number 28 using dummy_hcd [ 378.801348][ T4216] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 378.810153][T17218] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 378.869926][T17221] loop2: detected capacity change from 0 to 1764 [ 379.071492][ T4216] usb 4-1: Using ep0 maxpacket: 32 [ 379.177292][T17205] loop1: detected capacity change from 0 to 32768 [ 379.191809][ T4684] usb 5-1: config 0 has an invalid interface number: 31 but max is 0 [ 379.215848][ T4216] usb 4-1: config 0 has an invalid interface number: 16 but max is 0 [ 379.217867][T17205] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.5876 (17205) [ 379.230688][ T4684] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 379.258289][ T4216] usb 4-1: config 0 has no interface number 0 [ 379.265396][ T4216] usb 4-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 379.277153][ T4684] usb 5-1: config 0 has no interface number 0 [ 379.284240][ T4216] usb 4-1: config 0 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 379.315020][T17205] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 379.327982][T17205] BTRFS info (device loop1): using free space tree [ 379.339027][T17205] BTRFS info (device loop1): has skinny extents [ 379.469263][ T4684] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 379.478963][ T4216] usb 4-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d [ 379.502666][ T4684] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.525321][ T4216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.540920][ T4684] usb 5-1: Product: syz [ 379.555908][ T4684] usb 5-1: Manufacturer: syz [ 379.565692][ T4684] usb 5-1: SerialNumber: syz [ 379.573742][ T4216] usb 4-1: Product: syz [ 379.578264][ T4216] usb 4-1: Manufacturer: syz [ 379.606252][T17225] loop2: detected capacity change from 0 to 32768 [ 379.614159][ T4216] usb 4-1: SerialNumber: syz [ 379.631337][T17225] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.5886 (17225) [ 379.633109][ T4684] usb 5-1: config 0 descriptor?? [ 379.651953][T17205] BTRFS info (device loop1): enabling ssd optimizations [ 379.682630][ T4216] usb 4-1: config 0 descriptor?? [ 379.720358][T17225] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 379.722205][T17210] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 379.731191][T17225] BTRFS info (device loop2): force zlib compression, level 3 [ 379.745889][T17225] BTRFS info (device loop2): force clearing of disk cache [ 379.753341][T17225] BTRFS info (device loop2): setting nodatasum [ 379.759859][T17225] BTRFS info (device loop2): doing ref verification [ 379.766638][T17225] BTRFS info (device loop2): allowing degraded mounts [ 379.769263][ T4684] hub 5-1:0.31: bad descriptor, ignoring hub [ 379.774290][T17225] BTRFS info (device loop2): using free space tree [ 379.779838][ T4684] hub: probe of 5-1:0.31 failed with error -5 [ 379.786792][T17225] BTRFS info (device loop2): has skinny extents [ 379.801935][T17210] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 379.884908][ T4684] usb 5-1: Found UVC 0.04 device syz (046d:08c3) [ 379.923939][T17259] loop0: detected capacity change from 0 to 16 [ 379.961468][ T4684] usb 5-1: No valid video chain found. [ 379.982799][T17259] erofs: (device loop0): mounted with root inode @ nid 36. [ 380.059262][ T4220] usb 4-1: USB disconnect, device number 24 [ 380.086445][T17276] netlink: 208 bytes leftover after parsing attributes in process `syz.0.5894'. [ 380.159809][ T4684] usb 5-1: USB disconnect, device number 28 [ 380.221390][T17225] BTRFS info (device loop2): enabling ssd optimizations [ 380.357111][T17280] device erspan1 entered promiscuous mode [ 380.387744][T17225] BTRFS info (device loop2): clearing free space tree [ 380.421716][T17225] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 380.427235][ C0] vkms_vblank_simulate: vblank timer overrun [ 380.455123][ T5253] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by udevd (5253) [ 380.471214][T17225] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 380.576673][T17225] BTRFS info (device loop2): creating free space tree [ 380.613181][T17225] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 380.632120][T17225] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 380.891525][T17299] Unsupported ieee802154 address type: 0 [ 381.084204][T17308] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5908'. [ 381.650291][T17334] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5931'. [ 381.791471][ T4370] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 381.841486][T17345] kAFS: No cell specified [ 381.846499][T17343] loop4: detected capacity change from 0 to 2048 [ 381.949801][T17343] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 381.951477][ T1110] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 382.177903][ T4370] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xE8, skipping [ 382.199069][ T4370] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 382.361574][ T1110] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 382.380139][ T1110] usb 4-1: config 0 has no interface number 0 [ 382.386916][ T4370] usb 1-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 382.396578][ T1110] usb 4-1: config 0 interface 128 altsetting 6 endpoint 0x5 has invalid maxpacket 1024, setting to 1023 [ 382.418856][ T4370] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.428999][ T4370] usb 1-1: Product: syz [ 382.433661][ T1110] usb 4-1: config 0 interface 128 altsetting 6 endpoint 0xF has invalid maxpacket 512, setting to 64 [ 382.451153][ T4370] usb 1-1: Manufacturer: syz [ 382.455974][ T4370] usb 1-1: SerialNumber: syz [ 382.461498][ T1110] usb 4-1: config 0 interface 128 altsetting 6 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 382.473564][ T1110] usb 4-1: config 0 interface 128 has no altsetting 0 [ 382.488923][T17353] loop1: detected capacity change from 0 to 32768 [ 382.490389][ T4370] usb 1-1: config 0 descriptor?? [ 382.497274][T17349] loop2: detected capacity change from 0 to 32768 [ 382.537704][T17349] (syz.2.5903,17349,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 382.556193][T17349] (syz.2.5903,17349,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 382.603238][T17349] JBD2: Ignoring recovery information on journal [ 382.645072][T17353] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 382.654429][ T1110] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=95.91 [ 382.665348][ T1110] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.673329][T17353] BTRFS info (device loop1): using free space tree [ 382.673671][ T1110] usb 4-1: Product: syz [ 382.680178][T17353] BTRFS info (device loop1): has skinny extents [ 382.684437][ T1110] usb 4-1: Manufacturer: syz [ 382.684464][ T1110] usb 4-1: SerialNumber: syz [ 382.702696][ T1110] usb 4-1: config 0 descriptor?? [ 382.710007][T17349] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 382.755108][ T1110] radio-si470x 4-1:0.128: could not find interrupt in endpoint [ 382.798194][ T1110] radio-si470x: probe of 4-1:0.128 failed with error -5 [ 382.805872][ T1110] usbhid 4-1:0.128: couldn't find an input interrupt endpoint [ 382.806867][T17349] [ 382.815834][T17349] ====================================================== [ 382.823139][T17349] WARNING: possible circular locking dependency detected [ 382.830278][T17349] 5.15.182-syzkaller #0 Not tainted [ 382.835495][T17349] ------------------------------------------------------ [ 382.842644][T17349] syz.2.5903/17349 is trying to acquire lock: [ 382.848741][T17349] ffff88807b8d6650 (sb_internal#3){.+.+}-{0:0}, at: ocfs2_acquire_dquot+0x677/0xaf0 [ 382.858199][T17349] [ 382.858199][T17349] but task is already holding lock: [ 382.860568][ T1110] usb 1-1: USB disconnect, device number 25 [ 382.866099][T17349] ffff88805eebcda0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1e5/0x270 [ 382.866164][T17349] [ 382.866164][T17349] which lock already depends on the new lock. [ 382.866164][T17349] [ 382.866170][T17349] [ 382.866170][T17349] the existing dependency chain (in reverse order) is: [ 382.866179][T17349] [ 382.866179][T17349] -> #6 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}: [ 382.866208][T17349] down_write+0x38/0x60 [ 382.866229][T17349] ocfs2_lock_global_qf+0x1e5/0x270 [ 382.922663][T17349] ocfs2_acquire_dquot+0x29d/0xaf0 [ 382.928503][T17349] dqget+0x778/0xeb0 [ 382.932955][T17349] dquot_set_dqblk+0x27/0xf90 [ 382.938197][T17349] quota_setquota+0x4ac/0x530 [ 382.943643][T17349] __se_sys_quotactl+0x295/0x6c0 [ 382.949309][T17349] do_syscall_64+0x4c/0xa0 [ 382.954299][T17349] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 382.960836][T17349] [ 382.960836][T17349] -> #5 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}: [ 382.971567][T17349] down_write+0x38/0x60 [ 382.976525][T17349] ocfs2_lock_global_qf+0x1c7/0x270 [ 382.982274][T17349] ocfs2_acquire_dquot+0x29d/0xaf0 [ 382.987933][T17349] dqget+0x778/0xeb0 [ 382.992386][T17349] dquot_set_dqblk+0x27/0xf90 [ 382.997704][T17349] quota_setquota+0x4ac/0x530 [ 383.003046][T17349] __se_sys_quotactl+0x295/0x6c0 [ 383.008632][T17349] do_syscall_64+0x4c/0xa0 [ 383.013598][T17349] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 383.020208][T17349] [ 383.020208][T17349] -> #4 (&dquot->dq_lock){+.+.}-{3:3}: [ 383.027886][T17349] __mutex_lock_common+0x1eb/0x2390 [ 383.033672][T17349] mutex_lock_nested+0x17/0x20 [ 383.039078][T17349] dquot_commit+0x5a/0x410 [ 383.044270][T17349] ext4_write_dquot+0x1f0/0x360 [ 383.049850][T17349] mark_all_dquot_dirty+0xf9/0x400 [ 383.055523][T17349] __dquot_free_space+0x7ca/0xb90 [ 383.061202][T17349] ext4_free_blocks+0x1af5/0x2480 [ 383.066916][T17349] ext4_ext_remove_space+0x1eaa/0x4390 [ 383.073053][T17349] ext4_ext_truncate+0x192/0x240 [ 383.078557][T17349] ext4_truncate+0x9f1/0x10d0 [ 383.083870][T17349] ext4_process_orphan+0x1cb/0x300 [ 383.089537][T17349] ext4_orphan_cleanup+0xaa9/0x12e0 [ 383.095445][T17349] ext4_fill_super+0x9288/0x9a00 [ 383.101021][T17349] mount_bdev+0x287/0x3c0 [ 383.105987][T17349] legacy_get_tree+0xe6/0x180 [ 383.111309][T17349] vfs_get_tree+0x88/0x270 [ 383.116326][T17349] do_new_mount+0x24a/0xa40 [ 383.121472][T17349] __se_sys_mount+0x2d6/0x3c0 [ 383.126701][T17349] do_syscall_64+0x4c/0xa0 [ 383.131669][T17349] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 383.138110][T17349] [ 383.138110][T17349] -> #3 (&ei->i_data_sem){++++}-{3:3}: [ 383.145872][T17349] down_write+0x38/0x60 [ 383.148580][T17353] BTRFS info (device loop1): enabling ssd optimizations [ 383.150670][T17349] ext4_truncate+0x96d/0x10d0 [ 383.150699][T17349] ext4_setattr+0xffe/0x19e0 [ 383.168132][T17349] notify_change+0xbcd/0xee0 [ 383.173357][T17349] do_truncate+0x197/0x220 [ 383.178323][T17349] do_sys_ftruncate+0x31b/0x3d0 [ 383.183967][T17349] do_syscall_64+0x4c/0xa0 [ 383.189033][T17349] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 383.195473][T17349] [ 383.195473][T17349] -> #2 (jbd2_handle){++++}-{0:0}: [ 383.202860][T17349] start_this_handle+0x1338/0x15a0 [ 383.208516][T17349] jbd2__journal_start+0x2b7/0x5a0 [ 383.214153][T17349] jbd2_journal_start+0x26/0x30 [ 383.219543][T17349] ocfs2_start_trans+0x374/0x6c0 [ 383.225101][T17349] ocfs2_mknod+0xe2f/0x22b0 [ 383.230212][T17349] ocfs2_create+0x192/0x410 [ 383.235255][T17349] path_openat+0x11e1/0x2f30 [ 383.240414][T17349] do_filp_open+0x1b3/0x3e0 [ 383.245523][T17349] do_sys_openat2+0x142/0x4a0 [ 383.250806][T17349] __x64_sys_open+0x11b/0x140 [ 383.256008][T17349] do_syscall_64+0x4c/0xa0 [ 383.261033][T17349] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 383.267448][T17349] [ 383.267448][T17349] -> #1 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 383.275985][T17349] down_read+0x44/0x2e0 [ 383.280677][T17349] ocfs2_start_trans+0x368/0x6c0 [ 383.286168][T17349] ocfs2_mknod+0xe2f/0x22b0 [ 383.291237][T17349] ocfs2_create+0x192/0x410 [ 383.296300][T17349] path_openat+0x11e1/0x2f30 [ 383.301538][T17349] do_filp_open+0x1b3/0x3e0 [ 383.306693][T17349] do_sys_openat2+0x142/0x4a0 [ 383.312106][T17349] __x64_sys_open+0x11b/0x140 [ 383.317432][T17349] do_syscall_64+0x4c/0xa0 [ 383.322610][T17349] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 383.329039][T17349] [ 383.329039][T17349] -> #0 (sb_internal#3){.+.+}-{0:0}: [ 383.336700][T17349] __lock_acquire+0x2c33/0x7c60 [ 383.342093][T17349] lock_acquire+0x197/0x3f0 [ 383.347128][T17349] ocfs2_start_trans+0x269/0x6c0 [ 383.352591][T17349] ocfs2_acquire_dquot+0x677/0xaf0 [ 383.358404][T17349] dqget+0x778/0xeb0 [ 383.362940][T17349] dquot_set_dqblk+0x27/0xf90 [ 383.368314][T17349] quota_setquota+0x4ac/0x530 [ 383.373516][T17349] __se_sys_quotactl+0x295/0x6c0 [ 383.379215][T17349] do_syscall_64+0x4c/0xa0 [ 383.384352][T17349] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 383.391109][T17349] [ 383.391109][T17349] other info that might help us debug this: [ 383.391109][T17349] [ 383.401535][T17349] Chain exists of: [ 383.401535][T17349] sb_internal#3 --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7 --> &ocfs2_quota_ip_alloc_sem_key [ 383.401535][T17349] [ 383.418847][T17349] Possible unsafe locking scenario: [ 383.418847][T17349] [ 383.426716][T17349] CPU0 CPU1 [ 383.432272][T17349] ---- ---- [ 383.437984][T17349] lock(&ocfs2_quota_ip_alloc_sem_key); [ 383.443798][T17349] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7); [ 383.453609][T17349] lock(&ocfs2_quota_ip_alloc_sem_key); [ 383.462046][T17349] lock(sb_internal#3); [ 383.466304][T17349] [ 383.466304][T17349] *** DEADLOCK *** [ 383.466304][T17349] [ 383.474528][T17349] 4 locks held by syz.2.5903/17349: [ 383.479748][T17349] #0: ffff88807b8d60e0 (&type->s_umount_key#75){++++}-{3:3}, at: user_get_super+0x118/0x240 [ 383.490412][T17349] #1: ffff88805eef20a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x290/0xaf0 [ 383.500540][T17349] #2: ffff88805eebd108 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x1c7/0x270 [ 383.514314][T17349] #3: ffff88805eebcda0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1e5/0x270 [ 383.525844][T17349] [ 383.525844][T17349] stack backtrace: [ 383.532346][T17349] CPU: 0 PID: 17349 Comm: syz.2.5903 Not tainted 5.15.182-syzkaller #0 [ 383.540841][T17349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 383.551357][T17349] Call Trace: [ 383.554738][T17349] [ 383.557755][T17349] dump_stack_lvl+0x168/0x230 [ 383.562452][T17349] ? load_image+0x3b0/0x3b0 [ 383.566951][T17349] ? show_regs_print_info+0x20/0x20 [ 383.572163][T17349] ? print_circular_bug+0x12b/0x1a0 [ 383.577466][T17349] check_noncircular+0x274/0x310 [ 383.582445][T17349] ? add_chain_block+0x940/0x940 [ 383.587738][T17349] ? lockdep_lock+0xdc/0x1e0 [ 383.592554][T17349] ? mark_lock+0x94/0x320 [ 383.596921][T17349] ? mark_lock+0x94/0x320 [ 383.601297][T17349] __lock_acquire+0x2c33/0x7c60 [ 383.606170][T17349] ? verify_lock_unused+0x140/0x140 [ 383.611409][T17349] ? verify_lock_unused+0x140/0x140 [ 383.616635][T17349] ? quota_setquota+0x4ac/0x530 [ 383.621490][T17349] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 383.627668][T17349] ? verify_lock_unused+0x140/0x140 [ 383.633102][T17349] lock_acquire+0x197/0x3f0 [ 383.637731][T17349] ? ocfs2_acquire_dquot+0x677/0xaf0 [ 383.643051][T17349] ? __might_sleep+0xf0/0xf0 [ 383.647642][T17349] ? do_raw_spin_lock+0x11d/0x280 [ 383.652683][T17349] ? read_lock_is_recursive+0x10/0x10 [ 383.658199][T17349] ? __rwlock_init+0x140/0x140 [ 383.662978][T17349] ? do_raw_spin_unlock+0x11d/0x230 [ 383.668193][T17349] ocfs2_start_trans+0x269/0x6c0 [ 383.673151][T17349] ? ocfs2_acquire_dquot+0x677/0xaf0 [ 383.678468][T17349] ? ocfs2_recovery_exit+0x280/0x280 [ 383.683985][T17349] ? do_raw_spin_unlock+0x11d/0x230 [ 383.689416][T17349] ? _raw_spin_unlock+0x24/0x40 [ 383.694597][T17349] ? ocfs2_qinfo_unlock+0x11a/0x140 [ 383.699958][T17349] ocfs2_acquire_dquot+0x677/0xaf0 [ 383.705102][T17349] ? ocfs2_destroy_dquot+0x40/0x40 [ 383.710369][T17349] dqget+0x778/0xeb0 [ 383.730043][T17349] dquot_set_dqblk+0x27/0xf90 [ 383.734843][T17349] quota_setquota+0x4ac/0x530 [ 383.739537][T17349] ? quota_getnextquota+0x450/0x450 [ 383.744881][T17349] ? bpf_lsm_capable+0x5/0x10 [ 383.749575][T17349] ? do_quotactl+0x4f3/0x710 [ 383.754525][T17349] __se_sys_quotactl+0x295/0x6c0 [ 383.759791][T17349] ? __x64_sys_quotactl+0xa0/0xa0 [ 383.764826][T17349] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 383.770921][T17349] ? lock_chain_count+0x20/0x20 [ 383.775868][T17349] ? vtime_user_exit+0x2dc/0x400 [ 383.780833][T17349] ? lockdep_hardirqs_on+0x94/0x140 [ 383.786164][T17349] do_syscall_64+0x4c/0xa0 [ 383.790812][T17349] ? clear_bhb_loop+0x15/0x70 [ 383.796387][T17349] ? clear_bhb_loop+0x15/0x70 [ 383.801191][T17349] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 383.807356][T17349] RIP: 0033:0x7f65f011a969 [ 383.811893][T17349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.831624][T17349] RSP: 002b:00007f65edf82038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3 [ 383.840774][T17349] RAX: ffffffffffffffda RBX: 00007f65f0341fa0 RCX: 00007f65f011a969 [ 383.848767][T17349] RDX: 0000000000000000 RSI: 0000200000000340 RDI: ffffffff80000800 [ 383.856999][T17349] RBP: 00007f65f019cab1 R08: 0000000000000000 R09: 0000000000000000 [ 383.865182][T17349] R10: 0000200000000d00 R11: 0000000000000246 R12: 0000000000000000 [ 383.873301][T17349] R13: 0000000000000000 R14: 00007f65f0341fa0 R15: 00007ffc2b547538 [ 383.881388][T17349] [ 383.931674][ T4171] ocfs2: Unmounting device (7,2) on (node local) [ 383.982887][ T13] usb 4-1: USB disconnect, device number 25