last executing test programs: 5.101047217s ago: executing program 2 (id=5819): r0 = socket$netlink(0x10, 0x3, 0x15) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="04010000100053daf61e34f45cf6b96631cc95499f6ee65b892a48aa6a0652dd0a96f4d612b3bfa3f6e6c9125a038f756ae3ee498cc1696a2b729e7fa4c5dd84087e7a9934109254a3ed808d7655f1ef"], 0x104}, 0x1, 0x0, 0x0, 0x20040890}, 0x200080c0) 4.60676857s ago: executing program 2 (id=5825): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file0\x00', 0xa10004, &(0x7f0000000680)={[{@adinicb}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@adinicb}, {@uid}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@mode={'mode', 0x3d, 0x8}}, {@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@adinicb}, {@gid_forget}, {@lastblock={'lastblock', 0x3d, 0x7}}, {@gid_forget}, {@unhide}]}, 0x1, 0xc51, &(0x7f0000001100)="$eJzs3U9sHNd9B/DfGy3FldJWTJwoThoHm7pIZcVy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3JJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr50+kzaZsOhh9AYAOCBuDL6tdNnt3v+AwCPras7/f8/AAAAAAAAAAAAAABwUKQo4olIMXtlNY1Xnzvql9t9t++MDQ1vX+1IqmoeqsqXP/UzZ8+d//Lzgxe6ebk9/T7199pn49XRq5caL83cmp2bnJ+fnGiMTbevz0xM3vMedlt/q5PVCWjceu32xI0b842zz53btPnOwHv9Hzs+cHHwmVNPdcuODQ0Pj24UqfeWr913Qzp2GuFxOIo4FSme/f7PUisiitj9uag/2Gu/1ZGqEyerTowNDVcdmWq3phfKjSPdE1FENHoqNbvnaPtrEbW+B9qHnTUjFsvmlw0+WXZvdLY117o2NdkYac0ttBfaM9MjqdPasj+NKOJCiliKiJX+u3fXF0XUIsV3j62ma/mtH9V5+FI1MHjndhT72Md7ULaz0RexVDwC1+wA648iXokUP3/7RFzP95nqXvPFiFfK/GHEm2W+GJHKL8b5iHe3+R7xaKpFEX9eXv+Lq2miuh907yuXv9746vSNmZ6y3fvKh3w+3HWneEjPhyNb8sE44PemehTRqu74q+n+f7MDAAAAAAAAAAAAAAAAwF47EkV8JlK8/G9/VI0rjmpc+rGLg78/8Ku9Y8af/ID9lGWfi4jF4t7G5B7OAwNH0khKD3ks8UdZPYr44zz+79sPuzEAAAAAAAAAAAAAAAAAAAAfaUX8NFK88M6JtBS9c4q3p282rrauTXVmhe3O/dudM31tbW2tkTrZzDmeczHnUs7lnCs5o8j1czZzjudczLmUcznnSs44lOvnbOYcz7mYcynncs6VnFHL9XM2c47nXMy5lHM550rOOCBz9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPE6KKOKXkeI731xNkSKiGTEenVzuf9itAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABK/amIH0SKxh8019fVIiJV/3acKH85H83DZX4imoNlvhjNSzlbVdaa334I7Wd3+lIRP4kU/fW31i94vv59nU/rX4N481sbnz5b6+Sh7saB9/o/dvzYxcHhzz+503LargEnL7enb99pjA0ND4/2rK7lo3+iZ91APm6xN10nIuZff+O11tTU5Nz9L5Rfgfus3r2Suzj6g1xItUemqRb2YiFqB6IZD6fvm9Qfxs2JfVc+/9+NFL/9zr93H/id5389fqXzaf0JH7/4k43n/wtbd3SPz//a1nr5+V8+CbZ7/j/Rs+6F/LuRvlpEfeHWbN/xiPr862+cat9q3Zy8OTl9/vTprwwOfuXc6b7DEfUb7anJnqU9OV0AAAAAAAAAAAAAAAAAD04q4ncjResnq6kREXeq8VoDFwefOfXUoThUjbfaNG771dGrlxovzdyanZucn5+caIxNt6/PTEze6+Hq1XCvsaHhfenMBzqyz+0/Un9pZvb1ufbNP1zYdvvR+qVr8wtzrevbb44jUUQ0e9ecrBo8NjRcNXqq3Zquqo5sO5j+w+tLRfxHpLh+vpG+kNfl8f9bR/hvGv+/uHVHezj+//NHN8b/fbynaHnMlIr4RaT4rb94Mr5QtfNo3HXOcrm/iRQnL3wul4vDZbluGzrvFeiMDCzL/k+k+Idfbi7bHQ/5xEbZMx/q5D4Cyut/LFL84M++F7+R121+/8P21//o1h3t0/sfPtmz7uim9xXsuuvk638qUrz4xFvxdLXm/973/R/dNzacePpclevv59in6/+pnnUD1XEjfnPPeg8AAAAAAAAAAPDo6ktF/G2k+NFwLT2f193L3/+b2Lqjffr7X5/uWTexN/MVfeDCrk8qAAAAABwQfamIn0aKmwtvrY+h3jz+u2f85+9sjP8cSlu2Vn/O92vVewP28s//eg3k447vvtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvXxajz/xI7zqS9Hipf/69lcLh0vy3XngR+ofq1fmZk+dWlqaqYeC61rU5ON0dnW9cmy7icjxepffy7XLar51bvzzXfmeN+Yi30uUgz/Xbds5wWk3bnJO/OB19fWIs6UZT8eKf7z79fLVvt9Opf91MZ+z5Zl/ypSfOOfti97fKPsubLs9yLFj7/R6JY9Wpbtvh/10xtln7s+U+z9RQEAAAAAAAAAAAAAAAAAAOAjpy8V8aeR4r9vLa2P5c/z//f1fKy8+a2e+f63uFPN8z9Qzf+/0/L9zP9fvVdgcaejAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA4ylFEW9Eitkrq2m5v/zcUb/cnr59Z2xoePtqR1JV81BVvvypnzl77vyXnx+80M33r7/XPhOvjl691Hhp5tbs3OT8/OREY2y6fX1mYvKe97Db+ludrE5A49Zrtydu3JhvnH3u3KbNdwbe6//Y8YGLg8+ceqpbdmxoeHi0p0yt776Pfpe0w/rDUcRfRopnv/+z9KP+iCJ2fy4+4Luz345UnThZdWJsaLjqyFS7Nb1QbhzpnogiotFTqdk9Rw/gWuxKM2KxbH7Z4JNl90ZnW3Ota1OTjZHW3EJ7oT0zPZI6rS3704giLqSIpYhY6b97d31RxGuR4rvHVtM/90cc6p6HL10Z/drpszu3o9jHPt6Dsp2Nvoil4hG4ZgdYfxTxj5Hi52+fiH/pj6hF5ye+GPFKmT+MeDM61zuVX4zzEe9u8z3i0VSLIv63vP4XV9Pb/eX9oHtfufz1xlenb8z0lO3eVx7558ODdMDvTfUo4sfVHX81/av/rgEAAAAAAAAAAAAAAAAOkCJ+PVK88M6JVI0PXh9T3J6+2bjaujbVGdbXHfvXHTO9tra21kidbOYcz7mYcynncs6VnFHk+jmbZdbX1sbz58WcSzmXc67kjEO5fs5mzvGcizmXci7nXMkZtVw/ZzPneM7FnEs5l3Ou5IwDMnYPAAAAAAAAAAAAAAAAAAB4vBTVPym+883VtNbfmV96PDq5bD7Qx97/BwAA//8ttvY7") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) 4.32575294s ago: executing program 3 (id=5828): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000200)=0x201, 0x4) 3.999153232s ago: executing program 3 (id=5831): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000200)={0x8, @output={0x1000, 0x1, {0x80000000, 0x7fff}, 0x7, 0x6}}) 3.836401827s ago: executing program 2 (id=5833): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3a, 0x0, 0x0) 3.69204175s ago: executing program 3 (id=5836): mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000003, 0x6031, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x1, &(0x7f0000002600)=[&(0x7f0000ffc000/0x1000)=nil], &(0x7f0000002640)=[0x1], &(0x7f0000000000), 0x0) 3.550865359s ago: executing program 2 (id=5837): r0 = syz_open_dev$video(&(0x7f0000001100), 0xe, 0x20000) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000001140)={0x9, 0x2, 0x4, {0x9, @pix_mp={0x8, 0x1c79, 0x30364d54, 0x0, 0x3, [{0xfffffffc, 0x3}, {0xe279, 0x5}, {0x7, 0x4fab}, {0x86, 0xa}, {0x3, 0x5}, {0x8, 0x3}, {0xff, 0x2}, {0x1, 0x9}], 0x24, 0x1, 0x8, 0x2, 0x7}}, 0xffffffff}) 3.260891067s ago: executing program 2 (id=5841): mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001b61e308d016a91052300102030109021b0001000000000904000001ff7f8000090503"], 0x0) 2.477787271s ago: executing program 3 (id=5850): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}]}}}]}, 0x3c}}, 0x0) 2.460758851s ago: executing program 1 (id=5851): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_opts(r0, 0x0, 0x12, &(0x7f0000937fed)=""/3, &(0x7f0000000100)=0x3) 2.234326957s ago: executing program 1 (id=5854): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000200)=@userptr={0xc7, 0x9, 0x4, 0x20, 0x5, {0x77359400}, {0x2, 0x3, 0x0, 0x5, 0x1, 0x5, "da08900a"}, 0x7, 0x2, {&(0x7f0000000080)}, 0x5}) 2.211412425s ago: executing program 3 (id=5855): r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'veth1_to_batadv\x00', &(0x7f0000000000)=@ethtool_link_settings={0x1f, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0xfe, 0x6, [0x7, 0x0, 0x0, 0xffffffff]}}) 2.048367882s ago: executing program 1 (id=5857): r0 = syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000080)={[{@nodots}, {@dots}, {@fat=@usefree}, {@dots}, {@fat=@flush}]}, 0x0, 0x22d, &(0x7f00000029c0)="$eJzs3b2KE1EYBuDP3exu2MatxWLAxiqodzDICuKAEJlCKwdWm10RZpvRKpfhNXhJXsZW6UbMhPwZbTQes/M8EOaFl8B3mpwU5yRv73+4vPh4/b799iWGwywGEZOYRpzFQRxG5878eTDLx7FqEgDAvhmPqzz1DOxWXefVUUSc/NSUX5MMBAAAAAAAAAAAwB9z/h8A+sf5/9uvrvPqdP79bZ3z/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA607a92/7mlXo+AODvs/8DQP/Y/wGgf+z/ANA/r16/eZEXxfk4y4YRN5OmbMru2fXPnhfnj7KZs+W7bpqmPFz0j7s+W++P4nTeP9naH8fDB13/o3v6stjoT+Ji98sHAAAAAAAAAAAAAAAAAACA/8IoW9h6v380+lXfpZXfB9i4vz+Ie4N/tgwAAAAAAAAAAAAAAAAAAADYa9efPl9WV1fvakEQhEVI/ckEAAAAAAAAAAAAAAAAAAD9s7z0m3oSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEhn+f//uwup1wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0w/cAAAD//wu+k9A=") fstatfs(r0, &(0x7f00000000c0)=""/169) 2.024385948s ago: executing program 3 (id=5858): syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 1.791182591s ago: executing program 1 (id=5862): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, 0x0, 0x0) 1.700057742s ago: executing program 4 (id=5865): r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0) 1.548479054s ago: executing program 1 (id=5867): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x8c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}]}, 0x8c}}, 0x0) 1.53740114s ago: executing program 2 (id=5868): syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=") quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x9, 0x1, 0x20000000000081, 0x6, 0x1, 0x6, 0x2, 0x369, 0x1020003f}) 1.514117573s ago: executing program 4 (id=5870): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x84}}, 0x20050800) 1.367473693s ago: executing program 5 (id=5871): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x300, 0x0, 0x0, 0x0, 0x4, 0x6}, 0x20) 1.284635059s ago: executing program 4 (id=5872): r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) write$sndseq(r0, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x4}, {}, @ext={0x50, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time={0xffff, 0xa5}, {}, {0x2}, @connect={{0x2, 0x3}, {0x3}}}, {0x0, 0x0, 0x0, 0x0, @time={0x2, 0x2}, {0x0, 0x8}, {}, @control}, {0x0, 0x0, 0x1, 0x0, @time, {}, {}, @connect={{}, {0x0, 0x5}}}], 0x68) 1.221947494s ago: executing program 1 (id=5874): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x444a, &(0x7f00000088c0)="$eJzs3c9vE9kdAPA3kwCBAg2UA5Uq1VKRWrVVlHBqG6SGEAgJpFS0cOjFOImBtE6MEqfqgUN6Q+qpUg/VHtCutLecUKQ9s3/CXvbInpF2D3tZaSW0WdkeJ56xTQxrJxv28zl4PO93/J0fb5CGFycqD5fWcktrucJKrrxwf+1i7p/l0vpyMcT7pG3/R/avf7rTj+PkdW1+1LOR086tK9f+cvdiCB8vfvpye3t7O1QNhrbGmr5/9eXjheZtQ5ypU223fWu98rcQwrmWcVUNhBCGQghRCOFykjaZbI+HEE4leXcf/+derkejefaieCn/au7J1viF2c2nW53/9iiE90o//e2D5c9/MTD+2a971D0AAAAAAAAAAAAAAAAAAIfc9O1bd/48OhaeR2FwM2p9X3c62XZ6P3a7Z37e/z8WAAAAAAAAAAAAAAAAAAAAvqd23//PRWfbvP8/lWwnUrWinW/bf9yfcdIfM3+6NXV1dCxZ/z1qyf9dkvTF5YFwps2679n13y9n6rdf/721n7fVGF+j3+EQxSOp/TgeGQnhg2Th9/PRibhUXqv85n55fWWxZ8M4tNLxr6/en4pOsqB/l/GPJzPt93/9/5+0HE3V/Xu9O8Teaen4D3Qs9+G/o67O/yuZevsRf95eOv6DtbTjzQUm6heAavz/O7h3/Kcy7fco/keyCadDCLmoOtZc6gpQncNU0yd60OkPQTr+9Z85delMfshO5//XmfhfzbR/UNf/jeyNiLbS8T9aSxtKlThW+6zFP977/L+Waf8g4l8d/4b7f1fS8a/H+mi6SO2X7Pb6P51pv2P8j323cd+p3paqt6vTUeoI2Izq6bv/X13LrYMm6fgPteTvPv/FXc3/rmfqv/b5r7W7N9YYX6PfxvNf4/L/q6j+/Ed7jfif2KNct+f/TKZev6//E7X535uIevrvD4dd+vyvHwXpufNw7bPb+M9m2u9X/GtPJUON+O/G85tj9fT3zf+6ko7/j+qJcXOJjdpnbf4X7T3/v5Fp/yDmf9Xxb8T97fVdkY7/yY7lqvH/pIv7/81Mvf7HP4RRl/O3lo7/qY7lauf/0N7xn8vU63f8f9nPxgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgclkOxyieCS1H8cjIyFcSfbPhxPRfGExP18qL/xjLYSpJD0XzkYPSuX5Qim/tFJeLOYLpVJ5IYSrSf65MBStlcqV/HLh0bWdto5HD4uF1cp8sVAJIUwn6T8LpxptzS9VlguPQgjXd/J+HJdXHz0srOQXl1b/MDo6OhpmdsZwJir+q1JcqdR7r+eGMLtTdzhqGlwt+8bOWE5Gfy+vr64USrX0m011SuWFQqmpzlyS979wJqqsrq8sFCrFfKn8oNHfQZpItlMzt/96++ZYS/69qL6d3N9hAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCGno///v8hhMH6XhxCmGh8idqVf/aieCn/au7J1viF2c2nWy87lQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+ZQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgq7dIyaQBCFAfjNpEjS5RiplqRLuyEQkiIbBE+gx/AwehQv4R0sLGwtRJBd1HUXttHq+5oH8zPzHswDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAYb5H1fj/7T0ixdP+MWI5Xa3P89+6zj+77z/cYUZu5+ev+jr9YbrKP+qjTZmP6W47m0RHbSxae9Lep8s+z71z9e1b33xN35dIuYiIss5fU85FMewtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHjgUAAAAAhPlbR9G3AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AoAAP//GYUWeg==") symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00') 1.096020442s ago: executing program 5 (id=5875): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000000)=0x6, 0x4) 1.033842942s ago: executing program 4 (id=5877): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r0, 0x40046210, &(0x7f0000000080)=0x1) 870.01469ms ago: executing program 5 (id=5878): r0 = socket(0x848000000015, 0x805, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0x40000}, 0x10}, 0x1c) 805.069958ms ago: executing program 0 (id=5879): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd2d, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x3000000}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8000, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x800000, 0x0, 0x6}, {0x0, 0xc3, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x4, 0x0, 0x8000000, 0x0, 0x200000}, {}, {0x2, 0x0, 0x0, 0x0, 0x6, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x1, 0x0, 0xfff}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {0x20000}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x60569add}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xffffffff, 0x9}, {0x0, 0x0, 0x0, 0x0, 0xfffff800}, {0x0, 0x0, 0x0, 0x0, 0x9}, {}, {0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {0xfffffffe, 0x9, 0x0, 0xffffffff, 0x0, 0x2}, {}, {0x80}, {0x80, 0x0, 0x0, 0x0, 0x400}, {0x0, 0x0, 0x0, 0x5, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x2, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {0x4}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x8510}, {0xffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x2}, {}, {0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {0x0, 0x7}, {}, {0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x9}, {0x0, 0xfffffffc, 0x200, 0x0, 0x0, 0xffffffff}, {0xffffffff}, {}, {0x4}, {}, {0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x3}, {0x0, 0x0, 0x0, 0x4, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x1, 0x7}, {0x0, 0xb}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x56}, {0x0, 0x0, 0x0, 0xec33, 0x0, 0x4}, {}, {0xb, 0x0, 0x0, 0x0, 0x0, 0xfe1}, {0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f}, {}, {0x0, 0x8, 0x0, 0x0, 0xfffffffe}, {0x0, 0x2, 0x0, 0x2, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0xe9d, 0x58a}, {0x2}, {0x2, 0x9, 0x20000000}, {0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0xe600, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x7, 0x1}, {0x0, 0x5, 0x0, 0x0, 0xffffff77}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {0xfffffffb, 0x0, 0x0, 0x0, 0x8000}, {0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x2d}, {0x0, 0x0, 0x8000}, {0x0, 0x8000}, {0x0, 0x0, 0x10000}, {0x0, 0x80000000, 0x0, 0x7fff800, 0x4}, {0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0xd}], [{}, {}, {0x0, 0x1}, {0x1}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5, 0x1}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {0x3, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {0x4}, {0x3}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) 796.676442ms ago: executing program 4 (id=5880): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000540)=@ethtool_perm_addr={0x4b, 0x4a, "43720700000000004786b89e6fb2940acfbe4c3f9725f0f2bf568d62c050880594c23d36d68dbac78c2893c6a979"}}) 607.353631ms ago: executing program 4 (id=5881): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) exit(0x0) 606.550327ms ago: executing program 5 (id=5882): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xbc}, 0x1, 0x0, 0x0, 0x4}, 0x40050) 572.977778ms ago: executing program 0 (id=5883): r0 = syz_open_dev$swradio(&(0x7f0000000280), 0x0, 0x2) ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f00000002c0)={0x1, "52ff465780c668cf81c451293aabc90f4b3c3a82dcafbdd39d9be64f46dff5df"}) 359.233796ms ago: executing program 5 (id=5884): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0xe8982, 0xc3) write$FUSE_DIRENT(r0, &(0x7f0000000300)=ANY=[@ANYRESDEC, @ANYRESDEC], 0x200001d0) 358.713404ms ago: executing program 0 (id=5885): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80045510, &(0x7f0000000000)={0x100}) 161.968251ms ago: executing program 0 (id=5886): r0 = socket(0x1e, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8992, &(0x7f0000000040)={'bond0\x00', @ifru_names='bond_slave_1\x00'}) 126.829774ms ago: executing program 0 (id=5887): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d0800fe007c05e8fe55a115000100ff11142603600e12080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0) 37.921479ms ago: executing program 5 (id=5888): r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204408, &(0x7f00000008c0), 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000440)={0x2, 0x6, {0xffffffffffffffff, @struct={0x84, 0x3}, 0x0, 0x5, 0x0, 0x1, 0x4, 0xfffffffffffffffb, 0x40, @struct={0x1d, 0xce82}, 0x4000, 0x5, [0x4, 0x8, 0x9c, 0x0, 0x0, 0x10000]}, {0xc1ce, @usage=0xc, 0x0, 0xffffffffffffffff, 0x80000000002000, 0x3, 0x0, 0x9, 0x5be, @struct={0x3, 0xf136}, 0x7f, 0xa, [0x4000004, 0x1, 0x2, 0xfffffffffffffffd, 0x8, 0x1]}, {0x1, @usage=0x101, 0x0, 0x7, 0x8, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xffffffffffffffff, 0x3f, @struct={0x0, 0x6}, 0xffffffff, 0x4, [0x80000000, 0x800004, 0x0, 0x3ff, 0x80, 0x400000]}, {0x0, 0x0, 0xa}}) 0s ago: executing program 0 (id=5889): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000700)=@newsa={0x184, 0x10, 0x1, 0x70bd28, 0x0, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x88}, {@in6=@dev={0xfe, 0x80, '\x00', 0x8a}, 0x0, 0x6c}, @in6=@remote, {}, {0x0, 0x0, 0x0, 0x800000000000}, {0x0, 0x5}, 0x0, 0x0, 0xa, 0x0, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_aead={0x4c, 0x12, {{'essiv(authencesn(tgr128,rfc3686(ecb(arc4))),blake2b-384-generic)'}}}]}, 0x184}}, 0x0) kernel console output (not intermixed with test programs): .3.4579'. [ 537.088279][T16262] netlink: 108 bytes leftover after parsing attributes in process `syz.3.4579'. [ 537.129174][T16262] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4579'. [ 537.401473][T16273] bond1: option ad_actor_sys_prio: mode dependency failed, not supported in mode active-backup(1) [ 537.437903][T16273] bond1 (unregistering): Released all slaves [ 537.577031][T16253] loop5: detected capacity change from 0 to 32768 [ 537.597774][T16253] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.4575 (16253) [ 537.647350][T16253] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 537.670021][T16253] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm [ 537.939816][T16253] BTRFS info (device loop5): enabling ssd optimizations [ 538.016027][T16253] BTRFS info (device loop5): turning on async discard [ 538.052402][T16253] BTRFS info (device loop5): enabling free space tree [ 538.321202][ T6122] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 538.475609][T16322] loop3: detected capacity change from 0 to 1024 [ 539.367868][T16354] Cannot find set identified by id 0 to match [ 539.386142][T16352] loop2: detected capacity change from 0 to 512 [ 539.464916][T16352] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 539.606562][T16352] ext4 filesystem being mounted at /714/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 539.624011][T16362] loop3: detected capacity change from 0 to 512 [ 539.709549][T16362] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 539.814165][ T6118] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 539.825791][T16362] ext4 filesystem being mounted at /796/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 539.843168][T16334] loop0: detected capacity change from 0 to 32768 [ 539.977386][T16372] loop1: detected capacity change from 0 to 256 [ 540.063216][T16372] FAT-fs (loop1): Directory bread(block 64) failed [ 540.097739][T16372] FAT-fs (loop1): Directory bread(block 65) failed [ 540.130559][T16372] FAT-fs (loop1): Directory bread(block 66) failed [ 540.137096][T16372] FAT-fs (loop1): Directory bread(block 67) failed [ 540.218563][T16372] FAT-fs (loop1): Directory bread(block 68) failed [ 540.258918][T16372] FAT-fs (loop1): Directory bread(block 69) failed [ 540.279085][ T6109] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 540.279985][T16372] FAT-fs (loop1): Directory bread(block 70) failed [ 540.341615][T16378] netlink: 'syz.2.4625': attribute type 1 has an invalid length. [ 540.368989][T16372] FAT-fs (loop1): Directory bread(block 71) failed [ 540.379509][T16372] FAT-fs (loop1): Directory bread(block 72) failed [ 540.386044][T16372] FAT-fs (loop1): Directory bread(block 73) failed [ 540.914219][T16391] loop0: detected capacity change from 0 to 8 [ 541.118650][T16398] loop1: detected capacity change from 0 to 256 [ 541.160882][T16398] exfat: Deprecated parameter 'utf8' [ 541.197019][T16368] loop5: detected capacity change from 0 to 32768 [ 541.216052][T16398] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 541.399150][T16397] loop4: detected capacity change from 0 to 4096 [ 541.478011][T16407] futex_wake_op: syz.3.4639 tries to shift op by 144; fix this program [ 541.542478][T16397] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 541.590781][T16397] ntfs3(loop4): Failed to initialize $Extend/$ObjId. [ 541.668869][T16412] loop5: detected capacity change from 0 to 1024 [ 541.933398][ T1301] hfsplus: b-tree write err: -5, ino 4 [ 542.378286][T16440] loop1: detected capacity change from 0 to 256 [ 542.457306][T16440] exFAT-fs (loop1): failed to load upcase table (idx : 0x000106cd, chksum : 0x3aeaf2c0, utbl_chksum : 0xe619d30d) [ 542.503353][T16440] exFAT-fs (loop1): failed to load alloc-bitmap [ 542.581841][T16440] exFAT-fs (loop1): failed to recognize exfat type [ 543.090533][T16464] netlink: 'syz.1.4668': attribute type 2 has an invalid length. [ 543.120383][T16464] netlink: 'syz.1.4668': attribute type 1 has an invalid length. [ 543.128348][T16464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4668'. [ 543.373612][ T30] audit: type=1400 audit(1762120809.663:31): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A2F2C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=16473 comm="syz.5.4673" [ 543.404848][ C0] vkms_vblank_simulate: vblank timer overrun [ 543.581876][T16436] loop4: detected capacity change from 0 to 32768 [ 543.657678][T16436] ocfs2: Slot 0 on device (7,4) was already allocated to this node! [ 543.698559][T16436] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 543.883483][T16492] loop0: detected capacity change from 0 to 256 [ 544.001516][T16488] loop2: detected capacity change from 0 to 4096 [ 544.073402][T16492] FAT-fs (loop0): Directory bread(block 64) failed [ 544.094193][T16488] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 544.097974][ T6120] ocfs2: Unmounting device (7,4) on (node local) [ 544.109751][T16492] FAT-fs (loop0): Directory bread(block 65) failed [ 544.116375][T16492] FAT-fs (loop0): Directory bread(block 66) failed [ 544.214455][T16492] FAT-fs (loop0): Directory bread(block 67) failed [ 544.263074][T16492] FAT-fs (loop0): Directory bread(block 68) failed [ 544.337458][T16492] FAT-fs (loop0): Directory bread(block 69) failed [ 544.344133][T16492] FAT-fs (loop0): Directory bread(block 70) failed [ 544.371157][T16488] ntfs3(loop2): ino=1a, mi_enum_attr [ 544.376477][T16488] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 544.409840][T16492] FAT-fs (loop0): Directory bread(block 71) failed [ 544.429613][T16492] FAT-fs (loop0): Directory bread(block 72) failed [ 544.501099][T16492] FAT-fs (loop0): Directory bread(block 73) failed [ 544.987858][T16513] loop4: detected capacity change from 0 to 4096 [ 545.018363][T16514] bond1 (unregistering): Released all slaves [ 545.294917][T16522] loop5: detected capacity change from 0 to 4096 [ 545.327566][T16522] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 545.402502][T16522] ntfs3(loop5): ino=19, mi_enum_attr [ 545.433211][T16522] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 545.527350][T16522] ntfs3(loop5): failed to convert "c46c" to cp950 [ 545.569397][T16522] ntfs3(loop5): ino=20, mi_enum_attr [ 545.829041][ T976] usb 5-1: new low-speed USB device number 96 using dummy_hcd [ 546.009077][ T976] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 546.032642][ T976] usb 5-1: config 0 has no interface number 0 [ 546.079076][ T976] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 546.121293][ T976] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 546.168044][ T976] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 546.183777][T16553] loop1: detected capacity change from 0 to 64 [ 546.197119][ T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.229639][T16553] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 546.237798][ T976] usb 5-1: config 0 descriptor?? [ 546.250353][T16555] loop0: detected capacity change from 0 to 256 [ 546.268294][ T976] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 546.363871][T16555] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 546.522386][T16534] iowarrior 5-1:0.1: Error -90 while submitting URB [ 546.576556][ T976] usb 5-1: USB disconnect, device number 96 [ 546.800844][T16567] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4718'. [ 547.178520][T16579] loop0: detected capacity change from 0 to 512 [ 547.334698][T16550] loop5: detected capacity change from 0 to 32768 [ 547.352983][T16579] EXT4-fs (loop0): 1 orphan inode deleted [ 547.385398][ T13] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 547.409885][T16579] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 547.424037][T16579] ext4 filesystem being mounted at /710/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 547.455917][ T13] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:1: Failed to release dquot type 1 [ 547.530047][T16596] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4729'. [ 547.601142][ T6116] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 548.039080][ T6244] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 548.183803][T16623] loop0: detected capacity change from 0 to 128 [ 548.230164][ T6244] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 548.239614][T16623] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 548.239686][T16623] FAT-fs (loop0): Filesystem has been set read-only [ 548.239708][T16623] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 548.239732][T16623] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 548.239756][T16623] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 548.239815][T16623] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 548.240014][T16623] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 548.240038][T16623] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 548.240063][T16623] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 548.240087][T16623] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 548.240111][T16623] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 548.277390][ T30] audit: type=1800 audit(1762120814.158:32): pid=16623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4744" name="file2" dev="loop0" ino=1048694 res=0 errno=0 [ 548.341720][T16617] loop4: detected capacity change from 0 to 4096 [ 548.385943][T16617] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 548.435332][ T6244] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.482879][ T6244] usb 2-1: config 0 descriptor?? [ 548.536452][ T6244] cp210x 2-1:0.0: cp210x converter detected [ 548.561153][T16617] ntfs3(loop4): ino=19, mi_enum_attr [ 548.566516][T16617] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 548.681451][T16617] ntfs3(loop4): failed to convert "c46c" to cp862 [ 548.700361][ T30] audit: type=1400 audit(1762120814.573:33): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2626200D3A307866666666666666666666666666666666 pid=16630 comm="syz.0.4748" [ 548.716200][T16617] ntfs3(loop4): ino=20, mi_enum_attr [ 548.800203][ T6244] usb 2-1: cp210x converter now attached to ttyUSB0 [ 548.874167][T16634] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4751'. [ 548.990589][ T6244] usb 2-1: USB disconnect, device number 108 [ 549.030895][ T6244] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 549.070032][ T6244] cp210x 2-1:0.0: device disconnected [ 549.131090][ T30] audit: type=1326 audit(1762120814.970:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16640 comm="syz.0.4754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd958efc9 code=0x7ffc0000 [ 549.248835][ T30] audit: type=1326 audit(1762120814.970:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16640 comm="syz.0.4754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd958efc9 code=0x7ffc0000 [ 549.323378][ T30] audit: type=1326 audit(1762120815.044:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16640 comm="syz.0.4754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7fdcd958efc9 code=0x7ffc0000 [ 549.381547][ T30] audit: type=1326 audit(1762120815.044:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16640 comm="syz.0.4754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd958efc9 code=0x7ffc0000 [ 549.440664][T16650] loop0: detected capacity change from 0 to 1024 [ 549.443438][T16654] loop4: detected capacity change from 0 to 16 [ 549.448448][ T30] audit: type=1326 audit(1762120815.044:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16640 comm="syz.0.4754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd958efc9 code=0x7ffc0000 [ 549.510219][T16654] erofs (device loop4): mounted with root inode @ nid 36. [ 549.535879][T16650] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 549.677824][T16654] erofs (device loop4): corrupted dir block 72 @ nid 36 [ 549.852280][ T6116] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.855172][T16670] xt_cluster: node mask cannot exceed total number of nodes [ 550.769152][ T24] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 550.942716][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 550.955847][ T24] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 550.985936][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 551.009295][T16711] loop3: detected capacity change from 0 to 2048 [ 551.011769][ T24] usb 1-1: Product: syz [ 551.028882][ T24] usb 1-1: Manufacturer: syz [ 551.042027][T16711] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 551.044605][ T24] usb 1-1: SerialNumber: syz [ 551.075757][T16716] loop2: detected capacity change from 0 to 256 [ 551.093165][ T24] r8152-cfgselector 1-1: Unknown version 0x0000 [ 551.103366][ T24] r8152-cfgselector 1-1: config 0 descriptor?? [ 551.126749][ T6244] usb 6-1: new high-speed USB device number 102 using dummy_hcd [ 551.241620][T16686] loop4: detected capacity change from 0 to 32768 [ 551.327513][ T6244] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 551.365090][ T6244] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.382793][T16686] ERROR: (device loop4): dtSearch: DT_GETPAGE: dtree page corrupt [ 551.382793][T16686] [ 551.420993][T16686] ERROR: (device loop4): remounting filesystem as read-only [ 551.440482][ T6244] usb 6-1: config 0 descriptor?? [ 551.463191][T16686] jfs_lookup: dtSearch returned -5 [ 551.642479][ T24] r8152-cfgselector 1-1: USB disconnect, device number 88 [ 551.769984][T16726] loop2: detected capacity change from 0 to 16 [ 551.816160][T16726] erofs (device loop2): mounted with root inode @ nid 36. [ 551.852310][T16730] random: crng reseeded on system resumption [ 551.872442][T16726] erofs (device loop2): ztailpacking inline data across blocks @ nid 36 [ 551.913274][T16726] erofs (device loop2): ztailpacking inline data across blocks @ nid 36 [ 551.924412][ T6244] usb 6-1: Cannot set MAC address [ 551.929856][ T6244] MOSCHIP usb-ethernet driver 6-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 551.944784][T16726] erofs (device loop2): read error -117 @ 32811 of nid 36 [ 551.989754][ T6244] usb 6-1: USB disconnect, device number 102 [ 552.104705][T16736] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4795'. [ 552.365614][T16746] kAFS: No cell specified [ 552.742818][T16759] netlink: 'syz.5.4808': attribute type 4 has an invalid length. [ 552.751864][ T30] audit: type=1326 audit(1762120818.311:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16761 comm="syz.1.4810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb0258efc9 code=0x7ffc0000 [ 552.791942][T16759] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.4808'. [ 552.798829][ T30] audit: type=1326 audit(1762120818.311:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16761 comm="syz.1.4810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7fcb0258efc9 code=0x7ffc0000 [ 552.895557][ T30] audit: type=1326 audit(1762120818.311:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16761 comm="syz.1.4810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb0258efc9 code=0x7ffc0000 [ 552.921728][T16764] netlink: 'syz.1.4812': attribute type 5 has an invalid length. [ 552.945223][T16764] netlink: 176 bytes leftover after parsing attributes in process `syz.1.4812'. [ 553.011889][ T30] audit: type=1326 audit(1762120818.311:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16761 comm="syz.1.4810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb0258efc9 code=0x7ffc0000 [ 553.536807][T16739] loop2: detected capacity change from 0 to 32768 [ 553.597518][T16739] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 553.934666][ T6118] ocfs2: Unmounting device (7,2) on (node local) [ 553.997783][ T30] audit: type=1326 audit(1762120819.456:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16799 comm="syz.3.4827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6a7f8efc9 code=0x7ffc0000 [ 554.293387][T16810] loop0: detected capacity change from 0 to 128 [ 554.388411][T16810] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 554.486713][T16810] ext4 filesystem being mounted at /728/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 554.518703][T16818] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4835'. [ 554.535307][T16810] EXT4-fs warning (device loop0): verify_group_input:137: Cannot add at group 1025 (only 1 groups) [ 554.770357][ T6116] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 554.775966][T16825] loop4: detected capacity change from 0 to 512 [ 554.835414][T16825] EXT4-fs (loop4): orphan cleanup on readonly fs [ 554.845991][T16825] EXT4-fs error (device loop4): ext4_iget_extra_inode:5075: inode #15: comm syz.4.4836: corrupted in-inode xattr: invalid size in ea xattr [ 554.847692][T16783] loop1: detected capacity change from 0 to 32768 [ 554.871199][T16825] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.4836: couldn't read orphan inode 15 (err -117) [ 554.917990][T16825] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 554.931034][ T6186] usb 6-1: new high-speed USB device number 103 using dummy_hcd [ 554.969083][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 554.969101][ T30] audit: type=1400 audit(1762120820.351:48): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//(@\)//&@},['%%&\#*" pid=16831 comm="syz.2.4842" [ 555.011976][T16834] loop0: detected capacity change from 0 to 128 [ 555.025830][T16834] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 555.040199][T16834] ext4 filesystem being mounted at /729/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 555.074438][T16783] (syz.1.4820,16783,0):ocfs2_inode_is_valid_to_delete:928 ERROR: Skipping delete of root inode. [ 555.124500][ T6186] usb 6-1: Using ep0 maxpacket: 8 [ 555.131955][ T6186] usb 6-1: config 0 has an invalid interface number: 52 but max is 0 [ 555.146286][T16783] (syz.1.4820,16783,1):ocfs2_init_global_system_inodes:465 ERROR: status = -22 [ 555.155438][ T6186] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 555.175305][T16783] (syz.1.4820,16783,1):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 4, possibly corrupt fs? [ 555.175345][T16783] (syz.1.4820,16783,1):ocfs2_init_global_system_inodes:476 ERROR: status = -22 [ 555.215435][ T6120] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 555.231440][ T6186] usb 6-1: config 0 has no interface number 0 [ 555.234314][ T6116] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 555.276479][T16783] (syz.1.4820,16783,1):ocfs2_initialize_super:2198 ERROR: status = -22 [ 555.277635][ T6186] usb 6-1: config 0 interface 52 has no altsetting 0 [ 555.292410][T16783] (syz.1.4820,16783,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 555.331484][T16837] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4843'. [ 555.355990][ T6186] usb 6-1: New USB device found, idVendor=06cb, idProduct=0009, bcdDevice= 8.00 [ 555.385589][ T6186] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=184 [ 555.393777][ T6186] usb 6-1: SerialNumber: syz [ 555.421337][ T6186] usb 6-1: config 0 descriptor?? [ 555.498573][T16839] netlink: 272 bytes leftover after parsing attributes in process `syz.2.4846'. [ 555.944575][ T976] usb 6-1: USB disconnect, device number 103 [ 556.110513][ T6277] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 556.308267][ T6277] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 556.318637][T16869] Cannot find add_set index 2 as target [ 556.355955][ T6277] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 556.398990][ T6277] usb 5-1: config 0 interface 0 has no altsetting 0 [ 556.423119][ T6277] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 556.451837][ T6277] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 556.476166][ T6277] usb 5-1: Product: syz [ 556.481582][T16862] loop0: detected capacity change from 0 to 8192 [ 556.522126][ T6277] usb 5-1: Manufacturer: syz [ 556.526776][ T6277] usb 5-1: SerialNumber: syz [ 556.573054][ T6277] usb 5-1: config 0 descriptor?? [ 556.607200][ T6277] hub 5-1:0.0: bad descriptor, ignoring hub [ 556.636225][ T6277] hub 5-1:0.0: probe with driver hub failed with error -5 [ 556.688580][ T6277] usb 5-1: selecting invalid altsetting 0 [ 556.715372][T16879] loop5: detected capacity change from 0 to 8 [ 556.944218][ T6277] usb 5-1: USB disconnect, device number 97 [ 557.147025][T16887] netlink: 'syz.5.4867': attribute type 11 has an invalid length. [ 557.211740][T16887] netlink: 224 bytes leftover after parsing attributes in process `syz.5.4867'. [ 557.755295][T16873] syz.2.4860 (16873): drop_caches: 2 [ 557.961009][T16911] loop3: detected capacity change from 0 to 512 [ 558.039068][T16911] EXT4-fs: Ignoring removed nobh option [ 558.106921][T16911] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 558.172574][T16921] netlink: 'syz.0.4882': attribute type 5 has an invalid length. [ 558.192219][T16911] ext4 filesystem being mounted at /852/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 558.446048][ T6109] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 558.728382][T16941] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 558.894431][T16947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4895'. [ 558.947417][T16906] loop5: detected capacity change from 0 to 32768 [ 558.992171][T16947] bridge_slave_1: left allmulticast mode [ 559.001886][T16906] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode. [ 559.045152][T16947] bridge_slave_1: left promiscuous mode [ 559.054793][T16947] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.102430][T16947] bridge_slave_0: left allmulticast mode [ 559.113809][T16947] bridge_slave_0: left promiscuous mode [ 559.155135][T16947] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.332497][ T6122] ocfs2: Unmounting device (7,5) on (node local) [ 559.532188][T16963] loop2: detected capacity change from 0 to 2048 [ 559.594137][T16963] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 559.768911][T16940] loop1: detected capacity change from 0 to 32768 [ 559.842130][T16965] loop4: detected capacity change from 0 to 4096 [ 559.859386][T16940] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 559.887737][T16965] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 559.955768][T16940] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 559.998893][T16965] ntfs3(loop4): ino=1a, mi_enum_attr [ 560.045090][T16965] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 560.184322][T16965] ntfs3(loop4): ino=1e, "file1" ntfs_sync_inode failed, -22. [ 560.317266][ T6112] ocfs2: Unmounting device (7,1) on (node local) [ 560.323722][T16985] netlink: 'syz.2.4913': attribute type 9 has an invalid length. [ 560.350066][ T12] ntfs3(loop4): ino=1e, ntfs3_write_inode failed, -22. [ 560.972095][T17003] loop2: detected capacity change from 0 to 128 [ 561.034911][T17003] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 561.091794][ T8952] Bluetooth: hci5: unexpected cc 0x0402 length: 61 > 1 [ 561.104983][ T8952] Bluetooth: hci5: Ignoring error of Inquiry Cancel command [ 561.105947][T17003] ext4 filesystem being mounted at /773/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 561.114697][ T8952] Bluetooth: hci5: unexpected event for opcode 0x0402 [ 561.130354][T17007] loop5: detected capacity change from 0 to 64 [ 561.168322][T17003] EXT4-fs warning (device loop2): verify_group_input:137: Cannot add at group 5 (only 1 groups) [ 561.240404][T16999] loop3: detected capacity change from 0 to 8192 [ 561.271296][ T6118] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 561.358758][T17011] loop4: detected capacity change from 0 to 4096 [ 561.449049][T17011] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 561.511915][T16969] loop0: detected capacity change from 0 to 32768 [ 561.529671][T17011] EXT4-fs error (device loop4): ext4_lookup:1787: inode #14: comm syz.4.4924: invalid fast symlink length 131109 [ 561.641182][T16969] __jfs_setxattr: xattr_size = 2175, new_size = 14921 [ 561.772670][ T6120] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 561.809562][T17023] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4929'. [ 561.979942][T17026] tmpfs: Bad value for 'mpol' [ 562.337693][T17037] loop5: detected capacity change from 0 to 256 [ 562.411020][T17037] FAT-fs (loop5): Directory bread(block 64) failed [ 562.472851][T17037] FAT-fs (loop5): Directory bread(block 65) failed [ 562.500951][T17037] FAT-fs (loop5): Directory bread(block 66) failed [ 562.547062][T17037] FAT-fs (loop5): Directory bread(block 67) failed [ 562.607692][T17037] FAT-fs (loop5): Directory bread(block 68) failed [ 562.657059][T17037] FAT-fs (loop5): Directory bread(block 69) failed [ 562.687058][T17037] FAT-fs (loop5): Directory bread(block 70) failed [ 562.693638][T17037] FAT-fs (loop5): Directory bread(block 71) failed [ 562.747531][T17037] FAT-fs (loop5): Directory bread(block 72) failed [ 562.780980][T17037] FAT-fs (loop5): Directory bread(block 73) failed [ 563.179106][T17056] loop0: detected capacity change from 0 to 128 [ 563.211524][T17059] netlink: 'syz.2.4948': attribute type 1 has an invalid length. [ 563.220095][T17056] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 563.307322][T17056] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 563.429233][T17034] loop1: detected capacity change from 0 to 32768 [ 563.481335][T17034] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4935 (17034) [ 563.598707][T17034] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 563.645437][T17034] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 563.809798][T17084] openvswitch: netlink: ufid size 24 bytes exceeds the range (1, 16) [ 563.835938][T17034] BTRFS info (device loop1): enabling ssd optimizations [ 563.854030][T17034] BTRFS info (device loop1): turning on async discard [ 563.878568][T17034] BTRFS info (device loop1): enabling free space tree [ 563.941285][T17069] loop5: detected capacity change from 0 to 4096 [ 564.085965][ T6112] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 564.540545][T17041] syz.3.4937 (17041): drop_caches: 2 [ 564.758104][T17110] loop1: detected capacity change from 0 to 16 [ 564.853826][T17110] erofs (device loop1): mounted with root inode @ nid 36. [ 564.946277][ T8952] erofs (device loop1): failed to decompress 6887 in[4096, 0] out[9000] [ 564.984899][T17110] erofs (device loop1): failed to decompress 6887 in[4096, 0] out[8192] [ 565.038784][T17110] erofs (device loop1): read error -117 @ 1 of nid 89 [ 565.048758][ T30] audit: type=1800 audit(1762120829.655:49): pid=17110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4965" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 565.050865][T17110] syz.1.4965 (17110) used greatest stack depth: 18536 bytes left [ 565.194914][ T8952] Bluetooth: hci4: Unable to find connection with handle 0x00c8 [ 565.563662][T17136] gretap0: refused to change device tx_queue_len [ 565.608327][T17136] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 565.775586][T17146] netlink: 'syz.2.4983': attribute type 21 has an invalid length. [ 565.810819][T17146] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4983'. [ 566.023163][T17156] kAFS: No cell specified [ 566.229849][T17163] loop2: detected capacity change from 0 to 512 [ 566.237182][T17163] EXT4-fs: inline encryption not supported [ 566.309298][T17163] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 566.477837][T17163] ext4 filesystem being mounted at /790/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 566.533366][T17181] netlink: 212 bytes leftover after parsing attributes in process `syz.1.5000'. [ 566.705837][ T6186] usb 6-1: new high-speed USB device number 104 using dummy_hcd [ 566.752072][ T6118] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 566.908333][ T6186] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 566.968240][ T6186] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 566.999165][ T6186] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 567.007192][ T6186] usb 6-1: SerialNumber: syz [ 567.010674][T17197] loop2: detected capacity change from 0 to 2048 [ 567.067828][T17197] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 567.097992][T17202] vlan0: entered promiscuous mode [ 567.156360][T17205] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 567.194168][ T6070] udevd[6070]: incorrect nilfs2 checksum on /dev/loop2 [ 567.196841][T17206] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5010'. [ 567.248195][T17206] bridge_slave_1: left allmulticast mode [ 567.265102][T17206] bridge_slave_1: left promiscuous mode [ 567.277111][T17206] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.368481][T17206] bridge_slave_0: left allmulticast mode [ 567.377250][T17206] bridge_slave_0: left promiscuous mode [ 567.413844][T17206] bridge0: port 1(bridge_slave_0) entered disabled state [ 567.501216][ T6186] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71 [ 567.570397][ T6186] usb 6-1: USB disconnect, device number 104 [ 567.992912][T17230] loop4: detected capacity change from 0 to 24 [ 568.040770][T17230] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 568.074133][T17230] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 568.258122][T17241] loop1: detected capacity change from 0 to 47 [ 568.406433][T17251] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 568.591943][ T6277] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 568.799934][ T6277] usb 5-1: Using ep0 maxpacket: 8 [ 568.821466][ T6277] usb 5-1: config 162 has an invalid interface number: 97 but max is 0 [ 568.854439][T17267] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5042'. [ 568.855702][ T6277] usb 5-1: config 162 has no interface number 0 [ 568.878318][ T6277] usb 5-1: config 162 interface 97 has no altsetting 0 [ 568.890035][ T6277] usb 5-1: New USB device found, idVendor=0c2e, idProduct=0700, bcdDevice=e1.3b [ 568.906149][ T6277] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.916532][ T6187] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 568.925180][ T6277] usb 5-1: Product: syz [ 568.931894][ T6277] usb 5-1: Manufacturer: syz [ 568.936562][ T6277] usb 5-1: SerialNumber: syz [ 569.138316][ T6187] usb 2-1: config index 0 descriptor too short (expected 39, got 27) [ 569.153626][ T6187] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 569.192619][ T6277] metro_usb 5-1:162.97: Metrologic USB to Serial converter detected [ 569.221716][ T6187] usb 2-1: config 0 interface 0 has no altsetting 0 [ 569.249349][ T6277] usb 5-1: Metrologic USB to Serial converter now attached to ttyUSB0 [ 569.259639][ T6187] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 569.272727][ T6187] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 569.308495][ T6277] usb 5-1: USB disconnect, device number 98 [ 569.327683][ T6187] usb 2-1: Product: syz [ 569.334123][ T6187] usb 2-1: Manufacturer: syz [ 569.338740][ T6187] usb 2-1: SerialNumber: syz [ 569.345528][ T6277] metro-usb ttyUSB0: Metrologic USB to Serial converter now disconnected from ttyUSB0 [ 569.375127][ T6187] usb 2-1: config 0 descriptor?? [ 569.381156][ T6277] metro_usb 5-1:162.97: device disconnected [ 569.391873][ T6187] hub 2-1:0.0: bad descriptor, ignoring hub [ 569.427120][ T6187] hub 2-1:0.0: probe with driver hub failed with error -5 [ 569.463407][ T6187] usb 2-1: selecting invalid altsetting 0 [ 569.634383][T17286] loop5: detected capacity change from 0 to 4096 [ 569.689816][T17292] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 569.725146][T17293] loop0: detected capacity change from 0 to 1024 [ 569.827257][ T6277] usb 2-1: USB disconnect, device number 109 [ 569.866008][T17286] ntfs3(loop5): ino=1e, "file1" attr_set_size [ 569.884792][T17286] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 569.979924][T17295] netlink: 'syz.3.5055': attribute type 3 has an invalid length. [ 569.998153][T17295] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5055'. [ 570.590635][T17317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5066'. [ 570.618580][T17317] bridge_slave_1: left allmulticast mode [ 570.639669][T17317] bridge_slave_1: left promiscuous mode [ 570.669967][T17317] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.707770][T17323] sctp: [Deprecated]: syz.1.5069 (pid 17323) Use of int in maxseg socket option. [ 570.707770][T17323] Use struct sctp_assoc_value instead [ 570.762196][T17317] bridge_slave_0: left allmulticast mode [ 570.767886][T17317] bridge_slave_0: left promiscuous mode [ 570.791761][T17317] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.852759][T17329] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5072'. [ 570.885210][T17329] netlink: 100 bytes leftover after parsing attributes in process `syz.2.5072'. [ 571.006609][T17333] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 571.058347][T17333] Cannot find add_set index 0 as target [ 571.263371][T17342] loop3: detected capacity change from 0 to 16 [ 571.290098][T17342] erofs (device loop3): mounted with root inode @ nid 36. [ 571.498671][T17346] netlink: 'syz.1.5080': attribute type 12 has an invalid length. [ 571.637686][T17351] loop3: detected capacity change from 0 to 512 [ 571.700604][T17351] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 571.753748][T17351] EXT4-fs (loop3): 1 truncate cleaned up [ 571.765354][T17351] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 571.932908][T17351] EXT4-fs error (device loop3): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.3.5082: bad entry in directory: inode out of bounds - offset=44, inode=134152204, rec_len=16, size=1024 fake=0 [ 571.953212][ C0] vkms_vblank_simulate: vblank timer overrun [ 572.058607][T17351] EXT4-fs error (device loop3) in ext4_delete_entry:2739: Corrupt filesystem [ 572.198890][T17332] loop4: detected capacity change from 0 to 32768 [ 572.277634][ T6109] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 572.318506][T17332] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 572.326858][ T6277] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 572.364336][T17332] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 572.524447][ T6277] usb 3-1: Using ep0 maxpacket: 16 [ 572.530329][ T30] audit: type=1326 audit(1762120836.568:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17389 comm="syz.1.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb0258efc9 code=0x7ffc0000 [ 572.537627][ T6277] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 572.563223][ T6277] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 572.573396][ T6277] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC1, changing to 0x81 [ 572.587184][ T6277] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 572.596959][ T6277] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 572.613889][ T30] audit: type=1326 audit(1762120836.651:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17389 comm="syz.1.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7fcb0258efc9 code=0x7ffc0000 [ 572.645973][T17332] XFS (loop4): Ending clean mount [ 572.659079][ T6277] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b [ 572.675406][T17332] XFS (loop4): Quotacheck needed: Please wait. [ 572.682044][ T6277] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3 [ 572.682076][ T6277] usb 3-1: Product: syz [ 572.682097][ T6277] usb 3-1: Manufacturer: syz [ 572.682117][ T6277] usb 3-1: SerialNumber: syz [ 572.698297][ T6277] usb 3-1: config 0 descriptor?? [ 572.711412][ T30] audit: type=1326 audit(1762120836.651:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17389 comm="syz.1.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb0258efc9 code=0x7ffc0000 [ 572.777555][ T6277] usb 3-1: NFC: intf ffff88807d77c000 id ffffffff8e9086e0 [ 572.831521][ T30] audit: type=1326 audit(1762120836.651:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17389 comm="syz.1.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb0258efc9 code=0x7ffc0000 [ 572.888246][T17332] XFS (loop4): Quotacheck: Done. [ 573.037077][ T6120] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 573.101954][T17405] loop1: detected capacity change from 0 to 4096 [ 573.119631][ T6277] usb 3-1: USB disconnect, device number 115 [ 573.628681][T17421] netlink: 'syz.5.5113': attribute type 3 has an invalid length. [ 573.654372][T17423] xt_CT: You must specify a L4 protocol and not use inversions on it [ 573.747145][T17425] loop0: detected capacity change from 0 to 128 [ 573.852690][T17425] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 574.141967][ T6116] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 574.423323][T17448] loop3: detected capacity change from 0 to 2048 [ 574.472653][T17448] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 574.539064][T17448] ext4 filesystem being mounted at /892/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 574.661078][T17460] loop1: detected capacity change from 0 to 8 [ 574.668280][T17460] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 574.721392][T17460] process 'syz.1.5131' launched './file2' with NULL argv: empty string added [ 574.747216][ T6069] udevd[6069]: incorrect cramfs checksum on /dev/loop1 [ 574.767913][T17460] cramfs: Error -3 while decompressing! [ 574.783853][T17460] cramfs: ffffffff998cdf28(26)->ffff88805185b000(4096) [ 574.797425][ T6109] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 574.809509][T17460] cramfs: Error -3 while decompressing! [ 574.846983][T17460] cramfs: ffffffff998cdf42(26)->ffff888051a88000(4096) [ 574.899821][T17460] cramfs: Error -3 while decompressing! [ 574.939077][T17460] cramfs: ffffffff998cdf5c(16)->ffff88804e2c0000(4096) [ 574.971846][T17460] cramfs: Error -3 while decompressing! [ 574.988907][T17460] cramfs: ffffffff998cdf28(26)->ffff88805185b000(4096) [ 575.030745][T17465] loop5: detected capacity change from 0 to 2048 [ 575.103557][T17469] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 575.304450][T17442] syz.4.5123 (17442): drop_caches: 2 [ 575.987943][T17497] gretap0: refused to change device tx_queue_len [ 576.025100][T17497] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 576.340827][T17505] loop5: detected capacity change from 0 to 4096 [ 576.682691][T17517] loop1: detected capacity change from 0 to 1764 [ 576.778025][T17477] loop2: detected capacity change from 0 to 32768 [ 576.887906][T17511] syz.0.5154 (17511): drop_caches: 2 [ 576.944833][T17519] netlink: 484 bytes leftover after parsing attributes in process `syz.4.5159'. [ 577.029796][T17477] ERROR: (device loop2): dbAlloc: unable to allocate blocks [ 577.029796][T17477] [ 577.067663][T17477] ERROR: (device loop2): remounting filesystem as read-only [ 577.280679][T17526] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5161'. [ 577.369935][T17529] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5163'. [ 578.223436][T17567] loop1: detected capacity change from 0 to 16 [ 578.329016][T17570] loop5: detected capacity change from 0 to 256 [ 578.341834][T17567] erofs (device loop1): mounted with root inode @ nid 36. [ 578.445864][T17575] loop2: detected capacity change from 0 to 256 [ 578.551329][T17575] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d) [ 578.627286][T17575] exFAT-fs (loop2): start_clu is invalid cluster(0x0) [ 578.706297][T17582] loop4: detected capacity change from 0 to 512 [ 578.799767][T17586] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5190'. [ 578.850050][T17586] bridge_slave_1: left allmulticast mode [ 578.880945][T17582] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 578.883410][T17586] bridge_slave_1: left promiscuous mode [ 578.917304][T17582] ext4 filesystem being mounted at /830/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 578.957649][T17586] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.063358][T17582] EXT4-fs warning (device loop4): ext4_empty_dir:3099: inode #12: comm syz.4.5188: directory missing '..' [ 579.083369][T17586] bridge_slave_0: left allmulticast mode [ 579.089027][T17586] bridge_slave_0: left promiscuous mode [ 579.150620][T17586] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.300164][ T6120] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 579.511680][T17613] loop1: detected capacity change from 0 to 256 [ 579.555187][T17613] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000001) [ 579.633348][T17618] netlink: 'syz.0.5205': attribute type 21 has an invalid length. [ 579.669438][T17618] netlink: 128 bytes leftover after parsing attributes in process `syz.0.5205'. [ 579.716189][T17618] netlink: 'syz.0.5205': attribute type 5 has an invalid length. [ 579.740200][ T6222] usb 3-1: new full-speed USB device number 116 using dummy_hcd [ 579.759470][T17618] netlink: 3 bytes leftover after parsing attributes in process `syz.0.5205'. [ 579.852463][T17624] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5208'. [ 579.937172][ T6222] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 579.971269][ T6222] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 580.020318][ T6222] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12336, setting to 64 [ 580.064693][ T6222] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 580.164966][ T6222] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 580.174279][ T6222] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.211809][ T6222] usb 3-1: Product: syz [ 580.239771][ T6222] usb 3-1: Manufacturer: syz [ 580.244421][ T6222] usb 3-1: SerialNumber: syz [ 580.299568][ T6222] usb 3-1: config 0 descriptor?? [ 580.342996][ T6222] input: KB Gear Tablet as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input48 [ 580.583168][ C1] kbtab 3-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 580.804712][ C1] kbtab 3-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 580.854487][ T6222] usb 3-1: USB disconnect, device number 116 [ 580.854589][ C1] kbtab 3-1:0.0: kbtab_irq - usb_submit_urb failed with result -19 [ 580.944996][T17662] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5227'. [ 581.233686][T17674] loop5: detected capacity change from 0 to 256 [ 581.330709][T17674] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xbc8dc3cd, utbl_chksum : 0xe619d30d) [ 581.364593][T17678] loop1: detected capacity change from 0 to 1024 [ 581.567730][T17678] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 581.857445][ T6112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 581.908217][T17695] netlink: 830 bytes leftover after parsing attributes in process `syz.4.5242'. [ 581.910788][T17696] netlink: 9 bytes leftover after parsing attributes in process `syz.5.5243'. [ 581.934272][T17695] bond_slave_0: entered promiscuous mode [ 581.940292][T17695] bond_slave_1: entered promiscuous mode [ 581.948207][ T6222] usb 3-1: new low-speed USB device number 117 using dummy_hcd [ 582.068730][T17698] syz.1.5241 (17698): drop_caches: 2 [ 582.136845][ T6222] usb 3-1: config 9 has an invalid interface number: 1 but max is 0 [ 582.191469][ T6222] usb 3-1: config 9 has no interface number 0 [ 582.197620][ T6222] usb 3-1: config 9 interface 1 has no altsetting 0 [ 582.232849][ T6222] usb 3-1: string descriptor 0 read error: -22 [ 582.239469][ T6222] usb 3-1: New USB device found, idVendor=2040, idProduct=b140, bcdDevice=75.36 [ 582.272402][ T6222] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.315685][T17680] loop3: detected capacity change from 0 to 32768 [ 582.354850][T17680] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.5236 (17680) [ 582.368101][ T6222] cx231xx 3-1:9.1: New device @ 1.5 Mbps (2040:b140) with 1 interfaces [ 582.382525][ T6222] cx231xx 3-1:9.1: Not found matching IAD interface [ 582.418888][T17680] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 582.441947][T17711] i2c i2c-0: Invalid block write size 252 [ 582.454962][T17680] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm [ 582.574402][ T6222] usb 3-1: USB disconnect, device number 117 [ 582.631941][T17680] BTRFS info (device loop3): enabling ssd optimizations [ 582.691861][T17680] BTRFS info (device loop3): turning on async discard [ 582.708802][T17680] BTRFS info (device loop3): enabling free space tree [ 582.741198][T17680] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 582.779813][T17735] loop5: detected capacity change from 0 to 2048 [ 582.780902][T17737] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5254'. [ 582.874682][T17735] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 583.257081][T17746] netlink: 'syz.3.5258': attribute type 10 has an invalid length. [ 584.260924][T17729] loop1: detected capacity change from 0 to 40427 [ 584.338217][T17729] F2FS-fs (loop1): invalid crc value [ 584.711656][T17729] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 584.800610][T17729] F2FS-fs (loop1): Start checkpoint disabled! [ 584.824216][T17729] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 584.867216][T17729] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 585.138377][T17809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5287'. [ 585.148124][T17809] bridge_slave_1: left allmulticast mode [ 585.178705][T17809] bridge_slave_1: left promiscuous mode [ 585.183350][T17814] x_tables: ip_tables: osf match: only valid for protocol 6 [ 585.184535][T17809] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.272303][T17809] bridge_slave_0: left allmulticast mode [ 585.280452][T17809] bridge_slave_0: left promiscuous mode [ 585.341546][T17809] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.625505][T17827] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5298'. [ 585.688020][ T6277] usb 6-1: new high-speed USB device number 105 using dummy_hcd [ 585.752728][T17830] loop0: detected capacity change from 0 to 16 [ 585.790378][T17830] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 585.916941][ T6277] usb 6-1: too many configurations: 120, using maximum allowed: 8 [ 585.953623][ T6277] usb 6-1: config index 0 descriptor too short (expected 19938, got 121) [ 585.974837][ T6277] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.036984][ T6277] usb 6-1: config index 1 descriptor too short (expected 19938, got 121) [ 586.074257][ T6277] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.113753][ T6277] usb 6-1: config index 2 descriptor too short (expected 19938, got 121) [ 586.130747][ T6277] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.155037][ T6277] usb 6-1: config index 3 descriptor too short (expected 19938, got 121) [ 586.163714][ T6277] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.189558][ T6277] usb 6-1: config index 4 descriptor too short (expected 19938, got 121) [ 586.198253][ T6277] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.225071][ T6277] usb 6-1: config index 5 descriptor too short (expected 19938, got 121) [ 586.278606][ T6277] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.309978][ T6277] usb 6-1: config index 6 descriptor too short (expected 19938, got 121) [ 586.359782][ T6277] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.404358][ T6277] usb 6-1: config index 7 descriptor too short (expected 19938, got 121) [ 586.434734][ T6277] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.474652][ T6277] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 586.504073][ T6277] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.527232][ T6277] usb 6-1: Product: syz [ 586.531443][ T6277] usb 6-1: Manufacturer: syz [ 586.576331][ T6277] usb 6-1: SerialNumber: syz [ 586.613775][ T6277] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 586.712814][ T976] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 587.096090][T17877] loop3: detected capacity change from 0 to 256 [ 587.118215][ T6222] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 587.308230][ T6222] usb 3-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 587.342696][ T6222] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.364423][ T6187] usb 6-1: USB disconnect, device number 105 [ 587.388312][ T6222] usb 3-1: Product: syz [ 587.404976][T17877] FAT-fs (loop3): Directory bread(block 64) failed [ 587.415226][ T6222] usb 3-1: Manufacturer: syz [ 587.422946][T17877] FAT-fs (loop3): Directory bread(block 65) failed [ 587.423327][ T6222] usb 3-1: SerialNumber: syz [ 587.429915][T17877] FAT-fs (loop3): Directory bread(block 66) failed [ 587.438140][T17879] loop0: detected capacity change from 0 to 4096 [ 587.455094][T17877] FAT-fs (loop3): Directory bread(block 67) failed [ 587.472709][T17877] FAT-fs (loop3): Directory bread(block 68) failed [ 587.476757][T17879] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 587.496694][ T6222] usb 3-1: config 0 descriptor?? [ 587.512325][T17877] FAT-fs (loop3): Directory bread(block 69) failed [ 587.523331][T17877] FAT-fs (loop3): Directory bread(block 70) failed [ 587.538554][T17877] FAT-fs (loop3): Directory bread(block 71) failed [ 587.563278][T17877] FAT-fs (loop3): Directory bread(block 72) failed [ 587.565805][T17879] ntfs3(loop0): ino=19, mi_enum_attr [ 587.569898][T17877] FAT-fs (loop3): Directory bread(block 73) failed [ 587.593191][T17879] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 587.754841][ T6222] int51x1 3-1:0.0: probe with driver int51x1 failed with error -22 [ 587.818267][T17889] CIFS mount error: No usable UNC path provided in device string! [ 587.818267][T17889] [ 587.848218][T17889] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 587.876983][ T976] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 587.884260][ T976] ath9k_htc: Failed to initialize the device [ 587.945521][ T6187] usb 6-1: ath9k_htc: USB layer deinitialized [ 588.058549][ T6222] usb 3-1: USB disconnect, device number 118 [ 588.169377][T17897] netlink: 'syz.5.5330': attribute type 11 has an invalid length. [ 588.177251][T17897] netlink: 224 bytes leftover after parsing attributes in process `syz.5.5330'. [ 588.272005][T17903] cifs: Unknown parameter 'no'‘a£Nð[G¶zob,erèèµ;%j¸¼ [ 588.272005][T17903] ‡üzæ,€@q¬Ú÷ôÐåéJ#³"ŽÚh/.W1ȱ¨nNCº"†CÙ׈¡E)Ð8+€î¶á÷™¿1®ðÚ<“™;Ï8­+`# ÷Ž' [ 588.645901][ T976] usb 2-1: new full-speed USB device number 110 using dummy_hcd [ 588.847186][ T976] usb 2-1: config 0 has an invalid interface number: 168 but max is 0 [ 588.880277][ T976] usb 2-1: config 0 has no interface number 0 [ 588.885554][ T30] audit: type=1326 audit(1762120851.659:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17926 comm="syz.5.5346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2aaf8efc9 code=0x7ffc0000 [ 588.894855][ T976] usb 2-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06 [ 588.981806][ T30] audit: type=1326 audit(1762120851.659:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17926 comm="syz.5.5346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2aaf8efc9 code=0x7ffc0000 [ 589.008406][ T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.066015][ T976] usb 2-1: config 0 descriptor?? [ 589.107186][ T30] audit: type=1326 audit(1762120851.724:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17926 comm="syz.5.5346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fd2aaf8efc9 code=0x7ffc0000 [ 589.175281][ T30] audit: type=1326 audit(1762120851.724:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17926 comm="syz.5.5346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2aaf8efc9 code=0x7ffc0000 [ 589.221510][T17939] loop5: detected capacity change from 0 to 64 [ 589.269320][ T30] audit: type=1326 audit(1762120851.724:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17926 comm="syz.5.5346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2aaf8efc9 code=0x7ffc0000 [ 589.316205][ T976] usb 2-1: string descriptor 0 read error: -71 [ 589.322789][ T8952] Bluetooth: hci1: Malformed LE Event: 0x0d [ 589.344938][ T976] usb-storage 2-1:0.168: USB Mass Storage device detected [ 589.394732][ T976] usb-storage 2-1:0.168: Quirks match for vid 05ab pid 0060: 2 [ 589.539253][ T976] usb 2-1: USB disconnect, device number 110 [ 589.948740][T17928] loop2: detected capacity change from 0 to 32768 [ 589.983064][T17928] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.5344 (17928) [ 590.072235][T17928] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 590.122748][T17928] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 590.168758][T17969] overlayfs: missing 'workdir' [ 590.220457][T17972] loop1: detected capacity change from 0 to 512 [ 590.254364][ T6222] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 590.289834][T17972] EXT4-fs: Ignoring removed mblk_io_submit option [ 590.296938][ T30] audit: type=1326 audit(1762120852.961:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17981 comm="syz.0.5369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd958efc9 code=0x7ffc0000 [ 590.348399][T17972] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 590.441950][T17972] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 590.456923][ T30] audit: type=1326 audit(1762120852.961:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17981 comm="syz.0.5369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd958efc9 code=0x7ffc0000 [ 590.470170][ T6222] usb 5-1: Using ep0 maxpacket: 8 [ 590.489330][ T6222] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 590.497918][ T6222] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 590.516392][ T6222] usb 5-1: config 0 has no interface number 0 [ 590.520088][T17972] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a000e018, mo2=0002] [ 590.524048][ T6222] usb 5-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 590.530585][T17972] System zones: [ 590.542291][ T6222] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 590.542340][ T6222] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 590.542382][ T6222] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 590.542423][ T6222] usb 5-1: config 0 interface 52 has no altsetting 0 [ 590.542475][ T6222] usb 5-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 590.542509][ T6222] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.544394][ T30] audit: type=1326 audit(1762120852.989:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17981 comm="syz.0.5369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fdcd958efc9 code=0x7ffc0000 [ 590.607439][T17928] BTRFS info (device loop2): rebuilding free space tree [ 590.630908][ T6222] usb 5-1: config 0 descriptor?? [ 590.661989][T17997] loop5: detected capacity change from 0 to 256 [ 590.692506][T17997] exfat: Deprecated parameter 'namecase' [ 590.701369][T17972] 0-1, 15-15, 18-18, 34-34 [ 590.712572][T17972] EXT4-fs (loop1): orphan cleanup on readonly fs [ 590.760033][T17972] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #4: comm syz.1.5366: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 590.818678][T17928] BTRFS info (device loop2): setting nodatasum [ 590.827169][T17997] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 590.839894][T17928] BTRFS info (device loop2): setting nodatacow [ 590.869597][T17972] EXT4-fs error (device loop1): ext4_quota_enable:7139: comm syz.1.5366: Bad quota inode: 4, type: 1 [ 590.894012][T17928] BTRFS info (device loop2): turning off barriers [ 590.914167][ T6222] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.52/input/input49 [ 590.921846][T17928] BTRFS info (device loop2): enabling free space tree [ 590.933081][ T30] audit: type=1326 audit(1762120852.989:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17981 comm="syz.0.5369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd958efc9 code=0x7ffc0000 [ 590.965987][T18001] loop0: detected capacity change from 0 to 4096 [ 590.984553][T17972] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 591.027478][T18001] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 591.040370][T17928] BTRFS info (device loop2): force clearing of disk cache [ 591.118093][T17972] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 591.150691][T17972] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 591.295045][ T976] usb 5-1: USB disconnect, device number 99 [ 591.301075][ C1] synaptics_usb 5-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 591.395292][ T6118] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 591.419618][T17972] EXT4-fs error (device loop1): ext4_get_link:106: inode #16: comm syz.1.5366: bad symlink. [ 591.600390][ T6112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.734336][T18011] loop3: detected capacity change from 0 to 736 [ 592.060707][ T6222] usb 3-1: new full-speed USB device number 119 using dummy_hcd [ 592.090987][ T6244] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 592.113463][ T976] usb 6-1: new high-speed USB device number 106 using dummy_hcd [ 592.148118][T18022] netlink: 'syz.1.5382': attribute type 10 has an invalid length. [ 592.245787][ T6222] usb 3-1: config 5 has an invalid interface number: 187 but max is 0 [ 592.254170][ T6244] usb 1-1: Using ep0 maxpacket: 16 [ 592.270535][ T6244] usb 1-1: too many configurations: 98, using maximum allowed: 8 [ 592.284285][ T6222] usb 3-1: config 5 has no interface number 0 [ 592.304841][ T6244] usb 1-1: config index 0 descriptor too short (expected 40584, got 9) [ 592.318444][ T6222] usb 3-1: config 5 interface 187 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 592.318573][ T976] usb 6-1: Using ep0 maxpacket: 16 [ 592.339474][T18026] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5384'. [ 592.349845][ T6244] usb 1-1: config 9 has too many interfaces: 48, using maximum allowed: 32 [ 592.364490][ T976] usb 6-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 592.368030][T18028] loop4: detected capacity change from 0 to 512 [ 592.378822][ T976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.379949][ T6222] usb 3-1: config 5 interface 187 altsetting 8 has an endpoint descriptor with address 0x93, changing to 0x83 [ 592.397895][ T976] usb 6-1: Product: syz [ 592.400172][ T6244] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 48 [ 592.419899][ T976] usb 6-1: Manufacturer: syz [ 592.426102][T18028] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 592.451562][ T6244] usb 1-1: config index 1 descriptor too short (expected 40584, got 9) [ 592.455333][ T976] usb 6-1: SerialNumber: syz [ 592.463911][ T6244] usb 1-1: config 9 has too many interfaces: 48, using maximum allowed: 32 [ 592.477479][ T6222] usb 3-1: config 5 interface 187 altsetting 8 endpoint 0x83 has an invalid bInterval 153, changing to 4 [ 592.488899][ T976] usb 6-1: config 0 descriptor?? [ 592.505983][T18028] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.5385: bg 0: block 384: padding at end of block bitmap is not set [ 592.522340][ T6244] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 48 [ 592.546449][ T6222] usb 3-1: config 5 interface 187 altsetting 8 endpoint 0x83 has invalid maxpacket 57626, setting to 1023 [ 592.559756][T18028] EXT4-fs (loop4): Remounting filesystem read-only [ 592.563434][ T6222] usb 3-1: config 5 interface 187 altsetting 8 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 592.580187][ T6244] usb 1-1: config index 2 descriptor too short (expected 40584, got 9) [ 592.588442][ T6244] usb 1-1: config 9 has too many interfaces: 48, using maximum allowed: 32 [ 592.597131][ T6244] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 48 [ 592.606478][ T6222] usb 3-1: config 5 interface 187 has no altsetting 0 [ 592.624013][ T6244] usb 1-1: config index 3 descriptor too short (expected 40584, got 9) [ 592.630078][T18028] EXT4-fs (loop4): 1 truncate cleaned up [ 592.632734][ T6244] usb 1-1: config 9 has too many interfaces: 48, using maximum allowed: 32 [ 592.658363][ T6222] usb 3-1: New USB device found, idVendor=eb1a, idProduct=2801, bcdDevice=21.7a [ 592.677911][T18028] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 592.691375][ T6222] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.699465][ T6244] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 48 [ 592.712475][ T6222] usb 3-1: Product: syz [ 592.716640][ T6222] usb 3-1: Manufacturer: syz [ 592.733334][ T6244] usb 1-1: config index 4 descriptor too short (expected 40584, got 9) [ 592.748905][ T6222] usb 3-1: SerialNumber: syz [ 592.754097][ T6244] usb 1-1: config 9 has too many interfaces: 48, using maximum allowed: 32 [ 592.789966][ T6244] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 48 [ 592.819840][ T6244] usb 1-1: config index 5 descriptor too short (expected 40584, got 9) [ 592.849422][ T6244] usb 1-1: config 9 has too many interfaces: 48, using maximum allowed: 32 [ 592.866934][ T6244] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 48 [ 592.884132][ T6120] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 592.897793][ T6244] usb 1-1: config index 6 descriptor too short (expected 40584, got 9) [ 592.908776][ T6244] usb 1-1: config 9 has too many interfaces: 48, using maximum allowed: 32 [ 592.918543][ T6244] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 48 [ 592.950600][ T976] dvb_usb_dtv5100 6-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71 [ 592.957790][ T6244] usb 1-1: config index 7 descriptor too short (expected 40584, got 9) [ 592.968199][ T6244] usb 1-1: config 9 has too many interfaces: 48, using maximum allowed: 32 [ 592.968729][ T976] usb 6-1: USB disconnect, device number 106 [ 593.030397][ T6244] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 48 [ 593.056515][ T6222] em28xx 3-1:5.187: New device syz syz @ 12 Mbps (eb1a:2801, interface 187, class 187) [ 593.087916][ T6222] em28xx 3-1:5.187: Device initialization failed. [ 593.094391][ T6222] em28xx 3-1:5.187: Device must be connected to a high-speed USB 2.0 port. [ 593.128498][ T6244] usb 1-1: string descriptor 0 read error: -71 [ 593.144224][ T6244] usb 1-1: New USB device found, idVendor=09c0, idProduct=0200, bcdDevice=58.3c [ 593.169850][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 593.181539][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 593.192115][ T6244] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=154 [ 593.208181][ T6222] usb 3-1: USB disconnect, device number 119 [ 593.234681][ T6244] usb 1-1: can't set config #9, error -71 [ 593.258213][ T6244] usb 1-1: USB disconnect, device number 89 [ 593.651227][ T976] usb 5-1: new full-speed USB device number 100 using dummy_hcd [ 593.790331][T18056] loop5: detected capacity change from 0 to 4096 [ 593.856204][ T976] usb 5-1: config 7 has an invalid interface number: 101 but max is 0 [ 593.878583][ T976] usb 5-1: config 7 has no interface number 0 [ 593.901816][ T976] usb 5-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 593.911342][ T976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.919343][ T976] usb 5-1: Product: syz [ 593.942965][T18065] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 593.953396][T18064] tipc: Can't bind to reserved service type 2 [ 593.957811][ T976] usb 5-1: Manufacturer: syz [ 593.964104][ T976] usb 5-1: SerialNumber: syz [ 594.071705][T18067] loop2: detected capacity change from 0 to 512 [ 594.186182][T18067] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 594.227882][T18067] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 594.299536][T18067] EXT4-fs (loop2): 1 truncate cleaned up [ 594.309124][ T976] as10x_usb: device has been detected [ 594.329504][ T976] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 594.374457][T18067] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 594.409802][ T976] usb 5-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 594.423666][T18067] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 4: comm syz.2.5403: lblock 0 mapped to illegal pblock 4 (length 1) [ 594.487204][T18067] EXT4-fs (loop2): Remounting filesystem read-only [ 594.502780][ T976] as10x_usb: error during firmware upload part1 [ 594.518181][ T976] Registered device Elgato EyeTV DTT Deluxe [ 594.534176][ T976] usb 5-1: USB disconnect, device number 100 [ 594.647170][ T976] Unregistered device Elgato EyeTV DTT Deluxe [ 594.684786][ T976] as10x_usb: device has been disconnected [ 594.728026][ T6118] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 595.574390][T18116] loop1: detected capacity change from 0 to 64 [ 595.639766][T18116] minix_free_block (loop1:21): bit already cleared [ 595.666907][T18116] Trying to free block not in datazone [ 595.708024][T18112] loop2: detected capacity change from 0 to 4096 [ 595.762949][T18112] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 595.889394][T18112] ntfs3(loop2): ino=19, mi_enum_attr [ 595.927059][T18112] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 595.952640][T18126] loop3: detected capacity change from 0 to 256 [ 595.961622][T18112] ntfs3(loop2): Failed to initialize $Extend/$Reparse. [ 596.216703][T18096] loop5: detected capacity change from 0 to 32768 [ 596.274646][T18096] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.5418 (18096) [ 596.397091][T18096] BTRFS info (device loop5): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 596.439917][ T6187] usb 5-1: new full-speed USB device number 101 using dummy_hcd [ 596.460343][T18096] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 596.484275][T18096] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 596.684951][ T6187] usb 5-1: config 4 has an invalid interface number: 231 but max is 0 [ 596.722749][ T6187] usb 5-1: config 4 has no interface number 0 [ 596.783654][T18096] BTRFS info (device loop5): rebuilding free space tree [ 596.802142][ T6187] usb 5-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 596.850378][ T6187] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.872924][ T6187] usb 5-1: Product: syz [ 596.877362][T18096] BTRFS info (device loop5): disabling free space tree [ 596.891114][ T6187] usb 5-1: Manufacturer: syz [ 596.895725][ T6187] usb 5-1: SerialNumber: syz [ 596.909652][T18096] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 596.951608][T18096] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 596.965901][ T6187] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 597.018850][T18096] BTRFS info (device loop5): setting nodatasum [ 597.026271][T18096] BTRFS info (device loop5): allowing degraded mounts [ 597.035924][T18096] BTRFS info (device loop5): turning on async discard [ 597.044056][T18096] BTRFS info (device loop5): enabling disk space caching [ 597.051196][T18096] BTRFS info (device loop5): force clearing of disk cache [ 597.107404][T18096] BTRFS info (device loop5): force zlib compression, level 3 [ 597.206494][ T6187] vp7045: USB control message 'out' went wrong. [ 597.212822][ T6187] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 597.272422][ T6187] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 597.295963][T18096] BTRFS info (device loop5): balance: start -sprofiles=system|metadata|single|raid0|raid1|dup|raid10|raid5|raid6|raid1c3|raid1c4|0xfffefffffffff800,usage=4503599627370496,limit=351830835986432 [ 597.313614][ T6187] usb 5-1: USB disconnect, device number 101 [ 597.398604][T18096] BTRFS info (device loop5): balance: ended with status: 0 [ 597.586893][T18189] netlink: 'syz.2.5454': attribute type 8 has an invalid length. [ 597.599753][ T6122] BTRFS info (device loop5): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 597.652128][T18189] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 598.049287][T18196] loop1: detected capacity change from 0 to 4096 [ 598.163454][T18196] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 598.211926][T18196] ntfs3(loop1): Failed to load $Extend (-22). [ 598.245654][T18196] ntfs3(loop1): Failed to initialize $Extend. [ 598.288794][T18196] ntfs3(loop1): ino=5, "/" indx_read [ 598.296495][T18208] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5464'. [ 598.304220][T18211] xt_CONNSECMARK: invalid mode: 0 [ 598.613853][T18221] ptrace attach of "./syz-executor exec"[6120] was attempted by ""[18221] [ 598.619825][T18217] loop5: detected capacity change from 0 to 512 [ 598.658131][T18217] EXT4-fs: Ignoring removed mblk_io_submit option [ 598.723531][T18217] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 598.764183][T18226] loop1: detected capacity change from 0 to 512 [ 598.829787][T18226] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 598.847114][T18217] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 598.942309][T18217] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a000e018, mo2=0002] [ 598.964106][T18226] EXT4-fs (loop1): 1 truncate cleaned up [ 598.982820][T18217] System zones: 0-1, 15-15, 18-18, 34-34 [ 598.988807][T18217] EXT4-fs (loop5): orphan cleanup on readonly fs [ 599.022271][T18226] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 599.065516][T18217] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #4: comm syz.5.5456: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 599.157574][T18217] EXT4-fs error (device loop5): ext4_quota_enable:7139: comm syz.5.5456: Bad quota inode: 4, type: 1 [ 599.225966][T18217] EXT4-fs warning (device loop5): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 599.231010][T18238] loop4: detected capacity change from 0 to 4096 [ 599.284641][T18217] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 599.305702][T18217] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 599.404100][ T6186] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 599.500761][T18217] EXT4-fs error (device loop5): ext4_get_link:106: inode #16: comm syz.5.5456: bad symlink. [ 599.712331][ T6122] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 599.809571][ T6186] usb 2-1: Using ep0 maxpacket: 8 [ 599.860642][ T6186] usb 2-1: config 0 has an invalid interface number: 146 but max is 0 [ 599.880855][ T6186] usb 2-1: config 0 has no interface number 0 [ 599.886964][ T6186] usb 2-1: too many endpoints for config 0 interface 146 altsetting 28: 57, using maximum allowed: 30 [ 599.945983][ T6186] usb 2-1: config 0 interface 146 altsetting 28 has 0 endpoint descriptors, different from the interface descriptor's value: 57 [ 599.985831][ T6186] usb 2-1: config 0 interface 146 has no altsetting 0 [ 600.007760][ T6186] usb 2-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48 [ 600.054201][ T6186] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.084668][ T6186] usb 2-1: config 0 descriptor?? [ 600.273903][T18269] bond2 (unregistering): Released all slaves [ 600.325784][ T6186] usb 2-1: string descriptor 0 read error: -71 [ 600.342063][ T6186] usb 2-1: USB disconnect, device number 111 [ 600.519042][T18262] loop4: detected capacity change from 0 to 32768 [ 600.545049][T18262] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5486 (18262) [ 600.589441][T18262] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 600.610536][T18262] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 600.698601][ T1301] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 600.715394][T18262] BTRFS error (device loop4): failed to load root extent [ 600.722774][T18262] BTRFS warning (device loop4): try to load backup roots slot 1 [ 600.732779][ T36] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 600.750009][T18262] BTRFS warning (device loop4): couldn't read tree root [ 600.759190][T18262] BTRFS warning (device loop4): try to load backup roots slot 2 [ 600.767406][T16829] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 600.778310][T18262] BTRFS warning (device loop4): couldn't read tree root [ 600.790278][T18262] BTRFS warning (device loop4): try to load backup roots slot 3 [ 600.811212][T18262] BTRFS info (device loop4): checking UUID tree [ 600.818581][T18262] BTRFS info (device loop4): setting nodatasum [ 600.827449][T18262] BTRFS info (device loop4): setting nodatacow [ 600.833927][T18262] BTRFS info (device loop4): enabling ssd optimizations [ 600.842130][T18262] BTRFS info (device loop4): turning on flush-on-commit [ 600.849860][T18262] BTRFS info (device loop4): turning on async discard [ 600.856865][T18262] BTRFS info (device loop4): enabling free space tree [ 600.863917][T18262] BTRFS info (device loop4): enabling auto defrag [ 600.872681][T18262] BTRFS info (device loop4): trying to use backup root at mount time [ 600.933764][ T6112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.027848][T18259] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 601.035428][T18259] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 601.052178][T18259] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 601.062940][T18259] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 601.317463][ T6120] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 601.354755][ T6277] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 601.560336][ T6277] usb 4-1: Using ep0 maxpacket: 8 [ 601.609332][ T6277] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 601.621009][T18304] loop2: detected capacity change from 0 to 512 [ 601.630773][ T6277] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 601.673473][T18304] EXT4-fs: Ignoring removed mblk_io_submit option [ 601.679425][ T6277] usb 4-1: config 0 has no interface number 0 [ 601.705208][ T6277] usb 4-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 601.767925][ T6277] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 601.776512][T18304] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 601.820723][ T6277] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 601.869663][ T6277] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 601.905186][ T6277] usb 4-1: config 0 interface 52 has no altsetting 0 [ 601.906346][T18304] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 601.923013][ T6277] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 601.949958][ T6277] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.972243][ T6277] usb 4-1: config 0 descriptor?? [ 601.979946][T18304] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a000e018, mo2=0002] [ 601.992583][T18304] System zones: 0-1, 15-15, 18-18, 34-34 [ 602.000072][T18304] EXT4-fs (loop2): orphan cleanup on readonly fs [ 602.006928][T18304] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #4: comm syz.2.5498: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 602.061986][T18304] EXT4-fs error (device loop2): ext4_quota_enable:7139: comm syz.2.5498: Bad quota inode: 4, type: 1 [ 602.118258][T18314] syz.4.5501 (18314): /proc/18313/oom_adj is deprecated, please use /proc/18313/oom_score_adj instead. [ 602.131663][T18304] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 602.166826][ T8952] Bluetooth: hci1: command 0x0406 tx timeout [ 602.208551][T18304] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 602.212412][ T6277] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input50 [ 602.288770][T18304] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 602.453384][T18304] EXT4-fs error (device loop2): ext4_get_link:106: inode #16: comm syz.2.5498: bad symlink. [ 602.488807][ T6186] usb 4-1: USB disconnect, device number 97 [ 602.488925][ C1] synaptics_usb 4-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 602.601997][ T6222] usb 2-1: new full-speed USB device number 112 using dummy_hcd [ 602.647540][ T6118] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 602.791931][T18302] loop5: detected capacity change from 0 to 32768 [ 602.800697][ T6222] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 602.833742][ T6222] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 602.864946][ T30] audit: type=1326 audit(1762120864.563:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18323 comm="syz.2.5505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751a58efc9 code=0x7ffc0000 [ 602.915620][ T6222] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12336, setting to 64 [ 602.929897][T18302] jfs_strtoUCS: char2uni returned -22. [ 602.935537][T18302] charset = cp949, char = 0xd4 [ 602.953274][ T6222] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 602.985758][ T30] audit: type=1326 audit(1762120864.563:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18323 comm="syz.2.5505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751a58efc9 code=0x7ffc0000 [ 603.065624][ T6222] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 603.075450][ T6222] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.087677][ T30] audit: type=1326 audit(1762120864.609:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18323 comm="syz.2.5505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7f751a58efc9 code=0x7ffc0000 [ 603.129995][ T6222] usb 2-1: Product: syz [ 603.140324][ T6222] usb 2-1: Manufacturer: syz [ 603.157419][ T6222] usb 2-1: SerialNumber: syz [ 603.207579][ T6222] usb 2-1: config 0 descriptor?? [ 603.210730][ T8952] Bluetooth: hci2: command 0x0406 tx timeout [ 603.213878][ T30] audit: type=1326 audit(1762120864.609:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18323 comm="syz.2.5505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751a58efc9 code=0x7ffc0000 [ 603.295182][ T8952] Bluetooth: hci5: command 0x0406 tx timeout [ 603.303314][ T8952] Bluetooth: hci4: command 0x0406 tx timeout [ 603.303347][ T6222] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input51 [ 603.374688][T18329] loop2: detected capacity change from 0 to 4096 [ 603.397620][ T30] audit: type=1326 audit(1762120864.609:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18323 comm="syz.2.5505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751a58efc9 code=0x7ffc0000 [ 603.482959][T18337] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 603.558610][T18329] NILFS (loop2): nilfs_palloc_commit_free_entry (ino=6): entry number 15 already freed [ 603.674861][ T6222] usb 2-1: USB disconnect, device number 112 [ 603.760236][T18340] sit1: entered promiscuous mode [ 603.765239][T18340] sit1: entered allmulticast mode [ 604.088278][T18349] loop3: detected capacity change from 0 to 1024 [ 604.108168][T18351] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5515'. [ 604.178583][T18355] loop5: detected capacity change from 0 to 256 [ 604.188502][T18349] hfsplus: can't free extent: start 0, count 3 [ 604.374434][T18355] FAT-fs (loop5): Directory bread(block 64) failed [ 604.409487][T18355] FAT-fs (loop5): Directory bread(block 65) failed [ 604.445158][T18355] FAT-fs (loop5): Directory bread(block 66) failed [ 604.451760][T18355] FAT-fs (loop5): Directory bread(block 67) failed [ 604.517902][T18355] FAT-fs (loop5): Directory bread(block 68) failed [ 604.558585][T18355] FAT-fs (loop5): Directory bread(block 69) failed [ 604.597382][T18355] FAT-fs (loop5): Directory bread(block 70) failed [ 604.603976][T18355] FAT-fs (loop5): Directory bread(block 71) failed [ 604.682638][T18368] netlink: 'syz.4.5524': attribute type 4 has an invalid length. [ 604.690852][T18355] FAT-fs (loop5): Directory bread(block 72) failed [ 604.734852][T18355] FAT-fs (loop5): Directory bread(block 73) failed [ 604.868946][T18376] loop0: detected capacity change from 0 to 8 [ 605.030566][T18378] loop4: detected capacity change from 0 to 64 [ 605.389909][ T6244] usb 4-1: new high-speed USB device number 98 using dummy_hcd [ 605.595234][ T6244] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 605.622980][ T6244] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 605.666385][ T6244] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 605.675487][ T6244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.750822][T18384] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 605.788042][ T6244] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 605.827259][T18412] netlink: 'syz.1.5546': attribute type 5 has an invalid length. [ 606.033405][T18416] sit1: entered promiscuous mode [ 606.066407][T18416] sit1: entered allmulticast mode [ 606.073474][ T6244] usb 4-1: USB disconnect, device number 98 [ 606.210004][T18425] loop1: detected capacity change from 0 to 512 [ 606.283317][T18425] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 606.346226][T18425] ext4 filesystem being mounted at /849/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 606.363266][T18431] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5554'. [ 606.547575][ T6112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 606.548341][T18435] bond1 (unregistering): Released all slaves [ 606.733993][T18446] SET target dimension over the limit! [ 606.836707][T18443] loop2: detected capacity change from 0 to 4096 [ 606.912234][T18443] ntfs3(loop2): ino=3, Correct links count -> 2. [ 607.093578][T18443] ntfs3(loop2): ino=1a, mi_enum_attr [ 607.109878][T18443] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 607.736143][ T6202] usb 6-1: new high-speed USB device number 107 using dummy_hcd [ 607.813831][T18487] loop2: detected capacity change from 0 to 8 [ 607.870918][T18481] bond1 (unregistering): Released all slaves [ 607.881416][T18487] SQUASHFS error: Failed to read block 0x2d7: -5 [ 607.930778][T18487] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 607.932629][ T6202] usb 6-1: Using ep0 maxpacket: 8 [ 607.945967][T18458] loop3: detected capacity change from 0 to 32768 [ 607.954218][T18487] SQUASHFS error: Failed to read block 0x8f: -5 [ 607.961126][ T30] audit: type=1800 audit(1762120869.270:68): pid=18487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5580" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 607.963566][ T6202] usb 6-1: config 0 has an invalid interface number: 97 but max is 0 [ 608.006990][T18458] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.5567 (18458) [ 608.071487][ T6202] usb 6-1: config 0 has no interface number 0 [ 608.072375][T18458] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 608.079257][ T6202] usb 6-1: too many endpoints for config 0 interface 97 altsetting 97: 97, using maximum allowed: 30 [ 608.159257][T18458] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm [ 608.194731][ T6202] usb 6-1: config 0 interface 97 altsetting 97 has 0 endpoint descriptors, different from the interface descriptor's value: 97 [ 608.251982][T18491] loop4: detected capacity change from 0 to 1024 [ 608.268495][ T6202] usb 6-1: config 0 interface 97 has no altsetting 0 [ 608.300215][ T6202] usb 6-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=4d.89 [ 608.383659][ T6202] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.429802][T18491] hfsplus: invalid xattr key length: 0 [ 608.436261][ T6202] usb 6-1: config 0 descriptor?? [ 608.443662][T18458] BTRFS info (device loop3): enabling ssd optimizations [ 608.461467][T18458] BTRFS info (device loop3): turning on async discard [ 608.504864][T18458] BTRFS info (device loop3): enabling free space tree [ 608.564338][T18517] loop0: detected capacity change from 0 to 512 [ 608.619724][T18517] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 608.663023][ T6202] usb 6-1: string descriptor 0 read error: -71 [ 608.679318][ T6202] usb-storage 6-1:0.97: USB Mass Storage device detected [ 608.702075][T18517] EXT4-fs (loop0): 1 truncate cleaned up [ 608.748630][T18517] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 608.748750][ T6202] usb-storage 6-1:0.97: device ignored [ 608.778909][ T6109] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 608.858071][ T6202] usb 6-1: USB disconnect, device number 107 [ 609.085283][ T6116] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 609.113492][T18529] loop3: detected capacity change from 0 to 64 [ 609.925167][T18508] loop1: detected capacity change from 0 to 32768 [ 609.979175][T18508] syz.1.5585: attempt to access beyond end of device [ 609.979175][T18508] loop1: rw=0, sector=68719476736, nr_sectors = 8 limit=32768 [ 610.054753][T18508] Read error 10 at 0x0 [ 610.059521][T18508] read_mapping_page failed! [ 610.103339][T18508] jfs_mount: diMount failed w/rc = -5 [ 610.128567][T18508] Mount JFS Failure: -5 [ 610.164576][T18508] jfs_mount failed w/return code = -5 [ 610.473212][T18531] loop4: detected capacity change from 0 to 32768 [ 610.589982][T18531] (syz.4.5593,18531,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 610.680459][T18531] (syz.4.5593,18531,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 610.798477][T18531] (syz.4.5593,18531,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 610.913429][T18531] JBD2: Ignoring recovery information on journal [ 611.118019][T18531] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 611.369318][T18550] loop2: detected capacity change from 0 to 32768 [ 611.398762][T18550] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.5601 (18550) [ 611.487910][T18546] loop5: detected capacity change from 0 to 40427 [ 611.499144][T18550] BTRFS info (device loop2 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 611.512660][ T6120] ocfs2: Unmounting device (7,4) on (node local) [ 611.545260][T18550] BTRFS info (device loop2 state S): using crc32c (crc32c-lib) checksum algorithm [ 611.559615][T18546] F2FS-fs (loop5): invalid crc value [ 611.571258][T18570] overlayfs: unescaped trailing colons in lowerdir mount option. [ 611.725249][ T13] BTRFS warning (device loop2 state S): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0x4e035593 level 0, ignored [ 611.799516][ T6233] BTRFS warning (device loop2 state S): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xbeadaddc level 0, ignored [ 611.805793][T18546] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 611.815311][T18556] loop0: detected capacity change from 0 to 32768 [ 611.861615][T18558] loop3: detected capacity change from 0 to 32768 [ 611.881716][T18587] program syz.1.5612 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 611.887362][ T13] BTRFS warning (device loop2 state S): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0x48746f3c level 0, ignored [ 611.946742][T18546] F2FS-fs (loop5): Start checkpoint disabled! [ 611.953817][T18592] netlink: 300 bytes leftover after parsing attributes in process `syz.1.5613'. [ 611.984481][T18546] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0 [ 611.988407][ T36] BTRFS warning (device loop2 state S): checksum verify failed on logical 5328896 mirror 1 wanted 0x51ec978b found 0x49206b5e level 0, ignored [ 612.033424][T18556] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 612.045218][T18546] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 612.066393][T18558] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 612.104313][T18550] BTRFS info (device loop2 state S): bdev /dev/loop2 errs: wr 0, rd 0, flush 0, corrupt 7, gen 0 [ 612.152382][T18550] BTRFS info (device loop2 state S): enabling ssd optimizations [ 612.207959][T18558] XFS (loop3): Ending clean mount [ 612.222691][T18550] BTRFS info (device loop2 state S): disabling tree log [ 612.255780][T18550] BTRFS info (device loop2 state S): turning on flush-on-commit [ 612.289706][T18550] BTRFS info (device loop2 state S): enabling free space tree [ 612.297092][T18606] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5615'. [ 612.339328][T18550] BTRFS info (device loop2 state S): ignoring meta csums [ 612.386505][T18550] BTRFS info (device loop2 state S): use zlib compression, level 3 [ 612.436896][ T36] BTRFS warning (device loop2 state S): checksum verify failed on logical 5308416 mirror 1 wanted 0xe1d58233 found 0x9b2456e4 level 0, ignored [ 612.484982][ T6116] ocfs2: Unmounting device (7,0) on (node local) [ 612.548352][T16829] kworker/u8:3: attempt to access beyond end of device [ 612.548352][T16829] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 612.589936][ T6109] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 612.627490][T16829] CPU: 0 UID: 0 PID: 16829 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) [ 612.627529][T16829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 612.627547][T16829] Workqueue: writeback wb_workfn (flush-7:5) [ 612.627588][T16829] Call Trace: [ 612.627599][T16829] [ 612.627610][T16829] dump_stack_lvl+0x189/0x250 [ 612.627653][T16829] ? __pfx_dump_stack_lvl+0x10/0x10 [ 612.627690][T16829] ? __pfx_queue_work_on+0x10/0x10 [ 612.627719][T16829] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 612.627752][T16829] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 612.627797][T16829] f2fs_handle_critical_error+0x37c/0x540 [ 612.627845][T16829] f2fs_write_end_io+0x886/0xb60 [ 612.627894][T16829] __submit_merged_bio+0x27a/0x6a0 [ 612.627941][T16829] __submit_merged_write_cond+0x255/0x530 [ 612.627989][T16829] f2fs_write_data_pages+0x261d/0x3000 [ 612.628054][T16829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 612.628095][T16829] ? unwind_next_frame+0xa5/0x2390 [ 612.628165][T16829] ? arch_stack_walk+0x110/0x150 [ 612.628205][T16829] ? ret_from_fork_asm+0x1a/0x30 [ 612.628249][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.628290][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.628341][T16829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 612.628369][T16829] do_writepages+0x32e/0x550 [ 612.628409][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.628438][T16829] ? reacquire_held_locks+0x127/0x1d0 [ 612.628469][T16829] ? writeback_sb_inodes+0x384/0x1010 [ 612.628516][T16829] __writeback_single_inode+0x145/0xff0 [ 612.628554][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.628584][T16829] ? do_raw_spin_unlock+0x122/0x240 [ 612.628626][T16829] writeback_sb_inodes+0x6c7/0x1010 [ 612.628696][T16829] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 612.628782][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.628811][T16829] ? rcu_is_watching+0x15/0xb0 [ 612.628842][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.628882][T16829] wb_writeback+0x43b/0xaf0 [ 612.628929][T16829] ? queue_io+0x301/0x590 [ 612.628969][T16829] ? __pfx_wb_writeback+0x10/0x10 [ 612.629017][T16829] ? _raw_spin_unlock_irq+0x23/0x50 [ 612.629054][T16829] wb_workfn+0x409/0xef0 [ 612.629108][T16829] ? __pfx_wb_workfn+0x10/0x10 [ 612.629145][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.629175][T16829] ? __lock_acquire+0xab9/0xd20 [ 612.629213][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.629247][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.629281][T16829] ? _raw_spin_unlock_irq+0x23/0x50 [ 612.629310][T16829] ? process_scheduled_works+0x9ef/0x17b0 [ 612.629337][T16829] ? process_scheduled_works+0x9ef/0x17b0 [ 612.629368][T16829] process_scheduled_works+0xae1/0x17b0 [ 612.629432][T16829] ? __pfx_process_scheduled_works+0x10/0x10 [ 612.629470][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.629511][T16829] worker_thread+0x8a0/0xda0 [ 612.629544][T16829] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 612.629586][T16829] ? __kthread_parkme+0x7b/0x200 [ 612.629630][T16829] kthread+0x711/0x8a0 [ 612.629670][T16829] ? __pfx_worker_thread+0x10/0x10 [ 612.629699][T16829] ? __pfx_kthread+0x10/0x10 [ 612.629730][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.629765][T16829] ? _raw_spin_unlock_irq+0x23/0x50 [ 612.629794][T16829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 612.629823][T16829] ? lockdep_hardirqs_on+0x9c/0x150 [ 612.629855][T16829] ? __pfx_kthread+0x10/0x10 [ 612.629893][T16829] ret_from_fork+0x4bc/0x870 [ 612.629923][T16829] ? __pfx_ret_from_fork+0x10/0x10 [ 612.629960][T16829] ? __switch_to_asm+0x39/0x70 [ 612.629981][T16829] ? __switch_to_asm+0x33/0x70 [ 612.630002][T16829] ? __pfx_kthread+0x10/0x10 [ 612.630038][T16829] ret_from_fork_asm+0x1a/0x30 [ 612.630083][T16829] [ 612.630094][T16829] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 613.005082][ T6118] BTRFS info (device loop2 state S): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 614.072266][T18608] loop4: detected capacity change from 0 to 32768 [ 614.206016][T18608] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 614.578272][T18662] loop1: detected capacity change from 0 to 16 [ 614.580583][T18608] XFS (loop4): Ending clean mount [ 614.599816][T18660] loop5: detected capacity change from 0 to 764 [ 614.617058][T18662] erofs (device loop1): mounted with root inode @ nid 36. [ 614.666582][T18660] Symlink component flag not implemented [ 614.692944][T18660] Symlink component flag not implemented (116) [ 614.839707][ T6120] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 615.247739][T18679] vxcan1 speed is unknown, defaulting to 1000 [ 615.313142][T18645] loop3: detected capacity change from 0 to 32768 [ 615.319872][T18679] vxcan1 speed is unknown, defaulting to 1000 [ 615.370452][T18645] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.5633 (18645) [ 615.408201][T18679] vxcan1 speed is unknown, defaulting to 1000 [ 615.464165][T18645] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 615.504016][T18645] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm [ 615.690109][T18645] BTRFS info (device loop3): enabling ssd optimizations [ 615.751771][T18645] BTRFS info (device loop3): turning on async discard [ 615.785508][T18645] BTRFS info (device loop3): enabling free space tree [ 615.883836][T18711] ieee802154 phy0 wpan0: encryption failed: -22 [ 615.995923][ T6109] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 616.243081][T18717] sctp: [Deprecated]: syz.5.5652 (pid 18717) Use of struct sctp_assoc_value in delayed_ack socket option. [ 616.243081][T18717] Use struct sctp_sack_info instead [ 616.340313][T18723] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5655'. [ 616.370847][T18719] loop4: detected capacity change from 0 to 4096 [ 616.382077][T18721] loop2: detected capacity change from 0 to 2048 [ 616.475949][T18728] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 616.547752][T18721] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 616.672755][T18721] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 616.989496][ T6118] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 617.014569][T18679] infiniband syz2: set active [ 617.023088][ T6244] vxcan1 speed is unknown, defaulting to 1000 [ 617.055751][T18679] infiniband syz2: added vxcan1 [ 617.087203][T18679] syz2: rxe_create_cq: returned err = -12 [ 617.119351][T18679] infiniband syz2: Couldn't create ib_mad CQ [ 617.125561][T18679] infiniband syz2: Couldn't open port 1 [ 617.289735][T18679] RDS/IB: syz2: added [ 617.337175][T18679] smc: adding ib device syz2 with port count 1 [ 617.343540][T18679] smc: ib device syz2 port 1 has no pnetid [ 617.374769][ T6244] vxcan1 speed is unknown, defaulting to 1000 [ 617.418519][T18679] vxcan1 speed is unknown, defaulting to 1000 [ 617.807998][T18731] loop5: detected capacity change from 0 to 32768 [ 617.853526][T18731] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.5656 (18731) [ 617.946641][T18731] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 618.005416][T18731] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm [ 618.296149][T18731] BTRFS info (device loop5): turning on flush-on-commit [ 618.338183][T18731] BTRFS info (device loop5): turning on async discard [ 618.349106][T18731] BTRFS info (device loop5): enabling free space tree [ 618.424134][T18783] loop2: detected capacity change from 0 to 4096 [ 618.504250][ T6122] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 618.561354][T18747] loop3: detected capacity change from 0 to 32768 [ 618.744576][T18747] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 618.908121][T18803] QAT: Invalid ioctl 21531 [ 618.961324][T18747] ocfs2: Unmounting device (7,3) on (node local) [ 619.145652][T18679] vxcan1 speed is unknown, defaulting to 1000 [ 619.401315][T18817] netlink: 'syz.0.5687': attribute type 21 has an invalid length. [ 619.954120][T18829] netlink: 228 bytes leftover after parsing attributes in process `syz.0.5692'. [ 620.104869][T18835] openvswitch: netlink: Actions may not be safe on all matching packets [ 620.236729][T18838] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5696'. [ 620.418538][T18679] vxcan1 speed is unknown, defaulting to 1000 [ 620.645085][T18849] loop2: detected capacity change from 0 to 4096 [ 620.646280][T18814] loop3: detected capacity change from 0 to 32768 [ 620.674405][T18814] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.5684 (18814) [ 620.689541][T18849] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 620.726692][T18814] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 620.757403][T18814] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 620.883007][T18849] ntfs3(loop2): ino=19, mi_enum_attr [ 620.917212][T18849] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 620.976924][ T1301] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 620.991533][T18849] ntfs3(loop2): failed to convert "c46c" to cp932 [ 621.019503][T18849] ntfs3(loop2): ino=20, mi_enum_attr [ 621.072672][T18814] BTRFS error (device loop3): failed to load root extent [ 621.093432][T18814] BTRFS warning (device loop3): try to load backup roots slot 1 [ 621.125664][ T36] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 621.164922][T18814] BTRFS warning (device loop3): couldn't read tree root [ 621.193476][T18814] BTRFS warning (device loop3): try to load backup roots slot 2 [ 621.226808][T18878] x_tables: duplicate underflow at hook 4 [ 621.228324][ T13] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 621.278135][T18814] BTRFS warning (device loop3): couldn't read tree root [ 621.304667][T18814] BTRFS warning (device loop3): try to load backup roots slot 3 [ 621.314381][T18679] vxcan1 speed is unknown, defaulting to 1000 [ 621.376688][T18814] BTRFS info (device loop3): checking UUID tree [ 621.405053][T18814] BTRFS info (device loop3): setting nodatasum [ 621.419638][T18814] BTRFS info (device loop3): setting nodatacow [ 621.430959][T18814] BTRFS info (device loop3): enabling ssd optimizations [ 621.448955][T18814] BTRFS info (device loop3): turning on flush-on-commit [ 621.473993][T18814] BTRFS info (device loop3): turning on async discard [ 621.481011][T18814] BTRFS info (device loop3): enabling free space tree [ 621.502089][T18814] BTRFS info (device loop3): enabling auto defrag [ 621.521902][T18814] BTRFS info (device loop3): trying to use backup root at mount time [ 621.542225][T18887] loop2: detected capacity change from 0 to 512 [ 621.558884][T18887] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 621.575536][T18887] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002] [ 621.584180][T18810] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 621.594716][T18333] Bluetooth: hci1: command 0x0406 tx timeout [ 621.637456][T18887] EXT4-fs (loop2): orphan cleanup on readonly fs [ 621.643862][T18887] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.5714: bad orphan inode 267 [ 621.654390][T18892] xt_hashlimit: overflow, try lower: 3/0 [ 621.696546][T18887] EXT4-fs (loop2): Remounting filesystem read-only [ 621.716362][T18887] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 621.731100][T18810] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 621.749386][T18810] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 621.776503][T18810] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 621.794487][T18887] EXT4-fs warning (device loop2): dx_probe:861: inode #2: comm syz.2.5714: dx entry: limit 0 != root limit 125 [ 621.821261][T18887] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.5714: Corrupt directory, running e2fsck is recommended [ 621.922999][ T6109] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 621.964343][ T6118] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 622.071221][ T6187] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 622.110076][T18901] loop5: detected capacity change from 0 to 16 [ 622.128209][T18901] erofs (device loop5): mounted with root inode @ nid 36. [ 622.163235][T18679] vxcan1 speed is unknown, defaulting to 1000 [ 622.219061][T18903] loop0: detected capacity change from 0 to 1024 [ 622.266378][ T6187] usb 5-1: Using ep0 maxpacket: 16 [ 622.289735][ T6187] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 622.316565][ T6187] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.349519][ T6187] usb 5-1: Product: syz [ 622.360927][ T6187] usb 5-1: Manufacturer: syz [ 622.372829][ T6187] usb 5-1: SerialNumber: syz [ 622.427871][ T6187] usb 5-1: config 0 descriptor?? [ 622.443780][T16829] hfsplus: b-tree write err: -5, ino 4 [ 622.463750][ T6187] visor 5-1:0.0: Sony Clie 3.5 converter detected [ 622.686885][ T6187] usb 5-1: clie_3_5_startup: get config number bad return length: 0 [ 622.742971][ T6187] visor 5-1:0.0: probe with driver visor failed with error -5 [ 622.916813][ T6187] usb 5-1: USB disconnect, device number 102 [ 623.083792][T18929] loop5: detected capacity change from 0 to 256 [ 623.239482][ T6202] usb 4-1: new high-speed USB device number 99 using dummy_hcd [ 623.358828][T18935] ipvlan1: entered allmulticast mode [ 623.364193][T18935] veth0_vlan: entered allmulticast mode [ 623.461449][ T6202] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 623.506394][ T6202] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.565349][ T6202] usb 4-1: config 0 descriptor?? [ 623.607316][ T6202] cp210x 4-1:0.0: cp210x converter detected [ 623.782254][T18947] loop4: detected capacity change from 0 to 1024 [ 623.790030][T18947] EXT4-fs: Ignoring removed nomblk_io_submit option [ 623.828254][T18679] vxcan1 speed is unknown, defaulting to 1000 [ 623.840030][T18333] Bluetooth: hci2: command 0x0406 tx timeout [ 623.859424][T18947] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 623.922092][T18333] Bluetooth: hci4: command 0x0406 tx timeout [ 623.944690][T18947] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 624.013546][T18333] Bluetooth: hci5: command 0x0406 tx timeout [ 624.066704][ T6202] usb 4-1: cp210x converter now attached to ttyUSB0 [ 624.093869][ T6202] usb 4-1: USB disconnect, device number 99 [ 624.103443][T18947] VFS: Lookup of 'file0' in ext4 loop4 would have caused loop [ 624.115146][ T6202] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 624.154348][ T6202] cp210x 4-1:0.0: device disconnected [ 624.228563][ T6120] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 624.988506][T18991] loop5: detected capacity change from 0 to 2048 [ 625.057610][ T6070] loop5: p2 < > p4 [ 625.066218][ T6070] loop5: p4 size 262144 extends beyond EOD, truncated [ 625.081250][ T6202] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 625.171803][T18991] loop5: p2 < > p4 [ 625.191825][T18991] loop5: p4 size 262144 extends beyond EOD, truncated [ 625.265961][ T6202] usb 4-1: Using ep0 maxpacket: 16 [ 625.300784][ T6202] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 625.333445][ T6202] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.384490][ T6202] usb 4-1: Product: syz [ 625.402378][ T6202] usb 4-1: Manufacturer: syz [ 625.418424][ T6202] usb 4-1: SerialNumber: syz [ 625.462682][ T6202] r8152-cfgselector 4-1: Unknown version 0x0000 [ 625.468992][ T6202] r8152-cfgselector 4-1: config 0 descriptor?? [ 625.483707][ T6394] udevd[6394]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 625.491211][ T5825] udevd[5825]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory [ 625.815460][ T5825] udevd[5825]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory [ 625.859977][ T6069] udevd[6069]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 625.999570][ T6202] r8152-cfgselector 4-1: USB disconnect, device number 100 [ 626.495239][T19041] loop2: detected capacity change from 0 to 1024 [ 626.750196][ T13] hfsplus: b-tree write err: -5, ino 4 [ 626.982945][T19052] loop2: detected capacity change from 0 to 1764 [ 627.233623][T19029] loop5: detected capacity change from 0 to 32768 [ 627.284818][T19029] btrfs: Deprecated parameter 'usebackuproot' [ 627.310020][T19031] loop1: detected capacity change from 0 to 32768 [ 627.324662][T19029] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 627.336021][T19062] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 627.370254][ T6202] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 627.385831][T19029] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.5781 (19029) [ 627.412696][T19031] XFS (loop1): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent. [ 627.445817][T19029] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 627.494204][T19029] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm [ 627.502267][T19031] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 627.539780][T19029] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 627.603977][ T6202] usb 3-1: Using ep0 maxpacket: 16 [ 627.657370][ T6202] usb 3-1: unable to get BOS descriptor or descriptor too short [ 627.711420][ T6202] usb 3-1: config 13 has an invalid interface number: 50 but max is 0 [ 627.743132][ T6202] usb 3-1: config 13 has no interface number 0 [ 627.757311][ T6202] usb 3-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16 [ 627.785192][ T6202] usb 3-1: config 13 interface 50 has no altsetting 0 [ 627.881321][ T6202] usb 3-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 627.922169][ T6202] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.933976][ T6202] usb 3-1: Product: syz [ 627.939838][ T6202] usb 3-1: Manufacturer: syz [ 627.946595][T19029] BTRFS info (device loop5): rebuilding free space tree [ 627.954169][ T6202] usb 3-1: SerialNumber: syz [ 627.982208][T19029] BTRFS info (device loop5): disabling free space tree [ 627.992104][T19052] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 628.049076][T19029] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 628.092051][T19029] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 628.140172][T19029] BTRFS info (device loop5): turning on sync discard [ 628.146987][T19029] BTRFS info (device loop5): enabling disk space caching [ 628.165173][T19029] BTRFS info (device loop5): force clearing of disk cache [ 628.187129][T19029] BTRFS info (device loop5): trying to use backup root at mount time [ 628.305863][T19099] loop3: detected capacity change from 0 to 4096 [ 628.307339][ T6202] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 628.341469][ T6202] usb 3-1: MIDIStreaming interface descriptor not found [ 628.370407][T19099] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 628.428698][ T6122] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 628.537672][T19099] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 628.548522][ T6202] usb 3-1: USB disconnect, device number 120 [ 628.610125][T19099] ntfs3(loop3): ino=19, mi_enum_attr [ 628.710399][T19099] ntfs3(loop3): failed to convert "c46c" to macgaelic [ 628.762868][T19099] ntfs3(loop3): ino=20, mi_enum_attr [ 629.035746][ T6114] Bluetooth: hci5: command 0x0406 tx timeout [ 629.073214][T19075] loop0: detected capacity change from 0 to 32768 [ 629.104609][T19075] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.5800 (19075) [ 629.143593][T19108] netlink: 'syz.3.5808': attribute type 16 has an invalid length. [ 629.172101][T19075] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 629.217365][T19108] netlink: 'syz.3.5808': attribute type 17 has an invalid length. [ 629.252473][T19075] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 629.271471][T19108] netlink: 'syz.3.5808': attribute type 27 has an invalid length. [ 629.292036][T19075] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 629.364909][T19097] loop4: detected capacity change from 0 to 32768 [ 629.410750][T19097] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5803 (19097) [ 629.444112][T19097] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 629.455087][T19097] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 629.610386][T19075] BTRFS info (device loop0): rebuilding free space tree [ 629.716197][T19097] BTRFS info (device loop4): enabling ssd optimizations [ 629.740200][T19097] BTRFS info (device loop4): turning on async discard [ 629.793641][T19097] BTRFS info (device loop4): enabling free space tree [ 629.801288][T19075] BTRFS info (device loop0): disabling free space tree [ 629.837577][T19075] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 629.847274][T19075] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 630.001106][T19075] BTRFS info (device loop0): setting nodatasum [ 630.024151][T19075] BTRFS info (device loop0): allowing degraded mounts [ 630.052467][T19075] BTRFS info (device loop0): turning on async discard [ 630.070082][T19075] BTRFS info (device loop0): enabling disk space caching [ 630.108406][T19075] BTRFS info (device loop0): force clearing of disk cache [ 630.146029][T19075] BTRFS info (device loop0): force zlib compression, level 3 [ 630.190436][ T6120] BTRFS info (device loop4): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 630.396121][T19075] BTRFS info (device loop0): balance: start -sprofiles=system|metadata|single|raid0|raid1|dup|raid10|raid5|raid6|raid1c3|raid1c4|0xfffefffffffff800,usage=4503599627370496,limit=351830835986432 [ 630.401249][T19161] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5819'. [ 630.476220][T19075] BTRFS info (device loop0): balance: ended with status: 0 [ 630.718425][ T6116] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 630.772288][T19106] loop5: detected capacity change from 0 to 40427 [ 630.824203][T19106] F2FS-fs (loop5): Fix alignment : internally, start(4096) end(16896) block(12288) [ 631.037316][T19106] F2FS-fs (loop5): invalid crc value [ 631.053927][T19175] loop2: detected capacity change from 0 to 2048 [ 631.141568][T19175] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 631.626756][T19106] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 631.703865][T19106] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 631.744832][T19194] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5834'. [ 631.805022][T19194] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5834'. [ 631.852702][T19106] F2FS-fs (loop5): Try to recover all the superblocks, ret: 0 [ 631.861305][T19194] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 631.966203][T19206] raw_sendmsg: syz.4.5838 forgot to set AF_INET. Fix it! [ 631.981074][T19205] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5839'. [ 632.038756][T19205] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5839'. [ 632.470221][ T6244] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 632.504926][T19219] usb usb5: usbfs: process 19219 (syz.1.5846) did not claim interface 0 before use [ 632.517482][T19214] loop4: detected capacity change from 0 to 4096 [ 632.597865][T19214] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 632.646839][ T6244] usb 3-1: Using ep0 maxpacket: 8 [ 632.690943][ T6244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 632.735241][ T6244] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 632.746364][T19214] ntfs3(loop4): ino=19, mi_enum_attr [ 632.751711][T19214] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 632.763451][ T6244] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.801048][T19225] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5849'. [ 632.827658][ T6244] usb 3-1: Product: syz [ 632.842893][ T6244] usb 3-1: Manufacturer: syz [ 632.858540][ T6244] usb 3-1: SerialNumber: syz [ 632.875312][ T6244] usb 3-1: config 0 descriptor?? [ 632.960597][T19227] netlink: 'syz.3.5850': attribute type 8 has an invalid length. [ 633.147399][ T6277] usb 3-1: USB disconnect, device number 121 [ 633.366307][T19243] loop1: detected capacity change from 0 to 512 [ 633.630132][ T6186] usb 4-1: new low-speed USB device number 101 using dummy_hcd [ 633.830572][ T6186] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 633.864012][ T6186] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 633.902101][ T6186] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 633.941400][ T6186] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 634.007735][ T6186] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 634.030033][ T6186] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 634.048420][ T6186] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 634.069033][ T6186] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 634.107167][ T6186] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 634.142290][ T6186] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 634.180154][ T6186] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 634.204650][ T6186] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 634.237292][ T6186] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 634.268659][ T6186] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 634.313074][ T6186] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 634.364932][ T6186] usb 4-1: string descriptor 0 read error: -22 [ 634.389361][ T6186] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 634.409775][ T6186] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 634.442325][ T6186] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 634.544686][T19285] RDS: rds_bind could not find a transport for 0:0:4::1, load rds_tcp or rds_rdma? [ 634.752037][ T6186] usb 4-1: USB disconnect, device number 101 [ 634.899873][T19266] loop2: detected capacity change from 0 to 32768 [ 634.954383][T19266] (syz.2.5868,19266,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 635.003413][T19266] (syz.2.5868,19266,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 635.039341][T19276] loop1: detected capacity change from 0 to 32768 [ 635.079407][T19266] JBD2: Ignoring recovery information on journal [ 635.094033][T19276] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 635.143310][T19276] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 635.232047][T19306] netlink: 'syz.0.5887': attribute type 3 has an invalid length. [ 635.241694][T19306] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5887'. [ 635.245023][T19266] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 635.425613][T19266] [ 635.427987][T19266] ====================================================== [ 635.434997][T19266] WARNING: possible circular locking dependency detected [ 635.442006][T19266] syzkaller #0 Not tainted [ 635.446403][T19266] ------------------------------------------------------ [ 635.453400][T19266] syz.2.5868/19266 is trying to acquire lock: [ 635.459444][T19266] ffff888026986610 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_acquire_dquot+0x455/0xb30 [ 635.468870][T19266] [ 635.468870][T19266] but task is already holding lock: [ 635.476225][T19266] ffff88806b3fdbe0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_lock_global_qf+0x1e8/0x270 [ 635.487113][T19266] [ 635.487113][T19266] which lock already depends on the new lock. [ 635.487113][T19266] [ 635.497502][T19266] [ 635.497502][T19266] the existing dependency chain (in reverse order) is: [ 635.506500][T19266] [ 635.506500][T19266] -> #6 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}: [ 635.515365][T19266] lock_acquire+0x120/0x360 [ 635.520386][T19266] down_write+0x96/0x1f0 [ 635.525151][T19266] ocfs2_lock_global_qf+0x1e8/0x270 [ 635.530865][T19266] ocfs2_acquire_dquot+0x2b0/0xb30 [ 635.536498][T19266] dqget+0x7b1/0xf10 [ 635.540907][T19266] dquot_set_dqblk+0x2b/0xfa0 [ 635.546188][T19266] quota_setquota+0x4b7/0x540 [ 635.551371][T19266] __se_sys_quotactl+0x279/0x950 [ 635.556832][T19266] do_syscall_64+0xfa/0xfa0 [ 635.561857][T19266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.568263][T19266] [ 635.568263][T19266] -> #5 (&ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}: [ 635.578861][T19266] lock_acquire+0x120/0x360 [ 635.583879][T19266] down_write+0x96/0x1f0 [ 635.588647][T19266] ocfs2_lock_global_qf+0x1ca/0x270 [ 635.594358][T19266] ocfs2_acquire_dquot+0x2b0/0xb30 [ 635.599987][T19266] dqget+0x7b1/0xf10 [ 635.604395][T19266] dquot_set_dqblk+0x2b/0xfa0 [ 635.609592][T19266] quota_setquota+0x4b7/0x540 [ 635.614777][T19266] __se_sys_quotactl+0x279/0x950 [ 635.620237][T19266] do_syscall_64+0xfa/0xfa0 [ 635.625257][T19266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.631661][T19266] [ 635.631661][T19266] -> #4 (&dquot->dq_lock){+.+.}-{4:4}: [ 635.639307][T19266] lock_acquire+0x120/0x360 [ 635.644321][T19266] __mutex_lock+0x187/0x1350 [ 635.649429][T19266] dqget+0x72a/0xf10 [ 635.653836][T19266] dquot_transfer+0x2f8/0x6d0 [ 635.659026][T19266] ext4_setattr+0x865/0x1bc0 [ 635.664125][T19266] notify_change+0xc1a/0xf40 [ 635.669231][T19266] chown_common+0x40c/0x5c0 [ 635.674242][T19266] do_fchownat+0x161/0x270 [ 635.679170][T19266] __x64_sys_lchown+0x85/0xa0 [ 635.684358][T19266] do_syscall_64+0xfa/0xfa0 [ 635.689381][T19266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.695786][T19266] [ 635.695786][T19266] -> #3 (&ei->xattr_sem){++++}-{4:4}: [ 635.703344][T19266] lock_acquire+0x120/0x360 [ 635.708357][T19266] down_read+0x46/0x2e0 [ 635.713036][T19266] ext4_setattr+0x855/0x1bc0 [ 635.718140][T19266] notify_change+0xc1a/0xf40 [ 635.723249][T19266] chown_common+0x40c/0x5c0 [ 635.728265][T19266] do_fchownat+0x161/0x270 [ 635.733190][T19266] __x64_sys_chown+0x82/0xa0 [ 635.738286][T19266] do_syscall_64+0xfa/0xfa0 [ 635.743307][T19266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.749711][T19266] [ 635.749711][T19266] -> #2 (jbd2_handle){++++}-{0:0}: [ 635.757009][T19266] lock_acquire+0x120/0x360 [ 635.762020][T19266] start_this_handle+0x1fa7/0x21c0 [ 635.767653][T19266] jbd2__journal_start+0x2c1/0x5b0 [ 635.773285][T19266] jbd2_journal_start+0x2a/0x40 [ 635.778656][T19266] ocfs2_start_trans+0x376/0x6d0 [ 635.784108][T19266] ocfs2_shutdown_local_alloc+0x200/0xa10 [ 635.790347][T19266] ocfs2_dismount_volume+0x201/0x8d0 [ 635.796155][T19266] generic_shutdown_super+0x135/0x2c0 [ 635.802064][T19266] kill_block_super+0x44/0x90 [ 635.807260][T19266] deactivate_locked_super+0xbc/0x130 [ 635.813149][T19266] cleanup_mnt+0x425/0x4c0 [ 635.818080][T19266] task_work_run+0x1d4/0x260 [ 635.823214][T19266] exit_to_user_mode_loop+0xe9/0x130 [ 635.829029][T19266] do_syscall_64+0x2bd/0xfa0 [ 635.834145][T19266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.840549][T19266] [ 635.840549][T19266] -> #1 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 635.849067][T19266] lock_acquire+0x120/0x360 [ 635.854080][T19266] down_read+0x46/0x2e0 [ 635.858760][T19266] ocfs2_start_trans+0x36a/0x6d0 [ 635.864211][T19266] ocfs2_shutdown_local_alloc+0x200/0xa10 [ 635.870469][T19266] ocfs2_dismount_volume+0x201/0x8d0 [ 635.876295][T19266] generic_shutdown_super+0x135/0x2c0 [ 635.882189][T19266] kill_block_super+0x44/0x90 [ 635.887389][T19266] deactivate_locked_super+0xbc/0x130 [ 635.893278][T19266] cleanup_mnt+0x425/0x4c0 [ 635.898207][T19266] task_work_run+0x1d4/0x260 [ 635.903317][T19266] exit_to_user_mode_loop+0xe9/0x130 [ 635.909107][T19266] do_syscall_64+0x2bd/0xfa0 [ 635.914213][T19266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.920613][T19266] [ 635.920613][T19266] -> #0 (sb_internal#2){.+.+}-{0:0}: [ 635.928101][T19266] validate_chain+0xb9b/0x2140 [ 635.933378][T19266] __lock_acquire+0xab9/0xd20 [ 635.938561][T19266] lock_acquire+0x120/0x360 [ 635.943577][T19266] ocfs2_start_trans+0x26b/0x6d0 [ 635.949030][T19266] ocfs2_acquire_dquot+0x455/0xb30 [ 635.954658][T19266] dqget+0x7b1/0xf10 [ 635.959065][T19266] dquot_set_dqblk+0x2b/0xfa0 [ 635.964262][T19266] quota_setquota+0x4b7/0x540 [ 635.969446][T19266] __se_sys_quotactl+0x279/0x950 [ 635.974907][T19266] do_syscall_64+0xfa/0xfa0 [ 635.979929][T19266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.986333][T19266] [ 635.986333][T19266] other info that might help us debug this: [ 635.986333][T19266] [ 635.996541][T19266] Chain exists of: [ 635.996541][T19266] sb_internal#2 --> &ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE] --> &ocfs2_quota_ip_alloc_sem_key [ 635.996541][T19266] [ 636.013588][T19266] Possible unsafe locking scenario: [ 636.013588][T19266] [ 636.021020][T19266] CPU0 CPU1 [ 636.026365][T19266] ---- ---- [ 636.031711][T19266] lock(&ocfs2_quota_ip_alloc_sem_key); [ 636.037349][T19266] lock(&ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE]); [ 636.047233][T19266] lock(&ocfs2_quota_ip_alloc_sem_key); [ 636.055375][T19266] rlock(sb_internal#2); [ 636.059704][T19266] [ 636.059704][T19266] *** DEADLOCK *** [ 636.059704][T19266] [ 636.067829][T19266] 4 locks held by syz.2.5868/19266: [ 636.073007][T19266] #0: ffff8880269860e0 (&type->s_umount_key#72){++++}-{4:4}, at: super_lock+0x2a9/0x3b0 [ 636.082872][T19266] #1: ffff8880252800a8 (&dquot->dq_lock){+.+.}-{4:4}, at: ocfs2_acquire_dquot+0x2a3/0xb30 [ 636.092908][T19266] #2: ffff88806b3fdf40 (&ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_lock_global_qf+0x1ca/0x270 [ 636.105969][T19266] #3: ffff88806b3fdbe0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_lock_global_qf+0x1e8/0x270 [ 636.117301][T19266] [ 636.117301][T19266] stack backtrace: [ 636.123174][T19266] CPU: 1 UID: 0 PID: 19266 Comm: syz.2.5868 Not tainted syzkaller #0 PREEMPT(full) [ 636.123201][T19266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 636.123216][T19266] Call Trace: [ 636.123227][T19266] [ 636.123238][T19266] dump_stack_lvl+0x189/0x250 [ 636.123275][T19266] ? __pfx_dump_stack_lvl+0x10/0x10 [ 636.123307][T19266] ? __pfx__printk+0x10/0x10 [ 636.123332][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.123360][T19266] ? print_lock_name+0xde/0x100 [ 636.123383][T19266] print_circular_bug+0x2ee/0x310 [ 636.123416][T19266] check_noncircular+0x134/0x160 [ 636.123448][T19266] validate_chain+0xb9b/0x2140 [ 636.123486][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.123516][T19266] __lock_acquire+0xab9/0xd20 [ 636.123542][T19266] ? ocfs2_acquire_dquot+0x455/0xb30 [ 636.123570][T19266] lock_acquire+0x120/0x360 [ 636.123590][T19266] ? ocfs2_acquire_dquot+0x455/0xb30 [ 636.123620][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.123648][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.123675][T19266] ? do_raw_spin_unlock+0x122/0x240 [ 636.123709][T19266] ocfs2_start_trans+0x26b/0x6d0 [ 636.123737][T19266] ? ocfs2_acquire_dquot+0x455/0xb30 [ 636.123768][T19266] ? __pfx_ocfs2_start_trans+0x10/0x10 [ 636.123795][T19266] ? do_raw_spin_unlock+0x122/0x240 [ 636.123828][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.123855][T19266] ? _raw_spin_unlock+0x28/0x50 [ 636.123881][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.123913][T19266] ? ocfs2_qinfo_unlock+0x121/0x150 [ 636.123942][T19266] ocfs2_acquire_dquot+0x455/0xb30 [ 636.123974][T19266] ? from_kgid+0x1b0/0x650 [ 636.123997][T19266] ? __pfx_ocfs2_acquire_dquot+0x10/0x10 [ 636.124025][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.124054][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.124080][T19266] ? percpu_counter_add_batch+0xea/0x1e0 [ 636.124118][T19266] dqget+0x7b1/0xf10 [ 636.124150][T19266] dquot_set_dqblk+0x2b/0xfa0 [ 636.124184][T19266] quota_setquota+0x4b7/0x540 [ 636.124207][T19266] ? __pfx_quota_setquota+0x10/0x10 [ 636.124226][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.124261][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.124293][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.124320][T19266] ? do_quotactl+0x734/0x860 [ 636.124360][T19266] __se_sys_quotactl+0x279/0x950 [ 636.124396][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.124422][T19266] ? __se_sys_futex+0x36f/0x400 [ 636.124461][T19266] ? __pfx___se_sys_quotactl+0x10/0x10 [ 636.124496][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.124527][T19266] ? do_syscall_64+0xbe/0xfa0 [ 636.124557][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.124586][T19266] do_syscall_64+0xfa/0xfa0 [ 636.124616][T19266] ? lockdep_hardirqs_on+0x9c/0x150 [ 636.124646][T19266] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.124668][T19266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 636.124694][T19266] ? exc_page_fault+0xab/0x100 [ 636.124724][T19266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.124747][T19266] RIP: 0033:0x7f751a58efc9 [ 636.124767][T19266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 636.124787][T19266] RSP: 002b:00007f751b49e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3 [ 636.124810][T19266] RAX: ffffffffffffffda RBX: 00007f751a7e5fa0 RCX: 00007f751a58efc9 [ 636.124828][T19266] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffff80000801 [ 636.124844][T19266] RBP: 00007f751a611f91 R08: 0000000000000000 R09: 0000000000000000 [ 636.124860][T19266] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 636.124875][T19266] R13: 00007f751a7e6038 R14: 00007f751a7e5fa0 R15: 00007fff877a5fb8 [ 636.124906][T19266] [ 636.605822][ T6112] ocfs2: Unmounting device (7,1) on (node local) [ 636.634243][ T6118] ocfs2: Unmounting device (7,2) on (node local) [ 636.797438][T19311] loop5: detected capacity change from 0 to 32768 [ 636.813917][T19311] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.5888 (19311) [ 636.884158][T19311] BTRFS info (device loop5): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 636.894559][T19311] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 636.943379][T19311] BTRFS info (device loop5): enabling ssd optimizations [ 636.951161][T19311] BTRFS info (device loop5): turning on async discard [ 636.958043][T19311] BTRFS info (device loop5): enabling free space tree [ 636.977545][T19311] BTRFS error (device loop5): balance: invalid convert metadata profile raid0 [ 637.006259][ T6122] BTRFS info (device loop5): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2