last executing test programs: 2.351732934s ago: executing program 1 (id=23143): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x4a38, 0x101102) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0x0, 0x0, 0xffb8}) 2.182430682s ago: executing program 1 (id=23147): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x8943, &(0x7f0000000080)={'dummy0\x00', @ifru_ivalue}) 1.995918391s ago: executing program 1 (id=23151): r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x80400) ioctl$CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000040)) 1.787890442s ago: executing program 1 (id=23156): r0 = socket$inet(0x2, 0x4000000805, 0x0) sendmmsg(r0, &(0x7f00000001c0)=[{{&(0x7f0000000280)=@l2tp={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[{0x10, 0x84, 0x5}], 0x10}}], 0x2, 0x0) 1.651009489s ago: executing program 3 (id=23160): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newtaction={0x14, 0x1e, 0x109, 0xfe, 0x25dfdbff}, 0x14}, 0x1, 0x2b1e, 0x0, 0x10}, 0x24040010) 1.635644029s ago: executing program 1 (id=23161): syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=") quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)={0x8, 0x3}) 1.463875238s ago: executing program 3 (id=23165): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b00)=@delsa={0x34, 0x11, 0x1, 0x70bd2a, 0x25dfdbfe, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x14d6, 0x2, 0x32}, [@mark={0xc, 0x15, {0x35075d, 0x2}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4800}, 0x4) 1.436155459s ago: executing program 0 (id=23166): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', 0x414, &(0x7f0000000340)=ANY=[], 0x1, 0x67d, &(0x7f0000000780)="$eJzs3c1vXFfdB/DvnUzsTNonddOkzYMq1WokQFgkfpELZkNACHlRQVUWrK3EaayM02K7lVsh6vC67aJ/QFl4g1ghsY9UWLCBXXfI7CohsekGsxo013fG4/FLxm3jccrnE905595zz7m/87tz77xY0QT4nzU/kfqDFJmfeHm9vb61OdPc2pxZ7tSTjCbZSOpJakmKf7darQ+TG0nRHaboK/d5f2nu1Y8+2fp4Z61eLeX+taP69an22+jbvNHZNp7kTFV+BnvGu/mZxyu6kd9IcrUqYejOJmnt8ZO/PNlt6dE4qPe5E4kReLSKndfNVK/HXWPJ+epCb78P6Lzy1k4+wsGMDrhf/zsIAAAAeNwM8hn4qe1sZ724cALhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBfCxu7v/xfVUuvUx1N0fv9/pNqWqn66vHC83R88qjgAAAAAAAAA4ET8o3x8YTvbWc+FztZWUf7N/8Vy5VL5+ETezGoWs5JrWc9C1rKWlUwlGesZbmR9YW1tZWqAntMH9px+SLijVdn4POYOAAAAAAAAAF84P8/87t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNCiSMztFivs9m8dSqyc5l2SkvWEj+Vun/jh7MOwAAAAA4AQ8tZ3trOdCZ71V5FKSZ8vvAM7lzdzLWpaylmYWc6v8XmDnU39ta3OmubU5s7z1w4PG/c6/jhVGOWJ2vns4+MhXyj0auf1Wp8/NvJ5mbqVW9my7UsazOdPZY3nvQe63Yyq+XRkwsltV2Z75e1W5z7vHmuxhjvllyliZkbO5naUyR5NVbO1sPF1lorvs7XrMs9N/pKnUusFe6jtS3yQ+Vc7PV2V7Pr8+LOdD0Z+J6Z5n37NH5zz5yh9//+PJqn56pjSYM1XZKh8b+zMx05OJ5wbJxJ3mvbt3bq9OPG6Z2GeyzMTl7vp8vp8fZSLjeSUrWcpbWchaFjOe75W1herkFz2X/CGZurFn7ZWHRTJSPUN3TtbxYnqx7HshS/lBXs+tLOal8t90pvKNzGY2cz1n+PLRZ7i86muHXPWt/zsw+KtfrSqNJL+pygMd2vCotPP6dE9ee++5Y2Vb75bdLF0cIEvHvDfWv1RV2sf4RVWeDv2ZmOrJxDNHZ+K35W1ltXnv7sqdhTcGO9zF93qO+6tTdUttP18utk9Wubb32dFue6a75958tdsudfvV9rVd7raVV2pRP/RKHanew+0fabpse+7Atpmy7UpPW6Pbdq37fguAU+/8186PNP7Z+Gvjg8YvG3caL5/77ug3R58fydk/nf1WffLMl2vPF3/IB/nZ7ud/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg01t9+527C83m4kpfpdVqvXtI00lX6g8JdV8l439/ot2hs6WVblPn58xOcBb//2Qy9BwOvfKfVqtVbSkO2ed3fz41iWpVTkXqhlQZ3j0JOBnX15bfuL769jtfX1peeG3xtcV7c7Ozc5Nzsy/NXL+91Fyc3HkcdpTAo7D7oj/sSAAAAAAAAAAAAIBBncR/Jxj2HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDH2/xE6g9SZGry2mR7fWtzptleOvXdPetJakmKnybFh8mN7CwZ6xmuOOw47y/NvfrRJ1sf745V7+xfO6rfYDaqJeNJzuyU9z+v8W5W5ZGKo6ZQdGfYTtjVTuJg2P4bAAD//8o1Bh8=") creat(&(0x7f0000000280)='./file0\x00', 0x155adae9f4f0a7c9) 1.41858551s ago: executing program 3 (id=23167): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000080)={0xc000003, 0x3, &(0x7f0000000580)=[0x138d, 0x8004, 0x1, 0x4, 0x9, 0x1ed, 0x2, 0x2, 0xbb, 0xc58f, 0x2060, 0xfed, 0xfffffffa, 0x1ac, 0xfffffff8], 0x0, 0x2}) 1.245208708s ago: executing program 3 (id=23169): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000080000000000000064ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r0, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20, &(0x7f0000001440)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe77, 0x0, 0x8, 0xfffffffffffffffb, 0xfffffffffffffffd}}, 0x10) 1.225240879s ago: executing program 0 (id=23170): r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000400)={0xf0f02b, 0x1}) 1.103848485s ago: executing program 3 (id=23172): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0xfffe, @dev={0xac, 0x14, 0x14, 0x20}}, {0x2, 0x4e23, @rand_addr=0x64010102}, 0x107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000}) 987.922151ms ago: executing program 0 (id=23174): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000c00)='oom_adj\x00') readv(r0, &(0x7f0000000300)=[{&(0x7f00000005c0)=""/59, 0x3b}], 0x1) 930.169864ms ago: executing program 3 (id=23175): syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=") mknod$loop(&(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, 0x1) 928.609184ms ago: executing program 2 (id=23176): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0xd, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0xa0}}, {}, [@printk={@u, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {0x7, 0x0, 0x3, 0x0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x16}}], {{0x6, 0x1, 0xb, 0x0}, {0x5}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000140)='syzkaller\x00', 0xa, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sock_ops=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 890.460106ms ago: executing program 0 (id=23177): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x17) 723.920254ms ago: executing program 2 (id=23178): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x10, 0x30, 0x1000, 0x0, 0x8, 0x0, {0x0, 0x9}, {0x9, 0x2, 0xfffffdfd}, {0xf4ef, 0x2}, {0x3, 0x4}, 0x1, 0x100, 0x0, 0xc3, 0x0, 0x0, 0x0, 0x16e3, 0x4, 0xeb7, 0x0, 0x0, 0x0, 0x100, 0x0, 0x4}) 698.791815ms ago: executing program 0 (id=23179): capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000010000000000000000000000180100002020692400000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000069bf0000850000007200000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 520.857404ms ago: executing program 1 (id=23180): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched_retired(r0, &(0x7f000000b0c0)={0x0, 0x0, &(0x7f000000b080)={&(0x7f00000002c0)=@newtaction={0x78, 0x30, 0x1, 0x70bd27, 0x25dfdc01, {}, [{0x64, 0x1, [@m_ipt={0x60, 0x1, 0x0, 0x0, {{0x8}, {0x38, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0x2a, 0x6, {0x26, 'security\x00', 0x0, 0x9}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) 440.026748ms ago: executing program 0 (id=23181): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x40940, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b1000905", @ANYRES64=r0], 0x0) 439.833248ms ago: executing program 2 (id=23182): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x80002, 0x0) write$vga_arbiter(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='lock '], 0xa) 303.251295ms ago: executing program 2 (id=23183): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_setup(0x1d1f, &(0x7f0000000100)={0x0, 0x895a, 0x22, 0x0, 0x80ba}, 0x0, 0x0) 174.255261ms ago: executing program 2 (id=23184): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000002840)={0xff}, 0x0, 0x0) 0s ago: executing program 2 (id=23185): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000800000000a20000000000a01020000000000000000010000000900010073797a300000000040000000020a01000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800014000000000080002400000000064000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003"], 0xec}, 0x1, 0x0, 0x0, 0x20040841}, 0x0) kernel console output (not intermixed with test programs): yscall=202 compat=0 ip=0x7f8be219c799 code=0x7ffc0000 [ 1762.904309][ T6002] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1762.912963][ T6002] r8152-cfgselector 2-1: USB disconnect, device number 101 [ 1762.953340][ T9] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 1762.968249][T18050] usb 1-1: config 0 descriptor?? [ 1763.187315][T18050] usb 1-1: can't set config #0, error -71 [ 1763.192440][ T9] usb 1-1: USB disconnect, device number 110 [ 1763.215545][T20443] loop3: detected capacity change from 0 to 256 [ 1763.224567][T20443] exfat: Deprecated parameter 'namecase' [ 1763.239016][T20443] exfat: Deprecated parameter 'utf8' [ 1763.261321][T20443] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe5fd08b, utbl_chksum : 0xe619d30d) [ 1763.301266][T20443] fuse: Bad value for 'fd' [ 1763.558830][T20458] netlink: 'syz.2.21490': attribute type 3 has an invalid length. [ 1763.570122][T20458] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.21490'. [ 1763.660173][T20463] xt_l2tp: missing protocol rule (udp|l2tpip) [ 1764.531668][T20503] ip6gre3: entered promiscuous mode [ 1764.655048][T20511] loop3: detected capacity change from 0 to 136 [ 1764.689679][T20515] SET target dimension over the limit! [ 1764.712963][T20511] Symlink component flag not implemented [ 1764.742029][T20513] loop0: detected capacity change from 0 to 1024 [ 1764.812423][T20513] hfsplus: invalid length 32517 has been corrected to 255 [ 1764.952380][ T42] hfsplus: b-tree write err: -5, ino 4 [ 1764.960299][ T42] hfsplus: b-tree write err: -5, ino 2 [ 1765.048779][T20525] loop3: detected capacity change from 0 to 1024 [ 1765.579222][T20547] xt_connbytes: Forcing CT accounting to be enabled [ 1765.837499][T20529] loop0: detected capacity change from 0 to 40427 [ 1765.878382][T20529] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1765.902593][T20529] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1765.929672][T20529] F2FS-fs (loop0): invalid crc value [ 1765.967587][T20529] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1766.047804][T20569] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21541'. [ 1766.077539][T20569] netlink: 20 bytes leftover after parsing attributes in process `syz.2.21541'. [ 1766.101535][T20571] netlink: 'syz.3.21543': attribute type 28 has an invalid length. [ 1766.127846][T20529] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1766.131786][T20571] netlink: 'syz.3.21543': attribute type 29 has an invalid length. [ 1766.136015][T20529] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1766.164930][T20571] netlink: 132 bytes leftover after parsing attributes in process `syz.3.21543'. [ 1767.153540][T20615] ieee802154 phy1 wpan1: encryption failed: -90 [ 1767.325450][T20619] loop1: detected capacity change from 0 to 4096 [ 1767.357495][T20619] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1767.417754][T20626] ALSA: mixer_oss: invalid OSS volume '' [ 1767.450624][T20619] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 1767.548966][T20619] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1767.669596][ T6079] ntfs3: loop1: ino=1a, ntfs_sync_fs failed, -22. [ 1767.690475][T20636] libceph: resolve '400' (ret=-3): failed [ 1767.772139][T20640] netlink: 'syz.1.21577': attribute type 21 has an invalid length. [ 1767.806033][T20640] netlink: 'syz.1.21577': attribute type 15 has an invalid length. [ 1767.837608][T20640] netlink: 156 bytes leftover after parsing attributes in process `syz.1.21577'. [ 1767.846784][T20640] IPv6: NLM_F_CREATE should be specified when creating new route [ 1767.876882][T20640] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1767.884254][T20640] IPv6: NLM_F_CREATE should be set when creating new route [ 1767.891610][T20640] IPv6: NLM_F_CREATE should be set when creating new route [ 1767.898860][T20640] IPv6: NLM_F_CREATE should be set when creating new route [ 1768.476364][T20668] netlink: 209820 bytes leftover after parsing attributes in process `syz.3.21592'. [ 1768.515817][T20670] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1768.676470][T20676] loop0: detected capacity change from 0 to 1024 [ 1768.730491][T20676] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1768.767441][T20676] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1768.841106][T20676] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1768.887802][T20687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21600'. [ 1768.953663][ T6078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1769.292706][T20703] netlink: 'syz.0.21607': attribute type 64 has an invalid length. [ 1769.313045][T20703] netlink: 9 bytes leftover after parsing attributes in process `syz.0.21607'. [ 1769.564823][T20712] loop3: detected capacity change from 0 to 4096 [ 1769.671055][T20712] ntfs: volume version 3.1. [ 1770.038531][T20730] netlink: 'syz.0.21622': attribute type 4 has an invalid length. [ 1770.063162][T20730] netlink: 132 bytes leftover after parsing attributes in process `syz.0.21622'. [ 1770.237363][T20738] x_tables: unsorted underflow at hook 1 [ 1771.100531][T20741] loop3: detected capacity change from 0 to 40427 [ 1771.137955][T20741] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff [ 1771.162469][T20741] F2FS-fs (loop3): Image doesn't support compression [ 1771.169258][T20741] F2FS-fs (loop3): Image doesn't support compression [ 1771.200923][T20741] F2FS-fs (loop3): invalid crc value [ 1771.237962][T20741] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1771.408480][T20741] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1771.772066][T20778] cgroup: none used incorrectly [ 1771.853065][T20760] loop0: detected capacity change from 0 to 32768 [ 1771.886402][T20760] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.21636 (20760) [ 1771.928404][T20760] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1771.954280][T20760] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 1771.967684][T20760] BTRFS info (device loop0): force zlib compression, level 3 [ 1771.996374][T20760] BTRFS info (device loop0): force clearing of disk cache [ 1772.003554][T20760] BTRFS info (device loop0): setting nodatasum [ 1772.026430][T20760] BTRFS info (device loop0): allowing degraded mounts [ 1772.050408][T20760] BTRFS info (device loop0): enabling disk space caching [ 1772.072678][T20760] BTRFS info (device loop0): disk space caching is enabled [ 1772.108677][T20791] netlink: 'syz.1.21648': attribute type 8 has an invalid length. [ 1772.221801][T20760] BTRFS info (device loop0): auto enabling async discard [ 1772.246005][T20760] BTRFS info (device loop0): rebuilding free space tree [ 1772.349763][T20760] BTRFS info (device loop0): disabling free space tree [ 1772.354619][T20812] loop1: detected capacity change from 0 to 8 [ 1772.356751][T20760] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1772.364292][T20812] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 1772.427073][T20760] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1772.440608][ T7022] udevd[7022]: incorrect cramfs checksum on /dev/loop1 [ 1772.466027][T20812] cramfs: Error -5 while decompressing! [ 1772.495607][T20816] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21654'. [ 1772.505576][T20812] cramfs: ffffffff973f6368(26)->ffff88804b595000(4096) [ 1772.517265][ T7022] udevd[7022]: incorrect cramfs checksum on /dev/loop1 [ 1772.524393][T20816] netlink: 16 bytes leftover after parsing attributes in process `syz.2.21654'. [ 1772.538092][T20812] cramfs: Error -3 while decompressing! [ 1772.548913][T20812] cramfs: ffffffff973f6382(26)->ffff888073fed000(4096) [ 1772.581441][T20812] cramfs: Error -3 while decompressing! [ 1772.588472][ T7022] udevd[7022]: incorrect cramfs checksum on /dev/loop1 [ 1772.603794][T20812] cramfs: ffffffff973f639c(16)->ffff88806977b000(4096) [ 1772.622700][T20812] cramfs: Error -5 while decompressing! [ 1772.644565][T20812] cramfs: ffffffff973f6368(26)->ffff88804b595000(4096) [ 1772.672585][ T6078] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1772.680928][ T27] audit: type=1800 audit(2000000170.776:587): pid=20812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.21653" name="file2" dev="loop1" ino=348 res=0 errno=0 [ 1773.775944][T20831] loop3: detected capacity change from 0 to 32768 [ 1773.969560][T20863] overlayfs: missing 'lowerdir' [ 1774.084429][T20859] loop0: detected capacity change from 0 to 4096 [ 1774.152938][T20859] ntfs: volume version 3.1. [ 1775.027928][T20910] ieee802154 phy1 wpan1: encryption failed: -22 [ 1775.103168][T20912] netlink: 'syz.3.21701': attribute type 1 has an invalid length. [ 1775.117952][ T8] usb 1-1: new high-speed USB device number 111 using dummy_hcd [ 1775.203810][ T5097] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 1775.321194][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 1775.336268][ T8] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1775.347272][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1775.356261][ T8] usb 1-1: Product: syz [ 1775.360445][ T8] usb 1-1: Manufacturer: syz [ 1775.365406][ T8] usb 1-1: SerialNumber: syz [ 1775.371621][ T8] usb 1-1: config 0 descriptor?? [ 1775.379709][ T8] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1775.396016][ T5097] usb 3-1: Using ep0 maxpacket: 32 [ 1775.403198][ T5097] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1775.414192][ T5097] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1775.425804][ T5097] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 1775.434951][ T5097] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1775.443144][ T5097] usb 3-1: Product: syz [ 1775.447344][ T5097] usb 3-1: Manufacturer: syz [ 1775.452009][ T5097] usb 3-1: SerialNumber: syz [ 1775.458744][ T5097] usb 3-1: config 0 descriptor?? [ 1775.567050][ T23] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 1775.631200][T20317] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1775.697387][ T5097] usb 3-1: USB disconnect, device number 91 [ 1775.770021][ T23] usb 4-1: Using ep0 maxpacket: 8 [ 1775.777035][ T23] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 1775.785580][ T23] usb 4-1: config 179 has no interface number 0 [ 1775.792148][ T23] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1775.803761][ T23] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1775.815252][ T23] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1775.827434][ T8] gspca_sonixj: reg_r err -71 [ 1775.832778][ T23] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1775.833981][ T8] sonixj: probe of 1-1:0.0 failed with error -71 [ 1775.843099][T20317] usb 2-1: Using ep0 maxpacket: 32 [ 1775.844161][ T23] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1775.862490][ T8] usb 1-1: USB disconnect, device number 111 [ 1775.877295][T20317] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1775.888886][T20317] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1775.898304][T20317] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1775.911340][ T23] usb 4-1: config 179 interface 65 has no altsetting 0 [ 1775.918203][ T23] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1775.927529][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1775.937606][T20317] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1775.947576][T20317] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1775.956870][T20317] usb 2-1: Product: syz [ 1775.962419][T20317] usb 2-1: Manufacturer: syz [ 1775.967075][T20317] usb 2-1: SerialNumber: syz [ 1775.981260][ T23] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input117 [ 1775.999196][T20317] cdc_ncm 2-1:1.0: skipping garbage [ 1776.004504][T20317] cdc_ncm 2-1:1.0: skipping garbage [ 1776.013912][T20317] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 1776.027283][T20317] cdc_ncm 2-1:1.0: bind() failure [ 1776.237101][ T9] usb 4-1: USB disconnect, device number 106 [ 1776.237235][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1776.251495][ T9] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1776.267866][T20317] usb 2-1: USB disconnect, device number 102 [ 1776.695873][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1777.095669][ T9] usb 1-1: new full-speed USB device number 112 using dummy_hcd [ 1777.315058][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 1777.338284][ T9] usb 1-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 1777.358706][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1777.390811][ T9] usb 1-1: Product: syz [ 1777.403620][ T9] usb 1-1: Manufacturer: syz [ 1777.409621][ T9] usb 1-1: SerialNumber: syz [ 1777.418273][ T9] usb 1-1: config 0 descriptor?? [ 1777.442375][ T9] usbtouchscreen: probe of 1-1:0.0 failed with error -12 [ 1777.484142][T20980] loop1: detected capacity change from 0 to 4096 [ 1777.537598][T20980] ntfs: (device loop1): ntfs_is_extended_system_file(): Inode hard link count doesn't match number of name attributes. You should run chkdsk. [ 1777.568187][T20980] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 1777.580382][T20980] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1777.610146][T20980] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1777.650607][ T9] usb 1-1: USB disconnect, device number 112 [ 1777.658392][T20980] ntfs: volume version 3.1. [ 1777.665712][T20980] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Invalid LCN < -1 in mapping pairs array. [ 1777.685006][T20980] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x5, attribute type 0xa0, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 1777.724359][T20980] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Invalid LCN < -1 in mapping pairs array. [ 1777.760325][T20980] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x5, attribute type 0xa0, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 1777.780258][ C1] vkms_vblank_simulate: vblank timer overrun [ 1777.802088][T20980] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Failed to map directory index page, error 5. [ 1778.159850][T21008] loop3: detected capacity change from 0 to 2048 [ 1778.181605][T21008] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1778.206839][T21008] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1778.881236][T21040] loop3: detected capacity change from 0 to 8192 [ 1778.905840][T21040] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1778.924159][ T9] usb 1-1: new low-speed USB device number 113 using dummy_hcd [ 1778.931925][T21040] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 1778.980153][T21040] REISERFS (device loop3): using ordered data mode [ 1778.985586][T21045] netlink: 136 bytes leftover after parsing attributes in process `syz.2.21767'. [ 1779.011819][T21040] reiserfs: using flush barriers [ 1779.019295][T21045] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 1779.045823][T21040] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1779.102296][T21040] REISERFS (device loop3): checking transaction log (loop3) [ 1779.154724][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1779.195369][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1779.229111][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 4 [ 1779.257415][ T9] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1779.272214][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1779.293586][ T9] hub 1-1:1.0: bad descriptor, ignoring hub [ 1779.312884][ T9] hub: probe of 1-1:1.0 failed with error -5 [ 1779.324357][T21040] REISERFS (device loop3): Using tea hash to sort names [ 1779.342123][T21040] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 1779.344785][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 1779.371959][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 1779.383032][ T9] cdc_wdm: probe of 1-1:1.0 failed with error -22 [ 1779.385243][T21040] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 1779.747233][ T8] usb 1-1: USB disconnect, device number 113 [ 1780.119880][T21085] loop3: detected capacity change from 0 to 1024 [ 1780.184376][T21085] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 1780.487038][T21103] CIFS mount error: No usable UNC path provided in device string! [ 1780.487038][T21103] [ 1780.530554][T21103] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1780.571895][T21106] loop3: detected capacity change from 0 to 4096 [ 1780.586287][T21106] __ntfs_warning: 8 callbacks suppressed [ 1780.586301][T21106] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1780.612592][ C1] vkms_vblank_simulate: vblank timer overrun [ 1780.691455][T21106] ntfs: volume version 3.1. [ 1781.023315][T21116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21802'. [ 1781.297064][T21104] loop1: detected capacity change from 0 to 40427 [ 1781.331477][T21104] F2FS-fs (loop1): invalid crc value [ 1781.349647][T21104] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1781.512831][T21104] F2FS-fs (loop1): Start checkpoint disabled! [ 1781.556893][T21104] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 1781.906689][T21046] usb 1-1: new high-speed USB device number 114 using dummy_hcd [ 1782.034117][T21145] netlink: 209820 bytes leftover after parsing attributes in process `syz.3.21816'. [ 1782.126143][T21046] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1782.142311][ T9] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 1782.143269][T21046] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1782.167868][T21046] usb 1-1: Product: syz [ 1782.172230][T21046] usb 1-1: Manufacturer: syz [ 1782.180120][T21046] usb 1-1: SerialNumber: syz [ 1782.197768][T21046] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1782.232416][T18200] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1782.365894][T21155] delete_channel: no stack [ 1782.381494][ T9] usb 3-1: config 0 has an invalid interface number: 117 but max is 0 [ 1782.391487][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1782.416156][ T9] usb 3-1: config 0 has no interface number 0 [ 1782.430232][ T9] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1782.454249][ T9] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1782.491658][ T9] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1782.547813][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1782.549525][T21159] syz.1.21823: attempt to access beyond end of device [ 1782.549525][T21159] nbd0: rw=2048, sector=18446744073709551608, nr_sectors = 8 limit=0 [ 1782.555858][ T9] usb 3-1: Product: syz [ 1782.555878][ T9] usb 3-1: Manufacturer: syz [ 1782.555892][ T9] usb 3-1: SerialNumber: syz [ 1782.571206][ T9] usb 3-1: config 0 descriptor?? [ 1782.667444][T21161] loop3: detected capacity change from 0 to 2048 [ 1782.715294][T21161] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 1782.778755][T21161] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1782.874353][ T6002] usb 1-1: USB disconnect, device number 114 [ 1783.035912][T21167] netlink: 40 bytes leftover after parsing attributes in process `syz.3.21826'. [ 1783.181188][ T8] usb 3-1: USB disconnect, device number 92 [ 1783.362323][T18200] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 1783.369414][T18200] ath9k_htc: Failed to initialize the device [ 1783.397273][ T6002] usb 1-1: ath9k_htc: USB layer deinitialized [ 1783.508299][T21183] netlink: 'syz.1.21833': attribute type 10 has an invalid length. [ 1783.544386][T21183] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1783.685892][T21191] netlink: 'syz.3.21837': attribute type 2 has an invalid length. [ 1784.169071][T21216] ALSA: mixer_oss: invalid OSS volume ';ʸgԊ8\>Pxi9 h~)V' [ 1784.269155][T21216] ALSA: mixer_oss: invalid OSS volume '*bbX-]OF{T0pc' [ 1784.279753][T21216] ALSA: mixer_oss: invalid OSS volume 'gI"4-Z' [ 1784.287175][T21216] ALSA: mixer_oss: invalid OSS volume 'eQCȡ*qpAڜe T|K' [ 1784.323914][T21216] ALSA: mixer_oss: invalid OSS volume ':az]qeXfb]݆B.' [ 1784.332334][T21216] ALSA: mixer_oss: invalid OSS volume 'j|q⩃˚[w3^.ג' [ 1784.355042][T21216] ALSA: mixer_oss: invalid OSS volume '"P޸ۜo[8>7|YMepq' [ 1784.363435][T21216] ALSA: mixer_oss: invalid OSS volume 'wI׷#t\W,bP=&e' [ 1784.386627][T21216] ALSA: mixer_oss: invalid OSS volume ']za-!)ϻvCYps' [ 1784.424644][T21216] ALSA: mixer_oss: invalid OSS volume 'LE]Dxt݂OY3fk$T "' [ 1784.442091][T21216] ALSA: mixer_oss: invalid OSS volume '[' [ 1784.448131][T21216] ALSA: mixer_oss: invalid OSS volume '3A14IN+|\' [ 1784.466362][T21228] loop1: detected capacity change from 0 to 256 [ 1784.472705][T21216] ALSA: mixer_oss: invalid OSS volume '$S|hnBk矉?qC$F [ 1827.254320][T21046] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1827.263106][T18200] hdpvr 2-1:0.0: untested firmware, the driver might not work. [ 1827.271378][T21046] usb 1-1: Product: syz [ 1827.275570][T21046] usb 1-1: Manufacturer: syz [ 1827.280472][T21046] usb 1-1: SerialNumber: syz [ 1827.299794][T21046] usb 1-1: config 0 descriptor?? [ 1827.437721][ T9] usb 4-1: USB disconnect, device number 112 [ 1827.451468][T18200] hdpvr 2-1:0.0: device init failed [ 1827.463807][T18200] hdpvr: probe of 2-1:0.0 failed with error -12 [ 1827.475074][T18200] usb 2-1: USB disconnect, device number 107 [ 1827.530087][T21046] speedtch 1-1:0.0: speedtch_bind: data interface not found! [ 1827.538909][T21046] speedtch 1-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1827.773968][T18200] usb 1-1: USB disconnect, device number 121 [ 1828.129956][T22916] cgroup: subsys name conflicts with all [ 1828.132375][T22915] loop1: detected capacity change from 0 to 1024 [ 1828.159794][T22915] EXT4-fs: inline encryption not supported [ 1828.184164][T22915] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1828.236805][T22915] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 2: comm syz.1.22609: lblock 2 mapped to illegal pblock 2 (length 1) [ 1828.267378][T22915] EXT4-fs (loop1): Remounting filesystem read-only [ 1828.274287][T22915] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 1828.283008][T22915] EXT4-fs (loop1): 1 orphan inode deleted [ 1828.290224][T22915] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1828.554164][ T6079] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1829.028859][T22948] loop3: detected capacity change from 0 to 512 [ 1829.127247][ T6125] usb 1-1: new high-speed USB device number 122 using dummy_hcd [ 1829.335754][ T6125] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 1829.356900][ T6125] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1829.374648][ T6125] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1829.391199][ T6125] usb 1-1: config 220 has no interface number 2 [ 1829.401591][ T6125] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1829.417878][ T6125] usb 1-1: config 220 interface 0 has no altsetting 0 [ 1829.424738][ T6125] usb 1-1: config 220 interface 76 has no altsetting 0 [ 1829.441679][ T6125] usb 1-1: config 220 interface 1 has no altsetting 0 [ 1829.458798][ T6125] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1829.478887][ T6125] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1829.492581][ T6125] usb 1-1: Product: syz [ 1829.496841][ T6125] usb 1-1: Manufacturer: syz [ 1829.512553][ T6125] usb 1-1: SerialNumber: syz [ 1829.773873][ T6125] usb 1-1: selecting invalid altsetting 0 [ 1829.816547][ T6125] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 1829.828776][ T6125] usb 1-1: No valid video chain found. [ 1829.832215][T22981] loop1: detected capacity change from 0 to 2048 [ 1829.846215][ T6125] usb 1-1: selecting invalid altsetting 0 [ 1829.852427][ T6125] usbtest: probe of 1-1:220.1 failed with error -22 [ 1829.884680][ T6125] usb 1-1: USB disconnect, device number 122 [ 1829.897195][T22984] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1829.966906][T22981] NILFS error (device loop1): nilfs_check_page: bad entry in directory #2: disallowed inode number - offset=0, inode=7, rec_len=16, name_len=1 [ 1830.036339][T22981] Remounting filesystem read-only [ 1830.124784][T22992] netlink: 6 bytes leftover after parsing attributes in process `syz.2.22646'. [ 1830.148875][T22992] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1830.315778][T23000] netlink: 'syz.1.22649': attribute type 21 has an invalid length. [ 1830.342901][T23000] netlink: 4 bytes leftover after parsing attributes in process `syz.1.22649'. [ 1830.712107][T23018] netlink: 12 bytes leftover after parsing attributes in process `syz.2.22658'. [ 1830.730597][T21046] usb 2-1: new full-speed USB device number 108 using dummy_hcd [ 1830.741726][T23018] netlink: 'syz.2.22658': attribute type 2 has an invalid length. [ 1830.756442][T23018] netlink: 16 bytes leftover after parsing attributes in process `syz.2.22658'. [ 1830.948017][T21046] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 1830.976356][T21046] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1830.984437][T21046] usb 2-1: Product: syz [ 1830.995570][T21046] usb 2-1: Manufacturer: syz [ 1831.009964][T21046] usb 2-1: SerialNumber: syz [ 1831.030881][T21046] usb 2-1: config 0 descriptor?? [ 1831.061913][T21046] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 1831.482581][T21046] gspca_stk1135: reg_w 0x0 err -71 [ 1831.488992][T21046] gspca_stk1135: serial bus timeout: status=0x00 [ 1831.514856][T21046] gspca_stk1135: Sensor write failed [ 1831.532178][T21046] gspca_stk1135: serial bus timeout: status=0x00 [ 1831.539663][T21046] gspca_stk1135: Sensor write failed [ 1831.546470][T21046] gspca_stk1135: serial bus timeout: status=0x00 [ 1831.555836][T21046] gspca_stk1135: Sensor read failed [ 1831.561086][T21046] gspca_stk1135: serial bus timeout: status=0x00 [ 1831.581151][T21046] gspca_stk1135: Sensor read failed [ 1831.596904][T21046] gspca_stk1135: Detected sensor type unknown (0x0) [ 1831.603954][T21046] gspca_stk1135: serial bus timeout: status=0x00 [ 1831.621109][T21046] gspca_stk1135: Sensor read failed [ 1831.626386][T21046] gspca_stk1135: serial bus timeout: status=0x00 [ 1831.649907][T21046] gspca_stk1135: Sensor read failed [ 1831.671217][T21046] gspca_stk1135: serial bus timeout: status=0x00 [ 1831.677604][T21046] gspca_stk1135: Sensor write failed [ 1831.699825][T21046] gspca_stk1135: serial bus timeout: status=0x00 [ 1831.714009][T21046] gspca_stk1135: Sensor write failed [ 1831.722758][T21046] stk1135: probe of 2-1:0.0 failed with error -71 [ 1831.751407][T21046] usb 2-1: USB disconnect, device number 108 [ 1831.760694][T23068] openvswitch: netlink: Actions may not be safe on all matching packets [ 1832.322508][T23096] netlink: 4168 bytes leftover after parsing attributes in process `syz.1.22697'. [ 1832.348394][T23098] loop3: detected capacity change from 0 to 512 [ 1832.384587][T23100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22699'. [ 1832.394716][T23098] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 1832.436141][T23098] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 1832.444499][T23098] System zones: 0-1, 15-15, 18-18, 34-34 [ 1832.450505][T23098] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1832.458300][T23098] __quota_error: 1 callbacks suppressed [ 1832.458323][T23098] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 1832.474727][T23098] EXT4-fs warning (device loop3): ext4_enable_quotas:7184: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1832.489545][T23098] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 1832.505726][T23098] EXT4-fs error (device loop3): ext4_orphan_get:1424: comm syz.3.22698: bad orphan inode 16 [ 1832.520858][T23098] ext4_test_bit(bit=15, block=18) = 1 [ 1832.526302][T23098] is_bad_inode(inode)=0 [ 1832.545544][T23098] NEXT_ORPHAN(inode)=0 [ 1832.550027][T23098] max_ino=32 [ 1832.553249][T23098] i_nlink=2 [ 1832.557641][T23098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1832.645390][T23098] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 1832.652260][T23107] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22702'. [ 1832.720545][ T6090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1833.637015][T23162] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 1833.826299][T23170] ip6t_srh: unknown srh invflags 4449 [ 1833.917022][T23176] No such timeout policy "syz0" [ 1834.259345][ T6002] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 1834.299723][T23194] tmpfs: Bad value for 'mpol' [ 1834.461726][ T6002] usb 3-1: Using ep0 maxpacket: 32 [ 1834.477167][ T6002] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1834.493072][ T6002] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1834.510233][ T6002] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1834.521259][ T6002] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1834.542828][ T6002] usb 3-1: Product: syz [ 1834.550604][ T6002] usb 3-1: Manufacturer: syz [ 1834.557649][ T6002] usb 3-1: SerialNumber: syz [ 1834.792956][ T6002] usb 3-1: Invalid number of CPorts: 0 [ 1834.798497][ T6002] es2_ap_driver: probe of 3-1:7.0 failed with error -22 [ 1834.942741][ T6125] usb 1-1: new high-speed USB device number 123 using dummy_hcd [ 1835.010069][ T6002] usb 3-1: USB disconnect, device number 98 [ 1835.144275][T23217] loop1: detected capacity change from 0 to 32768 [ 1835.169601][ T6125] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1835.183079][T23217] (syz.1.22755,23217,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1835.194556][ T6125] usb 1-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 1835.214578][T23217] (syz.1.22755,23217,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1835.223275][ T6125] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1835.281802][ T6125] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 1835.296474][T23217] JBD2: Ignoring recovery information on journal [ 1835.393485][T23217] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1835.646562][ T6079] ocfs2: Unmounting device (7,1) on (node local) [ 1835.942291][T23254] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22772'. [ 1836.330284][T23274] tmpfs: Bad value for 'mpol' [ 1836.403323][T23278] netlink: 'syz.3.22785': attribute type 7 has an invalid length. [ 1836.470603][T23282] netlink: 'syz.3.22786': attribute type 3 has an invalid length. [ 1836.620976][T21046] usb 3-1: new full-speed USB device number 99 using dummy_hcd [ 1836.702153][ T6125] gspca_stv0680: usb_control_msg error 2, request = 0x6, error = -71 [ 1836.740402][ T6125] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 1836.748762][ T6125] stv0680 1-1:4.0: last error: 86, command = 0x78 [ 1836.773423][ T6125] usb 1-1: USB disconnect, device number 123 [ 1836.830472][T21046] usb 3-1: config index 0 descriptor too short (expected 69, got 36) [ 1836.842337][T23296] loop1: detected capacity change from 0 to 1024 [ 1836.849927][T21046] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1836.884511][T23296] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1836.894294][T21046] usb 3-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 1836.903637][T23296] EXT4-fs error (device loop1): ext4_lookup:1858: comm syz.1.22793: inode #12: comm syz.1.22793: iget: illegal inode # [ 1836.921459][T23296] EXT4-fs (loop1): Remounting filesystem read-only [ 1836.932254][T21046] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1836.951701][ T6079] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1836.960489][T21046] usb 3-1: Product: syz [ 1836.984635][T21046] usb 3-1: Manufacturer: syz [ 1836.989393][T21046] usb 3-1: SerialNumber: syz [ 1837.008841][T21046] usb 3-1: config 0 descriptor?? [ 1837.028139][T21046] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 1837.280244][T23298] loop3: detected capacity change from 0 to 32768 [ 1837.298851][T23298] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.22794 (23298) [ 1837.336699][T23298] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1837.351931][T23298] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 1837.360893][T23298] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1837.374810][T23298] BTRFS info (device loop3): trying to use backup root at mount time [ 1837.394125][T23298] BTRFS info (device loop3): setting nodatasum [ 1837.400493][T23298] BTRFS info (device loop3): enabling ssd optimizations [ 1837.414496][T23298] BTRFS info (device loop3): using spread ssd allocation scheme [ 1837.422326][T23298] BTRFS info (device loop3): turning on flush-on-commit [ 1837.426932][T23308] netlink: 152 bytes leftover after parsing attributes in process `syz.0.22797'. [ 1837.449065][T23298] BTRFS info (device loop3): force zlib compression, level 3 [ 1837.469081][T23298] BTRFS info (device loop3): using free space tree [ 1837.470945][T21046] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71 [ 1837.507662][T21046] gspca_pac7302: probe of 3-1:0.0 failed with error -71 [ 1837.544669][T21046] usb 3-1: USB disconnect, device number 99 [ 1837.726390][ T6090] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1837.982094][T23334] netlink: 14 bytes leftover after parsing attributes in process `syz.0.22803'. [ 1838.190986][T23334] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1838.198433][T23334] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1838.204378][T23334] bond0 (unregistering): Released all slaves [ 1838.210225][T23336] netlink: 24 bytes leftover after parsing attributes in process `syz.3.22800'. [ 1838.249901][T23338] gretap1: entered allmulticast mode [ 1838.880374][T23372] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 1838.964743][T23376] netlink: 28 bytes leftover after parsing attributes in process `syz.2.22823'. [ 1839.000751][T23376] netlink: 28 bytes leftover after parsing attributes in process `syz.2.22823'. [ 1839.004998][T18200] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1839.091793][T23382] loop3: detected capacity change from 0 to 512 [ 1839.117953][T23382] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.22826: inode has both inline data and extents flags [ 1839.133051][T23384] loop0: detected capacity change from 0 to 256 [ 1839.141031][T23382] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.22826: couldn't read orphan inode 15 (err -117) [ 1839.148344][T23384] exfat: Deprecated parameter 'utf8' [ 1839.156978][T23382] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1839.200451][T23384] exfat: Deprecated parameter 'namecase' [ 1839.211135][T18200] usb 2-1: Using ep0 maxpacket: 8 [ 1839.222491][ T6090] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1839.235191][T18200] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1839.259450][T18200] usb 2-1: config 8 has an invalid interface number: 61 but max is 2 [ 1839.286105][T18200] usb 2-1: config 8 has 1 interface, different from the descriptor's value: 3 [ 1839.299473][T18200] usb 2-1: config 8 has no interface number 0 [ 1839.306985][T18200] usb 2-1: config 8 interface 61 altsetting 8 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1839.317155][T18200] usb 2-1: config 8 interface 61 altsetting 8 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1839.356896][T23384] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x8b6193f0, utbl_chksum : 0xe619d30d) [ 1839.375095][T18200] usb 2-1: config 8 interface 61 has no altsetting 0 [ 1839.412671][T18200] usb 2-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=e9.1f [ 1839.441294][T18200] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1839.458317][T18200] usb 2-1: Product: syz [ 1839.464050][T18200] usb 2-1: Manufacturer: syz [ 1839.469180][T18200] usb 2-1: SerialNumber: syz [ 1839.730672][T18200] bfusb: probe of 2-1:8.61 failed with error -5 [ 1839.753466][T18200] usb 2-1: USB disconnect, device number 109 [ 1840.203919][T23426] loop3: detected capacity change from 0 to 4096 [ 1840.221942][T23426] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 1840.315300][T23426] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 1840.364055][T21046] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 1840.409748][T23435] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1840.428270][ T27] audit: type=1400 audit(2000000234.149:634): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147C8A3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04 [ 1840.575671][T23442] netlink: 7 bytes leftover after parsing attributes in process `syz.0.22856'. [ 1840.587227][T21046] usb 3-1: Using ep0 maxpacket: 32 [ 1840.666727][ C1] vkms_vblank_simulate: vblank timer overrun [ 1840.685082][T23442] netlink: 8 bytes leftover after parsing attributes in process `syz.0.22856'. [ 1840.741587][T21046] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 1840.781957][T21046] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1840.801439][T21046] usb 3-1: Product: syz [ 1840.805694][T21046] usb 3-1: Manufacturer: syz [ 1840.810713][T21046] usb 3-1: SerialNumber: syz [ 1840.862985][T21046] usb 3-1: config 0 descriptor?? [ 1840.953136][T23454] netlink: 128 bytes leftover after parsing attributes in process `syz.3.22861'. [ 1840.962622][T23454] netlink: 20 bytes leftover after parsing attributes in process `syz.3.22861'. [ 1841.033359][T23456] loop1: detected capacity change from 0 to 512 [ 1841.105250][T23456] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1841.131139][T23461] netlink: 28 bytes leftover after parsing attributes in process `syz.0.22864'. [ 1841.140647][T23461] netlink: 28 bytes leftover after parsing attributes in process `syz.0.22864'. [ 1841.142863][T23456] EXT4-fs error (device loop1): ext4_find_extent:936: inode #4: comm syz.1.22862: pblk 2 bad header/extent: invalid magic - magic 3fff, entries 12, max 508(0), depth 0(0) [ 1841.168512][T23456] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=-117 [ 1841.180009][T23456] EXT4-fs warning (device loop1): ext4_enable_quotas:7184: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1841.221565][T23456] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 1841.233019][T23456] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1841.308095][T21046] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=0] err=-71 [ 1841.326495][T21046] peak_usb 3-1:0.0: unable to read PCAN-USB Pro bootloader info (err -71) [ 1841.373310][T23456] EXT4-fs error (device loop1): ext4_lookup:1855: inode #2: comm syz.1.22862: 'file0' linked to parent dir [ 1841.432256][T21046] peak_usb: probe of 3-1:0.0 failed with error -71 [ 1841.454262][T21046] usb 3-1: USB disconnect, device number 100 [ 1841.488204][ T6079] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1842.053641][T23475] loop3: detected capacity change from 0 to 32768 [ 1842.074225][T23475] (syz.3.22872,23475,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1842.079402][T23492] loop0: detected capacity change from 0 to 2048 [ 1842.113447][T23475] (syz.3.22872,23475,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1842.147181][T23492] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1842.186044][T23496] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1842.227124][T23475] JBD2: Ignoring recovery information on journal [ 1842.230470][T23498] xt_hashlimit: size too large, truncated to 1048576 [ 1842.307933][T23475] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1842.377112][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1842.442752][T23503] overlay: Bad value for 'metacopy' [ 1842.524279][ T6090] ocfs2: Unmounting device (7,3) on (node local) [ 1842.607325][T23510] SET target dimension over the limit! [ 1842.652781][T23507] can0: slcan on ttyS3. [ 1842.877314][T23506] can0 (unregistered): slcan off ttyS3. [ 1843.469995][T23555] loop0: detected capacity change from 0 to 256 [ 1843.550606][T23555] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x68d18d75, utbl_chksum : 0xe619d30d) [ 1843.612995][T23555] exFAT-fs (loop0): error, invalid access to FAT (entry 0x00000008) bogus content (0x00080000) [ 1843.666495][T23555] exFAT-fs (loop0): Filesystem has been set read-only [ 1843.746416][T23559] loop1: detected capacity change from 0 to 4096 [ 1843.783627][T23559] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1843.865620][T23559] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1843.902609][T23559] ntfs3: loop1: mft corrupted [ 1843.907539][T23559] ntfs3: loop1: Failed to load $Extend (-22). [ 1843.939328][T23559] ntfs3: loop1: Failed to initialize $Extend. [ 1843.947913][ T27] audit: type=1326 audit(2000000237.441:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23570 comm="syz.2.22911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8be219c799 code=0x7ffc0000 [ 1844.013344][T23559] ntfs3: loop1: ino=1e, "file1" failed to parse mft record [ 1844.040251][T23559] ntfs3: loop1: ino=1e, "file1" attr_set_size [ 1844.044428][ T27] audit: type=1326 audit(2000000237.470:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23570 comm="syz.2.22911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8be219c799 code=0x7ffc0000 [ 1844.130496][ T27] audit: type=1326 audit(2000000237.470:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23570 comm="syz.2.22911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7f8be219c799 code=0x7ffc0000 [ 1844.211308][ T27] audit: type=1326 audit(2000000237.470:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23570 comm="syz.2.22911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8be219c799 code=0x7ffc0000 [ 1844.306103][ T27] audit: type=1326 audit(2000000237.470:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23570 comm="syz.2.22911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8be219c799 code=0x7ffc0000 [ 1844.388372][T23589] __nla_validate_parse: 1 callbacks suppressed [ 1844.388386][T23589] netlink: 144 bytes leftover after parsing attributes in process `syz.1.22915'. [ 1844.405146][T23589] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 1844.471985][T23592] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 1844.552508][T23592] overlayfs: conflicting options: metacopy=off,verity=require [ 1845.631994][T23652] netlink: 'syz.0.22943': attribute type 21 has an invalid length. [ 1845.711215][T23652] netlink: 128 bytes leftover after parsing attributes in process `syz.0.22943'. [ 1845.729607][T23652] netlink: 'syz.0.22943': attribute type 4 has an invalid length. [ 1845.742863][T23652] netlink: 3 bytes leftover after parsing attributes in process `syz.0.22943'. [ 1845.833441][T23660] [U] .h0FwZ,iqgҏV2sO [ 1845.844720][T23660] [U] ` w*BBOLhU [ 1845.849282][T23660] [U] w$n|#%o.z\̧mРw [ 1845.866314][T23660] [U] R{ꫢ S [ 1845.874788][T23660] [U] [ 1845.877541][T23660] [U] [ 1845.880248][T23660] [U] [ 1845.883690][T23660] [U] [ 1845.886407][T23660] [U] [ 1845.889105][T23660] [U] [ 1845.891803][T23660] [U] [ 1845.895479][T23660] [U] [ 1845.898205][T23660] [U] [ 1845.900905][T23660] [U] [ 1845.903617][T23660] [U] [ 1845.930483][T23660] [U] [ 1845.933242][T23660] [U] [ 1845.935944][T23660] [U] [ 1845.938652][T23660] [U] [ 1845.951480][T23660] [U] [ 1845.954227][T23660] [U] [ 1845.956944][T23660] [U] [ 1845.959649][T23660] [U] [ 1845.969351][T23660] [U] [ 1845.972086][T23660] [U] [ 1845.974772][T23660] [U] [ 1845.977442][T23660] [U] [ 1845.997178][T23660] [U] [ 1845.999927][T23660] [U] [ 1846.002627][T23660] [U] [ 1846.005326][T23660] [U] [ 1846.008030][T23660] [U] [ 1846.013549][T23660] [U] [ 1846.016287][T23660] [U] [ 1846.018991][T23660] [U] [ 1846.021694][T23660] [U] [ 1846.024813][T23660] [U] [ 1846.027538][T23660] [U] [ 1846.028757][T21046] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 1846.030226][T23660] [U] [ 1846.040562][T23660] [U] [ 1846.062589][T23660] [U] [ 1846.065340][T23660] [U] [ 1846.068053][T23660] [U] [ 1846.070756][T23660] [U] [ 1846.087002][T23670] SET target dimension over the limit! [ 1846.096176][T23660] [U] [ 1846.098937][T23660] [U] [ 1846.101637][T23660] [U] [ 1846.104338][T23660] [U] [ 1846.113802][T23660] [U] [ 1846.116554][T23660] [U] [ 1846.119316][T23660] [U] [ 1846.122021][T23660] [U] [ 1846.127572][T23660] [U] [ 1846.130293][T23660] [U] [ 1846.132997][T23660] [U] [ 1846.135700][T23660] [U] [ 1846.138760][T23660] [U] [ 1846.141471][T23660] [U] [ 1846.144173][T23660] [U] [ 1846.146874][T23660] [U] [ 1846.152078][T23660] [U] [ 1846.154800][T23660] [U] [ 1846.157499][T23660] [U] [ 1846.160197][T23660] [U] [ 1846.172960][T23660] [U] [ 1846.175707][T23660] [U] [ 1846.178407][T23660] [U] [ 1846.181107][T23660] [U] [ 1846.184503][T23660] [U] [ 1846.187248][T23660] [U] [ 1846.189955][T23660] [U] [ 1846.192657][T23660] [U] [ 1846.198722][T23660] [U] [ 1846.201450][T23660] [U] [ 1846.204158][T23660] [U] [ 1846.206859][T23660] [U] [ 1846.209908][T23660] [U] [ 1846.212615][T23660] [U] [ 1846.215313][T23660] [U] [ 1846.218014][T23660] [U] [ 1846.223655][T21046] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 1846.241877][T23660] [U] [ 1846.244621][T23660] [U] [ 1846.246781][T21046] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1846.247300][T23660] [U] [ 1846.258836][T23660] [U] [ 1846.261612][ C0] vkms_vblank_simulate: vblank timer overrun [ 1846.267692][T21046] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1846.274351][T23660] [U] [ 1846.280664][T23660] [U] [ 1846.283364][T23660] [U] [ 1846.286065][T23660] [U] [ 1846.291383][T23660] [U] [ 1846.294112][T23660] [U] [ 1846.296820][T23660] [U] [ 1846.299516][T23660] [U] [ 1846.299800][T21046] usb 4-1: config 220 has no interface number 2 [ 1846.310917][T23676] netlink: 830 bytes leftover after parsing attributes in process `syz.0.22955'. [ 1846.312226][T23660] [U] [ 1846.322763][T23660] [U] [ 1846.325460][T23660] [U] [ 1846.328160][T23660] [U] [ 1846.328611][T21046] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1846.334473][T23660] [U] [ 1846.346156][T21046] usb 4-1: config 220 interface 0 has no altsetting 0 [ 1846.346605][T23660] [U] [ 1846.353817][T21046] usb 4-1: config 220 interface 76 has no altsetting 0 [ 1846.356018][T23660] [U] [ 1846.356043][T23660] [U] [ 1846.363480][T21046] usb 4-1: config 220 interface 1 has no altsetting 0 [ 1846.376448][T23660] [U] [ 1846.379170][T23660] [U] [ 1846.381850][T23660] [U] [ 1846.384526][T23660] [U] [ 1846.396647][T21046] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1846.413938][T21046] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1846.425304][T23660] [U] [ 1846.428051][T23660] [U] [ 1846.430765][T23660] [U] [ 1846.433469][T23660] [U] [ 1846.435847][T21046] usb 4-1: Product: syz [ 1846.440608][T21046] usb 4-1: Manufacturer: syz [ 1846.447310][T23660] [U] [ 1846.450037][T23660] [U] [ 1846.452740][T23660] [U] [ 1846.454155][T21046] usb 4-1: SerialNumber: syz [ 1846.455420][T23660] [U] [ 1846.456059][T23660] [U] [ 1846.465393][T23660] [U] [ 1846.468090][T23660] [U] [ 1846.470788][T23660] [U] [ 1846.489622][T23660] [U] [ 1846.492372][T23660] [U] [ 1846.495077][T23660] [U] [ 1846.497781][T23660] [U] [ 1846.528752][T23660] [U] [ 1846.531510][T23660] [U] [ 1846.534211][T23660] [U] [ 1846.536917][T23660] [U] [ 1846.541950][T23660] [U] [ 1846.544680][T23660] [U] [ 1846.547383][T23660] [U] [ 1846.550083][T23660] [U] [ 1846.553882][T23660] [U] [ 1846.556607][T23660] [U] [ 1846.559309][T23660] [U] [ 1846.581005][T23659] [U] [ 1846.724707][T21046] usb 4-1: selecting invalid altsetting 0 [ 1846.731119][T21046] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 1846.763446][T21046] usb 4-1: No valid video chain found. [ 1846.785614][T21046] usb 4-1: selecting invalid altsetting 0 [ 1846.809221][T21046] usbtest: probe of 4-1:220.1 failed with error -22 [ 1846.830806][T21046] usb 4-1: USB disconnect, device number 113 [ 1847.049172][T23704] netlink: 209820 bytes leftover after parsing attributes in process `syz.1.22969'. [ 1847.119611][T23706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.22970'. [ 1847.889025][T21046] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 1848.102892][T21046] usb 4-1: Using ep0 maxpacket: 16 [ 1848.120795][T21046] usb 4-1: config 0 has an invalid interface number: 104 but max is 1 [ 1848.131186][T21046] usb 4-1: config 0 has an invalid interface number: 104 but max is 1 [ 1848.161882][T21046] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1848.186732][T21046] usb 4-1: config 0 has no interface number 0 [ 1848.209592][T21046] usb 4-1: config 0 interface 104 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7 [ 1848.262487][T21046] usb 4-1: config 0 interface 104 has no altsetting 1 [ 1848.305283][T21046] usb 4-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 1848.336214][T21046] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1848.360088][T21046] usb 4-1: Product: syz [ 1848.366238][T21046] usb 4-1: Manufacturer: syz [ 1848.387847][T21046] usb 4-1: SerialNumber: syz [ 1848.413707][T21046] usb 4-1: config 0 descriptor?? [ 1848.427420][T21046] asix: probe of 4-1:0.104 failed with error -22 [ 1848.481610][T23769] loop0: detected capacity change from 0 to 24 [ 1848.499568][T23769] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 1848.534787][T23769] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 1848.588424][T23769] VFS: Lookup of 'file0' in romfs loop0 would have caused loop [ 1848.647193][T18200] usb 4-1: USB disconnect, device number 114 [ 1848.794070][T23777] loop1: detected capacity change from 0 to 8 [ 1848.851924][T23777] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 1848.893622][T23777] cramfs: Error -3 while decompressing! [ 1848.894806][ T6174] udevd[6174]: incorrect cramfs checksum on /dev/loop1 [ 1848.899550][T23777] cramfs: ffffffff973fa348(18)->ffff88806b364000(4096) [ 1848.939292][T23777] cramfs: Error -3 while decompressing! [ 1848.944942][T23777] cramfs: ffffffff973fa348(18)->ffff88806b364000(4096) [ 1848.960111][ T27] audit: type=1800 audit(2000000242.128:640): pid=23777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.23004" name="file1" dev="loop1" ino=324 res=0 errno=0 [ 1849.111797][T23789] loop0: detected capacity change from 0 to 128 [ 1849.151754][T23789] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1849.213201][T23789] ext4 filesystem being mounted at /5532/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1849.381876][ T6078] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1849.543322][T23807] netlink: 164 bytes leftover after parsing attributes in process `syz.0.23017'. [ 1849.673018][ T27] audit: type=1326 audit(2000000242.792:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23814 comm="syz.0.23023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5037d9c799 code=0x7ffc0000 [ 1849.736287][ T27] audit: type=1326 audit(2000000242.820:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23814 comm="syz.0.23023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5037d9c799 code=0x7ffc0000 [ 1849.797350][ T27] audit: type=1326 audit(2000000242.820:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23814 comm="syz.0.23023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5037d9c799 code=0x7ffc0000 [ 1849.876781][ T27] audit: type=1326 audit(2000000242.820:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23814 comm="syz.0.23023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f5037d9c799 code=0x7ffc0000 [ 1849.886413][T23825] loop3: detected capacity change from 0 to 256 [ 1849.997889][ T27] audit: type=1326 audit(2000000242.820:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23814 comm="syz.0.23023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5037d9c799 code=0x7ffc0000 [ 1850.037187][T23825] FAT-fs (loop3): Directory bread(block 64) failed [ 1850.053675][T23825] FAT-fs (loop3): Directory bread(block 65) failed [ 1850.059064][ T27] audit: type=1326 audit(2000000242.820:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23814 comm="syz.0.23023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5037d9c799 code=0x7ffc0000 [ 1850.082852][T23825] FAT-fs (loop3): Directory bread(block 66) failed [ 1850.082890][T23825] FAT-fs (loop3): Directory bread(block 67) failed [ 1850.082975][T23825] FAT-fs (loop3): Directory bread(block 68) failed [ 1850.083008][T23825] FAT-fs (loop3): Directory bread(block 69) failed [ 1850.083091][T23825] FAT-fs (loop3): Directory bread(block 70) failed [ 1850.083114][T23825] FAT-fs (loop3): Directory bread(block 71) failed [ 1850.144689][ T27] audit: type=1326 audit(2000000242.820:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23814 comm="syz.0.23023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5037d9c799 code=0x7ffc0000 [ 1850.177476][T23825] FAT-fs (loop3): Directory bread(block 72) failed [ 1850.184544][T23825] FAT-fs (loop3): Directory bread(block 73) failed [ 1850.221890][ T27] audit: type=1326 audit(2000000242.820:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23814 comm="syz.0.23023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f5037d9c799 code=0x7ffc0000 [ 1850.282509][ T27] audit: type=1326 audit(2000000242.820:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23814 comm="syz.0.23023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f5037d9c799 code=0x7ffc0000 [ 1850.401388][T23841] xt_l2tp: wrong L2TP version: 0 [ 1850.475585][T23845] netlink: 'syz.3.23038': attribute type 1 has an invalid length. [ 1851.766350][T23895] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.23060'. [ 1852.203943][T23913] netlink: 'syz.2.23070': attribute type 3 has an invalid length. [ 1852.224167][T23913] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.23070'. [ 1852.660632][T23936] netlink: 8 bytes leftover after parsing attributes in process `syz.1.23080'. [ 1852.935867][T18200] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 1853.000731][T23951] loop1: detected capacity change from 0 to 128 [ 1853.122210][T23957] netlink: 24 bytes leftover after parsing attributes in process `syz.3.23092'. [ 1853.170220][T18200] usb 3-1: Using ep0 maxpacket: 16 [ 1853.179714][T18200] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1853.205113][T18200] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 1853.223468][T18200] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1853.244906][T18200] usb 3-1: Product: syz [ 1853.249157][T18200] usb 3-1: Manufacturer: syz [ 1853.274246][T18200] usb 3-1: SerialNumber: syz [ 1853.292388][T18200] usb 3-1: config 0 descriptor?? [ 1853.341683][T18200] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 1853.499032][T23966] loop1: detected capacity change from 0 to 4096 [ 1853.522803][T23966] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1853.559466][T18200] usb 3-1: USB disconnect, device number 101 [ 1853.566322][ T11] usb 3-1: Failed to submit usb control message: -71 [ 1853.569271][T23966] ntfs3: loop1: Failed to load $Extend (-22). [ 1853.590324][ T11] usb 3-1: unable to send the bmi data to the device: -71 [ 1853.609551][T23966] ntfs3: loop1: Failed to initialize $Extend. [ 1853.617825][ T11] usb 3-1: unable to get target info from device [ 1853.629984][ T11] usb 3-1: could not get target info (-71) [ 1853.640953][ T11] usb 3-1: could not probe fw (-71) [ 1853.887930][T23969] loop0: detected capacity change from 0 to 32768 [ 1853.931610][T23969] JBD2: Ignoring recovery information on journal [ 1853.976318][T23969] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1854.148741][T23963] loop3: detected capacity change from 0 to 32768 [ 1854.184427][T23985] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.23102'. [ 1854.205058][T23963] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1854.310650][ T6078] ocfs2: Unmounting device (7,0) on (node local) [ 1854.353008][T23963] XFS (loop3): Ending clean mount [ 1854.371940][T23963] XFS (loop3): Quotacheck needed: Please wait. [ 1854.513039][T23963] XFS (loop3): Quotacheck: Done. [ 1854.649539][ T6090] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1854.856256][T24006] loop1: detected capacity change from 0 to 4096 [ 1854.916367][T24006] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1854.956788][T24006] ntfs3: loop1: Failed to load $Extend (-22). [ 1855.004901][T24006] ntfs3: loop1: Failed to initialize $Extend. [ 1855.451462][T24023] loop1: detected capacity change from 0 to 1764 [ 1855.478861][T24023] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 1855.753094][T24036] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23122'. [ 1855.786850][T24036] netlink: 24 bytes leftover after parsing attributes in process `syz.2.23122'. [ 1855.895695][T24015] loop0: detected capacity change from 0 to 32768 [ 1855.953396][T24015] [ 1855.953396][T24015] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1855.953396][T24015] [ 1856.067966][ T6078] [ 1856.067966][ T6078] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1856.067966][ T6078] [ 1856.118494][ T6078] [ 1856.118494][ T6078] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1856.118494][ T6078] [ 1856.291858][T24059] ieee802154 phy1 wpan1: encryption failed: -90 [ 1856.595431][T24075] netlink: 'syz.2.23138': attribute type 2 has an invalid length. [ 1856.627091][T24075] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.23138'. [ 1856.892401][T24091] program syz.1.23143 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1857.319538][T24112] kAFS: unparsable volume name [ 1857.793294][T24137] loop0: detected capacity change from 0 to 1024 [ 1858.032450][T24145] tmpfs: Bad value for 'mpol' [ 1858.154079][T24151] No such timeout policy "syz1" [ 1858.194134][T24127] loop1: detected capacity change from 0 to 32768 [ 1858.213575][T24127] (syz.1.23161,24127,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1858.263252][T24127] (syz.1.23161,24127,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1858.336872][T24127] JBD2: Ignoring recovery information on journal [ 1858.506640][T24127] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1858.725168][T24160] loop3: detected capacity change from 0 to 32768 [ 1858.735094][ T6079] ocfs2: Unmounting device (7,1) on (node local) [ 1858.744485][T24160] (syz.3.23175,24160,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1858.790359][T24160] (syz.3.23175,24160,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1858.893320][T24160] JBD2: Ignoring recovery information on journal [ 1858.979466][T24160] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1859.103329][T21046] usb 1-1: new high-speed USB device number 124 using dummy_hcd [ 1859.155591][T24160] [ 1859.157969][T24160] ====================================================== [ 1859.163092][T24179] netlink: 'syz.2.23185': attribute type 2 has an invalid length. [ 1859.164973][T24160] WARNING: possible circular locking dependency detected [ 1859.164997][T24160] syzkaller #0 Not tainted [ 1859.184302][T24160] ------------------------------------------------------ [ 1859.187492][T24179] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23185'. [ 1859.191305][T24160] syz.3.23175/24160 is trying to acquire lock: [ 1859.191318][T24160] ffff888057cb2378 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_init_acl+0x30a/0x770 [ 1859.191371][T24160] [ 1859.191371][T24160] but task is already holding lock: [ 1859.191377][T24160] ffff88802261f8e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a8/0x6f0 [ 1859.233323][T24160] [ 1859.233323][T24160] which lock already depends on the new lock. [ 1859.233323][T24160] [ 1859.243738][T24160] [ 1859.243738][T24160] the existing dependency chain (in reverse order) is: [ 1859.252759][T24160] [ 1859.252759][T24160] -> #4 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 1859.261294][T24160] down_read+0x46/0x2e0 [ 1859.265985][T24160] ocfs2_start_trans+0x3a8/0x6f0 [ 1859.271456][T24160] ocfs2_shutdown_local_alloc+0x1fc/0xaa0 [ 1859.277698][T24160] ocfs2_dismount_volume+0x1e5/0x8a0 [ 1859.283495][T24160] generic_shutdown_super+0x134/0x2b0 [ 1859.289375][T24160] kill_block_super+0x44/0x90 [ 1859.294558][T24160] deactivate_locked_super+0x97/0x100 [ 1859.300443][T24160] cleanup_mnt+0x43b/0x4d0 [ 1859.305363][T24160] task_work_run+0x1d4/0x260 [ 1859.310469][T24160] exit_to_user_mode_loop+0xe6/0x110 [ 1859.316267][T24160] exit_to_user_mode_prepare+0xee/0x180 [ 1859.318794][T21046] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 1859.322313][T24160] syscall_exit_to_user_mode+0x1a/0x50 [ 1859.322339][T24160] do_syscall_64+0x61/0xa0 [ 1859.330871][T21046] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1859.336597][T24160] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1859.336622][T24160] [ 1859.336622][T24160] -> #3 (sb_internal [ 1859.344429][T21046] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1859.351140][T24160] #3){.+.+}-{0:0}: [ 1859.351163][T24160] ocfs2_start_trans+0x2a9/0x6f0 [ 1859.351181][T24160] ocfs2_shutdown_local_alloc+0x1fc/0xaa0 [ 1859.351204][T24160] ocfs2_dismount_volume+0x1e5/0x8a0 [ 1859.351219][T24160] generic_shutdown_super+0x134/0x2b0 [ 1859.358319][T21046] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1859.363654][T24160] kill_block_super+0x44/0x90 [ 1859.363677][T24160] deactivate_locked_super+0x97/0x100 [ 1859.363689][T24160] cleanup_mnt+0x43b/0x4d0 [ 1859.363703][T24160] task_work_run+0x1d4/0x260 [ 1859.363720][T24160] exit_to_user_mode_loop+0xe6/0x110 [ 1859.363738][T24160] exit_to_user_mode_prepare+0xee/0x180 [ 1859.363755][T24160] syscall_exit_to_user_mode+0x1a/0x50 [ 1859.363773][T24160] do_syscall_64+0x61/0xa0 [ 1859.363792][T24160] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1859.363808][T24160] [ 1859.363808][T24160] -> #2 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}: [ 1859.363838][T24160] down_write+0x97/0x200 [ 1859.363853][T24160] ocfs2_reserve_suballoc_bits+0x16e/0x44c0 [ 1859.374092][T21046] usb 1-1: Manufacturer: syz [ 1859.376540][T24160] ocfs2_reserve_clusters_with_limit+0x3bd/0xc20 [ 1859.376570][T24160] ocfs2_reserve_suballoc_bits+0x78b/0x44c0 [ 1859.403502][T21046] usb 1-1: config 0 descriptor?? [ 1859.407797][T24160] ocfs2_reserve_new_metadata_blocks+0x416/0x9a0 [ 1859.419583][T21046] igorplugusb 1-1:0.0: endpoint incorrect [ 1859.423785][T24160] ocfs2_extend_dir+0xcca/0x48b0 [ 1859.423807][T24160] ocfs2_prepare_dir_for_insert+0x315b/0x56b0 [ 1859.526767][T24160] ocfs2_mknod+0x81b/0x2300 [ 1859.531779][T24160] ocfs2_mkdir+0x196/0x430 [ 1859.536709][T24160] vfs_mkdir+0x296/0x440 [ 1859.541464][T24160] do_mkdirat+0x1dc/0x450 [ 1859.546310][T24160] __x64_sys_mkdirat+0x89/0xa0 [ 1859.551576][T24160] do_syscall_64+0x55/0xa0 [ 1859.556497][T24160] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1859.562901][T24160] [ 1859.562901][T24160] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}: [ 1859.573421][T24160] down_write+0x97/0x200 [ 1859.578170][T24160] ocfs2_reserve_suballoc_bits+0x16e/0x44c0 [ 1859.584578][T24160] ocfs2_reserve_new_metadata_blocks+0x416/0x9a0 [ 1859.591415][T24160] ocfs2_init_xattr_set_ctxt+0x30b/0x710 [ 1859.597557][T24160] ocfs2_xattr_set+0xc3f/0x13e0 [ 1859.602911][T24160] ocfs2_set_acl+0x4e1/0x590 [ 1859.608000][T24160] ocfs2_iop_set_acl+0x1b2/0x2b0 [ 1859.613446][T24160] vfs_set_acl+0x803/0xa60 [ 1859.618369][T24160] do_set_acl+0xf5/0x180 [ 1859.623118][T24160] path_setxattr+0x41d/0x5d0 [ 1859.628215][T24160] __x64_sys_setxattr+0xbb/0xd0 [ 1859.633586][T24160] do_syscall_64+0x55/0xa0 [ 1859.638534][T24160] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1859.644965][T24160] [ 1859.644965][T24160] -> #0 (&oi->ip_xattr_sem){++++}-{3:3}: [ 1859.646021][T21046] usb 1-1: USB disconnect, device number 124 [ 1859.652782][T24160] __lock_acquire+0x2df1/0x7d40 [ 1859.652807][T24160] lock_acquire+0x19e/0x420 [ 1859.652820][T24160] down_read+0x46/0x2e0 [ 1859.652832][T24160] ocfs2_init_acl+0x30a/0x770 [ 1859.652845][T24160] ocfs2_mknod+0x140f/0x2300 [ 1859.652861][T24160] vfs_mknod+0x32b/0x360 [ 1859.652873][T24160] do_mknodat+0x386/0x500 [ 1859.652888][T24160] __x64_sys_mknod+0x8e/0xa0 [ 1859.652901][T24160] do_syscall_64+0x55/0xa0 [ 1859.652920][T24160] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1859.652937][T24160] [ 1859.652937][T24160] other info that might help us debug this: [ 1859.652937][T24160] [ 1859.652943][T24160] Chain exists of: [ 1859.652943][T24160] &oi->ip_xattr_sem --> sb_internal#3 --> &journal->j_trans_barrier [ 1859.652943][T24160] [ 1859.734253][T24160] Possible unsafe locking scenario: [ 1859.734253][T24160] [ 1859.741701][T24160] CPU0 CPU1 [ 1859.747065][T24160] ---- ---- [ 1859.752410][T24160] rlock(&journal->j_trans_barrier); [ 1859.757792][T24160] lock(sb_internal#3); [ 1859.764541][T24160] lock(&journal->j_trans_barrier); [ 1859.772332][T24160] rlock(&oi->ip_xattr_sem); [ 1859.777002][T24160] [ 1859.777002][T24160] *** DEADLOCK *** [ 1859.777002][T24160] [ 1859.785134][T24160] 8 locks held by syz.3.23175/24160: [ 1859.790398][T24160] #0: ffff88804ee52418 (sb_writers#33){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 1859.799613][T24160] #1: ffff888057cb2658 (&type->i_mutex_dir_key#25/1){+.+.}-{3:3}, at: filename_create+0x20c/0x480 [ 1859.810298][T24160] #2: ffff888076dedf58 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x16e/0x44c0 [ 1859.823936][T24160] #3: ffff888076ded118 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x16e/0x44c0 [ 1859.837579][T24160] #4: ffff8880201f09d8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: ocfs2_reserve_local_alloc_bits+0x120/0x2600 [ 1859.851492][T24160] #5: ffff88804ee52608 (sb_internal#3){.+.+}-{0:0}, at: ocfs2_mknod+0xf1d/0x2300 [ 1859.860726][T24160] #6: ffff88802261f8e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a8/0x6f0 [ 1859.871409][T24160] #7: ffff88807a972990 (jbd2_handle#2){.+.+}-{0:0}, at: start_this_handle+0x1f7a/0x21c0 [ 1859.881253][T24160] [ 1859.881253][T24160] stack backtrace: [ 1859.887139][T24160] CPU: 0 PID: 24160 Comm: syz.3.23175 Not tainted syzkaller #0 [ 1859.894688][T24160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1859.904729][T24160] Call Trace: [ 1859.907998][T24160] [ 1859.910926][T24160] dump_stack_lvl+0x18c/0x250 [ 1859.915597][T24160] ? load_image+0x400/0x400 [ 1859.920100][T24160] ? show_regs_print_info+0x20/0x20 [ 1859.925302][T24160] ? print_circular_bug+0x12b/0x1a0 [ 1859.930503][T24160] check_noncircular+0x2fc/0x400 [ 1859.935444][T24160] ? print_deadlock_bug+0x5d0/0x5d0 [ 1859.940637][T24160] ? _find_first_zero_bit+0xd3/0x100 [ 1859.945909][T24160] ? add_lock_to_list+0x191/0x280 [ 1859.950928][T24160] __lock_acquire+0x2df1/0x7d40 [ 1859.955774][T24160] ? verify_lock_unused+0x140/0x140 [ 1859.960961][T24160] ? __lock_acquire+0x7d40/0x7d40 [ 1859.965975][T24160] ? do_raw_spin_lock+0x11f/0x2c0 [ 1859.970991][T24160] lock_acquire+0x19e/0x420 [ 1859.975494][T24160] ? ocfs2_init_acl+0x30a/0x770 [ 1859.980340][T24160] ? __might_sleep+0xe0/0xe0 [ 1859.984944][T24160] ? read_lock_is_recursive+0x20/0x20 [ 1859.990325][T24160] ? trace_ocfs2_claim_new_inode_at_loc+0x1c0/0x1c0 [ 1859.996904][T24160] ? dquot_alloc_inode+0x772/0xa40 [ 1860.002006][T24160] down_read+0x46/0x2e0 [ 1860.006150][T24160] ? ocfs2_init_acl+0x30a/0x770 [ 1860.010990][T24160] ocfs2_init_acl+0x30a/0x770 [ 1860.015654][T24160] ? ocfs2_mknod_locked+0x159/0x290 [ 1860.020841][T24160] ? ocfs2_acl_chmod+0x330/0x330 [ 1860.025761][T24160] ? dquot_alloc_inode+0x8ac/0xa40 [ 1860.030858][T24160] ? dquot_alloc_inode+0x15e/0xa40 [ 1860.035958][T24160] ? ocfs2_block_signals+0x9b/0xe0 [ 1860.041065][T24160] ? ocfs2_init_security_get+0x139/0x1a0 [ 1860.046689][T24160] ocfs2_mknod+0x140f/0x2300 [ 1860.051275][T24160] ? ocfs2_mkdir+0x430/0x430 [ 1860.055859][T24160] ? verify_lock_unused+0x140/0x140 [ 1860.061045][T24160] ? ocfs2_inode_lock_tracker+0x437/0x700 [ 1860.066763][T24160] ? ocfs2_inode_unlock_tracker+0x270/0x2e0 [ 1860.072642][T24160] ? __lock_acquire+0x7d40/0x7d40 [ 1860.077655][T24160] ? __rwlock_init+0x150/0x150 [ 1860.082406][T24160] ? do_raw_spin_unlock+0x121/0x230 [ 1860.087595][T24160] ? put_pid+0xde/0x120 [ 1860.091739][T24160] ? ocfs2_permission+0x117/0x1e0 [ 1860.096768][T24160] ? ocfs2_getattr+0x3a0/0x3a0 [ 1860.101521][T24160] ? from_kgid+0x16d/0x690 [ 1860.105930][T24160] ? make_kgid+0x660/0x660 [ 1860.110331][T24160] ? apparmor_path_mknod+0x1ba/0x240 [ 1860.115603][T24160] ? HAS_UNMAPPED_ID+0x11a/0x180 [ 1860.120528][T24160] ? ocfs2_getattr+0x3a0/0x3a0 [ 1860.125366][T24160] ? bpf_lsm_inode_mknod+0x9/0x10 [ 1860.130394][T24160] ? security_inode_mknod+0xc7/0x110 [ 1860.135670][T24160] vfs_mknod+0x32b/0x360 [ 1860.139908][T24160] do_mknodat+0x386/0x500 [ 1860.144227][T24160] ? do_o_path+0x200/0x200 [ 1860.148629][T24160] __x64_sys_mknod+0x8e/0xa0 [ 1860.153203][T24160] do_syscall_64+0x55/0xa0 [ 1860.157612][T24160] ? clear_bhb_loop+0x40/0x90 [ 1860.162273][T24160] ? clear_bhb_loop+0x40/0x90 [ 1860.166935][T24160] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1860.172814][T24160] RIP: 0033:0x7f3f9a39c799 [ 1860.177213][T24160] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1860.196807][T24160] RSP: 002b:00007f3f9b17b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 1860.205219][T24160] RAX: ffffffffffffffda RBX: 00007f3f9a615fa0 RCX: 00007f3f9a39c799 [ 1860.213207][T24160] RDX: 0000000000000707 RSI: 000000000000c000 RDI: 00002000000005c0 [ 1860.221195][T24160] RBP: 00007f3f9a432c99 R08: 0000000000000000 R09: 0000000000000000 [ 1860.229185][T24160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1860.237165][T24160] R13: 00007f3f9a616038 R14: 00007f3f9a615fa0 R15: 00007ffe6686ee88 [ 1860.245138][T24160] [ 1860.248234][ C0] vkms_vblank_simulate: vblank timer overrun [ 1860.319130][ T6090] ocfs2: Unmounting device (7,3) on (node local)