last executing test programs:

3m23.650773169s ago: executing program 1 (id=2):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f00000002c0)=@base={0x14, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x200002, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x3f}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r4 = socket(0x1, 0x3, 0x0)
bind$unix(r4, &(0x7f0000000400)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

3m22.342085777s ago: executing program 1 (id=15):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r0, 0x0, 0x20040084)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x14, 0x19, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0xfffe}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f00000010c0)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x40}, 0x1000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e)
unshare(0x4000000)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = accept4(r1, 0x0, 0x0, 0x0)
r6 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, r7, 0x0, 0x10003}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BR_PRIORITY={0x6, 0x6, 0x2}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x3}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x9}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[], 0xfffffe2b}}, 0x200c811)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r8 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCFLSH(r8, 0x540b, 0x2)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6000003, 0x42031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'})

3m20.23528178s ago: executing program 1 (id=18):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x803, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300))
socket$netlink(0x10, 0x3, 0x0)
pipe2(&(0x7f0000000040), 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

3m19.303985755s ago: executing program 1 (id=21):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x40)
ftruncate(r1, 0x2007ffb)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000f40)={r3, 0x0, 0x0}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x3, 0x5, 0x5e78fe70, 0x0, 0x30000, r1, 0x5, '\x00', 0x0, r1, 0x5, 0x1, 0x5, 0x0, @void, @value, @value=r1}, 0x50)
sendfile(r0, r1, 0x0, 0x1000000201005)

3m17.16557348s ago: executing program 1 (id=25):
fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x3f}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)

3m0.457080064s ago: executing program 32 (id=25):
fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x3f}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)

25.219343636s ago: executing program 3 (id=335):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f00000009c0)=[{{&(0x7f0000000600)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000640)}, {&(0x7f00000006c0)="6f255a0a54c99254750e7506f72d07b23f91f0cccb58d3176f7db67737634342fddb36ca21f68f6e1b49f26e806828318af17466e21fc6d60e0db5272f043c7ad921efd7585598757d48a4eb8804cc82d8448a478a81340f7eb0fe3b24b93005d65120e8f6d399c3927b256058884f95b68b3e84b435a275d8c4352b4a50c43c60b16c2d060ba7fd13d17a2570a5c26f47695b5443e8057f65a984d622d3a68d63e126d8122531018837f0ae", 0xac}, {&(0x7f00000007c0)="8798d0bc2d5dc2f675d0ce7e8bb806418d85a38bcd84775f82", 0x19}, {&(0x7f0000000800)="c73a0f9e31235d6f46bb47ec88de86bf4a8c5689f822909ba4", 0x19}, {0x0}], 0x5, &(0x7f0000000980)=[@ip_ttl={{0x14, 0x0, 0x2, 0xc93}}], 0x18}}], 0x1, 0x0)
sendto$rxrpc(r0, 0x0, 0x0, 0x88d1, &(0x7f0000000540)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e22, 0x6, @empty, 0x5}}, 0x24)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000041}, 0x84)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800", @ANYRES32=0x0, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000004"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xd, 0xd, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a006030"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[], 0xb8}}, 0x0)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r1, 0x0, 0x0)

21.690557336s ago: executing program 0 (id=341):
syz_open_dev$dri(0x0, 0x1ff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r0 = getpid()
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
r1 = openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0)
write$binfmt_misc(r1, 0x0, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x50d5c000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x8)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x20301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000240))
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000040))
write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '$wf\xdf\x13\x9f\xc0\xf2/` 6\xeb?\xbcI6\x1d\xd9\xe2\t\xd5\xd3\b\xbb0>1\xa0\xd1;\xba\xeb/\x9a\xf2,\xdd?\xb8\xed\xce\x11\xe8<\x02\xbdU\xbe\x95u\xc7#\xc3\xce\x98h\xc8\x9c\xc7\xfa\xe7r\xc1\x01\x9a\xf2\xf7\xc5\xc9\xfb\xc2q\x9f\x99\x13\xab\x10\xd2\xf9\x1a\xb0\xbd->\xa8\x1b\xb6\xc6y\x15\xea~w\xec\xb2%\x88\xca\x81;t\xba4\xdc\xf9\xf8\xec:\xd8\x84nP\xfb\"\x8f\xdb\xd2\xc2!eS\x984\x8a@\xd3N\xf9\'\x90\xec0\xfaR\x88\xcc\x9a\xc2\xa8\xda\xfc\x0f`\x9c`\xa1\xa5\x1d\xcb\xfe\xd8\xcc>\xda\xb1\xa7\xb2$\x82\x9b\xe4\xd7g\xea\xb4\\\xd1\x93z{\xd2\xc6J\x860\x10`,\xbf\xfbvZ\xd0L\xf6\bFs\xcc\xcd\xc1\xa9\xc6U\xfd\xbcC\xd9!\xeb\xb0\x88'}]}, 0xd7)

17.807554289s ago: executing program 3 (id=348):
syz_open_dev$dri(0x0, 0x1ff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r0 = getpid()
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x50d5c000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x8)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x20301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240))
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000040))
write$binfmt_script(r3, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '$wf\xdf\x13\x9f\xc0\xf2/` 6\xeb?\xbcI6\x1d\xd9\xe2\t\xd5\xd3\b\xbb0>1\xa0\xd1;\xba\xeb/\x9a\xf2,\xdd?\xb8\xed\xce\x11\xe8<\x02\xbdU\xbe\x95u\xc7#\xc3\xce\x98h\xc8\x9c\xc7\xfa\xe7r\xc1\x01\x9a\xf2\xf7\xc5\xc9\xfb\xc2q\x9f\x99\x13\xab\x10\xd2\xf9\x1a\xb0\xbd->\xa8\x1b\xb6\xc6y\x15\xea~w\xec\xb2%\x88\xca\x81;t\xba4\xdc\xf9\xf8\xec:\xd8\x84nP\xfb\"\x8f\xdb\xd2\xc2!eS\x984\x8a@\xd3N\xf9\'\x90\xec0\xfaR\x88\xcc\x9a\xc2\xa8\xda\xfc\x0f`\x9c`\xa1\xa5\x1d\xcb\xfe\xd8\xcc>\xda\xb1\xa7\xb2$\x82\x9b\xe4\xd7g\xea\xb4\\\xd1\x93z{\xd2\xc6J\x860\x10`,\xbf\xfbvZ\xd0L\xf6\bFs\xcc\xcd\xc1\xa9\xc6U\xfd\xbcC\xd9!\xeb\xb0\x88'}]}, 0xd7)

17.661610829s ago: executing program 2 (id=350):
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3}, 0x38)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f0000000580), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
io_uring_setup(0x39e5, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000440)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x562, &(0x7f0000001600)="$eJzs3c9rHOUbAPBnNkl/f79NoRQVkUAPVmo3TeKPCh7qUbRY0Htdkmko2XRLdlOatND2YC9epAgiFsS73j0W/wH/ioIWipSgBy8rs5lNk2Y3u0m2SXQ/H5jwvjuz+86zM8+bd/adZQPoWyPZn0LEyxHxVRJxNCKSfN1g5CtHlrdbenprMluSqNc//SNpbJfVm6/VfN7hvPJSRPzyRcTpwvp2qwuLM6VyOZ3L66O12Wuj1YXFM1dmS9PpdHp1fGLi3NsT4++9+07PYn3j4l/ffvLww3Nfnlz65qfHx+4ncT6O5OtWx7ENd1ZXRmIkf0+G4vxzG471oLG9JNntHWBLBvI8H4qsDzgaA3nWA/99tyOiDvSpRP5Dn2qOA5rX9m2ug+u3d3ZYsmOefLB8AbQ+/sHlz0biQOPa6NBSsubKKLveHe5B+1kbP//+4H62RO8+hwDo6M7diDg7OLi+/0vy/m/rznaxzfNt6P9g5zzMxj9vthr/FFbGP9Fi/HO4Re5uRef8LzzuQTNtZeO/91uOf1cmrYYH8tr/GmO+oeTylXKa9W3/j4hTMbQ/q280n3Nu6VG93brV479sydpvjgXz/Xg8uH/tc6ZKN7cT8hpP7ka80nL8m6wc/6TF8c/ej4tdtnEiffBau3Wd43+x6j9EvN7y+D+b0Uo2np8cbZwPo82zYr0/7534tV37m4+/tzNt2fE/tHH8w8nq+drq5tv4/sDfabt1a+KPbs//Wmlf8lmjvC9/7EapVpsbi9iXfLz+8fFnz23Wm9tn8Z86uXH/1+r8PxgRn3cZ/73jP77aVfy7cP5n8U9t6vhvvvDoo5vftWu/u/7vrUbpVP5Idvw7xdXtDm7nvQMAAAAAAIC9phARRyIpFFfKhUKxuHx/x/E4VChXqrXTlyvzV6ei8V3Z4RgqNGe6j666H2Isvx+2WR9/rj4REcci4uuBg416cbJSntrt4AEAAAAAAAAAAAAAAAAAAGCPONzm+/+Z3wZ2e++AF85PfkP/6pj/vfilJ2BP8v8f+pf8h/4l/6F/yX/oX/If+pf8h/4l/6F/yX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqYsXLmRLfenprcmsPnV9YX6mcv3MVFqdKc7OTxYnK3PXitOVynQ5LU5WZju9XrlSuTY2HvM3RmtptTZaXVi8NFuZv1q7dGW2NJ1eSod2JCoAAAAAAAAAAAAAAAAAAAD4d6kuLM6UyuV0TkFhS4XBvbEbCj0u7HbPBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP/BMAAP//Yko41g==")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000200), 0xfea7)
copy_file_range(r6, 0x0, r5, 0x0, 0xffffffffa003e45c, 0x700000000000000)
sendmsg$nl_netfilter(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0xffffff70}, 0x1, 0x0, 0x0, 0x200050c0}, 0x4000000)
recvmmsg(r4, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000080)=""/141, 0x8d}], 0x1}, 0x17ba}], 0x1, 0x2000, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, 0x0, &(0x7f0000000000)=0x1e)
r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x3, 0x0)
ioctl$AUTOFS_IOC_FAIL(r8, 0x4c80, 0xffffffffffffffb6)

16.468395995s ago: executing program 6 (id=352):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x10}, 0xc)
bind$inet6(r0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$sock(r0, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="99", 0x1}], 0x1}}], 0x1, 0x40000)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000140)="96", 0x1, 0x1, &(0x7f0000000240)={0xa, 0x0, 0x0, @private2}, 0x1c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x3c, r3, 0x1, 0x70bd2e, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0xaa}]}, 0x3c}}, 0x40880)
r4 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
r5 = add_key$user(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, &(0x7f00000003c0)="ae", 0x1, r4)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000140)=@secondary)
keyctl$link(0x8, r5, r4)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000074c7b4206d04f6088a81000900010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000000)=0x6, 0x4)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
close(0x3)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
r10 = syz_open_dev$vcsn(&(0x7f0000000080), 0x10001, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r10, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newtfilter={0x24, 0x11, 0x1, 0x74bd2b, 0x0, {0x0, 0x0, 0x74, r11, {0x6, 0x4}, {0x0, 0x4}, {0xa}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

16.334205056s ago: executing program 0 (id=354):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bind$802154_raw(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_getattr(r0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0xd34, 0x9)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

16.164659845s ago: executing program 5 (id=355):
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5886, 0x1, 0x2}, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x490420, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x100}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x4030582b, &(0x7f0000000180)={0x81, 0x3})

15.124451923s ago: executing program 0 (id=356):
syz_open_dev$dri(0x0, 0x1ff, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x50d5c000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x8)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x20301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240))
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000040))
write$binfmt_script(r3, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '$wf\xdf\x13\x9f\xc0\xf2/` 6\xeb?\xbcI6\x1d\xd9\xe2\t\xd5\xd3\b\xbb0>1\xa0\xd1;\xba\xeb/\x9a\xf2,\xdd?\xb8\xed\xce\x11\xe8<\x02\xbdU\xbe\x95u\xc7#\xc3\xce\x98h\xc8\x9c\xc7\xfa\xe7r\xc1\x01\x9a\xf2\xf7\xc5\xc9\xfb\xc2q\x9f\x99\x13\xab\x10\xd2\xf9\x1a\xb0\xbd->\xa8\x1b\xb6\xc6y\x15\xea~w\xec\xb2%\x88\xca\x81;t\xba4\xdc\xf9\xf8\xec:\xd8\x84nP\xfb\"\x8f\xdb\xd2\xc2!eS\x984\x8a@\xd3N\xf9\'\x90\xec0\xfaR\x88\xcc\x9a\xc2\xa8\xda\xfc\x0f`\x9c`\xa1\xa5\x1d\xcb\xfe\xd8\xcc>\xda\xb1\xa7\xb2$\x82\x9b\xe4\xd7g\xea\xb4\\\xd1\x93z{\xd2\xc6J\x860\x10`,\xbf\xfbvZ\xd0L\xf6\bFs\xcc\xcd\xc1\xa9\xc6U\xfd\xbcC\xd9!\xeb\xb0\x88'}]}, 0xd7)

14.863370674s ago: executing program 5 (id=357):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r1 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x40)
ftruncate(r2, 0x2007ffb)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000f40)={r4, 0x0, 0x0}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x3, 0x5, 0x5e78fe70, 0x0, 0x30000, r2, 0x5, '\x00', 0x0, r2, 0x5, 0x1, 0x5, 0x0, @void, @value, @value=r2}, 0x50)
sendfile(r1, r2, 0x0, 0x1000000201005)
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)

13.024048581s ago: executing program 6 (id=360):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f00000009c0)=[{{&(0x7f0000000600)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000640)}, {&(0x7f00000006c0)="6f255a0a54c99254750e7506f72d07b23f91f0cccb58d3176f7db67737634342fddb36ca21f68f6e1b49f26e806828318af17466e21fc6d60e0db5272f043c7ad921efd7585598757d48a4eb8804cc82d8448a478a81340f7eb0fe3b24b93005d65120e8f6d399c3927b256058884f95b68b3e84b435a275d8c4352b4a50c43c60b16c2d060ba7fd13d17a2570a5c26f47695b5443e8057f65a984d622d3a68d63e126d8122531018837f0ae", 0xac}, {&(0x7f00000007c0)="8798d0bc2d5dc2f675d0ce7e8bb806418d85a38bcd84775f82", 0x19}, {&(0x7f0000000800)="c73a0f9e31235d6f46bb47ec88de86bf4a8c5689f822909ba4", 0x19}, {0x0}], 0x5, &(0x7f0000000980)=[@ip_ttl={{0x14, 0x0, 0x2, 0xc93}}], 0x18}}], 0x1, 0x0)
sendto$rxrpc(r0, 0x0, 0x0, 0x88d1, &(0x7f0000000540)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e22, 0x6, @empty, 0x5}}, 0x24)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000041}, 0x84)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800", @ANYRES32=0x0, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000004"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xd, 0xd, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a006030"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[], 0xb8}}, 0x0)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0)

12.811487586s ago: executing program 3 (id=361):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x78}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804)

12.373813376s ago: executing program 2 (id=362):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x803, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x3, 0x7)
rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300))
socket$netlink(0x10, 0x3, 0x0)
pipe2(&(0x7f0000000040), 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

12.367880335s ago: executing program 6 (id=363):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
writev(0xffffffffffffffff, &(0x7f0000000500), 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000009a40)=0x4)
syz_usb_connect(0x6, 0x36, 0x0, 0x0)
r5 = openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fcntl$notify(r5, 0x402, 0x29)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='comm\x00')
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x800})
socket$nl_netfilter(0x10, 0x3, 0xc)

12.366275184s ago: executing program 5 (id=364):
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r3, r2, &(0x7f0000002080)=0x64, 0x23b)

12.245224467s ago: executing program 3 (id=366):
syz_open_dev$dri(0x0, 0x1ff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r0 = getpid()
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
r1 = openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0)
write$binfmt_misc(r1, 0x0, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x50d5c000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x8)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x20301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000240))
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000040))
write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '$wf\xdf\x13\x9f\xc0\xf2/` 6\xeb?\xbcI6\x1d\xd9\xe2\t\xd5\xd3\b\xbb0>1\xa0\xd1;\xba\xeb/\x9a\xf2,\xdd?\xb8\xed\xce\x11\xe8<\x02\xbdU\xbe\x95u\xc7#\xc3\xce\x98h\xc8\x9c\xc7\xfa\xe7r\xc1\x01\x9a\xf2\xf7\xc5\xc9\xfb\xc2q\x9f\x99\x13\xab\x10\xd2\xf9\x1a\xb0\xbd->\xa8\x1b\xb6\xc6y\x15\xea~w\xec\xb2%\x88\xca\x81;t\xba4\xdc\xf9\xf8\xec:\xd8\x84nP\xfb\"\x8f\xdb\xd2\xc2!eS\x984\x8a@\xd3N\xf9\'\x90\xec0\xfaR\x88\xcc\x9a\xc2\xa8\xda\xfc\x0f`\x9c`\xa1\xa5\x1d\xcb\xfe\xd8\xcc>\xda\xb1\xa7\xb2$\x82\x9b\xe4\xd7g\xea\xb4\\\xd1\x93z{\xd2\xc6J\x860\x10`,\xbf\xfbvZ\xd0L\xf6\bFs\xcc\xcd\xc1\xa9\xc6U\xfd\xbcC\xd9!\xeb\xb0\x88'}]}, 0xd7)

10.51927756s ago: executing program 2 (id=367):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="6000000010000304f500"/20, @ANYBLOB="ef050000000000003000128009000100766c616e00000000200002800c0002000a0000001f00000006000100000000000600050088a8000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x60}, 0x1, 0x0, 0x0, 0x4004014}, 0x4000000)

10.014809859s ago: executing program 2 (id=369):
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5886, 0x1, 0x2}, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x490420, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x100}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x4030582b, &(0x7f0000000180)={0x81, 0x3})

9.022390458s ago: executing program 4 (id=370):
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x70bd2a, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x23, &(0x7f00000005c0), &(0x7f0000000600)=0x14)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xd1, &(0x7f0000000040)=0x20f, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
setuid(0xee00)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={0x0, 0x34}}, 0x4000040)

7.803398065s ago: executing program 2 (id=371):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x40)
ftruncate(r1, 0x2007ffb)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000f40)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
sendfile(r0, r1, 0x0, 0x1000000201005)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)

7.597593869s ago: executing program 5 (id=372):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @local}, @time_exceeded={0x3, 0x5, 0x0, 0x3, 0x0, 0x6, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @broadcast, @multicast2}, "1a3f02eb38ad1bf6"}}}}}, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000700000000000000fbffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300000000000000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000018210000", @ANYRES32, @ANYBLOB="0000000000000101851000000700800018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000184000000600000000000000000000001851000009000000000000000000000085100000faffffff5318ffff10000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000040)='GPL\x00', 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x5, 0x4, 0x80000000, 0x5}, 0x10, 0x169a0, 0xffffffffffffffff, 0x3, &(0x7f0000000300)=[r0, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1], &(0x7f0000000340)=[{0x0, 0x4, 0x4, 0x6}, {0x1, 0x3, 0x8, 0x2}, {0x10000002, 0x2, 0x0, 0x3}], 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r1, 0x0, 0x57, 0x6e, &(0x7f0000000440)="15d4c1407a94870044be5992470874d1d7a41e1d097d8ce769e885209198ec130244a28a252cf6490b531ec29e021ada67f8b0f7b2a1b08a500375e79aacf5f2cf2ea9ca26ac74eff182dce9872f8b1ae6cbb89cb5fef8", &(0x7f00000004c0)=""/110, 0x9, 0x0, 0x27, 0xd3, &(0x7f0000000540)="a31b61a67eb50f6874312e2c7ac2f49727627a50383eeef9af526b75a049bb5b703b83d015af96", &(0x7f0000000580)="1324840f61f2582958c7a13a4cb07c12e6ecb79e1e4a5ce8e2b094cb1edf8582dfc76b94c7a32d6ad727284dee99911cbebac2b56de4b756a4b4d7ab40d887a06a1a64578ca3be4b2b1199f073af3b8786e28aaa18190e25a18d21a25234f582dce4358b52f6b2a6467c3f0c7739d6bd5a565b16e767e0da1df8fd4b076723d41eb010daaaeb5cf488ff4be3be97abe73c01bf69228aa29254faeba1beedba4f3f432007e825367a3d4e928f5c3a8adca1d0de94d2e7d7d9a0652a837242e2b09161c51dea51f2fc9a3ea6be63ad1a6444d530", 0x0, 0x0, 0x607}, 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000140), 0x0}, 0x20)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x4004)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB, @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

7.557959268s ago: executing program 4 (id=373):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f00000002c0)=@base={0x14, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x200002, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r4 = socket(0x1, 0x3, 0x0)
bind$unix(r4, &(0x7f0000000400)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

6.403883901s ago: executing program 4 (id=374):
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3)
ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000ec0)={'syz0\x00', {}, 0x0, [0x8, 0xe74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0xb16, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x5], [0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x2, 0x100e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbcd5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffe, 0x4], [0x0, 0x0, 0x0, 0xc63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0x1000, 0x0, 0x0, 0x80000003, 0x0, 0x5]}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
setreuid(0x0, 0xee00)
capset(0x0, &(0x7f0000000280)={0x1, 0x2, 0x1, 0x84, 0x6})
sync()
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x20000)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
capset(0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0x1c, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0)

6.207334822s ago: executing program 5 (id=375):
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3}, 0x38)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f0000000580), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
io_uring_setup(0x39e5, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000440)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x562, &(0x7f0000001600)="$eJzs3c9rHOUbAPBnNkl/f79NoRQVkUAPVmo3TeKPCh7qUbRY0Htdkmko2XRLdlOatND2YC9epAgiFsS73j0W/wH/ioIWipSgBy8rs5lNk2Y3u0m2SXQ/H5jwvjuz+86zM8+bd/adZQPoWyPZn0LEyxHxVRJxNCKSfN1g5CtHlrdbenprMluSqNc//SNpbJfVm6/VfN7hvPJSRPzyRcTpwvp2qwuLM6VyOZ3L66O12Wuj1YXFM1dmS9PpdHp1fGLi3NsT4++9+07PYn3j4l/ffvLww3Nfnlz65qfHx+4ncT6O5OtWx7ENd1ZXRmIkf0+G4vxzG471oLG9JNntHWBLBvI8H4qsDzgaA3nWA/99tyOiDvSpRP5Dn2qOA5rX9m2ug+u3d3ZYsmOefLB8AbQ+/sHlz0biQOPa6NBSsubKKLveHe5B+1kbP//+4H62RO8+hwDo6M7diDg7OLi+/0vy/m/rznaxzfNt6P9g5zzMxj9vthr/FFbGP9Fi/HO4Re5uRef8LzzuQTNtZeO/91uOf1cmrYYH8tr/GmO+oeTylXKa9W3/j4hTMbQ/q280n3Nu6VG93brV479sydpvjgXz/Xg8uH/tc6ZKN7cT8hpP7ka80nL8m6wc/6TF8c/ej4tdtnEiffBau3Wd43+x6j9EvN7y+D+b0Uo2np8cbZwPo82zYr0/7534tV37m4+/tzNt2fE/tHH8w8nq+drq5tv4/sDfabt1a+KPbs//Wmlf8lmjvC9/7EapVpsbi9iXfLz+8fFnz23Wm9tn8Z86uXH/1+r8PxgRn3cZ/73jP77aVfy7cP5n8U9t6vhvvvDoo5vftWu/u/7vrUbpVP5Idvw7xdXtDm7nvQMAAAAAAIC9phARRyIpFFfKhUKxuHx/x/E4VChXqrXTlyvzV6ei8V3Z4RgqNGe6j666H2Isvx+2WR9/rj4REcci4uuBg416cbJSntrt4AEAAAAAAAAAAAAAAAAAAGCPONzm+/+Z3wZ2e++AF85PfkP/6pj/vfilJ2BP8v8f+pf8h/4l/6F/yX/oX/If+pf8h/4l/6F/yX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqYsXLmRLfenprcmsPnV9YX6mcv3MVFqdKc7OTxYnK3PXitOVynQ5LU5WZju9XrlSuTY2HvM3RmtptTZaXVi8NFuZv1q7dGW2NJ1eSod2JCoAAAAAAAAAAAAAAAAAAAD4d6kuLM6UyuV0TkFhS4XBvbEbCj0u7HbPBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP/BMAAP//Yko41g==")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000200), 0xfea7)
copy_file_range(r6, 0x0, r5, 0x0, 0xffffffffa003e45c, 0x700000000000000)
sendmsg$nl_netfilter(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0xffffff70}, 0x1, 0x0, 0x0, 0x200050c0}, 0x4000000)
recvmmsg(r4, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000080)=""/141, 0x8d}], 0x1}, 0x17ba}], 0x1, 0x2000, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, 0x0, &(0x7f0000000000)=0x1e)
r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x3, 0x0)
ioctl$AUTOFS_IOC_FAIL(r8, 0x4c80, 0xffffffffffffffb6)

4.402045696s ago: executing program 6 (id=376):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f00000009c0)=[{{&(0x7f0000000600)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000640)}, {&(0x7f00000006c0)="6f255a0a54c99254750e7506f72d07b23f91f0cccb58d3176f7db67737634342fddb36ca21f68f6e1b49f26e806828318af17466e21fc6d60e0db5272f043c7ad921efd7585598757d48a4eb8804cc82d8448a478a81340f7eb0fe3b24b93005d65120e8f6d399c3927b256058884f95b68b3e84b435a275d8c4352b4a50c43c60b16c2d060ba7fd13d17a2570a5c26f47695b5443e8057f65a984d622d3a68d63e126d8122531018837f0ae", 0xac}, {&(0x7f00000007c0)="8798d0bc2d5dc2f675d0ce7e8bb806418d85a38bcd84775f82", 0x19}, {&(0x7f0000000800)="c73a0f9e31235d6f46bb47ec88de86bf4a8c5689f822909ba4", 0x19}, {0x0}], 0x5, &(0x7f0000000980)=[@ip_ttl={{0x14, 0x0, 0x2, 0xc93}}], 0x18}}], 0x1, 0x0)
sendto$rxrpc(r0, 0x0, 0x0, 0x88d1, &(0x7f0000000540)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e22, 0x6, @empty, 0x5}}, 0x24)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000041}, 0x84)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800", @ANYRES32=0x0, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000004"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xd, 0xd, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a006030"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[], 0xb8}}, 0x0)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0)

4.223984807s ago: executing program 0 (id=377):
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x1108, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r1}, 0x38)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f0000000580), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
io_uring_setup(0x39e5, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000440)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x562, &(0x7f0000001600)="$eJzs3c9rHOUbAPBnNkl/f79NoRQVkUAPVmo3TeKPCh7qUbRY0Htdkmko2XRLdlOatND2YC9epAgiFsS73j0W/wH/ioIWipSgBy8rs5lNk2Y3u0m2SXQ/H5jwvjuz+86zM8+bd/adZQPoWyPZn0LEyxHxVRJxNCKSfN1g5CtHlrdbenprMluSqNc//SNpbJfVm6/VfN7hvPJSRPzyRcTpwvp2qwuLM6VyOZ3L66O12Wuj1YXFM1dmS9PpdHp1fGLi3NsT4++9+07PYn3j4l/ffvLww3Nfnlz65qfHx+4ncT6O5OtWx7ENd1ZXRmIkf0+G4vxzG471oLG9JNntHWBLBvI8H4qsDzgaA3nWA/99tyOiDvSpRP5Dn2qOA5rX9m2ug+u3d3ZYsmOefLB8AbQ+/sHlz0biQOPa6NBSsubKKLveHe5B+1kbP//+4H62RO8+hwDo6M7diDg7OLi+/0vy/m/rznaxzfNt6P9g5zzMxj9vthr/FFbGP9Fi/HO4Re5uRef8LzzuQTNtZeO/91uOf1cmrYYH8tr/GmO+oeTylXKa9W3/j4hTMbQ/q280n3Nu6VG93brV479sydpvjgXz/Xg8uH/tc6ZKN7cT8hpP7ka80nL8m6wc/6TF8c/ej4tdtnEiffBau3Wd43+x6j9EvN7y+D+b0Uo2np8cbZwPo82zYr0/7534tV37m4+/tzNt2fE/tHH8w8nq+drq5tv4/sDfabt1a+KPbs//Wmlf8lmjvC9/7EapVpsbi9iXfLz+8fFnz23Wm9tn8Z86uXH/1+r8PxgRn3cZ/73jP77aVfy7cP5n8U9t6vhvvvDoo5vftWu/u/7vrUbpVP5Idvw7xdXtDm7nvQMAAAAAAIC9phARRyIpFFfKhUKxuHx/x/E4VChXqrXTlyvzV6ei8V3Z4RgqNGe6j666H2Isvx+2WR9/rj4REcci4uuBg416cbJSntrt4AEAAAAAAAAAAAAAAAAAAGCPONzm+/+Z3wZ2e++AF85PfkP/6pj/vfilJ2BP8v8f+pf8h/4l/6F/yX/oX/If+pf8h/4l/6F/yX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqYsXLmRLfenprcmsPnV9YX6mcv3MVFqdKc7OTxYnK3PXitOVynQ5LU5WZju9XrlSuTY2HvM3RmtptTZaXVi8NFuZv1q7dGW2NJ1eSod2JCoAAAAAAAAAAAAAAAAAAAD4d6kuLM6UyuV0TkFhS4XBvbEbCj0u7HbPBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP/BMAAP//Yko41g==")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000200), 0xfea7)
copy_file_range(r6, 0x0, r5, 0x0, 0xffffffffa003e45c, 0x700000000000000)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0xffffff70}, 0x1, 0x0, 0x0, 0x200050c0}, 0x4000000)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, 0x0, &(0x7f0000000000)=0x1e)
r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x3, 0x0)
ioctl$AUTOFS_IOC_FAIL(r8, 0x4c80, 0xffffffffffffffb6)

4.212216699s ago: executing program 2 (id=378):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x78}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804)

3.965536737s ago: executing program 6 (id=379):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
writev(0xffffffffffffffff, &(0x7f0000000500), 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000009a40)=0x4)
syz_usb_connect(0x6, 0x36, 0x0, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x29)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='comm\x00')
execve(&(0x7f0000000100)='./file0\x00', &(0x7f0000000380), &(0x7f00000004c0)={[&(0x7f00000003c0)='())\\@/\x00', &(0x7f0000000400)='0&-\x00', &(0x7f0000000440)='veth0_to_team\x00', &(0x7f0000000480)='-^!-&-\'\x00']})
socket$nl_netfilter(0x10, 0x3, 0xc)

2.563642355s ago: executing program 0 (id=380):
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x1108, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r1}, 0x38)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f0000000580), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
io_uring_setup(0x39e5, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x800)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000440)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x562, &(0x7f0000001600)="$eJzs3c9rHOUbAPBnNkl/f79NoRQVkUAPVmo3TeKPCh7qUbRY0Htdkmko2XRLdlOatND2YC9epAgiFsS73j0W/wH/ioIWipSgBy8rs5lNk2Y3u0m2SXQ/H5jwvjuz+86zM8+bd/adZQPoWyPZn0LEyxHxVRJxNCKSfN1g5CtHlrdbenprMluSqNc//SNpbJfVm6/VfN7hvPJSRPzyRcTpwvp2qwuLM6VyOZ3L66O12Wuj1YXFM1dmS9PpdHp1fGLi3NsT4++9+07PYn3j4l/ffvLww3Nfnlz65qfHx+4ncT6O5OtWx7ENd1ZXRmIkf0+G4vxzG471oLG9JNntHWBLBvI8H4qsDzgaA3nWA/99tyOiDvSpRP5Dn2qOA5rX9m2ug+u3d3ZYsmOefLB8AbQ+/sHlz0biQOPa6NBSsubKKLveHe5B+1kbP//+4H62RO8+hwDo6M7diDg7OLi+/0vy/m/rznaxzfNt6P9g5zzMxj9vthr/FFbGP9Fi/HO4Re5uRef8LzzuQTNtZeO/91uOf1cmrYYH8tr/GmO+oeTylXKa9W3/j4hTMbQ/q280n3Nu6VG93brV479sydpvjgXz/Xg8uH/tc6ZKN7cT8hpP7ka80nL8m6wc/6TF8c/ej4tdtnEiffBau3Wd43+x6j9EvN7y+D+b0Uo2np8cbZwPo82zYr0/7534tV37m4+/tzNt2fE/tHH8w8nq+drq5tv4/sDfabt1a+KPbs//Wmlf8lmjvC9/7EapVpsbi9iXfLz+8fFnz23Wm9tn8Z86uXH/1+r8PxgRn3cZ/73jP77aVfy7cP5n8U9t6vhvvvDoo5vftWu/u/7vrUbpVP5Idvw7xdXtDm7nvQMAAAAAAIC9phARRyIpFFfKhUKxuHx/x/E4VChXqrXTlyvzV6ei8V3Z4RgqNGe6j666H2Isvx+2WR9/rj4REcci4uuBg416cbJSntrt4AEAAAAAAAAAAAAAAAAAAGCPONzm+/+Z3wZ2e++AF85PfkP/6pj/vfilJ2BP8v8f+pf8h/4l/6F/yX/oX/If+pf8h/4l/6F/yX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqYsXLmRLfenprcmsPnV9YX6mcv3MVFqdKc7OTxYnK3PXitOVynQ5LU5WZju9XrlSuTY2HvM3RmtptTZaXVi8NFuZv1q7dGW2NJ1eSod2JCoAAAAAAAAAAAAAAAAAAAD4d6kuLM6UyuV0TkFhS4XBvbEbCj0u7HbPBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP/BMAAP//Yko41g==")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000200), 0xfea7)
copy_file_range(r7, 0x0, r6, 0x0, 0xffffffffa003e45c, 0x700000000000000)
sendmsg$nl_netfilter(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0xffffff70}, 0x1, 0x0, 0x0, 0x200050c0}, 0x4000000)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, 0x0, &(0x7f0000000000)=0x1e)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x3, 0x0)

2.186523892s ago: executing program 4 (id=381):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="6000000010000304f500"/20, @ANYBLOB="ef050000000000003000128009000100766c616e00000000200002800c0002000a0000001f00000006000100000000000600050088a8000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x60}, 0x1, 0x0, 0x0, 0x4004014}, 0x4000000)

1.416759884s ago: executing program 3 (id=382):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bind$802154_raw(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_getattr(r0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0xd34, 0x9)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

1.317153304s ago: executing program 0 (id=383):
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5886, 0x1, 0x2}, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x490420, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x100}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x4030582b, &(0x7f0000000180)={0x81, 0x3})

1.249750909s ago: executing program 4 (id=384):
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r3, r2, &(0x7f0000002080)=0x64, 0x23b)

176.102169ms ago: executing program 6 (id=385):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bind$802154_raw(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_getattr(r0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
pwritev(0xffffffffffffffff, 0x0, 0x0, 0xd34, 0x9)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
socket$unix(0x1, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})

75.909384ms ago: executing program 3 (id=386):
r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000140)=0x1c)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000180)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @dev={0xfe, 0x80, '\x00', 0x10}, 0x800, 0x0, 0x9, 0x100, 0x6, 0x400a0284})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
r1 = getpgid(0x0)
fcntl$setown(0xffffffffffffffff, 0x8, r1)
socket$packet(0x11, 0x2, 0x300)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0000000008010100000000000000000100000306000240001700000c00048008000140000000060900010073797a30000000000500030084000000a2b280126728220bb9fca93e4dd01a1ac328cf06f4f24828af41b33ee0c9acae545cc409ddd888a75abe4c3ab1f215de7f39e33b484dee1d93acc4d33a785a837ec79652e6a4b231f2955772b484683bc1bd5d455b0ef5c793fe8be42c261b0866cffb1fd56dc39cbed6a779326b43acb8c3311cd38c78a2f2b86dfaaf010967b34fc673eeb1d20b1b15bbac1defacda9eeb3824fc1109aff66e8193aacfecae27e425f1539d694892dea3"], 0x3c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='attr/current\x00')
preadv(r4, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r7, r6, &(0x7f0000002080)=0x64, 0x23b)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)

34.514821ms ago: executing program 4 (id=387):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @local}, @time_exceeded={0x3, 0x5, 0x0, 0x3, 0x0, 0x6, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @broadcast, @multicast2}, "1a3f02eb38ad1bf6"}}}}}, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000700000000000000fbffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300000000000000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000018210000", @ANYRES32, @ANYBLOB="0000000000000101851000000700800018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000184000000600000000000000000000001851000009000000000000000000000085100000faffffff5318ffff10000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000040)='GPL\x00', 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x5, 0x4, 0x80000000, 0x5}, 0x10, 0x169a0, 0xffffffffffffffff, 0x3, &(0x7f0000000300)=[r0, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1], &(0x7f0000000340)=[{0x0, 0x4, 0x4, 0x6}, {0x1, 0x3, 0x8, 0x2}, {0x10000002, 0x2, 0x0, 0x3}], 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r1, 0x0, 0x57, 0x6e, &(0x7f0000000440)="15d4c1407a94870044be5992470874d1d7a41e1d097d8ce769e885209198ec130244a28a252cf6490b531ec29e021ada67f8b0f7b2a1b08a500375e79aacf5f2cf2ea9ca26ac74eff182dce9872f8b1ae6cbb89cb5fef8", &(0x7f00000004c0)=""/110, 0x9, 0x0, 0x27, 0xd3, &(0x7f0000000540)="a31b61a67eb50f6874312e2c7ac2f49727627a50383eeef9af526b75a049bb5b703b83d015af96", &(0x7f0000000580)="1324840f61f2582958c7a13a4cb07c12e6ecb79e1e4a5ce8e2b094cb1edf8582dfc76b94c7a32d6ad727284dee99911cbebac2b56de4b756a4b4d7ab40d887a06a1a64578ca3be4b2b1199f073af3b8786e28aaa18190e25a18d21a25234f582dce4358b52f6b2a6467c3f0c7739d6bd5a565b16e767e0da1df8fd4b076723d41eb010daaaeb5cf488ff4be3be97abe73c01bf69228aa29254faeba1beedba4f3f432007e825367a3d4e928f5c3a8adca1d0de94d2e7d7d9a0652a837242e2b09161c51dea51f2fc9a3ea6be63ad1a6444d530", 0x0, 0x0, 0x607}, 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000140), 0x0}, 0x20)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x4004)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

0s ago: executing program 5 (id=388):
r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000140)=0x1c)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
r1 = getpgid(0x0)
fcntl$setown(0xffffffffffffffff, 0x8, r1)
r2 = socket$packet(0x11, 0x2, 0x300)
socket$can_j1939(0x1d, 0x2, 0x7)
bind$packet(r2, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x4, 0x6, @broadcast}, 0x14)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0000000008010100000000000000000100000306000240001700000c00048008000140000000060900010073797a30000000000500030084000000a2b280126728220bb9fca93e4dd01a1ac328cf06f4f24828af41b33ee0c9acae545cc409ddd888a75abe4c3ab1f215de7f39e33b484dee1d93acc4d33a785a837ec79652e6a4b231f2955772b484683bc1bd5d455b0ef5c793fe8be42c261b0866cffb1fd56dc39cbed6a779326b43acb8c3311cd38c78a2f2b86dfaaf010967b34fc673eeb1d20b1b15bbac1defacda9eeb3824fc1109aff66e8193aacfecae27e425f1539d694892dea3"], 0x3c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='attr/current\x00')
preadv(r5, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r8, r7, &(0x7f0000002080)=0x64, 0x23b)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)

kernel console output (not intermixed with test programs):

169 code=0x7ffc0000
[  150.760225][ T6197] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.781324][ T6197] bridge_slave_0: entered allmulticast mode
[  150.805457][ T6197] bridge_slave_0: entered promiscuous mode
[  150.823484][   T30] audit: type=1326 audit(1743981891.167:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6275 comm="syz.3.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  150.933573][   T30] audit: type=1326 audit(1743981891.167:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6275 comm="syz.3.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  150.988789][ T1332] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.320531][   T30] audit: type=1326 audit(1743981891.167:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6275 comm="syz.3.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  151.342913][   T30] audit: type=1326 audit(1743981891.167:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6275 comm="syz.3.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  151.612266][ T6291] loop5: detected capacity change from 0 to 40427
[  151.743714][ T6291] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x3fffff
[  151.755644][ T6291] F2FS-fs (loop5): invalid crc value
[  152.251102][ T6197] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.259221][ T6197] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.269072][ T6197] bridge_slave_1: entered allmulticast mode
[  152.417322][ T6291] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  152.543836][ T6197] bridge_slave_1: entered promiscuous mode
[  152.546212][   T30] audit: type=1326 audit(1743981891.167:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6275 comm="syz.3.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  152.573402][   T30] audit: type=1326 audit(1743981891.167:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6275 comm="syz.3.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  152.603360][   T30] audit: type=1326 audit(1743981891.167:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6275 comm="syz.3.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  152.626823][   T30] audit: type=1326 audit(1743981891.167:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6275 comm="syz.3.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  152.695696][ T6291] F2FS-fs (loop5): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  153.011096][ T5835] syz-executor: attempt to access beyond end of device
[  153.011096][ T5835] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  153.063448][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  153.063483][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  153.063497][ T5835] Call Trace:
[  153.063506][ T5835]  <TASK>
[  153.063516][ T5835]  dump_stack_lvl+0x241/0x360
[  153.063561][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.063607][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.063637][ T5835]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  153.063669][ T5835]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  153.063695][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.063723][ T5835]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  153.063765][ T5835]  f2fs_handle_critical_error+0x392/0x5a0
[  153.063809][ T5835]  f2fs_write_end_io+0x563/0x790
[  153.063856][ T5835]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  153.063900][ T5835]  ? bio_endio+0x7e4/0x890
[  153.063933][ T5835]  ? bio_endio+0x82a/0x890
[  153.063963][ T5835]  __submit_merged_bio+0x2a9/0x710
[  153.063994][ T5835]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  153.064033][ T5835]  f2fs_submit_merged_write_cond+0x29f/0x380
[  153.064079][ T5835]  f2fs_write_data_pages+0x2f99/0x38d0
[  153.064159][ T5835]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  153.064250][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.064278][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  153.064346][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.064373][ T5835]  ? folios_put_refs+0x70a/0x800
[  153.064423][ T5835]  ? __pfx_folios_put_refs+0x10/0x10
[  153.064455][ T5835]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  153.064481][ T5835]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  153.064521][ T5835]  do_writepages+0x366/0x890
[  153.064556][ T5835]  ? __pfx_do_writepages+0x10/0x10
[  153.064586][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.064615][ T5835]  ? __lock_acquire+0xad5/0xd80
[  153.064648][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.064675][ T5835]  ? do_raw_spin_lock+0x151/0x370
[  153.064725][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.064753][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  153.064801][ T5835]  filemap_fdatawrite+0x1f2/0x2a0
[  153.064834][ T5835]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  153.064863][ T5835]  ? mlock_drain_local+0x79/0x490
[  153.064938][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.064967][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  153.065014][ T5835]  f2fs_sync_dirty_inodes+0x34f/0x860
[  153.065073][ T5835]  f2fs_write_checkpoint+0x857/0x1da0
[  153.065120][ T5835]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  153.065191][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.065219][ T5835]  ? kfree+0x198/0x430
[  153.065249][ T5835]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  153.065276][ T5835]  ? kill_f2fs_super+0x290/0x6d0
[  153.065306][ T5835]  kill_f2fs_super+0x2b8/0x6d0
[  153.065363][ T5835]  ? __pfx_kill_f2fs_super+0x10/0x10
[  153.065396][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.065423][ T5835]  ? shrinker_free+0x2ca/0x3d0
[  153.065460][ T5835]  deactivate_locked_super+0xc6/0x130
[  153.065491][ T5835]  cleanup_mnt+0x422/0x4c0
[  153.065519][ T5835]  ? lockdep_hardirqs_on+0x9d/0x150
[  153.065554][ T5835]  task_work_run+0x253/0x310
[  153.065607][ T5835]  ? __pfx_task_work_run+0x10/0x10
[  153.065652][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.065685][ T5835]  syscall_exit_to_user_mode+0x13f/0x340
[  153.065719][ T5835]  do_syscall_64+0x100/0x230
[  153.065756][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.065780][ T5835] RIP: 0033:0x7fb543f8e497
[  153.065802][ T5835] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  153.065822][ T5835] RSP: 002b:00007ffd532a5df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  153.065847][ T5835] RAX: 0000000000000000 RBX: 00007fb54400e08c RCX: 00007fb543f8e497
[  153.065864][ T5835] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd532a5eb0
[  153.065878][ T5835] RBP: 00007ffd532a5eb0 R08: 0000000000000000 R09: 0000000000000000
[  153.065893][ T5835] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd532a6f40
[  153.065909][ T5835] R13: 00007fb54400e08c R14: 0000000000025461 R15: 00007ffd532a6f80
[  153.065947][ T5835]  </TASK>
[  153.636644][ T5835] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  153.661170][ T5916] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  153.763646][ T5896] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  153.953812][ T5896] usb 3-1: Using ep0 maxpacket: 16
[  154.151639][ T5896] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  154.270257][ T5896] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  154.288546][ T5896] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  154.298535][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.340138][ T6197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.361194][ T5896] usb 3-1: config 0 descriptor??
[  154.414504][ T5896] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  154.433509][ T6197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  154.720432][ T6314] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.87'.
[  154.786022][ T6197] team0: Port device team_slave_0 added
[  154.850223][ T6197] team0: Port device team_slave_1 added
[  155.062439][ T6197] batman_adv: batadv0: Adding interface: batadv_slave_0
[  155.095663][ T6197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.137751][ T6197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  155.185684][ T6197] batman_adv: batadv0: Adding interface: batadv_slave_1
[  155.209351][ T6197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.284976][ T6197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.330867][ T1332] bridge_slave_1: left allmulticast mode
[  155.338870][ T1332] bridge_slave_1: left promiscuous mode
[  155.364535][ T1332] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.434276][ T1332] bridge_slave_0: left allmulticast mode
[  155.448505][ T1332] bridge_slave_0: left promiscuous mode
[  155.472492][ T1332] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.572222][ T6332] syz.3.89 (6332): drop_caches: 2
[  156.588167][ T6332] syz.3.89 (6332): drop_caches: 2
[  157.933628][ T5899] usb 3-1: USB disconnect, device number 2
[  159.643136][ T6352] loop0: detected capacity change from 0 to 1024
[  159.650765][ T6352] EXT4-fs: Ignoring removed nobh option
[  159.656458][ T6352] EXT4-fs: Ignoring removed bh option
[  159.683424][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  159.683455][   T30] audit: type=1326 audit(1743981900.547:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.5.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  159.788040][ T6352] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.903485][   T30] audit: type=1326 audit(1743981900.547:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.5.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  159.927869][   T30] audit: type=1326 audit(1743981900.557:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.5.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  159.950046][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.102554][   T30] audit: type=1326 audit(1743981900.557:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.5.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  160.203459][   T30] audit: type=1326 audit(1743981900.557:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.5.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  160.270246][ T6359] loop3: detected capacity change from 0 to 40427
[  160.284779][ T6359] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3fffff
[  160.344384][ T6359] F2FS-fs (loop3): invalid crc value
[  160.352067][   T30] audit: type=1326 audit(1743981900.567:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.5.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  160.389150][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.410049][   T30] audit: type=1326 audit(1743981900.567:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.5.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  160.497420][   T30] audit: type=1326 audit(1743981900.567:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.5.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  160.519633][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.552768][ T6359] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  160.604061][ T6359] F2FS-fs (loop3): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  160.901961][ T5916] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  160.939172][   T30] audit: type=1326 audit(1743981900.577:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.5.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  160.963212][   T30] audit: type=1326 audit(1743981900.577:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.5.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  160.985290][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.985753][ T5836] syz-executor: attempt to access beyond end of device
[  160.985753][ T5836] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  161.055397][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  161.055445][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  161.055461][ T5836] Call Trace:
[  161.055472][ T5836]  <TASK>
[  161.055483][ T5836]  dump_stack_lvl+0x241/0x360
[  161.055543][ T5836]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.055582][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.055614][ T5836]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  161.055645][ T5836]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  161.055686][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.055715][ T5836]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  161.055762][ T5836]  f2fs_handle_critical_error+0x392/0x5a0
[  161.055811][ T5836]  f2fs_write_end_io+0x563/0x790
[  161.055864][ T5836]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  161.055910][ T5836]  ? bio_endio+0x7e4/0x890
[  161.055946][ T5836]  ? bio_endio+0x82a/0x890
[  161.055981][ T5836]  __submit_merged_bio+0x2a9/0x710
[  161.056012][ T5836]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  161.056054][ T5836]  f2fs_submit_merged_write_cond+0x29f/0x380
[  161.056106][ T5836]  f2fs_write_data_pages+0x2f99/0x38d0
[  161.056203][ T5836]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  161.056268][ T5836]  ? __kernel_text_address+0xd/0x40
[  161.056338][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.056367][ T5836]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  161.056415][ T5836]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  161.056457][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.056510][ T5836]  ? __mod_zone_page_state+0xda/0x150
[  161.056558][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.056586][ T5836]  ? folios_put_refs+0x711/0x800
[  161.056638][ T5836]  ? lockdep_hardirqs_on+0x9d/0x150
[  161.056678][ T5836]  ? __pfx_folios_put_refs+0x10/0x10
[  161.056712][ T5836]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  161.056739][ T5836]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  161.056783][ T5836]  do_writepages+0x366/0x890
[  161.056823][ T5836]  ? __pfx_do_writepages+0x10/0x10
[  161.056846][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.056873][ T5836]  ? __lock_acquire+0xad5/0xd80
[  161.056907][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.056934][ T5836]  ? do_raw_spin_lock+0x151/0x370
[  161.056988][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.057016][ T5836]  ? do_raw_spin_unlock+0x13c/0x8b0
[  161.057067][ T5836]  filemap_fdatawrite+0x1f2/0x2a0
[  161.057102][ T5836]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  161.057127][ T5836]  ? mlock_drain_local+0x79/0x490
[  161.057219][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.057248][ T5836]  ? do_raw_spin_unlock+0x13c/0x8b0
[  161.057299][ T5836]  f2fs_sync_dirty_inodes+0x34f/0x860
[  161.057364][ T5836]  f2fs_write_checkpoint+0x857/0x1da0
[  161.057420][ T5836]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  161.057506][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.057534][ T5836]  ? kfree+0x198/0x430
[  161.057565][ T5836]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  161.057594][ T5836]  ? kill_f2fs_super+0x290/0x6d0
[  161.057627][ T5836]  kill_f2fs_super+0x2b8/0x6d0
[  161.057662][ T5836]  ? __pfx_kill_f2fs_super+0x10/0x10
[  161.057703][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.057731][ T5836]  ? shrinker_free+0x2ca/0x3d0
[  161.057768][ T5836]  deactivate_locked_super+0xc6/0x130
[  161.057801][ T5836]  cleanup_mnt+0x422/0x4c0
[  161.057829][ T5836]  ? lockdep_hardirqs_on+0x9d/0x150
[  161.057866][ T5836]  task_work_run+0x253/0x310
[  161.057917][ T5836]  ? __pfx_task_work_run+0x10/0x10
[  161.057964][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  161.057999][ T5836]  syscall_exit_to_user_mode+0x13f/0x340
[  161.058036][ T5836]  do_syscall_64+0x100/0x230
[  161.058076][ T5836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.058100][ T5836] RIP: 0033:0x7f0e6058e497
[  161.058123][ T5836] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  161.058143][ T5836] RSP: 002b:00007ffc09ef64a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  161.058171][ T5836] RAX: 0000000000000000 RBX: 00007f0e6060e08c RCX: 00007f0e6058e497
[  161.058188][ T5836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc09ef6560
[  161.058204][ T5836] RBP: 00007ffc09ef6560 R08: 0000000000000000 R09: 0000000000000000
[  161.058220][ T5836] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc09ef75f0
[  161.058237][ T5836] R13: 00007f0e6060e08c R14: 0000000000027351 R15: 00007ffc09ef7630
[  161.058281][ T5836]  </TASK>
[  161.496424][ T5916] usb 3-1: Using ep0 maxpacket: 32
[  161.575375][ T5836] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  161.712497][ T5916] usb 3-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  161.743548][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  161.751733][ T5916] usb 3-1: Product: syz
[  162.215981][ T5916] usb 3-1: config 0 descriptor??
[  162.856467][ T6386] loop4: detected capacity change from 0 to 1024
[  162.876287][ T6386] EXT4-fs: Ignoring removed nobh option
[  162.881998][ T6386] EXT4-fs: Ignoring removed bh option
[  163.155692][ T6386] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.277362][ T5916] gspca_main: STV06xx-2.14.0 probing 046d:08f6
[  163.288297][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.318999][ T5916] gspca_stv06xx: st6422 sensor detected
[  163.465468][ T6391] loop0: detected capacity change from 0 to 1024
[  163.481223][ T6391] EXT4-fs: Ignoring removed nobh option
[  163.487826][ T6391] EXT4-fs: Ignoring removed bh option
[  163.560771][ T6394] netlink: 'syz.2.98': attribute type 4 has an invalid length.
[  163.616466][ T6391] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.934578][ T6393] loop5: detected capacity change from 0 to 1024
[  163.944640][ T6398] netlink: 4 bytes leftover after parsing attributes in process `syz.2.98'.
[  163.964924][ T6393] EXT4-fs: Ignoring removed nobh option
[  163.970574][ T6393] EXT4-fs: Ignoring removed bh option
[  163.991395][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.273567][ T6402] syz.4.103 (6402): drop_caches: 2
[  164.298162][ T6393] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.574615][ T6402] syz.4.103 (6402): drop_caches: 2
[  164.797300][ T6407] loop0: detected capacity change from 0 to 1024
[  164.804997][ T6407] EXT4-fs: Ignoring removed nobh option
[  164.810751][ T6407] EXT4-fs: Ignoring removed bh option
[  164.914172][ T6407] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.356750][ T5835] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.369087][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.390534][ T1332] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  165.468632][ T1332] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  166.240968][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  166.247470][   T30] audit: type=1326 audit(1743981907.427:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  166.670990][ T6425] syz.3.100 (6425): drop_caches: 2
[  166.689581][ T6425] syz.3.100 (6425): drop_caches: 2
[  167.043954][   T30] audit: type=1326 audit(1743981907.427:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  167.098361][   T30] audit: type=1326 audit(1743981907.427:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  167.153039][   T30] audit: type=1326 audit(1743981907.427:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  167.175604][   T30] audit: type=1326 audit(1743981907.427:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  167.199955][   T30] audit: type=1326 audit(1743981907.427:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  167.222399][   T30] audit: type=1326 audit(1743981907.427:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  167.250291][   T30] audit: type=1326 audit(1743981907.427:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  167.275930][ T1332] bond0 (unregistering): Released all slaves
[  167.304494][   T30] audit: type=1326 audit(1743981907.427:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  167.327370][   T30] audit: type=1326 audit(1743981907.427:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  169.300387][ T5916] STV06xx 3-1:0.0: probe with driver STV06xx failed with error -110
[  169.806983][ T6447] loop5: detected capacity change from 0 to 40427
[  169.945781][ T6447] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x3fffff
[  169.971517][ T6447] F2FS-fs (loop5): invalid crc value
[  170.079025][ T6447] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  170.147383][   T24] usb 3-1: USB disconnect, device number 3
[  170.221858][ T6458] syz.4.112 (6458): drop_caches: 2
[  170.229108][ T6458] syz.4.112 (6458): drop_caches: 2
[  170.900864][ T6447] F2FS-fs (loop5): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  171.546879][ T6467] loop0: detected capacity change from 0 to 1024
[  171.563360][ T6467] EXT4-fs: Ignoring removed nobh option
[  171.569037][ T6467] EXT4-fs: Ignoring removed bh option
[  171.860509][ T6467] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.946399][ T6197] hsr_slave_0: entered promiscuous mode
[  172.515175][ T6197] hsr_slave_1: entered promiscuous mode
[  172.522820][ T6197] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  172.540748][ T6472] loop3: detected capacity change from 0 to 1024
[  172.547319][ T6197] Cannot create hsr debugfs directory
[  172.548856][ T6472] EXT4-fs: Ignoring removed nobh option
[  172.558496][ T6472] EXT4-fs: Ignoring removed bh option
[  172.698977][ T6472] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.830717][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.986412][ T5835] syz-executor: attempt to access beyond end of device
[  172.986412][ T5835] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  173.009739][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.034259][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  173.034299][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  173.034313][ T5835] Call Trace:
[  173.034322][ T5835]  <TASK>
[  173.034338][ T5835]  dump_stack_lvl+0x241/0x360
[  173.034384][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.034417][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.034443][ T5835]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  173.034469][ T5835]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  173.034495][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.034519][ T5835]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  173.034559][ T5835]  f2fs_handle_critical_error+0x392/0x5a0
[  173.034601][ T5835]  f2fs_write_end_io+0x563/0x790
[  173.034646][ T5835]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  173.034687][ T5835]  ? bio_endio+0x7e4/0x890
[  173.034721][ T5835]  ? bio_endio+0x82a/0x890
[  173.034751][ T5835]  __submit_merged_bio+0x2a9/0x710
[  173.034779][ T5835]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  173.034817][ T5835]  f2fs_submit_merged_write_cond+0x29f/0x380
[  173.034861][ T5835]  f2fs_write_data_pages+0x2f99/0x38d0
[  173.034946][ T5835]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  173.034997][ T5835]  ? __kernel_text_address+0xd/0x40
[  173.035056][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.035080][ T5835]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  173.035121][ T5835]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  173.035160][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.035202][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.035226][ T5835]  ? __lock_acquire+0xad5/0xd80
[  173.035257][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.035281][ T5835]  ? do_raw_spin_lock+0x151/0x370
[  173.035324][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.035353][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  173.035391][ T5835]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  173.035429][ T5835]  do_writepages+0x366/0x890
[  173.035464][ T5835]  ? __pfx_do_writepages+0x10/0x10
[  173.035484][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.035509][ T5835]  ? __lock_acquire+0xad5/0xd80
[  173.035538][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.035563][ T5835]  ? do_raw_spin_lock+0x151/0x370
[  173.035611][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.035635][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  173.035680][ T5835]  filemap_fdatawrite+0x1f2/0x2a0
[  173.035709][ T5835]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  173.035731][ T5835]  ? mlock_drain_local+0x79/0x490
[  173.035810][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.035835][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  173.035879][ T5835]  f2fs_sync_dirty_inodes+0x34f/0x860
[  173.035936][ T5835]  f2fs_write_checkpoint+0x857/0x1da0
[  173.035984][ T5835]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  173.036058][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.036083][ T5835]  ? kfree+0x198/0x430
[  173.036110][ T5835]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  173.036135][ T5835]  ? kill_f2fs_super+0x290/0x6d0
[  173.036164][ T5835]  kill_f2fs_super+0x2b8/0x6d0
[  173.036194][ T5835]  ? __pfx_kill_f2fs_super+0x10/0x10
[  173.036226][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.036250][ T5835]  ? shrinker_free+0x2ca/0x3d0
[  173.036284][ T5835]  deactivate_locked_super+0xc6/0x130
[  173.036312][ T5835]  cleanup_mnt+0x422/0x4c0
[  173.036341][ T5835]  ? lockdep_hardirqs_on+0x9d/0x150
[  173.036373][ T5835]  task_work_run+0x253/0x310
[  173.036417][ T5835]  ? __pfx_task_work_run+0x10/0x10
[  173.036458][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.036489][ T5835]  syscall_exit_to_user_mode+0x13f/0x340
[  173.036522][ T5835]  do_syscall_64+0x100/0x230
[  173.036557][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.036578][ T5835] RIP: 0033:0x7fb543f8e497
[  173.036599][ T5835] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  173.036617][ T5835] RSP: 002b:00007ffd532a5df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  173.036640][ T5835] RAX: 0000000000000000 RBX: 00007fb54400e08c RCX: 00007fb543f8e497
[  173.036656][ T5835] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd532a5eb0
[  173.036669][ T5835] RBP: 00007ffd532a5eb0 R08: 0000000000000000 R09: 0000000000000000
[  173.036683][ T5835] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd532a6f40
[  173.036698][ T5835] R13: 00007fb54400e08c R14: 0000000000029c24 R15: 00007ffd532a6f80
[  173.036736][ T5835]  </TASK>
[  173.037064][ T5835] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  174.417286][ T6493] loop0: detected capacity change from 0 to 1024
[  174.428747][ T6493] EXT4-fs: Ignoring removed nobh option
[  174.436819][ T6493] EXT4-fs: Ignoring removed bh option
[  174.968250][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  174.968302][   T30] audit: type=1326 audit(1743981916.307:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6491 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  175.349467][ T6493] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.404590][   T30] audit: type=1326 audit(1743981916.307:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6491 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  175.443455][ T1332] hsr_slave_0: left promiscuous mode
[  175.456655][   T30] audit: type=1326 audit(1743981916.307:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6491 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  175.493507][   T30] audit: type=1326 audit(1743981916.307:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6491 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  175.559846][ T1332] hsr_slave_1: left promiscuous mode
[  175.576532][ T1332] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  175.593745][   T30] audit: type=1326 audit(1743981916.307:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6491 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  175.603387][ T1332] batman_adv: batadv0: Removing interface: batadv_slave_0
[  175.636490][   T30] audit: type=1326 audit(1743981916.317:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6491 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  175.750897][   T30] audit: type=1326 audit(1743981916.317:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6491 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  175.800592][ T6507] loop3: detected capacity change from 0 to 1024
[  175.805022][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.808154][ T6507] EXT4-fs: Ignoring removed nobh option
[  175.821791][ T6507] EXT4-fs: Ignoring removed bh option
[  175.823385][   T30] audit: type=1326 audit(1743981916.317:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6491 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  175.834230][ T1332] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  175.970999][   T30] audit: type=1326 audit(1743981916.317:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6491 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  176.065815][ T1332] batman_adv: batadv0: Removing interface: batadv_slave_1
[  176.109888][ T6507] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.268843][   T30] audit: type=1326 audit(1743981916.327:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6491 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e6058d169 code=0x7ffc0000
[  176.291488][ T1332] veth1_macvtap: left promiscuous mode
[  176.291655][ T1332] veth0_macvtap: left promiscuous mode
[  176.292616][ T1332] veth1_vlan: left promiscuous mode
[  176.404169][ T1332] veth0_vlan: left promiscuous mode
[  176.434827][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.601127][ T6516] loop0: detected capacity change from 0 to 1024
[  176.627150][ T6516] EXT4-fs: Ignoring removed nobh option
[  176.632997][ T6516] EXT4-fs: Ignoring removed bh option
[  176.727071][ T6516] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.197061][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.343711][ T5916] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  179.553894][ T5916] usb 1-1: Using ep0 maxpacket: 32
[  179.626530][ T5916] usb 1-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  179.679562][ T5916] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  179.736004][ T5916] usb 1-1: Product: syz
[  179.746775][ T5916] usb 1-1: config 0 descriptor??
[  179.759946][ T5916] gspca_main: STV06xx-2.14.0 probing 046d:08f6
[  179.768790][ T5916] gspca_stv06xx: st6422 sensor detected
[  180.106342][ T6554] loop3: detected capacity change from 0 to 1024
[  180.114009][ T6554] EXT4-fs: Ignoring removed nobh option
[  180.119712][ T6554] EXT4-fs: Ignoring removed bh option
[  180.206619][ T6554] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  180.345424][ T6547] netlink: 'syz.0.127': attribute type 4 has an invalid length.
[  180.636792][ T6559] netlink: 4 bytes leftover after parsing attributes in process `syz.0.127'.
[  180.742996][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.924617][ T1332] team0 (unregistering): Port device team_slave_1 removed
[  181.518784][ T1332] team0 (unregistering): Port device team_slave_0 removed
[  183.663509][ T6566] loop4: detected capacity change from 0 to 1024
[  183.681277][ T6566] EXT4-fs: Ignoring removed nobh option
[  183.687132][ T6566] EXT4-fs: Ignoring removed bh option
[  184.334714][ T6566] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  184.512124][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.995007][ T6572] loop4: detected capacity change from 0 to 40427
[  185.007067][ T6572] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x3fffff
[  185.035259][ T6572] F2FS-fs (loop4): invalid crc value
[  185.084970][ T5916] STV06xx 1-1:0.0: probe with driver STV06xx failed with error -110
[  185.149013][ T6572] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  185.237703][ T6576] F2FS-fs (loop4): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  186.942118][ T5840] syz-executor: attempt to access beyond end of device
[  186.942118][ T5840] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  186.967678][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  186.967710][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  186.967724][ T5840] Call Trace:
[  186.967733][ T5840]  <TASK>
[  186.967743][ T5840]  dump_stack_lvl+0x241/0x360
[  186.967788][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.967821][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.967846][ T5840]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  186.967872][ T5840]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  186.967897][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.967923][ T5840]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  186.967963][ T5840]  f2fs_handle_critical_error+0x392/0x5a0
[  186.968006][ T5840]  f2fs_write_end_io+0x563/0x790
[  186.968051][ T5840]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  186.968092][ T5840]  ? bio_endio+0x7e4/0x890
[  186.968123][ T5840]  ? bio_endio+0x82a/0x890
[  186.968155][ T5840]  __submit_merged_bio+0x2a9/0x710
[  186.968184][ T5840]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  186.968223][ T5840]  f2fs_submit_merged_write_cond+0x29f/0x380
[  186.968271][ T5840]  f2fs_write_data_pages+0x2f99/0x38d0
[  186.968360][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  186.968392][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.968480][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.968505][ T5840]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  186.968547][ T5840]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  186.968591][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.968636][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.968662][ T5840]  ? __lock_acquire+0xad5/0xd80
[  186.968694][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.968720][ T5840]  ? do_raw_spin_lock+0x151/0x370
[  186.968767][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.968792][ T5840]  ? do_raw_spin_unlock+0x13c/0x8b0
[  186.968833][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  186.968873][ T5840]  do_writepages+0x366/0x890
[  186.968911][ T5840]  ? __pfx_do_writepages+0x10/0x10
[  186.968933][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.968958][ T5840]  ? __lock_acquire+0xad5/0xd80
[  186.968989][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.969015][ T5840]  ? do_raw_spin_lock+0x151/0x370
[  186.969065][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.969091][ T5840]  ? do_raw_spin_unlock+0x13c/0x8b0
[  186.969138][ T5840]  filemap_fdatawrite+0x1f2/0x2a0
[  186.969170][ T5840]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  186.969192][ T5840]  ? mlock_drain_local+0x79/0x490
[  186.969280][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.969307][ T5840]  ? do_raw_spin_unlock+0x13c/0x8b0
[  186.969355][ T5840]  f2fs_sync_dirty_inodes+0x34f/0x860
[  186.969415][ T5840]  f2fs_write_checkpoint+0x857/0x1da0
[  186.969468][ T5840]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  186.969550][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.969582][ T5840]  ? kfree+0x198/0x430
[  186.969609][ T5840]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  186.969637][ T5840]  ? kill_f2fs_super+0x290/0x6d0
[  186.969668][ T5840]  kill_f2fs_super+0x2b8/0x6d0
[  186.969700][ T5840]  ? __pfx_kill_f2fs_super+0x10/0x10
[  186.969735][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.969762][ T5840]  ? shrinker_free+0x2ca/0x3d0
[  186.969797][ T5840]  deactivate_locked_super+0xc6/0x130
[  186.969828][ T5840]  cleanup_mnt+0x422/0x4c0
[  186.969855][ T5840]  ? lockdep_hardirqs_on+0x9d/0x150
[  186.969890][ T5840]  task_work_run+0x253/0x310
[  186.969938][ T5840]  ? __pfx_task_work_run+0x10/0x10
[  186.969982][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  186.970016][ T5840]  syscall_exit_to_user_mode+0x13f/0x340
[  186.970053][ T5840]  do_syscall_64+0x100/0x230
[  186.970090][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.970113][ T5840] RIP: 0033:0x7f414cd8e497
[  186.970134][ T5840] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  186.970153][ T5840] RSP: 002b:00007fff6705ffe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  186.970178][ T5840] RAX: 0000000000000000 RBX: 00007f414ce0e08c RCX: 00007f414cd8e497
[  186.970194][ T5840] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff670600a0
[  186.970209][ T5840] RBP: 00007fff670600a0 R08: 0000000000000000 R09: 0000000000000000
[  186.970223][ T5840] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff67061130
[  186.970239][ T5840] R13: 00007f414ce0e08c R14: 000000000002d3aa R15: 00007fff67061170
[  186.970281][ T5840]  </TASK>
[  186.970291][ T5840] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  188.496102][ T6587] loop2: detected capacity change from 0 to 1024
[  188.510602][ T6587] EXT4-fs: Ignoring removed nobh option
[  188.516359][ T6587] EXT4-fs: Ignoring removed bh option
[  188.807119][ T6587] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.850664][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.862045][   T24] usb 1-1: USB disconnect, device number 2
[  191.142576][ T6601] syz.5.142 (6601): drop_caches: 2
[  191.229832][ T6601] syz.5.142 (6601): drop_caches: 2
[  191.775692][ T6618] loop4: detected capacity change from 0 to 40427
[  192.074166][ T6618] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x3fffff
[  192.115549][ T6618] F2FS-fs (loop4): invalid crc value
[  192.317847][ T6618] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  192.530613][ T6621] syz.3.144 (6621): drop_caches: 2
[  192.626369][ T6628] F2FS-fs (loop4): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  192.966946][ T5840] syz-executor: attempt to access beyond end of device
[  192.966946][ T5840] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  193.002776][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  193.002817][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  193.002834][ T5840] Call Trace:
[  193.002845][ T5840]  <TASK>
[  193.002856][ T5840]  dump_stack_lvl+0x241/0x360
[  193.002908][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.002948][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.002979][ T5840]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  193.003009][ T5840]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  193.003038][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.003068][ T5840]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  193.003113][ T5840]  f2fs_handle_critical_error+0x392/0x5a0
[  193.003160][ T5840]  f2fs_write_end_io+0x563/0x790
[  193.003217][ T5840]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  193.003262][ T5840]  ? bio_endio+0x7e4/0x890
[  193.003296][ T5840]  ? bio_endio+0x82a/0x890
[  193.003329][ T5840]  __submit_merged_bio+0x2a9/0x710
[  193.003362][ T5840]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  193.003405][ T5840]  f2fs_submit_merged_write_cond+0x29f/0x380
[  193.003454][ T5840]  f2fs_write_data_pages+0x2f99/0x38d0
[  193.003540][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.003602][ T5840]  ? __kernel_text_address+0xd/0x40
[  193.003664][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.003694][ T5840]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  193.003742][ T5840]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  193.003787][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.003835][ T5840]  ? lockdep_hardirqs_on+0x9d/0x150
[  193.003873][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.003902][ T5840]  ? folios_put_refs+0x711/0x800
[  193.003957][ T5840]  ? __pfx_folios_put_refs+0x10/0x10
[  193.003991][ T5840]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  193.004019][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.004062][ T5840]  do_writepages+0x366/0x890
[  193.004100][ T5840]  ? __pfx_do_writepages+0x10/0x10
[  193.004123][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.004153][ T5840]  ? __lock_acquire+0xad5/0xd80
[  193.004188][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.004215][ T5840]  ? do_raw_spin_lock+0x151/0x370
[  193.004268][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.004297][ T5840]  ? do_raw_spin_unlock+0x13c/0x8b0
[  193.004345][ T5840]  filemap_fdatawrite+0x1f2/0x2a0
[  193.004379][ T5840]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  193.004405][ T5840]  ? mlock_drain_local+0x79/0x490
[  193.004484][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.004514][ T5840]  ? do_raw_spin_unlock+0x13c/0x8b0
[  193.004565][ T5840]  f2fs_sync_dirty_inodes+0x34f/0x860
[  193.004633][ T5840]  f2fs_write_checkpoint+0x857/0x1da0
[  193.004684][ T5840]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  193.004756][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.004787][ T5840]  ? kfree+0x198/0x430
[  193.004820][ T5840]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  193.004849][ T5840]  ? kill_f2fs_super+0x290/0x6d0
[  193.004882][ T5840]  kill_f2fs_super+0x2b8/0x6d0
[  193.004915][ T5840]  ? __pfx_kill_f2fs_super+0x10/0x10
[  193.004950][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.004979][ T5840]  ? shrinker_free+0x2ca/0x3d0
[  193.005018][ T5840]  deactivate_locked_super+0xc6/0x130
[  193.005052][ T5840]  cleanup_mnt+0x422/0x4c0
[  193.005081][ T5840]  ? lockdep_hardirqs_on+0x9d/0x150
[  193.005118][ T5840]  task_work_run+0x253/0x310
[  193.005173][ T5840]  ? __pfx_task_work_run+0x10/0x10
[  193.005221][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  193.005257][ T5840]  syscall_exit_to_user_mode+0x13f/0x340
[  193.005294][ T5840]  do_syscall_64+0x100/0x230
[  193.005358][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.005384][ T5840] RIP: 0033:0x7f414cd8e497
[  193.005408][ T5840] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  193.005430][ T5840] RSP: 002b:00007fff6705ffe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  193.005459][ T5840] RAX: 0000000000000000 RBX: 00007f414ce0e08c RCX: 00007f414cd8e497
[  193.005477][ T5840] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff670600a0
[  193.005494][ T5840] RBP: 00007fff670600a0 R08: 0000000000000000 R09: 0000000000000000
[  193.005511][ T5840] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff67061130
[  193.005526][ T5840] R13: 00007f414ce0e08c R14: 000000000002f0c5 R15: 00007fff67061170
[  193.005561][ T5840]  </TASK>
[  193.529202][ T5840] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  193.599073][ T6197] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  195.503884][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  195.522690][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  195.532842][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  195.541577][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  195.551358][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  196.153800][ T6660] loop5: detected capacity change from 0 to 40427
[  196.195873][ T6660] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x3fffff
[  196.244240][ T6660] F2FS-fs (loop5): invalid crc value
[  196.465600][ T6660] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  196.912644][ T6660] F2FS-fs (loop5): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  197.714660][ T5854] Bluetooth: hci1: command tx timeout
[  197.954938][ T5835] syz-executor: attempt to access beyond end of device
[  197.954938][ T5835] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  198.003189][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  198.003232][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  198.003248][ T5835] Call Trace:
[  198.003258][ T5835]  <TASK>
[  198.003269][ T5835]  dump_stack_lvl+0x241/0x360
[  198.003321][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.003360][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.003391][ T5835]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  198.003421][ T5835]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  198.003451][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.003480][ T5835]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  198.003525][ T5835]  f2fs_handle_critical_error+0x392/0x5a0
[  198.003573][ T5835]  f2fs_write_end_io+0x563/0x790
[  198.003628][ T5835]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  198.003675][ T5835]  ? __rcu_read_unlock+0xa1/0x110
[  198.003705][ T5835]  ? bio_endio+0x82a/0x890
[  198.003741][ T5835]  __submit_merged_bio+0x2a9/0x710
[  198.003774][ T5835]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  198.003817][ T5835]  f2fs_submit_merged_write_cond+0x29f/0x380
[  198.003867][ T5835]  f2fs_write_data_pages+0x2f99/0x38d0
[  198.003950][ T5835]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  198.004042][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.004071][ T5835]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  198.004118][ T5835]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  198.004162][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.004207][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.004235][ T5835]  ? __lock_acquire+0xad5/0xd80
[  198.004269][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.004297][ T5835]  ? do_raw_spin_lock+0x151/0x370
[  198.004345][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.004374][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  198.004417][ T5835]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  198.004460][ T5835]  do_writepages+0x366/0x890
[  198.004498][ T5835]  ? __pfx_do_writepages+0x10/0x10
[  198.004521][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.004550][ T5835]  ? __lock_acquire+0xad5/0xd80
[  198.004587][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.004617][ T5835]  ? do_raw_spin_lock+0x151/0x370
[  198.004669][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.004698][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  198.004748][ T5835]  filemap_fdatawrite+0x1f2/0x2a0
[  198.004781][ T5835]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  198.004807][ T5835]  ? mlock_drain_local+0x79/0x490
[  198.004888][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.004917][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  198.004967][ T5835]  f2fs_sync_dirty_inodes+0x34f/0x860
[  198.005028][ T5835]  f2fs_write_checkpoint+0x857/0x1da0
[  198.005078][ T5835]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  198.005154][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.005186][ T5835]  ? kfree+0x198/0x430
[  198.005218][ T5835]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  198.005247][ T5835]  ? kill_f2fs_super+0x290/0x6d0
[  198.005279][ T5835]  kill_f2fs_super+0x2b8/0x6d0
[  198.005337][ T5835]  ? __pfx_kill_f2fs_super+0x10/0x10
[  198.005371][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.005400][ T5835]  ? shrinker_free+0x2ca/0x3d0
[  198.005438][ T5835]  deactivate_locked_super+0xc6/0x130
[  198.005471][ T5835]  cleanup_mnt+0x422/0x4c0
[  198.005500][ T5835]  ? lockdep_hardirqs_on+0x9d/0x150
[  198.005537][ T5835]  task_work_run+0x253/0x310
[  198.005596][ T5835]  ? __pfx_task_work_run+0x10/0x10
[  198.005643][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.005678][ T5835]  syscall_exit_to_user_mode+0x13f/0x340
[  198.005715][ T5835]  do_syscall_64+0x100/0x230
[  198.005754][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.005780][ T5835] RIP: 0033:0x7fb543f8e497
[  198.005802][ T5835] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  198.005822][ T5835] RSP: 002b:00007ffd532a5df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  198.005849][ T5835] RAX: 0000000000000000 RBX: 00007fb54400e08c RCX: 00007fb543f8e497
[  198.005867][ T5835] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd532a5eb0
[  198.005882][ T5835] RBP: 00007ffd532a5eb0 R08: 0000000000000000 R09: 0000000000000000
[  198.005898][ T5835] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd532a6f40
[  198.005915][ T5835] R13: 00007fb54400e08c R14: 000000000003006f R15: 00007ffd532a6f80
[  198.005954][ T5835]  </TASK>
[  198.680751][ T5835] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  198.930505][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  198.939526][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  199.456722][   T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  199.819405][   T10] usb 4-1: Using ep0 maxpacket: 32
[  199.872519][   T10] usb 4-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  199.911610][   T10] usb 4-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  200.014135][ T5854] Bluetooth: hci1: command tx timeout
[  200.153303][   T10] usb 4-1: Product: syz
[  200.719431][   T10] usb 4-1: config 0 descriptor??
[  200.784293][   T10] usb 4-1: can't set config #0, error -71
[  200.823361][   T10] usb 4-1: USB disconnect, device number 4
[  200.947284][ T6698] syz.4.158 (6698): drop_caches: 2
[  200.956240][ T6698] syz.4.158 (6698): drop_caches: 2
[  202.040483][ T5854] Bluetooth: hci1: command tx timeout
[  202.582465][ T6722] input: syz0 as /devices/virtual/input/input7
[  202.611382][ T6650] chnl_net:caif_netlink_parms(): no params data found
[  203.111906][ T6736] netlink: 16 bytes leftover after parsing attributes in process `syz.2.165'.
[  203.155222][ T6736] netlink: 16 bytes leftover after parsing attributes in process `syz.2.165'.
[  204.115207][ T5854] Bluetooth: hci1: command tx timeout
[  204.861821][ T6760] syz.5.168 (6760): drop_caches: 2
[  204.941712][ T6760] syz.5.168 (6760): drop_caches: 2
[  205.951079][ T6761] loop2: detected capacity change from 0 to 1024
[  205.958671][ T6761] EXT4-fs: Ignoring removed nobh option
[  205.964421][ T6761] EXT4-fs: Ignoring removed bh option
[  206.030708][ T6761] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.102208][ T6650] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.139967][ T6650] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.163746][ T6650] bridge_slave_0: entered allmulticast mode
[  206.181611][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.190158][ T6650] bridge_slave_0: entered promiscuous mode
[  206.246923][ T6650] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.288473][ T6650] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.322113][ T6650] bridge_slave_1: entered allmulticast mode
[  206.368604][ T6650] bridge_slave_1: entered promiscuous mode
[  206.924881][ T6785] overlayfs: overlapping lowerdir path
[  207.043433][ T6786] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  207.605360][ T6774] syz.5.173 (6774): drop_caches: 2
[  207.673435][ T6774] syz.5.173 (6774): drop_caches: 2
[  207.713566][ T6775] loop3: detected capacity change from 0 to 1024
[  207.732626][ T6775] EXT4-fs: Ignoring removed nobh option
[  207.743172][ T6775] EXT4-fs: Ignoring removed bh option
[  207.839146][ T6790] syz.4.176 (6790): drop_caches: 2
[  207.848295][ T6790] syz.4.176 (6790): drop_caches: 2
[  207.863159][ T6650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  207.888662][ T6775] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.988186][ T6650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.065943][ T6798] syz.0.177 (6798): drop_caches: 2
[  208.074810][ T6798] syz.0.177 (6798): drop_caches: 2
[  208.213593][ T5901] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  208.250308][ T6650] team0: Port device team_slave_0 added
[  208.324419][ T6650] team0: Port device team_slave_1 added
[  208.374413][ T5901] usb 3-1: Using ep0 maxpacket: 32
[  208.402891][ T5901] usb 3-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  209.401924][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  209.591477][ T5901] usb 3-1: Product: syz
[  209.629649][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.642876][ T5901] usb 3-1: config 0 descriptor??
[  209.670464][ T5901] gspca_main: STV06xx-2.14.0 probing 046d:08f6
[  209.678941][ T5901] gspca_stv06xx: st6422 sensor detected
[  209.834214][ T6814] netlink: 16 bytes leftover after parsing attributes in process `syz.4.181'.
[  209.865820][ T6814] netlink: 8 bytes leftover after parsing attributes in process `syz.4.181'.
[  209.877960][ T6650] batman_adv: batadv0: Adding interface: batadv_slave_0
[  209.902241][ T6650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.937597][ T6650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  210.197673][ T6820] loop4: detected capacity change from 0 to 1024
[  210.213129][ T6820] EXT4-fs: Ignoring removed nobh option
[  210.218991][ T6820] EXT4-fs: Ignoring removed bh option
[  210.426017][ T6821] netlink: 'syz.2.175': attribute type 4 has an invalid length.
[  210.518697][ T6650] batman_adv: batadv0: Adding interface: batadv_slave_1
[  210.530021][ T6650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.672897][ T6793] netlink: 4 bytes leftover after parsing attributes in process `syz.2.175'.
[  211.214134][ T6650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  211.324192][ T6820] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.525941][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.412476][ T6839] syz.0.185 (6839): drop_caches: 2
[  212.420115][ T6839] syz.0.185 (6839): drop_caches: 2
[  212.461510][ T6650] hsr_slave_0: entered promiscuous mode
[  212.475406][ T6650] hsr_slave_1: entered promiscuous mode
[  212.481791][ T6650] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  212.527070][ T6650] Cannot create hsr debugfs directory
[  212.781959][ T6842] loop4: detected capacity change from 0 to 1024
[  212.797586][ T6842] EXT4-fs: Ignoring removed nobh option
[  212.803441][ T6842] EXT4-fs: Ignoring removed bh option
[  213.030487][ T6842] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.403059][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.748101][ T5901] STV06xx 3-1:0.0: probe with driver STV06xx failed with error -71
[  213.795274][ T5901] usb 3-1: USB disconnect, device number 4
[  214.623434][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  214.623457][   T30] audit: type=1326 audit(1743981955.517:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  214.863509][ T5896] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  215.293578][ T5896] usb 1-1: Using ep0 maxpacket: 8
[  215.433735][   T30] audit: type=1326 audit(1743981955.517:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  215.456693][   T30] audit: type=1326 audit(1743981955.517:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  215.483188][   T30] audit: type=1326 audit(1743981955.517:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  215.611519][   T30] audit: type=1326 audit(1743981955.517:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  215.758133][ T5896] usb 1-1: unable to get BOS descriptor or descriptor too short
[  215.807351][ T5896] usb 1-1: no configurations
[  215.862131][ T5896] usb 1-1: can't read configurations, error -22
[  215.883435][   T30] audit: type=1326 audit(1743981955.517:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  216.139917][ T6866] loop3: detected capacity change from 0 to 1024
[  216.154239][ T6866] EXT4-fs: Ignoring removed nobh option
[  216.159999][ T6866] EXT4-fs: Ignoring removed bh option
[  216.162890][   T30] audit: type=1326 audit(1743981955.517:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  216.459811][   T30] audit: type=1326 audit(1743981955.517:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  216.505174][ T6866] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.578613][ T6874] syz.4.190 (6874): drop_caches: 2
[  216.605492][   T30] audit: type=1326 audit(1743981955.517:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  216.642112][ T6874] syz.4.190 (6874): drop_caches: 2
[  216.887261][ T6878] netlink: 16 bytes leftover after parsing attributes in process `syz.0.193'.
[  216.912739][ T6878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.193'.
[  217.075238][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.088649][ T5853] Bluetooth: hci2: command 0x0406 tx timeout
[  217.096585][   T56] Bluetooth: hci4: command 0x0406 tx timeout
[  217.103828][ T5853] Bluetooth: hci3: command 0x0406 tx timeout
[  217.110698][   T56] Bluetooth: hci5: command 0x0406 tx timeout
[  217.113616][ T5846] Bluetooth: hci0: command 0x0406 tx timeout
[  217.128959][   T30] audit: type=1326 audit(1743981955.517:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6852 comm="syz.4.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f414cd8d169 code=0x7ffc0000
[  217.867646][ T5896] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  218.005889][ T5896] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  218.948717][ T6891] loop0: detected capacity change from 0 to 1024
[  218.956128][ T6891] EXT4-fs: Ignoring removed nobh option
[  218.961735][ T6891] EXT4-fs: Ignoring removed bh option
[  219.855896][ T6891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.836628][ T6903] syz.2.198 (6903): drop_caches: 2
[  220.879841][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.330216][ T5901] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  222.803380][ T5901] usb 3-1: Using ep0 maxpacket: 8
[  223.588557][ T5901] usb 3-1: unable to get BOS descriptor or descriptor too short
[  223.602673][ T5901] usb 3-1: no configurations
[  223.642512][ T5901] usb 3-1: can't read configurations, error -22
[  223.818616][ T6650] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  224.380987][ T6936] netlink: 16 bytes leftover after parsing attributes in process `syz.5.207'.
[  224.412375][ T6936] netlink: 8 bytes leftover after parsing attributes in process `syz.5.207'.
[  224.790101][ T6650] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  225.112097][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  225.112265][   T30] audit: type=1326 audit(1743981966.417:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6937 comm="syz.2.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3fb58d169 code=0x7ffc0000
[  225.628054][   T30] audit: type=1326 audit(1743981966.417:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6937 comm="syz.2.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3fb58d169 code=0x7ffc0000
[  225.650631][    C1] vkms_vblank_simulate: vblank timer overrun
[  225.702865][ T6943] loop4: detected capacity change from 0 to 1024
[  225.710435][ T6650] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  225.752485][ T6943] EXT4-fs: Ignoring removed nobh option
[  225.792252][ T6943] EXT4-fs: Ignoring removed bh option
[  225.807717][ T6650] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  225.816484][   T30] audit: type=1326 audit(1743981966.427:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6937 comm="syz.2.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7fc3fb58d169 code=0x7ffc0000
[  225.865978][   T30] audit: type=1326 audit(1743981966.427:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6937 comm="syz.2.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3fb58d169 code=0x7ffc0000
[  225.869096][   T10] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  225.888534][   T30] audit: type=1326 audit(1743981966.427:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6937 comm="syz.2.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3fb58d169 code=0x7ffc0000
[  225.918676][   T30] audit: type=1326 audit(1743981966.437:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6937 comm="syz.2.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fc3fb58d169 code=0x7ffc0000
[  225.942772][   T30] audit: type=1326 audit(1743981966.437:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6937 comm="syz.2.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3fb58d169 code=0x7ffc0000
[  225.969668][   T30] audit: type=1326 audit(1743981966.437:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6937 comm="syz.2.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3fb58d169 code=0x7ffc0000
[  226.095906][ T6943] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.115352][   T10] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  226.389364][ T6950] loop3: detected capacity change from 0 to 40427
[  226.398636][   T30] audit: type=1326 audit(1743981966.437:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6937 comm="syz.2.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc3fb58d169 code=0x7ffc0000
[  226.422358][   T30] audit: type=1326 audit(1743981966.447:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6937 comm="syz.2.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3fb58d169 code=0x7ffc0000
[  226.445912][ T6950] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3fffff
[  226.464145][ T6950] F2FS-fs (loop3): invalid crc value
[  226.626870][ T6950] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  227.075130][ T6964] F2FS-fs (loop3): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  228.346317][ T6650] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.461266][ T6650] 8021q: adding VLAN 0 to HW filter on device team0
[  228.598708][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.647462][ T5836] syz-executor: attempt to access beyond end of device
[  228.647462][ T5836] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  228.695592][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  228.695633][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  228.695649][ T5836] Call Trace:
[  228.695660][ T5836]  <TASK>
[  228.695670][ T5836]  dump_stack_lvl+0x241/0x360
[  228.695722][ T5836]  ? __pfx_dump_stack_lvl+0x10/0x10
[  228.695760][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.695790][ T5836]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  228.695820][ T5836]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  228.695849][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.695878][ T5836]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  228.695923][ T5836]  f2fs_handle_critical_error+0x392/0x5a0
[  228.695973][ T5836]  f2fs_write_end_io+0x563/0x790
[  228.696024][ T5836]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  228.696071][ T5836]  ? bio_endio+0x7e4/0x890
[  228.696106][ T5836]  ? bio_endio+0x82a/0x890
[  228.696142][ T5836]  __submit_merged_bio+0x2a9/0x710
[  228.696173][ T5836]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  228.696216][ T5836]  f2fs_submit_merged_write_cond+0x29f/0x380
[  228.696268][ T5836]  f2fs_write_data_pages+0x2f99/0x38d0
[  228.696372][ T5836]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  228.696478][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.696512][ T5836]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  228.696559][ T5836]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  228.696602][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.696651][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.696679][ T5836]  ? __lock_acquire+0xad5/0xd80
[  228.696714][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.696743][ T5836]  ? do_raw_spin_lock+0x151/0x370
[  228.696793][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.696822][ T5836]  ? do_raw_spin_unlock+0x13c/0x8b0
[  228.696866][ T5836]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  228.696909][ T5836]  do_writepages+0x366/0x890
[  228.696951][ T5836]  ? __pfx_do_writepages+0x10/0x10
[  228.696974][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.697002][ T5836]  ? __lock_acquire+0xad5/0xd80
[  228.697037][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.697065][ T5836]  ? do_raw_spin_lock+0x151/0x370
[  228.697120][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.697149][ T5836]  ? do_raw_spin_unlock+0x13c/0x8b0
[  228.697200][ T5836]  filemap_fdatawrite+0x1f2/0x2a0
[  228.697234][ T5836]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  228.697260][ T5836]  ? mlock_drain_local+0x79/0x490
[  228.697359][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.697388][ T5836]  ? do_raw_spin_unlock+0x13c/0x8b0
[  228.697439][ T5836]  f2fs_sync_dirty_inodes+0x34f/0x860
[  228.697504][ T5836]  f2fs_write_checkpoint+0x857/0x1da0
[  228.697560][ T5836]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  228.697646][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.697675][ T5836]  ? kfree+0x198/0x430
[  228.697707][ T5836]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  228.697737][ T5836]  ? kill_f2fs_super+0x290/0x6d0
[  228.697771][ T5836]  kill_f2fs_super+0x2b8/0x6d0
[  228.697806][ T5836]  ? __pfx_kill_f2fs_super+0x10/0x10
[  228.697842][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.697871][ T5836]  ? shrinker_free+0x2ca/0x3d0
[  228.697909][ T5836]  deactivate_locked_super+0xc6/0x130
[  228.697942][ T5836]  cleanup_mnt+0x422/0x4c0
[  228.697971][ T5836]  ? lockdep_hardirqs_on+0x9d/0x150
[  228.698008][ T5836]  task_work_run+0x253/0x310
[  228.698059][ T5836]  ? __pfx_task_work_run+0x10/0x10
[  228.698106][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.698144][ T5836]  syscall_exit_to_user_mode+0x13f/0x340
[  228.698181][ T5836]  do_syscall_64+0x100/0x230
[  228.698222][ T5836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.698247][ T5836] RIP: 0033:0x7f0e6058e497
[  228.698269][ T5836] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  228.698291][ T5836] RSP: 002b:00007ffc09ef64a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  228.698319][ T5836] RAX: 0000000000000000 RBX: 00007f0e6060e08c RCX: 00007f0e6058e497
[  228.698346][ T5836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc09ef6560
[  228.698363][ T5836] RBP: 00007ffc09ef6560 R08: 0000000000000000 R09: 0000000000000000
[  228.698380][ T5836] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc09ef75f0
[  228.698397][ T5836] R13: 00007f0e6060e08c R14: 000000000003768c R15: 00007ffc09ef7630
[  228.698441][ T5836]  </TASK>
[  229.144732][ T5836] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  229.291250][ T6650] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  229.301710][ T6650] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  229.343577][ T6764] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.350748][ T6764] bridge0: port 1(bridge_slave_0) entered forwarding state
[  229.375539][ T6764] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.383836][ T6764] bridge0: port 2(bridge_slave_1) entered forwarding state
[  232.116860][ T6994] loop5: detected capacity change from 0 to 1024
[  232.127361][ T6994] EXT4-fs: Ignoring removed nobh option
[  232.133185][ T6994] EXT4-fs: Ignoring removed bh option
[  232.231108][ T6994] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.650777][ T5835] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.665687][ T6650] 8021q: adding VLAN 0 to HW filter on device batadv0
[  232.824300][ T5896] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  233.053518][ T7008] syz.5.220 (7008): drop_caches: 2
[  233.053785][ T5896] usb 5-1: Using ep0 maxpacket: 8
[  233.076351][ T7008] syz.5.220 (7008): drop_caches: 2
[  233.454774][ T5896] usb 5-1: unable to get BOS descriptor or descriptor too short
[  233.497481][ T5896] usb 5-1: no configurations
[  233.515039][ T5896] usb 5-1: can't read configurations, error -22
[  233.572303][ T7010] syz.3.215 (7010): drop_caches: 2
[  233.580392][ T7013] netlink: 16 bytes leftover after parsing attributes in process `syz.2.221'.
[  233.583480][ T7010] syz.3.215 (7010): drop_caches: 2
[  234.151001][ T7019] overlayfs: failed to resolve './file1': -2
[  234.849755][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  234.849785][   T30] audit: type=1326 audit(1743981975.627:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7014 comm="syz.5.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  235.228115][   T30] audit: type=1326 audit(1743981975.627:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7014 comm="syz.5.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  235.259406][   T30] audit: type=1326 audit(1743981975.627:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7014 comm="syz.5.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  235.292566][   T30] audit: type=1326 audit(1743981975.627:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7014 comm="syz.5.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  235.415697][ T5897] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  235.463495][   T30] audit: type=1326 audit(1743981975.627:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7014 comm="syz.5.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  235.492416][ T5897] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  235.714847][   T30] audit: type=1326 audit(1743981975.627:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7014 comm="syz.5.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  236.007953][ T7036] syz.5.226 (7036): drop_caches: 2
[  236.045157][ T7036] syz.5.226 (7036): drop_caches: 2
[  236.191488][   T30] audit: type=1326 audit(1743981975.637:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7014 comm="syz.5.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  236.326779][   T30] audit: type=1326 audit(1743981975.637:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7014 comm="syz.5.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  236.417902][   T30] audit: type=1326 audit(1743981975.637:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7014 comm="syz.5.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  236.537920][   T30] audit: type=1326 audit(1743981975.637:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7014 comm="syz.5.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb543f8d169 code=0x7ffc0000
[  237.075002][ T6650] veth0_vlan: entered promiscuous mode
[  237.549821][ T7058] overlayfs: missing 'workdir'
[  238.158179][ T6650] veth1_vlan: entered promiscuous mode
[  238.340793][ T6650] veth0_macvtap: entered promiscuous mode
[  238.392900][ T6650] veth1_macvtap: entered promiscuous mode
[  239.470467][ T7067] syz.4.233 (7067): drop_caches: 2
[  239.491686][ T7067] syz.4.233 (7067): drop_caches: 2
[  240.322674][ T6650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.396103][ T7073] netlink: 16 bytes leftover after parsing attributes in process `syz.2.234'.
[  240.426781][ T6650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.467431][ T6650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.728750][ T6650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.740947][ T6650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.752666][ T6650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.773527][ T6650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.799258][ T6650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.763610][ T6650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.775663][ T6650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.829466][ T6650] batman_adv: batadv0: Interface activated: batadv_slave_0
[  241.866011][ T6650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.953424][ T6650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.999128][ T6650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  242.042063][ T6650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.066506][ T6650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  242.115217][ T6650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.157401][ T6650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  242.191656][ T6650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.254768][ T5901] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  242.323063][ T6650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  242.334027][ T6650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.442559][ T6650] batman_adv: batadv0: Interface activated: batadv_slave_1
[  242.685790][ T7091] netlink: 8 bytes leftover after parsing attributes in process `syz.4.240'.
[  242.983369][ T5901] usb 6-1: Using ep0 maxpacket: 8
[  243.007074][ T6650] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  243.044704][ T6650] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  243.053716][ T6650] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  243.074804][ T6650] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  243.123769][ T5901] usb 6-1: unable to get BOS descriptor or descriptor too short
[  243.173772][ T5901] usb 6-1: no configurations
[  243.254894][ T5901] usb 6-1: can't read configurations, error -22
[  243.546440][ T7105] syz.2.242 (7105): drop_caches: 2
[  243.801163][ T7105] syz.2.242 (7105): drop_caches: 2
[  243.990748][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  246.302953][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  246.797900][ T7125] overlayfs: missing 'workdir'
[  249.451411][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  249.482403][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  249.680315][ T7144] loop5: detected capacity change from 0 to 1024
[  249.691808][ T7144] EXT4-fs: Ignoring removed nobh option
[  249.697760][ T7144] EXT4-fs: Ignoring removed bh option
[  249.794723][ T7144] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.268787][ T7150] syz.2.250 (7150): drop_caches: 2
[  250.276019][ T7150] syz.2.250 (7150): drop_caches: 2
[  250.629908][ T5835] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.934703][ T7159] netlink: 16 bytes leftover after parsing attributes in process `syz.5.252'.
[  251.549829][ T7165] loop4: detected capacity change from 0 to 1024
[  251.560119][ T7165] EXT4-fs: Ignoring removed nobh option
[  251.566834][ T7165] EXT4-fs: Ignoring removed bh option
[  251.751756][ T7164] overlay: Unknown parameter 'defcontext'
[  252.547854][ T7165] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  252.694019][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.338508][ T7181] syz.0.257 (7181): drop_caches: 2
[  253.349391][ T7181] syz.0.257 (7181): drop_caches: 2
[  253.575387][ T7179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.255'.
[  253.746737][ T7186] loop4: detected capacity change from 0 to 1024
[  253.776775][ T7186] EXT4-fs: Ignoring removed nobh option
[  253.793209][ T7186] EXT4-fs: Ignoring removed bh option
[  254.020486][ T7191] syz.0.259 (7191): drop_caches: 2
[  254.053708][ T7191] syz.0.259 (7191): drop_caches: 2
[  254.207103][ T7186] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.556562][ T7218] syz.2.264 (7218): drop_caches: 2
[  256.562525][ T7218] syz.2.264 (7218): drop_caches: 2
[  256.590671][ T7213] loop0: detected capacity change from 0 to 1024
[  256.598958][ T7213] EXT4-fs: Ignoring removed nobh option
[  256.604614][ T7213] EXT4-fs: Ignoring removed bh option
[  256.895346][ T7223] loop3: detected capacity change from 0 to 1024
[  256.902787][ T7223] EXT4-fs: Ignoring removed nobh option
[  256.908536][ T7223] EXT4-fs: Ignoring removed bh option
[  257.305403][ T7213] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  257.335657][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.841228][ T7223] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  257.872231][ T7239] loop2: detected capacity change from 0 to 1024
[  257.879802][ T7239] EXT4-fs: Ignoring removed nobh option
[  257.885431][ T7239] EXT4-fs: Ignoring removed bh option
[  258.734414][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.746235][ T7239] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.983623][ T7252] netlink: 16 bytes leftover after parsing attributes in process `syz.4.268'.
[  259.919876][ T7260] netlink: 8 bytes leftover after parsing attributes in process `syz.6.273'.
[  259.989154][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.373879][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  260.380499][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  260.787190][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  261.036638][ T7273] loop4: detected capacity change from 0 to 40427
[  261.087193][ T7273] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x3fffff
[  261.098400][ T7273] F2FS-fs (loop4): invalid crc value
[  262.276116][ T7273] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  262.534827][ T7286] syz.3.275 (7286): drop_caches: 2
[  262.606421][ T7286] syz.3.275 (7286): drop_caches: 2
[  265.057665][ T7306] loop6: detected capacity change from 0 to 1024
[  265.074434][ T7306] EXT4-fs: Ignoring removed nobh option
[  265.081036][ T7306] EXT4-fs: Ignoring removed bh option
[  265.253830][ T5840] syz-executor: attempt to access beyond end of device
[  265.253830][ T5840] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  265.454880][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  265.454922][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  265.454938][ T5840] Call Trace:
[  265.454949][ T5840]  <TASK>
[  265.454959][ T5840]  dump_stack_lvl+0x241/0x360
[  265.455011][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  265.455049][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.455081][ T5840]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  265.455110][ T5840]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  265.455139][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.455166][ T5840]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  265.455213][ T5840]  f2fs_handle_critical_error+0x392/0x5a0
[  265.455257][ T5840]  f2fs_write_end_io+0x563/0x790
[  265.455309][ T5840]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  265.455359][ T5840]  ? bio_endio+0x7e4/0x890
[  265.455392][ T5840]  ? bio_endio+0x82a/0x890
[  265.455425][ T5840]  __submit_merged_bio+0x2a9/0x710
[  265.455455][ T5840]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  265.455496][ T5840]  f2fs_submit_merged_write_cond+0x29f/0x380
[  265.455542][ T5840]  f2fs_write_data_pages+0x2f99/0x38d0
[  265.455622][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  265.455676][ T5840]  ? __kernel_text_address+0xd/0x40
[  265.455733][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.455761][ T5840]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  265.455812][ T5840]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  265.455854][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.455897][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.455925][ T5840]  ? __lock_acquire+0xad5/0xd80
[  265.455958][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.455986][ T5840]  ? do_raw_spin_lock+0x151/0x370
[  265.456034][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.456062][ T5840]  ? do_raw_spin_unlock+0x13c/0x8b0
[  265.456104][ T5840]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  265.456145][ T5840]  do_writepages+0x366/0x890
[  265.456181][ T5840]  ? __pfx_do_writepages+0x10/0x10
[  265.456203][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.456231][ T5840]  ? __lock_acquire+0xad5/0xd80
[  265.456262][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.456290][ T5840]  ? do_raw_spin_lock+0x151/0x370
[  265.456343][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.456371][ T5840]  ? do_raw_spin_unlock+0x13c/0x8b0
[  265.456418][ T5840]  filemap_fdatawrite+0x1f2/0x2a0
[  265.456451][ T5840]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  265.456476][ T5840]  ? mlock_drain_local+0x79/0x490
[  265.456568][ T5840]  f2fs_sync_dirty_inodes+0x34f/0x860
[  265.456632][ T5840]  f2fs_write_checkpoint+0x857/0x1da0
[  265.456680][ T5840]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  265.456751][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.456780][ T5840]  ? kfree+0x198/0x430
[  265.456813][ T5840]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  265.456841][ T5840]  ? kill_f2fs_super+0x290/0x6d0
[  265.456870][ T5840]  kill_f2fs_super+0x2b8/0x6d0
[  265.456901][ T5840]  ? __pfx_kill_f2fs_super+0x10/0x10
[  265.456935][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.456963][ T5840]  ? shrinker_free+0x2ca/0x3d0
[  265.457003][ T5840]  deactivate_locked_super+0xc6/0x130
[  265.457034][ T5840]  cleanup_mnt+0x422/0x4c0
[  265.457062][ T5840]  ? lockdep_hardirqs_on+0x9d/0x150
[  265.457098][ T5840]  task_work_run+0x253/0x310
[  265.457151][ T5840]  ? __pfx_task_work_run+0x10/0x10
[  265.457195][ T5840]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.457229][ T5840]  syscall_exit_to_user_mode+0x13f/0x340
[  265.457263][ T5840]  do_syscall_64+0x100/0x230
[  265.457303][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.457333][ T5840] RIP: 0033:0x7f414cd8e497
[  265.457355][ T5840] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  265.457377][ T5840] RSP: 002b:00007fff6705ffe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  265.457405][ T5840] RAX: 0000000000000000 RBX: 00007f414ce0e08c RCX: 00007f414cd8e497
[  265.457424][ T5840] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff670600a0
[  265.457440][ T5840] RBP: 00007fff670600a0 R08: 0000000000000000 R09: 0000000000000000
[  265.457457][ T5840] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff67061130
[  265.457474][ T5840] R13: 00007f414ce0e08c R14: 00000000000403fb R15: 00007fff67061170
[  265.457512][ T5840]  </TASK>
[  265.457548][ T5840] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  266.675874][ T7306] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  267.309027][ T6650] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.572915][ T7327] syz.0.284 (7327): drop_caches: 2
[  267.585380][ T7327] syz.0.284 (7327): drop_caches: 2
[  269.283495][ T7336] netlink: 16 bytes leftover after parsing attributes in process `syz.6.288'.
[  269.529633][ T7334] loop0: detected capacity change from 0 to 40427
[  269.539415][ T7334] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x3fffff
[  269.551389][ T7334] F2FS-fs (loop0): invalid crc value
[  269.711660][ T7334] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  270.015445][ T7349] F2FS-fs (loop0): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  270.568426][ T5837] syz-executor: attempt to access beyond end of device
[  270.568426][ T5837] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  270.629201][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  270.629237][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  270.629251][ T5837] Call Trace:
[  270.629260][ T5837]  <TASK>
[  270.629270][ T5837]  dump_stack_lvl+0x241/0x360
[  270.629328][ T5837]  ? __pfx_dump_stack_lvl+0x10/0x10
[  270.629361][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.629390][ T5837]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  270.629416][ T5837]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  270.629441][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.629465][ T5837]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  270.629507][ T5837]  f2fs_handle_critical_error+0x392/0x5a0
[  270.629549][ T5837]  f2fs_write_end_io+0x563/0x790
[  270.629599][ T5837]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  270.629637][ T5837]  ? bio_endio+0x7e4/0x890
[  270.629669][ T5837]  ? bio_endio+0x82a/0x890
[  270.629699][ T5837]  __submit_merged_bio+0x2a9/0x710
[  270.629726][ T5837]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  270.629764][ T5837]  f2fs_submit_merged_write_cond+0x29f/0x380
[  270.629808][ T5837]  f2fs_write_data_pages+0x2f99/0x38d0
[  270.629888][ T5837]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  270.629982][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.630006][ T5837]  ? do_raw_spin_unlock+0x13c/0x8b0
[  270.630077][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.630101][ T5837]  ? folios_put_refs+0x70a/0x800
[  270.630154][ T5837]  ? __pfx_folios_put_refs+0x10/0x10
[  270.630183][ T5837]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  270.630206][ T5837]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  270.630242][ T5837]  do_writepages+0x366/0x890
[  270.630277][ T5837]  ? __pfx_do_writepages+0x10/0x10
[  270.630296][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.630324][ T5837]  ? __lock_acquire+0xad5/0xd80
[  270.630354][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.630378][ T5837]  ? do_raw_spin_lock+0x151/0x370
[  270.630424][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.630448][ T5837]  ? do_raw_spin_unlock+0x13c/0x8b0
[  270.630492][ T5837]  filemap_fdatawrite+0x1f2/0x2a0
[  270.630523][ T5837]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  270.630544][ T5837]  ? mlock_drain_local+0x79/0x490
[  270.630624][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.630649][ T5837]  ? do_raw_spin_unlock+0x13c/0x8b0
[  270.630692][ T5837]  f2fs_sync_dirty_inodes+0x34f/0x860
[  270.630754][ T5837]  f2fs_write_checkpoint+0x857/0x1da0
[  270.630801][ T5837]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  270.630875][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.630899][ T5837]  ? kfree+0x198/0x430
[  270.630929][ T5837]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  270.630953][ T5837]  ? kill_f2fs_super+0x290/0x6d0
[  270.630982][ T5837]  kill_f2fs_super+0x2b8/0x6d0
[  270.631012][ T5837]  ? __pfx_kill_f2fs_super+0x10/0x10
[  270.631043][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.631068][ T5837]  ? shrinker_free+0x2ca/0x3d0
[  270.631104][ T5837]  deactivate_locked_super+0xc6/0x130
[  270.631133][ T5837]  cleanup_mnt+0x422/0x4c0
[  270.631160][ T5837]  ? lockdep_hardirqs_on+0x9d/0x150
[  270.631193][ T5837]  task_work_run+0x253/0x310
[  270.631242][ T5837]  ? __pfx_task_work_run+0x10/0x10
[  270.631282][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.631313][ T5837]  syscall_exit_to_user_mode+0x13f/0x340
[  270.631351][ T5837]  do_syscall_64+0x100/0x230
[  270.631389][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.631410][ T5837] RIP: 0033:0x7f52c998e497
[  270.631431][ T5837] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  270.631449][ T5837] RSP: 002b:00007ffffb9c17e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  270.631474][ T5837] RAX: 0000000000000000 RBX: 00007f52c9a0e08c RCX: 00007f52c998e497
[  270.631489][ T5837] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffffb9c18a0
[  270.631504][ T5837] RBP: 00007ffffb9c18a0 R08: 0000000000000000 R09: 0000000000000000
[  270.631518][ T5837] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffffb9c2930
[  270.631533][ T5837] R13: 00007f52c9a0e08c R14: 0000000000041e6a R15: 00007ffffb9c2970
[  270.631571][ T5837]  </TASK>
[  270.631581][ T5837] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  271.395401][ T7359] syz.2.293 (7359): drop_caches: 2
[  271.416432][ T5898] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  271.449283][ T7359] syz.2.293 (7359): drop_caches: 2
[  271.497686][ T5898] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  272.067575][ T7377] syz.5.295 (7377): drop_caches: 2
[  272.119236][ T7377] syz.5.295 (7377): drop_caches: 2
[  272.670866][ T7388] syz.3.297 (7388): drop_caches: 2
[  272.697283][ T7388] syz.3.297 (7388): drop_caches: 2
[  273.119074][ T7391] loop2: detected capacity change from 0 to 1024
[  273.130021][ T7391] EXT4-fs: Ignoring removed nobh option
[  273.135809][ T7391] EXT4-fs: Ignoring removed bh option
[  273.305428][ T7391] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.516650][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.673456][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  276.853296][   T24] usb 4-1: Using ep0 maxpacket: 32
[  276.866995][   T24] usb 4-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  276.896662][   T24] usb 4-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  276.939538][   T24] usb 4-1: Product: syz
[  276.968874][   T24] usb 4-1: config 0 descriptor??
[  277.007219][   T24] gspca_main: STV06xx-2.14.0 probing 046d:08f6
[  277.041918][   T24] gspca_stv06xx: st6422 sensor detected
[  277.619153][ T7433] netlink: 'syz.3.306': attribute type 4 has an invalid length.
[  277.728052][ T7439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.306'.
[  278.805171][ T7446] loop4: detected capacity change from 0 to 1024
[  278.823347][ T7446] EXT4-fs: Ignoring removed nobh option
[  278.829371][ T7446] EXT4-fs: Ignoring removed bh option
[  279.238301][ T7446] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  279.558207][ T7457] syz.0.311 (7457): drop_caches: 2
[  279.863815][ T7457] syz.0.311 (7457): drop_caches: 2
[  280.157012][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.214687][   T24] STV06xx 4-1:0.0: probe with driver STV06xx failed with error -71
[  280.282536][   T24] usb 4-1: USB disconnect, device number 5
[  280.423819][ T7466] loop0: detected capacity change from 0 to 1024
[  280.450856][ T7466] EXT4-fs: Ignoring removed nobh option
[  280.464901][ T7466] EXT4-fs: Ignoring removed bh option
[  280.556768][ T7466] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.001563][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.382433][ T7475] loop6: detected capacity change from 0 to 40427
[  281.394212][ T7475] F2FS-fs (loop6): build fault injection attr: rate: 771, type: 0x3fffff
[  281.405485][ T7475] F2FS-fs (loop6): invalid crc value
[  281.533433][ T7475] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  281.909463][ T7490] 9pnet_virtio: no channels available for device syz
[  282.633513][ T7491] F2FS-fs (loop6): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  282.662421][ T7496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.320'.
[  283.424190][ T7506] syz.0.322 (7506): drop_caches: 2
[  283.486400][ T6650] syz-executor: attempt to access beyond end of device
[  283.486400][ T6650] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  283.496550][ T7506] syz.0.322 (7506): drop_caches: 2
[  283.536521][ T6650] CPU: 0 UID: 0 PID: 6650 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  283.536559][ T6650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  283.536576][ T6650] Call Trace:
[  283.536594][ T6650]  <TASK>
[  283.536604][ T6650]  dump_stack_lvl+0x241/0x360
[  283.536659][ T6650]  ? __pfx_dump_stack_lvl+0x10/0x10
[  283.536698][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.536729][ T6650]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  283.536760][ T6650]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  283.536789][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.536818][ T6650]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  283.536866][ T6650]  f2fs_handle_critical_error+0x392/0x5a0
[  283.536915][ T6650]  f2fs_write_end_io+0x563/0x790
[  283.536970][ T6650]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  283.537016][ T6650]  ? bio_endio+0x7e4/0x890
[  283.537053][ T6650]  ? bio_endio+0x82a/0x890
[  283.537087][ T6650]  __submit_merged_bio+0x2a9/0x710
[  283.537120][ T6650]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  283.537164][ T6650]  f2fs_submit_merged_write_cond+0x29f/0x380
[  283.537216][ T6650]  f2fs_write_data_pages+0x2f99/0x38d0
[  283.537311][ T6650]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  283.537425][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.537455][ T6650]  ? do_raw_spin_unlock+0x13c/0x8b0
[  283.537525][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.537553][ T6650]  ? __lock_acquire+0xad5/0xd80
[  283.537594][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.537623][ T6650]  ? do_raw_spin_lock+0x151/0x370
[  283.537671][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.537698][ T6650]  ? do_raw_spin_unlock+0x13c/0x8b0
[  283.537742][ T6650]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  283.537786][ T6650]  do_writepages+0x366/0x890
[  283.537828][ T6650]  ? __pfx_do_writepages+0x10/0x10
[  283.537851][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.537880][ T6650]  ? __lock_acquire+0xad5/0xd80
[  283.537914][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.537942][ T6650]  ? do_raw_spin_lock+0x151/0x370
[  283.537997][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.538026][ T6650]  ? do_raw_spin_unlock+0x13c/0x8b0
[  283.538076][ T6650]  filemap_fdatawrite+0x1f2/0x2a0
[  283.538111][ T6650]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  283.538136][ T6650]  ? mlock_drain_local+0x79/0x490
[  283.538227][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.538254][ T6650]  ? do_raw_spin_unlock+0x13c/0x8b0
[  283.538305][ T6650]  f2fs_sync_dirty_inodes+0x34f/0x860
[  283.538374][ T6650]  f2fs_write_checkpoint+0x857/0x1da0
[  283.538430][ T6650]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  283.538513][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.538542][ T6650]  ? kfree+0x198/0x430
[  283.538574][ T6650]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  283.538613][ T6650]  ? kill_f2fs_super+0x290/0x6d0
[  283.538646][ T6650]  kill_f2fs_super+0x2b8/0x6d0
[  283.538681][ T6650]  ? __pfx_kill_f2fs_super+0x10/0x10
[  283.538717][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.538746][ T6650]  ? shrinker_free+0x2ca/0x3d0
[  283.538788][ T6650]  deactivate_locked_super+0xc6/0x130
[  283.538822][ T6650]  cleanup_mnt+0x422/0x4c0
[  283.538851][ T6650]  ? lockdep_hardirqs_on+0x9d/0x150
[  283.538889][ T6650]  task_work_run+0x253/0x310
[  283.538944][ T6650]  ? __pfx_task_work_run+0x10/0x10
[  283.538992][ T6650]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.539028][ T6650]  syscall_exit_to_user_mode+0x13f/0x340
[  283.539066][ T6650]  do_syscall_64+0x100/0x230
[  283.539110][ T6650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.539135][ T6650] RIP: 0033:0x7febc598e497
[  283.539158][ T6650] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  283.539179][ T6650] RSP: 002b:00007fff4d2b7188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  283.539207][ T6650] RAX: 0000000000000000 RBX: 00007febc5a0e08c RCX: 00007febc598e497
[  283.539225][ T6650] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff4d2b7240
[  283.539242][ T6650] RBP: 00007fff4d2b7240 R08: 0000000000000000 R09: 0000000000000000
[  283.539259][ T6650] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff4d2b82d0
[  283.539277][ T6650] R13: 00007febc5a0e08c R14: 0000000000045172 R15: 00007fff4d2b8310
[  283.539322][ T6650]  </TASK>
[  283.598903][ T6650] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  283.599109][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.971257][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.977293][    C0] hrtimer: interrupt took 434066273 ns
[  284.077349][    C0] vkms_vblank_simulate: vblank timer overrun
[  284.461132][ T7516] loop0: detected capacity change from 0 to 1024
[  284.559841][ T7516] EXT4-fs: Ignoring removed nobh option
[  284.565910][ T7516] EXT4-fs: Ignoring removed bh option
[  284.727663][ T7523] syz.4.326 (7523): drop_caches: 2
[  284.735777][ T7523] syz.4.326 (7523): drop_caches: 2
[  285.226825][ T7516] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.873853][   T24] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  287.103411][   T24] usb 5-1: Using ep0 maxpacket: 32
[  287.124407][   T24] usb 5-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  287.282138][ T7536] loop3: detected capacity change from 0 to 40427
[  287.284846][ T7539] loop2: detected capacity change from 0 to 1024
[  287.296143][ T7539] EXT4-fs: Ignoring removed nobh option
[  287.303308][ T7539] EXT4-fs: Ignoring removed bh option
[  287.327811][ T7536] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3fffff
[  287.341850][ T7536] F2FS-fs (loop3): invalid crc value
[  287.354860][   T24] usb 5-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  287.389059][ T7539] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  287.451091][ T7536] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  287.480402][   T24] usb 5-1: Product: syz
[  287.540260][   T24] usb 5-1: config 0 descriptor??
[  287.547147][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.578722][   T24] gspca_main: STV06xx-2.14.0 probing 046d:08f6
[  287.620765][   T24] gspca_stv06xx: st6422 sensor detected
[  287.722779][ T7548] F2FS-fs (loop3): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  288.158663][ T7534] netlink: 'syz.4.328': attribute type 4 has an invalid length.
[  288.351944][ T7554] netlink: 4 bytes leftover after parsing attributes in process `syz.4.328'.
[  288.364115][ T5836] syz-executor: attempt to access beyond end of device
[  288.364115][ T5836] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  288.429507][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  288.429548][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  288.429565][ T5836] Call Trace:
[  288.429576][ T5836]  <TASK>
[  288.429591][ T5836]  dump_stack_lvl+0x241/0x360
[  288.429646][ T5836]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.429685][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.429718][ T5836]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  288.429748][ T5836]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  288.429777][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.429805][ T5836]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  288.429852][ T5836]  f2fs_handle_critical_error+0x392/0x5a0
[  288.429899][ T5836]  f2fs_write_end_io+0x563/0x790
[  288.429955][ T5836]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  288.430000][ T5836]  ? bio_endio+0x7e4/0x890
[  288.430036][ T5836]  ? bio_endio+0x82a/0x890
[  288.430070][ T5836]  __submit_merged_bio+0x2a9/0x710
[  288.430101][ T5836]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  288.430143][ T5836]  f2fs_submit_merged_write_cond+0x29f/0x380
[  288.430191][ T5836]  f2fs_write_data_pages+0x2f99/0x38d0
[  288.430276][ T5836]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  288.430367][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.430397][ T5836]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  288.430451][ T5836]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  288.430494][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.430542][ T5836]  ? __mod_zone_page_state+0xda/0x150
[  288.430599][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.430628][ T5836]  ? folios_put_refs+0x711/0x800
[  288.430681][ T5836]  ? lockdep_hardirqs_on+0x9d/0x150
[  288.430715][ T5836]  ? __pfx_folios_put_refs+0x10/0x10
[  288.430749][ T5836]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  288.430776][ T5836]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  288.430818][ T5836]  do_writepages+0x366/0x890
[  288.430855][ T5836]  ? __pfx_do_writepages+0x10/0x10
[  288.430878][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.430907][ T5836]  ? __lock_acquire+0xad5/0xd80
[  288.430942][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.430971][ T5836]  ? do_raw_spin_lock+0x151/0x370
[  288.431026][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.431055][ T5836]  ? do_raw_spin_unlock+0x13c/0x8b0
[  288.431103][ T5836]  filemap_fdatawrite+0x1f2/0x2a0
[  288.431138][ T5836]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  288.431165][ T5836]  ? mlock_drain_local+0x79/0x490
[  288.431245][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.431275][ T5836]  ? do_raw_spin_unlock+0x13c/0x8b0
[  288.431324][ T5836]  f2fs_sync_dirty_inodes+0x34f/0x860
[  288.431394][ T5836]  f2fs_write_checkpoint+0x857/0x1da0
[  288.431444][ T5836]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  288.431517][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.431547][ T5836]  ? kfree+0x198/0x430
[  288.431583][ T5836]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  288.431615][ T5836]  ? kill_f2fs_super+0x290/0x6d0
[  288.431647][ T5836]  kill_f2fs_super+0x2b8/0x6d0
[  288.431679][ T5836]  ? __pfx_kill_f2fs_super+0x10/0x10
[  288.431714][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.431743][ T5836]  ? shrinker_free+0x2ca/0x3d0
[  288.431783][ T5836]  deactivate_locked_super+0xc6/0x130
[  288.431816][ T5836]  cleanup_mnt+0x422/0x4c0
[  288.431845][ T5836]  ? lockdep_hardirqs_on+0x9d/0x150
[  288.431880][ T5836]  task_work_run+0x253/0x310
[  288.431936][ T5836]  ? __pfx_task_work_run+0x10/0x10
[  288.431981][ T5836]  ? srso_alias_return_thunk+0x5/0xfbef5
[  288.432016][ T5836]  syscall_exit_to_user_mode+0x13f/0x340
[  288.432052][ T5836]  do_syscall_64+0x100/0x230
[  288.432094][ T5836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.432120][ T5836] RIP: 0033:0x7f0e6058e497
[  288.432143][ T5836] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  288.432165][ T5836] RSP: 002b:00007ffc09ef64a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  288.432193][ T5836] RAX: 0000000000000000 RBX: 00007f0e6060e08c RCX: 00007f0e6058e497
[  288.432211][ T5836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc09ef6560
[  288.432228][ T5836] RBP: 00007ffc09ef6560 R08: 0000000000000000 R09: 0000000000000000
[  288.432246][ T5836] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc09ef75f0
[  288.432264][ T5836] R13: 00007f0e6060e08c R14: 000000000004654b R15: 00007ffc09ef7630
[  288.432303][ T5836]  </TASK>
[  288.865495][ T5836] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  288.905517][ T7559] netlink: 8 bytes leftover after parsing attributes in process `syz.2.334'.
[  289.025752][ T7560] 9pnet_virtio: no channels available for device syz
[  290.839572][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.970730][   T24] STV06xx 5-1:0.0: probe with driver STV06xx failed with error -71
[  291.023371][   T24] usb 5-1: USB disconnect, device number 5
[  291.852128][ T7579] input: syz0 as /devices/virtual/input/input9
[  293.734388][ T7595] syz.4.342 (7595): drop_caches: 2
[  293.747727][ T7595] syz.4.342 (7595): drop_caches: 2
[  294.826206][ T7605] input: syz0 as /devices/virtual/input/input10
[  296.805015][ T7625] syz.4.349 (7625): drop_caches: 2
[  296.810840][ T7625] syz.4.349 (7625): drop_caches: 2
[  296.825209][ T7624] syz.6.347 (7624): drop_caches: 2
[  296.837137][ T7624] syz.6.347 (7624): drop_caches: 2
[  296.995844][ T7632] loop2: detected capacity change from 0 to 1024
[  297.030177][ T7632] EXT4-fs: Ignoring removed nobh option
[  297.056793][ T7632] EXT4-fs: Ignoring removed bh option
[  297.192420][ T7636] netlink: 8 bytes leftover after parsing attributes in process `syz.5.351'.
[  297.219594][ T7632] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  298.554971][   T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  298.737188][   T24] usb 7-1: Using ep0 maxpacket: 32
[  299.296121][ T7669] loop5: detected capacity change from 0 to 40427
[  299.306096][ T7669] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x3fffff
[  299.317255][ T7669] F2FS-fs (loop5): invalid crc value
[  299.631763][   T24] usb 7-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  299.794483][ T7669] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  300.121145][ T7669] F2FS-fs (loop5): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  300.356389][   T24] usb 7-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  300.409178][   T24] usb 7-1: Product: syz
[  300.486184][   T24] usb 7-1: config 0 descriptor??
[  300.555733][   T24] usb 7-1: can't set config #0, error -71
[  300.614679][   T24] usb 7-1: USB disconnect, device number 2
[  300.619637][ T7681] loop4: detected capacity change from 0 to 1024
[  300.697793][ T7681] EXT4-fs: Ignoring removed nobh option
[  300.761394][ T7681] EXT4-fs: Ignoring removed bh option
[  300.872067][ T7681] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  301.192029][ T5835] syz-executor: attempt to access beyond end of device
[  301.192029][ T5835] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  301.213562][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: syz-executor Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  301.213595][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  301.213611][ T5835] Call Trace:
[  301.213621][ T5835]  <TASK>
[  301.213630][ T5835]  dump_stack_lvl+0x241/0x360
[  301.213680][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.213719][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.213750][ T5835]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  301.213779][ T5835]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  301.213808][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.213837][ T5835]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  301.213881][ T5835]  f2fs_handle_critical_error+0x392/0x5a0
[  301.213926][ T5835]  f2fs_write_end_io+0x563/0x790
[  301.213980][ T5835]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  301.214024][ T5835]  ? bio_endio+0x7e4/0x890
[  301.214057][ T5835]  ? bio_endio+0x82a/0x890
[  301.214090][ T5835]  __submit_merged_bio+0x2a9/0x710
[  301.214122][ T5835]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  301.214162][ T5835]  f2fs_submit_merged_write_cond+0x29f/0x380
[  301.214205][ T5835]  f2fs_write_data_pages+0x2f99/0x38d0
[  301.214280][ T5835]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  301.214337][ T5835]  ? __kernel_text_address+0xd/0x40
[  301.214395][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.214423][ T5835]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  301.214480][ T5835]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  301.214523][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.214566][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.214594][ T5835]  ? __lock_acquire+0xad5/0xd80
[  301.214627][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.214655][ T5835]  ? do_raw_spin_lock+0x151/0x370
[  301.214703][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.214731][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  301.214773][ T5835]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  301.214814][ T5835]  do_writepages+0x366/0x890
[  301.214851][ T5835]  ? __pfx_do_writepages+0x10/0x10
[  301.214874][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.214902][ T5835]  ? __lock_acquire+0xad5/0xd80
[  301.214934][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.214962][ T5835]  ? do_raw_spin_lock+0x151/0x370
[  301.215012][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.215040][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  301.215087][ T5835]  filemap_fdatawrite+0x1f2/0x2a0
[  301.215120][ T5835]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  301.215145][ T5835]  ? mlock_drain_local+0x79/0x490
[  301.215227][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.215255][ T5835]  ? do_raw_spin_unlock+0x13c/0x8b0
[  301.215303][ T5835]  f2fs_sync_dirty_inodes+0x34f/0x860
[  301.215366][ T5835]  f2fs_write_checkpoint+0x857/0x1da0
[  301.215414][ T5835]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  301.215492][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.215521][ T5835]  ? kfree+0x198/0x430
[  301.215555][ T5835]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  301.215583][ T5835]  ? kill_f2fs_super+0x290/0x6d0
[  301.215614][ T5835]  kill_f2fs_super+0x2b8/0x6d0
[  301.215645][ T5835]  ? __pfx_kill_f2fs_super+0x10/0x10
[  301.215679][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.215707][ T5835]  ? shrinker_free+0x2ca/0x3d0
[  301.215747][ T5835]  deactivate_locked_super+0xc6/0x130
[  301.215779][ T5835]  cleanup_mnt+0x422/0x4c0
[  301.215807][ T5835]  ? lockdep_hardirqs_on+0x9d/0x150
[  301.215843][ T5835]  task_work_run+0x253/0x310
[  301.215894][ T5835]  ? __pfx_task_work_run+0x10/0x10
[  301.215939][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  301.215974][ T5835]  syscall_exit_to_user_mode+0x13f/0x340
[  301.216009][ T5835]  do_syscall_64+0x100/0x230
[  301.216050][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.216074][ T5835] RIP: 0033:0x7fb543f8e497
[  301.216096][ T5835] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  301.216117][ T5835] RSP: 002b:00007ffd532a5df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  301.216144][ T5835] RAX: 0000000000000000 RBX: 00007fb54400e08c RCX: 00007fb543f8e497
[  301.216162][ T5835] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd532a5eb0
[  301.216179][ T5835] RBP: 00007ffd532a5eb0 R08: 0000000000000000 R09: 0000000000000000
[  301.216196][ T5835] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd532a6f40
[  301.216212][ T5835] R13: 00007fb54400e08c R14: 000000000004956e R15: 00007ffd532a6f80
[  301.216251][ T5835]  </TASK>
[  301.216272][ T5835] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  301.372250][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.492465][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.929161][ T7713] syz.4.365 (7713): drop_caches: 2
[  302.968917][ T7713] syz.4.365 (7713): drop_caches: 2
[  303.247849][ T7717] netlink: 4 bytes leftover after parsing attributes in process `syz.2.367'.
[  303.784752][ T7725] overlayfs: missing 'lowerdir'
[  305.262449][ T7737] syz.5.364 (7737): drop_caches: 2
[  305.624848][ T7737] syz.5.364 (7737): drop_caches: 2
[  306.624863][ T7745] loop2: detected capacity change from 0 to 40427
[  306.693775][ T7745] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x3fffff
[  306.823739][ T7745] F2FS-fs (loop2): invalid crc value
[  307.097006][ T7745] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  307.691687][ T7764] input: syz0 as /devices/virtual/input/input11
[  307.782772][   T12] F2FS-fs (loop2): inject checkpoint error in f2fs_balance_fs of f2fs_write_single_data_page+0x1347/0x1c50
[  308.070873][   T12] kworker/u8:0: attempt to access beyond end of device
[  308.070873][   T12] loop2: rw=1, sector=77824, nr_sectors = 56 limit=40427
[  308.440933][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  308.440974][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  308.440992][   T12] Workqueue: writeback wb_workfn (flush-7:2)
[  308.441029][   T12] Call Trace:
[  308.441039][   T12]  <TASK>
[  308.441051][   T12]  dump_stack_lvl+0x241/0x360
[  308.441099][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  308.441139][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.441170][   T12]  ? _raw_spin_unlock_irqrestore+0x134/0x140
[  308.441201][   T12]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  308.441230][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.441259][   T12]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  308.441297][   T12]  ? __pfx_up_write+0x10/0x10
[  308.441349][   T12]  f2fs_handle_critical_error+0x392/0x5a0
[  308.441397][   T12]  f2fs_balance_fs+0x355/0x8c0
[  308.441437][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.441466][   T12]  ? __lock_acquire+0xad5/0xd80
[  308.441497][   T12]  ? f2fs_write_single_data_page+0x1347/0x1c50
[  308.441541][   T12]  ? __pfx_f2fs_balance_fs+0x10/0x10
[  308.441575][   T12]  ? do_raw_spin_lock+0x151/0x370
[  308.441625][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.441655][   T12]  ? do_raw_spin_unlock+0x13c/0x8b0
[  308.441695][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.441724][   T12]  ? folio_unlock+0x10e/0x170
[  308.441762][   T12]  f2fs_write_single_data_page+0x1347/0x1c50
[  308.441828][   T12]  ? __pfx_f2fs_write_single_data_page+0x10/0x10
[  308.441887][   T12]  ? f2fs_write_data_pages+0x1d88/0x38d0
[  308.441935][   T12]  f2fs_write_data_pages+0x1e3b/0x38d0
[  308.442021][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  308.442079][   T12]  ? sched_clock_cpu+0x77/0x4d0
[  308.442146][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.442176][   T12]  ? lockdep_hardirqs_on+0x9d/0x150
[  308.442226][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.442255][   T12]  ? trace_f2fs_writepages+0x8c/0x220
[  308.442294][   T12]  ? f2fs_write_node_pages+0x4ba/0x730
[  308.442340][   T12]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  308.442387][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.442418][   T12]  ? preempt_schedule_common+0x84/0xd0
[  308.442447][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  308.442488][   T12]  do_writepages+0x366/0x890
[  308.442526][   T12]  ? __pfx_do_writepages+0x10/0x10
[  308.442560][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.442589][   T12]  ? __lock_acquire+0xad5/0xd80
[  308.442627][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.442655][   T12]  ? reacquire_held_locks+0x12a/0x1e0
[  308.442688][   T12]  ? writeback_sb_inodes+0x43f/0x1360
[  308.442736][   T12]  __writeback_single_inode+0x14f/0x10d0
[  308.442780][   T12]  writeback_sb_inodes+0x822/0x1360
[  308.442854][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  308.442946][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.442982][   T12]  __writeback_inodes_wb+0x11b/0x260
[  308.443028][   T12]  wb_writeback+0x429/0xb90
[  308.443068][   T12]  ? queue_io+0x341/0x5a0
[  308.443102][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  308.443156][   T12]  wb_workfn+0x99b/0x10b0
[  308.443179][   T12]  ? preempt_schedule_common+0x84/0xd0
[  308.443238][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  308.443261][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.443290][   T12]  ? register_lock_class+0x54/0x330
[  308.443324][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.443358][   T12]  ? __lock_acquire+0xad5/0xd80
[  308.443388][   T12]  ? __pfx_preempt_schedule+0x10/0x10
[  308.443441][   T12]  ? process_scheduled_works+0x9cb/0x18e0
[  308.443472][   T12]  process_scheduled_works+0xac5/0x18e0
[  308.443539][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  308.443582][   T12]  ? assign_work+0x367/0x3d0
[  308.443618][   T12]  worker_thread+0x870/0xd50
[  308.443670][   T12]  ? __kthread_parkme+0x1a8/0x200
[  308.443710][   T12]  ? __pfx_worker_thread+0x10/0x10
[  308.443742][   T12]  kthread+0x7b9/0x940
[  308.443783][   T12]  ? __pfx_worker_thread+0x10/0x10
[  308.443816][   T12]  ? __pfx_kthread+0x10/0x10
[  308.443850][   T12]  ? __pfx_kthread+0x10/0x10
[  308.443886][   T12]  ? __pfx_kthread+0x10/0x10
[  308.443922][   T12]  ? __pfx_kthread+0x10/0x10
[  308.443957][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  308.443987][   T12]  ? lockdep_hardirqs_on+0x9d/0x150
[  308.444018][   T12]  ? __pfx_kthread+0x10/0x10
[  308.444055][   T12]  ret_from_fork+0x4d/0x80
[  308.444084][   T12]  ? __pfx_kthread+0x10/0x10
[  308.444121][   T12]  ret_from_fork_asm+0x1a/0x30
[  308.444167][   T12]  </TASK>
[  309.158831][   T12] F2FS-fs (loop2): Stopped filesystem due to reason: 1
[  309.373120][ T7774] loop5: detected capacity change from 0 to 1024
[  309.419849][ T7774] EXT4-fs: Ignoring removed nobh option
[  309.425662][ T7774] EXT4-fs: Ignoring removed bh option
[  309.558693][ T7774] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.764726][ T7781] loop0: detected capacity change from 0 to 1024
[  309.780547][ T7781] EXT4-fs: Ignoring removed nobh option
[  309.786772][ T7781] EXT4-fs: Ignoring removed bh option
[  309.924698][ T7781] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  311.091530][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.669614][ T7801] loop0: detected capacity change from 0 to 1024
[  311.686260][ T7801] EXT4-fs: Ignoring removed nobh option
[  311.692057][ T7801] EXT4-fs: Ignoring removed bh option
[  311.818755][ T7801] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.107624][ T7800] netlink: 4 bytes leftover after parsing attributes in process `syz.4.381'.
[  312.308853][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.691926][ T7813] overlayfs: missing 'lowerdir'
[  312.877439][ T7811] syz.4.384 (7811): drop_caches: 2
[  312.967646][ T7811] syz.4.384 (7811): drop_caches: 2
[  313.579483][ T6429] ==================================================================
[  313.587605][ T6429] BUG: KASAN: use-after-free in ext4_find_extent+0xb92/0xd80
[  313.595004][ T6429] Read of size 4 at addr ffff88806ea7a018 by task kworker/u8:14/6429
[  313.603064][ T6429] 
[  313.605386][ T6429] CPU: 0 UID: 0 PID: 6429 Comm: kworker/u8:14 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  313.605415][ T6429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  313.605432][ T6429] Workqueue: writeback wb_workfn (flush-7:5)
[  313.605464][ T6429] Call Trace:
[  313.605472][ T6429]  <TASK>
[  313.605481][ T6429]  dump_stack_lvl+0x241/0x360
[  313.605522][ T6429]  ? __pfx_dump_stack_lvl+0x10/0x10
[  313.605553][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.605587][ T6429]  ? rcu_is_watching+0x15/0xb0
[  313.605619][ T6429]  ? __virt_addr_valid+0x183/0x530
[  313.605654][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.605679][ T6429]  ? lock_release+0x4e/0x3e0
[  313.605705][ T6429]  ? __virt_addr_valid+0x183/0x530
[  313.605735][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.605763][ T6429]  print_report+0x16e/0x5b0
[  313.605796][ T6429]  ? __virt_addr_valid+0x183/0x530
[  313.605827][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.605851][ T6429]  ? __virt_addr_valid+0x45f/0x530
[  313.605881][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.605906][ T6429]  ? __phys_addr+0xba/0x170
[  313.605937][ T6429]  ? ext4_find_extent+0xb92/0xd80
[  313.605974][ T6429]  kasan_report+0x143/0x180
[  313.606005][ T6429]  ? ext4_find_extent+0xb92/0xd80
[  313.606041][ T6429]  ext4_find_extent+0xb92/0xd80
[  313.606079][ T6429]  ext4_ext_map_blocks+0x2e6/0x7d80
[  313.606113][ T6429]  ? ret_from_fork_asm+0x1a/0x30
[  313.606135][ T6429]  ? ret_from_fork_asm+0x1a/0x30
[  313.606157][ T6429]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  313.606200][ T6429]  ? ret_from_fork_asm+0x1a/0x30
[  313.606225][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.606255][ T6429]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[  313.606288][ T6429]  ? __lock_acquire+0xad5/0xd80
[  313.606321][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.606351][ T6429]  ? __pfx_down_write+0x10/0x10
[  313.606385][ T6429]  ? ext4_es_lookup_extent+0x61a/0xa90
[  313.606416][ T6429]  ext4_map_blocks+0x909/0x1a70
[  313.606451][ T6429]  ? __pfx_ext4_map_blocks+0x10/0x10
[  313.606476][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.606502][ T6429]  ? rcu_is_watching+0x15/0xb0
[  313.606529][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.606560][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.606589][ T6429]  ? ext4_inode_journal_mode+0x18b/0x460
[  313.606623][ T6429]  ext4_do_writepages+0x221d/0x3e50
[  313.606661][ T6429]  ? lockdep_hardirqs_on+0x9d/0x150
[  313.606689][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.606718][ T6429]  ? kfree+0x198/0x430
[  313.606758][ T6429]  ? __pfx_ext4_do_writepages+0x10/0x10
[  313.606785][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.606810][ T6429]  ? __local_bh_enable_ip+0x168/0x200
[  313.606834][ T6429]  ? cfg80211_inform_single_bss_data+0x1629/0x1ed0
[  313.606868][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.606897][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.606921][ T6429]  ? __lock_acquire+0xad5/0xd80
[  313.606945][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.606975][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.607000][ T6429]  ? rcu_read_lock_any_held+0xbb/0x160
[  313.607044][ T6429]  ext4_writepages+0x26f/0x450
[  313.607083][ T6429]  ? __pfx_ext4_writepages+0x10/0x10
[  313.607124][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.607149][ T6429]  ? do_raw_spin_unlock+0x13c/0x8b0
[  313.607185][ T6429]  ? __pfx_ext4_writepages+0x10/0x10
[  313.607220][ T6429]  do_writepages+0x366/0x890
[  313.607246][ T6429]  ? __pfx_do_writepages+0x10/0x10
[  313.607268][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.607293][ T6429]  ? sched_clock_cpu+0x77/0x4d0
[  313.607322][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.607348][ T6429]  ? __lock_acquire+0xad5/0xd80
[  313.607375][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.607401][ T6429]  ? reacquire_held_locks+0x12a/0x1e0
[  313.607428][ T6429]  ? writeback_sb_inodes+0x43f/0x1360
[  313.607463][ T6429]  __writeback_single_inode+0x14f/0x10d0
[  313.607497][ T6429]  writeback_sb_inodes+0x822/0x1360
[  313.607527][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.607562][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.607597][ T6429]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  313.607644][ T6429]  ? rcu_is_watching+0x15/0xb0
[  313.607672][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.607698][ T6429]  ? queue_io+0x3d9/0x5a0
[  313.607728][ T6429]  wb_writeback+0x415/0xb90
[  313.607759][ T6429]  ? queue_io+0x341/0x5a0
[  313.607786][ T6429]  ? __pfx_wb_writeback+0x10/0x10
[  313.607822][ T6429]  wb_workfn+0x412/0x10b0
[  313.607856][ T6429]  ? __pfx_wb_workfn+0x10/0x10
[  313.607875][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.607901][ T6429]  ? register_lock_class+0x54/0x330
[  313.607926][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.607951][ T6429]  ? __lock_acquire+0xad5/0xd80
[  313.607975][ T6429]  ? lockdep_hardirqs_on+0x9d/0x150
[  313.608003][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.608035][ T6429]  ? process_scheduled_works+0x9cb/0x18e0
[  313.608062][ T6429]  process_scheduled_works+0xac5/0x18e0
[  313.608103][ T6429]  ? __pfx_process_scheduled_works+0x10/0x10
[  313.608134][ T6429]  ? assign_work+0x367/0x3d0
[  313.608161][ T6429]  worker_thread+0x870/0xd50
[  313.608197][ T6429]  ? __kthread_parkme+0x1a8/0x200
[  313.608229][ T6429]  ? __pfx_worker_thread+0x10/0x10
[  313.608256][ T6429]  kthread+0x7b9/0x940
[  313.608290][ T6429]  ? __pfx_worker_thread+0x10/0x10
[  313.608318][ T6429]  ? __pfx_kthread+0x10/0x10
[  313.608348][ T6429]  ? __pfx_kthread+0x10/0x10
[  313.608378][ T6429]  ? __pfx_kthread+0x10/0x10
[  313.608409][ T6429]  ? __pfx_kthread+0x10/0x10
[  313.608439][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.608465][ T6429]  ? lockdep_hardirqs_on+0x9d/0x150
[  313.608489][ T6429]  ? __pfx_kthread+0x10/0x10
[  313.608520][ T6429]  ret_from_fork+0x4d/0x80
[  313.608546][ T6429]  ? __pfx_kthread+0x10/0x10
[  313.608582][ T6429]  ret_from_fork_asm+0x1a/0x30
[  313.608613][ T6429]  </TASK>
[  313.608620][ T6429] 
[  314.178399][ T6429] The buggy address belongs to the physical page:
[  314.184823][ T6429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x760 pfn:0x6ea7a
[  314.193768][ T6429] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  314.200880][ T6429] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[  314.209464][ T6429] raw: 0000000000000760 0000000000000000 00000000ffffffff 0000000000000000
[  314.218040][ T6429] page dumped because: kasan: bad access detected
[  314.224439][ T6429] page_owner tracks the page as freed
[  314.229794][ T6429] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 7663, tgid 7662 (syz.0.356), ts 300571958163, free_ts 308990893811
[  314.247793][ T6429]  post_alloc_hook+0x1f4/0x240
[  314.252583][ T6429]  get_page_from_freelist+0x352b/0x36c0
[  314.258131][ T6429]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  314.263938][ T6429]  alloc_pages_mpol+0x339/0x690
[  314.268799][ T6429]  folio_alloc_mpol_noprof+0x36/0x70
[  314.274096][ T6429]  shmem_alloc_and_add_folio+0x490/0x1070
[  314.279815][ T6429]  shmem_get_folio_gfp+0x655/0x1800
[  314.285023][ T6429]  shmem_fault+0x223/0x5c0
[  314.289436][ T6429]  __do_fault+0x137/0x390
[  314.293767][ T6429]  handle_pte_fault+0x3f0c/0x61c0
[  314.298789][ T6429]  handle_mm_fault+0x1129/0x1bf0
[  314.303734][ T6429]  __get_user_pages+0x1adc/0x4180
[  314.308785][ T6429]  populate_vma_page_range+0x266/0x340
[  314.314253][ T6429]  __mm_populate+0x27d/0x460
[  314.318850][ T6429]  vm_mmap_pgoff+0x390/0x530
[  314.323446][ T6429]  do_syscall_64+0xf3/0x230
[  314.327953][ T6429] page last free pid 7694 tgid 7662 stack trace:
[  314.334394][ T6429]  free_unref_folios+0xe0e/0x17f0
[  314.339504][ T6429]  folios_put_refs+0x70a/0x800
[  314.344366][ T6429]  shmem_undo_range+0x595/0x1820
[  314.349310][ T6429]  shmem_evict_inode+0x29d/0xa80
[  314.354246][ T6429]  evict+0x4fb/0x9b0
[  314.358232][ T6429]  __dentry_kill+0x20d/0x630
[  314.362815][ T6429]  dput+0x19f/0x2b0
[  314.366636][ T6429]  __fput+0x60b/0x9f0
[  314.370614][ T6429]  task_work_run+0x253/0x310
[  314.375229][ T6429]  do_exit+0xa11/0x27f0
[  314.379392][ T6429]  do_group_exit+0x207/0x2c0
[  314.383996][ T6429]  get_signal+0x1696/0x1730
[  314.388502][ T6429]  arch_do_signal_or_restart+0x98/0x840
[  314.394072][ T6429]  syscall_exit_to_user_mode+0xce/0x340
[  314.399641][ T6429]  do_syscall_64+0x100/0x230
[  314.404334][ T6429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.410225][ T6429] 
[  314.412549][ T6429] Memory state around the buggy address:
[  314.418185][ T6429]  ffff88806ea79f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  314.426331][ T6429]  ffff88806ea79f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  314.434390][ T6429] >ffff88806ea7a000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  314.442529][ T6429]                             ^
[  314.447383][ T6429]  ffff88806ea7a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  314.455442][ T6429]  ffff88806ea7a100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  314.463504][ T6429] ==================================================================
[  314.516427][ T6429] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  314.523751][ T6429] CPU: 1 UID: 0 PID: 6429 Comm: kworker/u8:14 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  314.535654][ T6429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  314.546240][ T6429] Workqueue: writeback wb_workfn (flush-7:5)
[  314.552255][ T6429] Call Trace:
[  314.555541][ T6429]  <TASK>
[  314.558478][ T6429]  dump_stack_lvl+0x241/0x360
[  314.563188][ T6429]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.568420][ T6429]  ? __pfx__printk+0x10/0x10
[  314.573088][ T6429]  ? vprintk_emit+0x81f/0xa40
[  314.577788][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.583429][ T6429]  ? vscnprintf+0x5d/0x90
[  314.587786][ T6429]  panic+0x349/0x880
[  314.591694][ T6429]  ? check_panic_on_warn+0x21/0xb0
[  314.596988][ T6429]  ? __pfx_panic+0x10/0x10
[  314.601411][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.607049][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.612685][ T6429]  ? _raw_spin_unlock_irqrestore+0x134/0x140
[  314.618666][ T6429]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  314.625030][ T6429]  check_panic_on_warn+0x86/0xb0
[  314.629976][ T6429]  ? ext4_find_extent+0xb92/0xd80
[  314.635011][ T6429]  end_report+0x77/0x160
[  314.639261][ T6429]  kasan_report+0x154/0x180
[  314.643776][ T6429]  ? ext4_find_extent+0xb92/0xd80
[  314.648817][ T6429]  ext4_find_extent+0xb92/0xd80
[  314.653683][ T6429]  ext4_ext_map_blocks+0x2e6/0x7d80
[  314.658889][ T6429]  ? ret_from_fork_asm+0x1a/0x30
[  314.663835][ T6429]  ? ret_from_fork_asm+0x1a/0x30
[  314.668771][ T6429]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  314.674944][ T6429]  ? ret_from_fork_asm+0x1a/0x30
[  314.679893][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.685544][ T6429]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[  314.691205][ T6429]  ? __lock_acquire+0xad5/0xd80
[  314.696064][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.701819][ T6429]  ? __pfx_down_write+0x10/0x10
[  314.706679][ T6429]  ? ext4_es_lookup_extent+0x61a/0xa90
[  314.712148][ T6429]  ext4_map_blocks+0x909/0x1a70
[  314.717009][ T6429]  ? __pfx_ext4_map_blocks+0x10/0x10
[  314.722297][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.727937][ T6429]  ? rcu_is_watching+0x15/0xb0
[  314.732715][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.738362][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.744002][ T6429]  ? ext4_inode_journal_mode+0x18b/0x460
[  314.749654][ T6429]  ext4_do_writepages+0x221d/0x3e50
[  314.754874][ T6429]  ? lockdep_hardirqs_on+0x9d/0x150
[  314.760079][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.765719][ T6429]  ? kfree+0x198/0x430
[  314.769806][ T6429]  ? __pfx_ext4_do_writepages+0x10/0x10
[  314.775361][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.780999][ T6429]  ? __local_bh_enable_ip+0x168/0x200
[  314.786372][ T6429]  ? cfg80211_inform_single_bss_data+0x1629/0x1ed0
[  314.792886][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.798529][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.804171][ T6429]  ? __lock_acquire+0xad5/0xd80
[  314.809021][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.814660][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.820291][ T6429]  ? rcu_read_lock_any_held+0xbb/0x160
[  314.825771][ T6429]  ext4_writepages+0x26f/0x450
[  314.830555][ T6429]  ? __pfx_ext4_writepages+0x10/0x10
[  314.835862][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.841501][ T6429]  ? do_raw_spin_unlock+0x13c/0x8b0
[  314.846718][ T6429]  ? __pfx_ext4_writepages+0x10/0x10
[  314.852023][ T6429]  do_writepages+0x366/0x890
[  314.856623][ T6429]  ? __pfx_do_writepages+0x10/0x10
[  314.861733][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.867376][ T6429]  ? sched_clock_cpu+0x77/0x4d0
[  314.872236][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.877904][ T6429]  ? __lock_acquire+0xad5/0xd80
[  314.882763][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.888403][ T6429]  ? reacquire_held_locks+0x12a/0x1e0
[  314.893785][ T6429]  ? writeback_sb_inodes+0x43f/0x1360
[  314.899176][ T6429]  __writeback_single_inode+0x14f/0x10d0
[  314.904824][ T6429]  writeback_sb_inodes+0x822/0x1360
[  314.910031][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.915678][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.921316][ T6429]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  314.926979][ T6429]  ? rcu_is_watching+0x15/0xb0
[  314.931754][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.937393][ T6429]  ? queue_io+0x3d9/0x5a0
[  314.941735][ T6429]  wb_writeback+0x415/0xb90
[  314.946246][ T6429]  ? queue_io+0x341/0x5a0
[  314.950588][ T6429]  ? __pfx_wb_writeback+0x10/0x10
[  314.955630][ T6429]  wb_workfn+0x412/0x10b0
[  314.959973][ T6429]  ? __pfx_wb_workfn+0x10/0x10
[  314.964733][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.970370][ T6429]  ? register_lock_class+0x54/0x330
[  314.975578][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.981215][ T6429]  ? __lock_acquire+0xad5/0xd80
[  314.986068][ T6429]  ? lockdep_hardirqs_on+0x9d/0x150
[  314.991274][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.996917][ T6429]  ? process_scheduled_works+0x9cb/0x18e0
[  315.002639][ T6429]  process_scheduled_works+0xac5/0x18e0
[  315.008202][ T6429]  ? __pfx_process_scheduled_works+0x10/0x10
[  315.014187][ T6429]  ? assign_work+0x367/0x3d0
[  315.018784][ T6429]  worker_thread+0x870/0xd50
[  315.023391][ T6429]  ? __kthread_parkme+0x1a8/0x200
[  315.028430][ T6429]  ? __pfx_worker_thread+0x10/0x10
[  315.033547][ T6429]  kthread+0x7b9/0x940
[  315.037633][ T6429]  ? __pfx_worker_thread+0x10/0x10
[  315.042747][ T6429]  ? __pfx_kthread+0x10/0x10
[  315.047344][ T6429]  ? __pfx_kthread+0x10/0x10
[  315.051942][ T6429]  ? __pfx_kthread+0x10/0x10
[  315.056547][ T6429]  ? __pfx_kthread+0x10/0x10
[  315.061149][ T6429]  ? srso_alias_return_thunk+0x5/0xfbef5
[  315.066785][ T6429]  ? lockdep_hardirqs_on+0x9d/0x150
[  315.071986][ T6429]  ? __pfx_kthread+0x10/0x10
[  315.076589][ T6429]  ret_from_fork+0x4d/0x80
[  315.081009][ T6429]  ? __pfx_kthread+0x10/0x10
[  315.085694][ T6429]  ret_from_fork_asm+0x1a/0x30
[  315.090464][ T6429]  </TASK>
[  315.093787][ T6429] Kernel Offset: disabled
[  315.098111][ T6429] Rebooting in 86400 seconds..