program: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$USERIO_CMD_REGISTER(r0, &(0x7f0000000100)={0x0, 0x7}, 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x8) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r2, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) syz_open_procfs(r2, &(0x7f0000000080)='mounts\x00') (async) r3 = syz_open_procfs(r2, &(0x7f0000000080)='mounts\x00') getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f00000001c0)) setreuid(0x0, 0x0) (async) setreuid(0x0, 0x0) read$FUSE(r3, &(0x7f0000002480)={0x2020}, 0x2020) read(r0, &(0x7f0000000140)=""/40, 0x28) (async) read(r0, &(0x7f0000000140)=""/40, 0x28) socket$nl_route(0x10, 0x3, 0x0) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) timer_create(0x1, &(0x7f0000000200)={0x0, 0x12, 0x4, @thr={&(0x7f00000044c0)="0d81e9b282fff50b3c18617673c3f95bb18a1825b788da6289a1d39372fbc8281004ae0aa12d2a88ad5376717d1b28f6ce9e6ace3438201ff94c7d035cf1e43b410a344a3f1fce661ac7ef06360084c1b3c8c513ba602c63455394b1a6c6b8cae977ffb10d5e5a4bdc50cad3391b14908046ed8ca6a67db942e5c4b778aa240ef1d93a1e5f80d1040a17c8808d63f99a97119609ee7e5989c3c885c1cabfceb97b455d442526bb99ee7fb42c17b5112c9a3cfaac81e939093357be8e8b398c622f3ce2bf0b6b68f402a81ecf39db4ec39cfd0e4ebe591a1878c6380fd17b5fbf916f3e2711cdd4ea2d92e7ef80c73d469046c2a0180194cd22497788eee3e07794414e9d45546bd9d19c07fccb3c34d5bccb95197c1b1aa03cb7678cd11ba8d4e02a5f6515cf7d016f62feca150b20755311af09fb4219110f41cacdcb95bd8084e053fd02e86817d77cd2fb6ba935521341b0806f0bbdad9e4e0f2b6090589c922888bc6b223e6264b5585cef9da1910fdce47b2615f43a7f5810b97483601cc151ceb7e9b702fcbc811d51274c33bfd13e7f87d0dbd14fe280c2c1eb690bd165ed6d8096f7c5f3c5cdfb3304111c21a0aa9c3215c8fbda371e7eb5d35db71879124fd573c3a4dde95cc13ecea1cbd847daca0ee357c56cbbcdcd154cd5d3870a005e3b190ecfab6e3e184a417766d3f4796e511a351e3121a8914f58f994424a77df4e2bfc654b7692d7ad77ab588074bbbff780c9f630d72d6e4184e7a68a0220fc2bdadf8158d8614f0cec9b5b199422f89a6d45cb2a7af9a530a548001e3fb4d5d283cab2dcb76e9c9a77f5af3e08250a7a02e15aa3a6bb6c82a70e4643d4fdf3327f6416fac5ffc582ee5aec0927aa4d3f454685c7033748cb57b7c5b296bee685a8519da18ef5ca8dd59c792ebb2b2002ef09d7fb49398479420c8875c90588bea79f41eb16d187f9c26f2abe9a2b0128e0c25b0a465a7ea1fabddb0699a05ba9917014d72a01f1b8d1e7ed375f679ff57bf07ce7c2ad133ae8f2afbcb182f8298eb55ccf84844d5b79466f6b99a1094dba72979274f3ffe2090f31e11851bd9378d5ce0db0d6d4a90469262e7e45236038650699a2342063e6030e88bc577bcb63e9bef8d8f6fda81cd3aa4387116eba84f4f8fa1e107021874c5aed88d34a09684230f8bd61e926f7e38e91640155eed31897d5262ff78a7d586d448057c34fcf6dba2c40adb838bedbe3020f6a16704d990552b12d8c969d972ecc348610630fc247f42a02015ed6782d19c345c8e2c8c162ade258c39623921dfd0f0e2923eb5821af781b35f022785e9bb67985f7c9654ce03a26fce78a1a0bbde622e76c4b1f24bfc09fb66d3e9c4febe37d1b82bf85aa93303aba663b3104ae892e1e88ad7eed3868e0fe3b861cb280fa300ac9055f043f50474538c58417d45806219f457f665d606f2704f42630d18cb484d35b74af052b2f8ba706bb81a041cd1a9723dd42eff56472ef05b2dc556287655e2228557ac6a50b497ef05bb443e54c87c854a06638365bb298ee1f4f66f725643e867452a04fb1411f8b25d908435081ea39630d68fddc6e35d6d8e1ff404e4419c59e9259afef3c1f6465e6230b96f050cff1ddb301397932f9b0c3ef2c207ea9daedc2eed032a7a6d7966cce98174cad7b9e191b7ff23b8bd2d1252319892b0446fbc86be49ddcfe69bb3399aaac055cdf5f12e0ffa8eb417624336733622cb2d0e628f6086a0d25044ee5a9ca03c4d35d263889fbc88f03b560bfdaa9300d9284793672ec5a41470f917c8683efb168464b1b11d74008a8f042b100592e0261a08aacb7df1021c1d02dc972e75e15436f4cda071de75c8ef4f3e107e0c29688a0c4059c089e5be1b46e8dd85ab0f3137ff8dafe1401858fed5bf4564c3206fa60e7155a371965c1cad037a0248a9d3a0d94252874f8b6aa46baa41e2ca388e6f0d205428861c372435e95387a0bb12dd8be768957580b10c9a8ecf892c51be548c90fee2422c1c58de73996393688c0d9d2aa24d7f62a8b3568fa6e2386eb644450c449120a7093f916517ce6685899bf723c75231c5bb8e26bca9daf1afa9e613111406c964683704359b9789771effac5112af8674086531d122a72adcb86360a09914c92eb2220b36fce04cc1b66b434f251a8dc7db9a6ab47f50c7bb917b52786410ebeca23b4ad28d4e7c67921865f4a4b6d4d4fbd10bb11468d6a1d9aee027d15c284238e93a37c0f2569701475d82ce69b442577943569bee223b65318be4821444dc609a7c2b4fa77ec778660bd4884823b0d8cf29c5cec25f8e612ea13bf54b31bff722ce6fb7139c4c66529dfc86ab47766754e99c01c9ed92dda8352841c95a0d6fc6b7eebd2441a8e6f86af014649d7bbb0e4dc4d30bb9e740f352b73fad51916b6b10e713dbea47124c752b8c125803f466cda1591cb2a821e3752cceb64603bc01dc88fd633a06ac98f3fe5127ae5c84033343385d9f6404cdcbcb3e15ca00d171cbfebaa42be5a472450258883871ebdf346d688572fd161617c9fd6ef84dbe675d944f2a211d79876c80785eaf9004147e7155c3613794a08ae5653b57b72540cf565db49523e7ac1278b78dd5287d8ee527e264033fcf48eab4b1940dc8c350810bcecad948cfc9f34cf1f624cf5b64b58c20e297a4e18110d742795a3fcddbabb0e444a3a3c565ec51bdd3c10aaf4650eeddc34cf4c66292f7cd0090f591be4db711bcd91edacd25d50981d1a30c35760d438054b14ef579b0a385faf9885801c7d72bb59d982a45a54e7f28bc35c70552c9de1468b61f7cd944123e9f383a50212909c7d585adcaedb2343707005680ac0219c4e85b3939f2d0a343cab55276dcb6dbb62b61a1e87e08ad8872b437f162e0f312d229f98e8993792f41b17d345c3bdf1b0c991d49ef1c3f34b3dbd523f77f40d9daf38ca8808741c307d7085a1a08df4a803730f19d84fbaf601c6711e20d78915d87484cab9d80ac874a88b5e2082f35c99b02880fdf3f6bd9632e05006c86766ab41242575ddde2d6fa963742da9d4a39bd4775b59e174e5610d98cb029cae68d42a59dcdadd615f9e3e97e21d1345a4e4c13f551517152f87ee514d99543f83e5056b1a7f95e5e423d7860c5b4c247dd275ac9f1f8c746c3b8a21dc09a26aa26cc49663af0703f2fdf0426cc66561a8abb441bf3749b98a5f411d661eb069ca58dbad61ca70c4196ddc8454dd053c2abe0b6394e577e1f0ec8f32749e870b3072ec459181b5a3ee3ddd51f054ecb4a252e9f250aabeb8d23b87f1e9d68fe774cf01e4a18956232f0b5a86e116ab9478673f78b09b8359e470b1a5b826798334f4df2fc2fb35efc80d1d865cc96396e35cfdc4aa533c5f288668ef62e778b2c4befb2cc857ed78d1a40b0c2443a8d93eff220a2bab60d7de6eb79079d064bd4deda483cdaf0f5de7396d03fea74ceeede39652e554b72fe9388d9016085d474199736d8b6f55f4a1648ffe0d3947e9cb80853a3a3ae1e1da9a6e30481a84c67395e38221c7b5307149f546302053dca6f8ca89b141eb18aee663ff3048fb35ae0ed5e3bd90405913a5441d8f81ec4256772a38fefae88af4ddc43c598ce251501915a66dcd44267a756cacafe65ae0e5b3164699797441674bae327e8e36333f044ab78692cda8ab56e0890479730d40ceacafbfc5cdc7943574654703b2f9192bfadfa5bbd0bf053a981e7025e2dc3a4f13660f4dd3bd1b0c8d34b46cfb91b883f4e55de2e6317b3f5aadb31fd8287b5692991e8b4a38b68ff64b841850468977caab139fc790544ff3583006c40dc0c0fcbd5c1c6a055eadaa8c24d63061c76168610bbd5f80a391c3ebb198fbb9e1f2c2f46b7f65138bd444e004d5a0ad940da4abaf18190e5184fee25df2ee2762480c3fdb033b9a927ee2c148cccfbcb1d152a6648fa24bb7ec7e451c448ea01a704e2bf8d5a66fe001f691b6e3c170285ce245b793e0ccaecc63d098a6b15f23c5c6b5c6fa41b162059748b55151fc4ca94a7af6a17d673f588e1bf9e4f0dedff3450aeed04c5808ec7347a8b5e23e651b7c0d7a3089e73471b9c8424c3fddb8258e8ec41d9dc0ab946c0cbcf731134e2695a5e8c5f1c2fbf85e7e89a1209de4a275458f1c9ab96c0231438342074df77d3a342375af7a441115d8612fadc8adc9ef7a4696f9ac0105f4ac7faa8af901a0f0beb9920c33137c330755876c14bec42512b4481d88060c8125d2294ac078dc1e8a4b58f836b797e16923adafdfadb717d0570feff87c091477b3c2b03c1506cbdaeeea6023d3ff82e06894bbbc9f472437fb1cbe8c83447d944e7a8bd0398ddeda9a4eca47d4700004cbfecc8cf0ad961d7f9975bb661cfdaceb1c6c24f40648e77c7b2ab3fa584bc769092ef8f51733fbbbe1ba2b4da257be64f41a9eedb4d7039b2f2960fd4c0a02c994f839b58f537a0862bb7ec4f9ae1355249e90f6ceccfc5c0943173517411cf316d716c6656d2f1e5c07580daa2adc0cbfd45fa22e59fcd85dc5460f4d8c35bdf74f471ca32cfaf9f03c43afb8765cdb1429c6f4a7a895361655fee7992364d16186c4481507000c8c4f273fa0b0e87350182497b3aa83f49b7998c860b93445ab52c6160a763c169691aec6ade3658273f3385777622a701ea043487061447d78cf71fd11c427f759efbed07e8ba6b699f6821e07a92ff55b9c621d47302f2d4a346cc2fc824959ff62551c185004d96cac61999559463599a7c63f65ff5a9ed944cf6c014523eab816bc32dc19939339c5e0c947be988b5e2d7118cce77403f294340e3cdfd0d9419f0a61f4dec1e68a04209598d40b0de82f694b28ca46b90784c156bd8393f69ebba61ccc60f66e441324c010df63d19cc346b19bc524c1fc9eb453e83948cc25b5cd33839435eaa035b46298b1a72a82d771b46981b9a91bf1e1ec83366db2d3d6019354a6e05c0274d5ebdebbefc5fd4e4b209d1e398993eefcc70cf93a9f8f55e59bf9a43c764cf94a43503e9ab1c510d5bfdb8544942f3ca00146f2a8c169cba2493c1ce0ee0872d111edd07dba048c023a0485e12e22adb547431a5d7812e4a36e9e6d0358770aac49e186cda252361aecfd8274b2894c5919b165b055249124cf53dcb31d4f165ad538dc340d4adbe9bcb4bd82284ff56528ed7fbab44aeab1b6966135ef8ec3cec2ec167a1fa389737a62f9a9bfb316f5ce2cb554a482a4968648d4b563262b78c89ea5000f2151b5fe6793c9009c3c083cf40c9b458bc711e8095a2918db9b8b682aecd477f685b3193d865dcae3d9ea43b612ba09e5019c6a637cd7de47abe8afb87f9277f6eb0c18d4709af733193b3b590dda4ccd565cf54b7a2bf95ef3902b2009d29765d56533282f6234c59315ee704a388bee08c08e36386159bef63047aadc28bf1768b33c6da1ee4275cdbbe619eddc0a0a2ccca3ebecf93146474569f2c70ff9f1abad0427d3b2afaa3e21b7c01d9d643300fcc8cf6304e7a5c1a3d07bdcd5cff668d99531985a2becc0136b9a60d38efd09ac67485b741b1fd1146dd11d741651ac08f8e7c58e7f23fb86ca4436707981f9a58bcb66d2166b14b08a2872eaed4c49e3fb86a3738fa8f598790ec18fb925dd849218fb2703c67c0650fb8c98f973fde0ddcf7d5d1cad10a9c748fbc5151600e7a8f7fe6ce8cf036f8318c220a2394f4cc435a936de620801a5334b7630329c08d879cbdedf0b58d94c1abdde760f1307f7ba6f3c2897", &(0x7f0000000280)="796468d5f74d3209e8c75d1a02697af6ad9f1775ba6360bd2910efe17c4a9fe2b47e178efc9518fb07e34dfdf1b74bb899a108b3da59554c6ac224768c1f430e51622c679f4e"}}, &(0x7f0000000300)=0x0) timer_settime(r5, 0x0, &(0x7f0000000340)={{0x77359400}, {0x77359400}}, &(0x7f00000003c0)) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r7 = syz_open_dev$usbfs(&(0x7f0000000380), 0x2fb8, 0x1) ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0xfffffff8, 0x25, &(0x7f0000000180)={0x40, 0xd, 0x8001, 0xd49, 0x953}, 0x95b, 0x6, 0xc0000, 0x0, 0x1e, 0x68e, 0x0}) syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000080)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119], 0x1, 0x4421, &(0x7f0000004500)="$eJzs3c9PHGUfAPBnBt63UNsKtYeamLiJTTRqCPSk0kRKaSm0WFNtY7xsF9i26MI2sBgPPeCtiScTD8ZDo4k3Tg0Hr/VP8OKxnpvowYuJSSNmd2eBGXbDSliwzeeTlNl5fu9+d5595jB94kTl9txSbm4pV1jIlWduLp3OfVYuLc8XQ7xPDrp/2tOJOIn9wbly7sIH10+H8NPsL4/X19fXQ1V3aGpoy+s//7g7s/XYEGfqVNtt3tpe+TiEcGLbuKq6Qggf/RhCFEI4m6SNJsfeEMKxUM+7fvfLG7k9Gs2DR8Uz+SdT99aGT02u3l9r/d6jEL4tvfjmrfnfXuka/vX1PeoeAAAAAAAAAAAAAAAAAICn3PjVK9feHxwKD6PQvRptf153PDm2ej52fc+83Pk3CwAAAAAAAAAAAAAAAAAAAP9Rm8//56LjTZ7/H0uOIy3qr7/b+THSORPvXRk7PziU7P8ebct/K0n6/WxX6G+y73t2//ezmfrN93/f3s9uNcbX6LcvRPFA6jyOBwZC+D7Z+P1kdDgulZcqb9wsLy/M7tkwnlrp+Nd3709FJ9nQv934j2ba7/z+/y9s+zZVz2/s3VfsmZaOf1fLcj98EbUV/3OZevsRf3YvHf/uWlrv1gIj9QmgGv+vuneO/1im/U7F/1gIIRdVx5pLzQDVNUw1vdV6hbR0/P9XS0tNnckH2er6/ysT//OZ9g9q/l/J/hDRVDr+/6+l9aRKbF7//fHO1/+FTPsHEf/q+Ff8/rclHf9D9cTuVJHaJ9nu/D+eab9T8b8WJ+M8FqW+AatRPb3V/1dHWjr+PdvyN+//4rbWfxcz9ffr/q/Rb+P+rzH9vxbV7/9oLh3/3pbl2r3+JzL1Oj3/j9TWf+xWOv6Ha2nptXNf7W+78Z/MtN+p+NdWJT2N+G/OJ38fqqd/Z/3XlnT8n6snxltLrNT+1tZ/0c7r/0uZ9g9i/Vcd/0rc2V6fFen4H2lZrhr/n9v4/b+cqdf5+IcwaK2/a+n4H21Zrnb99+wc/6lMvU7H/9VONg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFBhNjn0higdS53E8MBDCueT8ZDgcTRdm89Ol8synSyGMJem5cDy6VSpPF0r5uYXybDFfKJXKMyGcT/JPhJ5oqVSu5OcLdy5stNUb3S4WFivTxUIlhDCepL8Ujjbamp6rzBfuhBAubuQ9H5cX79wuLORn5xbfGRwcHAwTG2Poj4qfV4oLlXrv9dwQJjfq9kVbBlfLvrQxliPRJ+XlxYVCqZZ+eUudUnmmUNpSZyrJ+zr0R5XF5YWZQqWYL5VvNfo7SCPJcWzi6odXLw9ty78R1Y+j+zssAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6lh8NvfxNC6K6fxSGEXJS8iJJ/KQ8eFc/kn0zdWxs+Nbl6f+1xszIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXfpHaSCI4gD8Ziy09BhWy25nu6KIFq4InkCP4WH0KF7CO1ikSJsiBJJZCPsHtkmq72sezI+Z92AeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyz2+de+vdROR4mp7GfH7+fd/nD+X+n03ff/iDDNyOk8v3f1D3ZR/T6P8thyt2rxPN+uvj5iovZ/Bngz36WDcZ2hu3+bm6/teR8pVRLQlv0k5V9WytwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//z8QH1I=") r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) truncate(&(0x7f0000000040)='./file1\x00', 0x1001bfc) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r8, 0x4000) (async) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r8, 0x4000) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) (async) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) (async) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001800)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) r12 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x44}}, 0x0) (async) sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x44}}, 0x0) [ 73.833139][ T5294] Bluetooth: hci0: command tx timeout [ 73.896813][ T5314] misc userio: No port type given on /dev/userio [ 73.972916][ T5314] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 73.976186][ T5314] vhci_hcd vhci_hcd.0: invalid port number 73 [ 73.978910][ T5314] vhci_hcd vhci_hcd.0: default hub control req: 400d v8001 i0049 l2387 [ 74.174947][ T5314] loop0: detected capacity change from 0 to 32768 [ 74.187518][ T5314] ======================================================= [ 74.187518][ T5314] WARNING: The mand mount option has been deprecated and [ 74.187518][ T5314] and is ignored by this kernel. Remove the mand [ 74.187518][ T5314] option from the mount to silence this warning. [ 74.187518][ T5314] ======================================================= [ 74.285229][ T5314] JBD2: Ignoring recovery information on journal [ 74.352494][ T5314] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 74.420058][ T5315] ================================================================== [ 74.423410][ T5315] BUG: KASAN: slab-use-after-free in ocfs2_fault+0xdb/0x440 [ 74.426674][ T5315] Read of size 8 at addr ffff888012255418 by task syz.0.0/5315 [ 74.430005][ T5315] [ 74.431117][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.431130][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.431136][ T5315] Call Trace: [ 74.431143][ T5315] [ 74.431149][ T5315] dump_stack_lvl+0xe8/0x150 [ 74.431167][ T5315] print_report+0xba/0x230 [ 74.431180][ T5315] ? ocfs2_fault+0xdb/0x440 [ 74.431190][ T5315] kasan_report+0x117/0x150 [ 74.431206][ T5315] ? ocfs2_fault+0xdb/0x440 [ 74.431217][ T5315] ocfs2_fault+0xdb/0x440 [ 74.431227][ T5315] ? __pfx_ocfs2_fault+0x10/0x10 [ 74.431236][ T5315] ? css_rstat_updated+0x23a/0x530 [ 74.431248][ T5315] __do_fault+0x138/0x390 [ 74.431264][ T5315] do_pte_missing+0x228f/0x3750 [ 74.431280][ T5315] ? handle_mm_fault+0xee/0x3310 [ 74.431293][ T5315] handle_mm_fault+0x1bec/0x3310 [ 74.431307][ T5315] ? handle_mm_fault+0xee/0x3310 [ 74.431320][ T5315] ? __pfx_handle_mm_fault+0x10/0x10 [ 74.431331][ T5315] ? follow_page_pte+0x841/0x1450 [ 74.431345][ T5315] ? __pfx_follow_page_pte+0x10/0x10 [ 74.431358][ T5315] __get_user_pages+0x165b/0x29d0 [ 74.431376][ T5315] populate_vma_page_range+0x2be/0x3c0 [ 74.431387][ T5315] ? __pfx_populate_vma_page_range+0x10/0x10 [ 74.431398][ T5315] ? down_read+0x272/0x2e0 [ 74.431497][ T5315] ? __mm_populate+0x173/0x390 [ 74.431507][ T5315] __mm_populate+0x25f/0x390 [ 74.431518][ T5315] ? __pfx___mm_populate+0x10/0x10 [ 74.431530][ T5315] vm_mmap_pgoff+0x3aa/0x4f0 [ 74.431542][ T5315] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 74.431553][ T5315] ? __fget_files+0x2a/0x420 [ 74.431565][ T5315] ? __fget_files+0x3a0/0x420 [ 74.431575][ T5315] ? __fget_files+0x2a/0x420 [ 74.431586][ T5315] ksys_mmap_pgoff+0x51e/0x760 [ 74.431599][ T5315] do_syscall_64+0x14d/0xf80 [ 74.431609][ T5315] ? trace_irq_disable+0x3b/0x150 [ 74.431623][ T5315] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.431633][ T5315] ? clear_bhb_loop+0x40/0x90 [ 74.431642][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.431652][ T5315] RIP: 0033:0x7f58b399bf79 [ 74.431662][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.431671][ T5315] RSP: 002b:00007f58b4772028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 74.431682][ T5315] RAX: ffffffffffffffda RBX: 00007f58b3c16090 RCX: 00007f58b399bf79 [ 74.431690][ T5315] RDX: 00000000027ffff7 RSI: 0000000000600000 RDI: 0000200000000000 [ 74.431696][ T5315] RBP: 00007f58b3a327e0 R08: 000000000000000a R09: 0000000000004000 [ 74.431702][ T5315] R10: 0000000004012011 R11: 0000000000000246 R12: 0000000000000000 [ 74.431708][ T5315] R13: 00007f58b3c16128 R14: 00007f58b3c16090 R15: 00007ffc54d4d078 [ 74.431726][ T5315] [ 74.431729][ T5315] [ 74.545367][ T5315] Allocated by task 5315: [ 74.547328][ T5315] kasan_save_track+0x3e/0x80 [ 74.549391][ T5315] __kasan_slab_alloc+0x6c/0x80 [ 74.551462][ T5315] kmem_cache_alloc_noprof+0x2bc/0x650 [ 74.553861][ T5315] vm_area_alloc+0x24/0x140 [ 74.555964][ T5315] mmap_region+0xf90/0x1f50 [ 74.558072][ T5315] do_mmap+0xc39/0x10c0 [ 74.560032][ T5315] vm_mmap_pgoff+0x2c9/0x4f0 [ 74.562142][ T5315] ksys_mmap_pgoff+0x51e/0x760 [ 74.564329][ T5315] do_syscall_64+0x14d/0xf80 [ 74.566418][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.569072][ T5315] [ 74.570173][ T5315] Freed by task 5288: [ 74.572058][ T5315] kasan_save_track+0x3e/0x80 [ 74.574211][ T5315] kasan_save_free_info+0x46/0x50 [ 74.576516][ T5315] __kasan_slab_free+0x5c/0x80 [ 74.578673][ T5315] slab_free_after_rcu_debug+0x126/0x220 [ 74.581168][ T5315] rcu_core+0x7cd/0x1070 [ 74.583041][ T5315] handle_softirqs+0x22a/0x870 [ 74.585177][ T5315] __irq_exit_rcu+0x5f/0x150 [ 74.587219][ T5315] irq_exit_rcu+0x9/0x30 [ 74.589128][ T5315] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 74.591626][ T5315] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 74.594255][ T5315] [ 74.595353][ T5315] Last potentially related work creation: [ 74.597904][ T5315] kasan_save_stack+0x3e/0x60 [ 74.600001][ T5315] kasan_record_aux_stack+0xbd/0xd0 [ 74.602314][ T5315] kmem_cache_free+0x426/0x630 [ 74.604499][ T5315] vms_complete_munmap_vmas+0x625/0x890 [ 74.606928][ T5315] __mmap_complete+0x7b/0x5e0 [ 74.608931][ T5315] mmap_region+0x1430/0x1f50 [ 74.610945][ T5315] do_mmap+0xc39/0x10c0 [ 74.612804][ T5315] vm_mmap_pgoff+0x2c9/0x4f0 [ 74.614902][ T5315] ksys_mmap_pgoff+0x51e/0x760 [ 74.617016][ T5315] do_syscall_64+0x14d/0xf80 [ 74.619074][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.621667][ T5315] [ 74.622786][ T5315] The buggy address belongs to the object at ffff8880122553c0 [ 74.622786][ T5315] which belongs to the cache vm_area_struct of size 256 [ 74.629010][ T5315] The buggy address is located 88 bytes inside of [ 74.629010][ T5315] freed 256-byte region [ffff8880122553c0, ffff8880122554c0) [ 74.635000][ T5315] [ 74.636107][ T5315] The buggy address belongs to the physical page: [ 74.638960][ T5315] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12255 [ 74.642699][ T5315] memcg:ffff88801fd39281 [ 74.644566][ T5315] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 74.647696][ T5315] page_type: f5(slab) [ 74.649531][ T5315] raw: 00fff00000000000 ffff888030411500 dead000000000100 dead000000000122 [ 74.653346][ T5315] raw: 0000000000000000 00000008000c000c 00000000f5000000 ffff88801fd39281 [ 74.657181][ T5315] page dumped because: kasan: bad access detected [ 74.660074][ T5315] page_owner tracks the page as allocated [ 74.662592][ T5315] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4690, tgid 4690 (rcS), ts 32092047142, free_ts 31448758694 [ 74.671191][ T5315] post_alloc_hook+0x231/0x280 [ 74.673315][ T5315] get_page_from_freelist+0x24dc/0x2580 [ 74.675688][ T5315] __alloc_frozen_pages_noprof+0x18d/0x380 [ 74.678283][ T5315] allocate_slab+0x77/0x660 [ 74.680373][ T5315] refill_objects+0x331/0x3c0 [ 74.682423][ T5315] __pcs_replace_empty_main+0x2b9/0x620 [ 74.684777][ T5315] kmem_cache_alloc_noprof+0x37d/0x650 [ 74.687098][ T5315] vm_area_dup+0x2b/0x680 [ 74.688998][ T5315] dup_mmap+0x8b7/0x1b80 [ 74.690852][ T5315] copy_mm+0x13b/0x4b0 [ 74.692648][ T5315] copy_process+0x18b6/0x3cf0 [ 74.694748][ T5315] kernel_clone+0x248/0x8e0 [ 74.696728][ T5315] __x64_sys_clone+0x1b6/0x230 [ 74.698853][ T5315] do_syscall_64+0x14d/0xf80 [ 74.700931][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.703525][ T5315] page last free pid 1 tgid 1 stack trace: [ 74.706070][ T5315] __free_frozen_pages+0xc00/0xd90 [ 74.708363][ T5315] free_reserved_page+0xce/0x120 [ 74.710509][ T5315] free_reserved_area+0x90/0x190 [ 74.712536][ T5315] free_kernel_image_pages+0xa2/0x100 [ 74.714683][ T5315] kernel_init+0x31/0x1d0 [ 74.716433][ T5315] ret_from_fork+0x51e/0xb90 [ 74.718420][ T5315] ret_from_fork_asm+0x1a/0x30 [ 74.720555][ T5315] [ 74.721626][ T5315] Memory state around the buggy address: [ 74.724015][ T5315] ffff888012255300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.727449][ T5315] ffff888012255380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 74.730925][ T5315] >ffff888012255400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.734414][ T5315] ^ [ 74.736498][ T5315] ffff888012255480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 74.739924][ T5315] ffff888012255500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.743416][ T5315] ================================================================== [ 75.015640][ T5320] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 75.019355][ T5320] macsec1: entered promiscuous mode [ 75.035017][ T5320] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 75.048599][ T5315] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.052230][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.056058][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.060268][ T5315] Call Trace: [ 75.061764][ T5315] [ 75.063099][ T5315] vpanic+0x56c/0xa60 [ 75.064807][ T5315] ? __pfx_vpanic+0x10/0x10 [ 75.066801][ T5315] panic+0xc5/0xd0 [ 75.068649][ T5315] ? __pfx_panic+0x10/0x10 [ 75.070798][ T5315] ? preempt_schedule_thunk+0x16/0x30 [ 75.073232][ T5315] ? ocfs2_fault+0xdb/0x440 [ 75.075142][ T5315] ? preempt_schedule_thunk+0x16/0x30 [ 75.077111][ T5315] ? ocfs2_fault+0xdb/0x440 [ 75.078941][ T5315] check_panic_on_warn+0x89/0xb0 [ 75.080944][ T5315] ? ocfs2_fault+0xdb/0x440 [ 75.082734][ T5315] end_report+0x73/0x180 [ 75.084462][ T5315] ? ocfs2_fault+0xdb/0x440 [ 75.086131][ T5315] kasan_report+0x128/0x150 [ 75.087900][ T5315] ? ocfs2_fault+0xdb/0x440 [ 75.089560][ T5315] ocfs2_fault+0xdb/0x440 [ 75.091281][ T5315] ? __pfx_ocfs2_fault+0x10/0x10 [ 75.093532][ T5315] ? css_rstat_updated+0x23a/0x530 [ 75.096284][ T5315] __do_fault+0x138/0x390 [ 75.098625][ T5315] do_pte_missing+0x228f/0x3750 [ 75.101068][ T5315] ? handle_mm_fault+0xee/0x3310 [ 75.103200][ T5315] handle_mm_fault+0x1bec/0x3310 [ 75.105463][ T5315] ? handle_mm_fault+0xee/0x3310 [ 75.107725][ T5315] ? __pfx_handle_mm_fault+0x10/0x10 [ 75.110102][ T5315] ? follow_page_pte+0x841/0x1450 [ 75.112133][ T5315] ? __pfx_follow_page_pte+0x10/0x10 [ 75.114446][ T5315] __get_user_pages+0x165b/0x29d0 [ 75.116500][ T5315] populate_vma_page_range+0x2be/0x3c0 [ 75.118711][ T5315] ? __pfx_populate_vma_page_range+0x10/0x10 [ 75.121267][ T5315] ? down_read+0x272/0x2e0 [ 75.123287][ T5315] ? __mm_populate+0x173/0x390 [ 75.125388][ T5315] __mm_populate+0x25f/0x390 [ 75.127633][ T5315] ? __pfx___mm_populate+0x10/0x10 [ 75.129999][ T5315] vm_mmap_pgoff+0x3aa/0x4f0 [ 75.132125][ T5315] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 75.134331][ T5315] ? __fget_files+0x2a/0x420 [ 75.136391][ T5315] ? __fget_files+0x3a0/0x420 [ 75.138467][ T5315] ? __fget_files+0x2a/0x420 [ 75.140493][ T5315] ksys_mmap_pgoff+0x51e/0x760 [ 75.142576][ T5315] do_syscall_64+0x14d/0xf80 [ 75.144619][ T5315] ? trace_irq_disable+0x3b/0x150 [ 75.146776][ T5315] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.149321][ T5315] ? clear_bhb_loop+0x40/0x90 [ 75.151425][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.153906][ T5315] RIP: 0033:0x7f58b399bf79 [ 75.155842][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.164026][ T5315] RSP: 002b:00007f58b4772028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 75.167741][ T5315] RAX: ffffffffffffffda RBX: 00007f58b3c16090 RCX: 00007f58b399bf79 [ 75.171140][ T5315] RDX: 00000000027ffff7 RSI: 0000000000600000 RDI: 0000200000000000 [ 75.174582][ T5315] RBP: 00007f58b3a327e0 R08: 000000000000000a R09: 0000000000004000 [ 75.177949][ T5315] R10: 0000000004012011 R11: 0000000000000246 R12: 0000000000000000 [ 75.181389][ T5315] R13: 00007f58b3c16128 R14: 00007f58b3c16090 R15: 00007ffc54d4d078 [ 75.184783][ T5315] [ 75.186483][ T5315] Kernel Offset: disabled [ 75.188403][ T5315] Rebooting in 86400 seconds..