program: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file5\x00', 0x4006, &(0x7f0000000140)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@minixdf}]}, 0x2, 0x42e, &(0x7f0000000d80)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+tj7O+jg6ZHi9g09WKh2urrsO1KWTvi42hE0p1bpp9Ff7/0CUYvXkDcSrn3a1ccC2qlQqlQfaH16qAP9jSXS7BUB3FF/02fy32HZo6HFXuPFSbQKUxX0r32pH+iLNy/Q3zW87aTgiziz981W2xfbchwAAaPB9Nv55ttX4L436+0L35msogxFxX0QcjIhTEXEoIu6PqJZ9MCIe2mT9zYska8c/6fUtBbZB2fjvxXxtq3H8V4z+YrCU5w5U4+9Pzs6WZ47n78lI9O/O8uPr1PHDK7990e5Y/fgv27L6i7Fg3o7rfbsbXzM9uTB5JzHXu/FJxFBfq/iTlZWAJCIOR8TQFuuYffqbo+2O3T7+dXRgnanydcRTtfO/FE3xF5L11yfH7onyzPGx4qpY65dfr77Zrv47ir8DsvO/t+X1vxL/YFK/Xju/+Tqu/vF52znNVq//XcnbDfs+nFxYuDQesSt5vdbo+v0TTeUmVstn8Y8ca93/D8bqO3EkIrKL+OGIeCQiHs3b/lhEPB4Rx9aJ/6eXn3hv6/Fvryz+6U2d/9XErmje0zpROv/jdw2VDm4m/uz8n6ymRvI9G/n820i7tnY1AwAAwH9PGhH7I0lHV9JpOjpa+w3/odiblufmF545O/fBxenaMwKD0Z8Wd7oG6u6HjufT+iI/0ZQ/kd83/rK0p5ofnZorT3c7eOhx+9r0/8yfpW63Dth2nteC3qX/Q+/S/6F36f/Qu1r0/z3daAew81p9/3/chXYAO6+p/1v2gx5i/g+9S/+H3qX/Q0+a3xO3f0heQmJNItK7ohkS25To9icTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//+i45rU=") r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x88c0, &(0x7f00000007c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c0050890e1d2cc1bbbdf08d08fe06ff2766758d8955927fab01a7ccdecfc59b2041a9461723f1db971e775e0e358c03b00c510998283ed6f1dba0502d352e58b65a28492b0a7053e14eccd84ac5b3452602d77c0ca06fcbf3756ab0c1000b6cd9257f69726afcec2859414f3e35e002dcdf2b18b581c33cd87be229bc4302b017e3c3"], 0x1, 0x4436, &(0x7f000000cd80)="$eJzs3b9vFFceAPA3Y3PYHHA2UHDSSbfSId3p7mTZVHdnpDPGYGxwiEhAUZplbS/gZO1F9jpKQeF0SKkipYhSoERK5wq5SEv+hDQpSY2UFGkiRUJxtLuz9s54V95YXjuQz0fI43m/vd+dN2+K4cWJyv2FldzCSq6wlCvP3V05n3uvXFpdLIb4gLTs/8jB9U9nuvE9Oezv3u/ZjUtX3rh9PoSv5r95vrm5uRmqekNLI02///jDw7nmY0OcqVNtt3Vr++XtEMKZHeOq6gkhvPVlCFEI4WKSNp4c+0MIJ0I97/bDD+/k9mk0T54VL+RfzDzaGD03vf54o/3fHoXwaenP/763+N3feka//ec+dQ8AAAAAAAAAAAAAAAAAwEtu8uaNW68Pj4SnUehdj3a+rzuZHNu9H7u5b/7a/T8WAAAAAAAAAAAAAAAAAAAAfqO23//PRadavP8/kRzH2tTf/H/3x0j3TL12Y+Ly8Eiy/3u0I/8/SdL3F3vCYIt937P7v1/M1G+9//vOfvaqMb5GvwMhiodS53E8NBTC58nG72ejY3GpvFL5193y6tL8vg3jpZWOf333/lR0kg39O43/eKb97u//fzr8IZNSHf+d/fuKvdLS8e9pW+6LD6KO4n8pU+8g4s/epePfW0vrby4wVp8AqvH/qHf3+E9k2u9W/E+GEHJRday5cLppxqquYarp7dYrpKXjf6SWlpo6kw+y3fX/Uyb+lzPtH8T1n53qq+dr2RsRLaXjX7+T9tX+NWxf/4Px7tf/lUz7hxH/6uDX3P87ko7/0Xpib6pI7ZPsdP6fzLTfrfjfipNxnoxS34D1qJ7e7v+rIy0d/74d+dvPf3FH67+rmfoH9fzX6Lfx/NeY/v8R1Z//aC0d//625Tq9/qcy9bo9/4/V1n/sVTr+x2pp6bXzQO1np/GfzrTfrfjXViV9jfhvzyc/H62nf2b915F0/P9YT4ybS6zVftbWf9Hu6/9rmfYPY/1XHf9a3N1eXxXp+B9vW64a/687uP9fz9TrfvxDGLbW37N0/E+0LVe7/vt2j/9Mpl634//3bjYOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8BIYT44DIYqHUudxPDQUwqXk/Gw4Fs0W5vOzpfLcuyshTCTpuXAqulcqzxZK+YWl8nwxXyiVynMhXE7yz4S+aKVUruQXCw+ubLXVH90vFpYrs8VCJYQwmaT/JZxotDW7UFksPAghXN3K+1NcXn5wv7CUn19Y/t/w8PBwmNoaw2BUfL9SXKrUe6/nhjC9VXcgahpcLfva1liOR++UV5eXCqVa+vWmOqXyXKHUVGcmyfs4DEaV5dWluUKlmC+V7zX6O0xjyXFi6uabN6+P7Mi/E9WP4wc7LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+paej//0khNBbP4tDCGONX6JW5Z88K17Iv5h5tDF6bnr98cbzduUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAXduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBLxygNBFEYgN+Mhdp5DKtlt7NdUUQLVwRPoMfwMHoUL+EdUqRImyIEklkIm13YJqm+r3kwPzPvwTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC07cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZR9G0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//8gcHx0=") open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x40042, 0x0) pwrite64(r1, &(0x7f0000000540)="9e", 0x1, 0xfecf) r2 = open(&(0x7f000001f580)='./file1\x00', 0x145142, 0x0) ftruncate(r2, 0x96ef) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000080)='.\x00', 0x1a4a438, &(0x7f0000000100)=ANY=[], 0xb, 0x0, &(0x7f0000000100)) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x18, 0x4, 0x0, 0x0, 0x19, 0xd, "ef359f303bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6550820d1cbf7966d61fdcf331263bd9bffbcc2542ded71038259ca171ce1a311ef54ed1ed71e14ef3d0000f6ff00000000000000cd00", "f28359738e229a6f00000000000000e6d60200870000000000000000000100", [0x4, 0x8000000009]}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58) copy_file_range(r4, 0x0, r4, &(0x7f00000000c0)=0xae8, 0x863, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[], 0x24}}, 0x48890) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="ed7574f50a8c2b4b6ab6b961050000000001000000002e00000008000300", @ANYRES32=r6, @ANYBLOB="0a003400020202020202000004009300"], 0x2c}}, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x6042, 0x144) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), r3) sendmsg$TIPC_NL_NET_GET(r1, &(0x7f0000000640)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0xa0, r8, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8cc9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xc2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}]}, @TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7c}]}, @TIPC_NLA_NET={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2d5d}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x800}, 0x81) r9 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r9, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x80, 0x0, 0x0, 0xd, "22536af39b7c7cb7435b0a43852dbc3a9ada34cc97af10fd4fcca15748328c53096c2f359e9ba743d30b59c491a7b3e74d938981061383374a1d79471a2d2dfe", "0410b1617b6217917d72322c0c5aa9263626c0240010f9db74161ccff2c5cf5e", [0x3, 0x800]}) ioctl$TUNSETGROUP(r7, 0x400454ce, 0xee01) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) [ 67.988714][ T5336] Bluetooth: hci0: command tx timeout [ 68.020182][ T5356] loop0: detected capacity change from 0 to 512 [ 68.050908][ T5356] EXT4-fs: Ignoring removed i_version option [ 68.111199][ T5356] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 68.117307][ T5356] EXT4-fs (loop0): 1 truncate cleaned up [ 68.130689][ T5356] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.510173][ T5356] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. [ 68.539050][ T5356] loop0: detected capacity change from 512 to 0 [ 68.551243][ T5356] ================================================================== [ 68.554646][ T5356] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.558240][ T5356] Read of size 18446744073709551600 at addr ffff888041b522b8 by task syz.0.0/5356 [ 68.562100][ T5356] [ 68.563154][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.563171][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.563179][ T5356] Call Trace: [ 68.563187][ T5356] [ 68.563193][ T5356] dump_stack_lvl+0x189/0x250 [ 68.563212][ T5356] ? __virt_addr_valid+0x1c8/0x5c0 [ 68.563227][ T5356] ? rcu_is_watching+0x15/0xb0 [ 68.563239][ T5356] ? __kasan_check_byte+0x12/0x40 [ 68.563253][ T5356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.563264][ T5356] ? rcu_is_watching+0x15/0xb0 [ 68.563274][ T5356] ? lock_release+0x4b/0x3e0 [ 68.563291][ T5356] ? __virt_addr_valid+0x1c8/0x5c0 [ 68.563305][ T5356] ? __virt_addr_valid+0x4a5/0x5c0 [ 68.563319][ T5356] print_report+0xca/0x240 [ 68.563330][ T5356] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.563342][ T5356] kasan_report+0x118/0x150 [ 68.563350][ T5356] ? bdev_getblk+0x80/0x660 [ 68.563360][ T5356] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.563369][ T5356] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.563378][ T5356] kasan_check_range+0x2b0/0x2c0 [ 68.563386][ T5356] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.563395][ T5356] __asan_memmove+0x29/0x70 [ 68.563402][ T5356] ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.563420][ T5356] ext4_xattr_ibody_set+0x254/0x6a0 [ 68.563436][ T5356] ext4_destroy_inline_data_nolock+0x214/0x5b0 [ 68.563458][ T5356] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 68.563469][ T5356] ? __kasan_check_byte+0x12/0x40 [ 68.563484][ T5356] ? down_write+0x162/0x1f0 [ 68.563541][ T5356] ? ext4_journal_check_start+0x1cf/0x2b0 [ 68.563559][ T5356] ext4_destroy_inline_data+0x83/0xe0 [ 68.563571][ T5356] ext4_do_writepages+0x526/0x4610 [ 68.563585][ T5356] ? __kernel_text_address+0xd/0x40 [ 68.563602][ T5356] ? unwind_get_return_address+0x4d/0x90 [ 68.563614][ T5356] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 68.563627][ T5356] ? arch_stack_walk+0xfc/0x150 [ 68.563644][ T5356] ? __pfx_hlock_conflict+0x10/0x10 [ 68.563657][ T5356] ? check_path+0x21/0x40 [ 68.563669][ T5356] ? lockdep_unlock+0x89/0x120 [ 68.563684][ T5356] ? validate_chain+0x897/0x2140 [ 68.563696][ T5356] ? __pfx_ext4_do_writepages+0x10/0x10 [ 68.563712][ T5356] ? __lock_acquire+0xab9/0xd20 [ 68.563729][ T5356] ? rcu_read_lock_any_held+0xb3/0x120 [ 68.563745][ T5356] ext4_writepages+0x205/0x350 [ 68.563762][ T5356] ? __pfx_ext4_writepages+0x10/0x10 [ 68.563781][ T5356] ? __lock_acquire+0xab9/0xd20 [ 68.563797][ T5356] ? __pfx_ext4_writepages+0x10/0x10 [ 68.563813][ T5356] do_writepages+0x32e/0x550 [ 68.563828][ T5356] ? do_raw_spin_unlock+0x4d/0x240 [ 68.563842][ T5356] file_write_and_wait_range+0x23e/0x340 [ 68.563858][ T5356] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 68.563878][ T5356] ? generic_perform_write+0x809/0x900 [ 68.563892][ T5356] generic_buffers_fsync_noflush+0x6c/0x180 [ 68.563910][ T5356] ext4_sync_file+0x332/0xb20 [ 68.563925][ T5356] ext4_buffered_write_iter+0x2ca/0x3a0 [ 68.563940][ T5356] ext4_file_write_iter+0x298/0x1bc0 [ 68.563957][ T5356] ? splice_from_pipe_next+0x608/0x660 [ 68.563972][ T5356] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 68.563985][ T5356] ? __asan_memset+0x22/0x50 [ 68.563997][ T5356] iter_file_splice_write+0x975/0x10e0 [ 68.564016][ T5356] ? __pfx_iter_file_splice_write+0x10/0x10 [ 68.564031][ T5356] ? rcu_read_lock_any_held+0xb3/0x120 [ 68.564044][ T5356] ? __pfx_iter_file_splice_write+0x10/0x10 [ 68.564058][ T5356] direct_splice_actor+0x101/0x160 [ 68.564072][ T5356] splice_direct_to_actor+0x5a5/0xcc0 [ 68.564089][ T5356] ? __pfx_direct_splice_actor+0x10/0x10 [ 68.564102][ T5356] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 68.564117][ T5356] do_splice_direct+0x181/0x270 [ 68.564131][ T5356] ? __pfx_do_splice_direct+0x10/0x10 [ 68.564143][ T5356] ? rcu_read_lock_any_held+0xb3/0x120 [ 68.564155][ T5356] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 68.564170][ T5356] ? vfs_copy_file_range+0xa73/0x1310 [ 68.564188][ T5356] vfs_copy_file_range+0xabc/0x1310 [ 68.564206][ T5356] ? __pfx_vfs_copy_file_range+0x10/0x10 [ 68.564224][ T5356] __se_sys_copy_file_range+0x2fb/0x470 [ 68.564240][ T5356] ? __pfx___se_sys_copy_file_range+0x10/0x10 [ 68.564256][ T5356] ? rcu_is_watching+0x15/0xb0 [ 68.564268][ T5356] ? __x64_sys_copy_file_range+0x21/0xf0 [ 68.564283][ T5356] do_syscall_64+0xfa/0x3b0 [ 68.564296][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.564305][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.564317][ T5356] ? clear_bhb_loop+0x60/0xb0 [ 68.564329][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.564341][ T5356] RIP: 0033:0x7fe82998eec9 [ 68.564353][ T5356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.564362][ T5356] RSP: 002b:00007fe82a7ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 68.564375][ T5356] RAX: ffffffffffffffda RBX: 00007fe829be5fa0 RCX: 00007fe82998eec9 [ 68.564383][ T5356] RDX: 000000000000000a RSI: 0000000000000000 RDI: 000000000000000a [ 68.564390][ T5356] RBP: 00007fe829a11f91 R08: 0000000000000863 R09: 0000000000000000 [ 68.564398][ T5356] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 68.564405][ T5356] R13: 00007fe829be6038 R14: 00007fe829be5fa0 R15: 00007fff1e60c678 [ 68.564417][ T5356] [ 68.564421][ T5356] [ 68.784477][ T5356] The buggy address belongs to the physical page: [ 68.787203][ T5356] page: refcount:3 mapcount:0 mapping:ffff88803202cd80 index:0x2 pfn:0x41b52 [ 68.790781][ T5356] memcg:ffff888030488d00 [ 68.792659][ T5356] aops:def_blk_aops ino:700000 dentry name(?):"" [ 68.795470][ T5356] flags: 0x4fff18000004214(referenced|dirty|workingset|private|node=1|zone=1|lastcpupid=0x7ff) [ 68.799994][ T5356] raw: 04fff18000004214 0000000000000000 dead000000000122 ffff88803202cd80 [ 68.803705][ T5356] raw: 0000000000000002 ffff88803218b910 00000003ffffffff ffff888030488d00 [ 68.807501][ T5356] page dumped because: kasan: bad access detected [ 68.810395][ T5356] page_owner tracks the page as allocated [ 68.812930][ T5356] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5356, tgid 5355 (syz.0.0), ts 68549808391, free_ts 68547676741 [ 68.821503][ T5356] post_alloc_hook+0x240/0x2a0 [ 68.823679][ T5356] get_page_from_freelist+0x21e4/0x22c0 [ 68.826183][ T5356] __alloc_frozen_pages_noprof+0x181/0x370 [ 68.828848][ T5356] alloc_pages_mpol+0x232/0x4a0 [ 68.831048][ T5356] alloc_pages_noprof+0xa9/0x190 [ 68.833266][ T5356] folio_alloc_noprof+0x1e/0x30 [ 68.835355][ T5356] filemap_alloc_folio_noprof+0xdf/0x470 [ 68.837720][ T5356] __filemap_get_folio+0x3f2/0xaf0 [ 68.839883][ T5356] bdev_getblk+0x1ad/0x660 [ 68.841840][ T5356] __ext4_get_inode_loc+0x561/0x1040 [ 68.844075][ T5356] ext4_reserve_inode_write+0x18b/0x360 [ 68.846321][ T5356] __ext4_mark_inode_dirty+0x15b/0x700 [ 68.848707][ T5356] ext4_dirty_inode+0xd0/0x110 [ 68.850793][ T5356] __mark_inode_dirty+0x2ec/0xe10 [ 68.852997][ T5356] file_modified_flags+0x4b0/0x560 [ 68.855230][ T5356] ext4_write_checks+0x240/0x2c0 [ 68.857426][ T5356] page last free pid 5332 tgid 5332 stack trace: [ 68.860098][ T5356] free_unref_folios+0xdbd/0x1520 [ 68.862277][ T5356] folios_put_refs+0x559/0x640 [ 68.864302][ T5356] shmem_undo_range+0x49e/0x14b0 [ 68.866439][ T5356] shmem_evict_inode+0x272/0xa70 [ 68.868502][ T5356] evict+0x504/0x9c0 [ 68.870337][ T5356] __dentry_kill+0x209/0x660 [ 68.872471][ T5356] dput+0x19f/0x2b0 [ 68.874188][ T5356] do_renameat2+0x6de/0xa80 [ 68.876181][ T5356] __x64_sys_rename+0x82/0x90 [ 68.878219][ T5356] do_syscall_64+0xfa/0x3b0 [ 68.880140][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.882617][ T5356] [ 68.883700][ T5356] Memory state around the buggy address: [ 68.886059][ T5356] ffff888041b52180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.889609][ T5356] ffff888041b52200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.893043][ T5356] >ffff888041b52280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.896349][ T5356] ^ [ 68.899083][ T5356] ffff888041b52300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.902587][ T5356] ffff888041b52380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.906152][ T5356] ================================================================== [ 68.927634][ T5356] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.930763][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.934757][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.939564][ T5356] Call Trace: [ 68.941103][ T5356] [ 68.942404][ T5356] dump_stack_lvl+0x99/0x250 [ 68.944451][ T5356] ? __asan_memcpy+0x40/0x70 [ 68.946566][ T5356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.948819][ T5356] ? __pfx__printk+0x10/0x10 [ 68.950832][ T5356] vpanic+0x281/0x750 [ 68.952606][ T5356] ? __pfx_print_hex_dump+0x10/0x10 [ 68.954856][ T5356] ? __pfx_vpanic+0x10/0x10 [ 68.956798][ T5356] ? preempt_schedule_common+0x83/0xd0 [ 68.959118][ T5356] ? preempt_schedule+0xae/0xc0 [ 68.961314][ T5356] panic+0xb9/0xc0 [ 68.963121][ T5356] ? __pfx_panic+0x10/0x10 [ 68.965086][ T5356] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.967742][ T5356] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.970327][ T5356] check_panic_on_warn+0x89/0xb0 [ 68.972457][ T5356] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.974844][ T5356] end_report+0x78/0x160 [ 68.976662][ T5356] kasan_report+0x129/0x150 [ 68.978637][ T5356] ? bdev_getblk+0x80/0x660 [ 68.980582][ T5356] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.982847][ T5356] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.985113][ T5356] kasan_check_range+0x2b0/0x2c0 [ 68.987215][ T5356] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.989554][ T5356] __asan_memmove+0x29/0x70 [ 68.991469][ T5356] ext4_xattr_set_entry+0x9c1/0x1e20 [ 68.993747][ T5356] ext4_xattr_ibody_set+0x254/0x6a0 [ 68.996027][ T5356] ext4_destroy_inline_data_nolock+0x214/0x5b0 [ 68.998624][ T5356] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 69.001396][ T5356] ? __kasan_check_byte+0x12/0x40 [ 69.003496][ T5356] ? down_write+0x162/0x1f0 [ 69.005558][ T5356] ? ext4_journal_check_start+0x1cf/0x2b0 [ 69.007960][ T5356] ext4_destroy_inline_data+0x83/0xe0 [ 69.010301][ T5356] ext4_do_writepages+0x526/0x4610 [ 69.012563][ T5356] ? __kernel_text_address+0xd/0x40 [ 69.014801][ T5356] ? unwind_get_return_address+0x4d/0x90 [ 69.017406][ T5356] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 69.020229][ T5356] ? arch_stack_walk+0xfc/0x150 [ 69.022581][ T5356] ? __pfx_hlock_conflict+0x10/0x10 [ 69.024925][ T5356] ? check_path+0x21/0x40 [ 69.027094][ T5356] ? lockdep_unlock+0x89/0x120 [ 69.029178][ T5356] ? validate_chain+0x897/0x2140 [ 69.031331][ T5356] ? __pfx_ext4_do_writepages+0x10/0x10 [ 69.033645][ T5356] ? __lock_acquire+0xab9/0xd20 [ 69.035687][ T5356] ? rcu_read_lock_any_held+0xb3/0x120 [ 69.038007][ T5356] ext4_writepages+0x205/0x350 [ 69.040056][ T5356] ? __pfx_ext4_writepages+0x10/0x10 [ 69.042362][ T5356] ? __lock_acquire+0xab9/0xd20 [ 69.044458][ T5356] ? __pfx_ext4_writepages+0x10/0x10 [ 69.046771][ T5356] do_writepages+0x32e/0x550 [ 69.048773][ T5356] ? do_raw_spin_unlock+0x4d/0x240 [ 69.050985][ T5356] file_write_and_wait_range+0x23e/0x340 [ 69.053351][ T5356] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 69.055949][ T5356] ? generic_perform_write+0x809/0x900 [ 69.058223][ T5356] generic_buffers_fsync_noflush+0x6c/0x180 [ 69.060841][ T5356] ext4_sync_file+0x332/0xb20 [ 69.062761][ T5356] ext4_buffered_write_iter+0x2ca/0x3a0 [ 69.065060][ T5356] ext4_file_write_iter+0x298/0x1bc0 [ 69.067329][ T5356] ? splice_from_pipe_next+0x608/0x660 [ 69.069713][ T5356] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 69.072139][ T5356] ? __asan_memset+0x22/0x50 [ 69.073990][ T5356] iter_file_splice_write+0x975/0x10e0 [ 69.076256][ T5356] ? __pfx_iter_file_splice_write+0x10/0x10 [ 69.078923][ T5356] ? rcu_read_lock_any_held+0xb3/0x120 [ 69.081315][ T5356] ? __pfx_iter_file_splice_write+0x10/0x10 [ 69.083843][ T5356] direct_splice_actor+0x101/0x160 [ 69.086083][ T5356] splice_direct_to_actor+0x5a5/0xcc0 [ 69.088528][ T5356] ? __pfx_direct_splice_actor+0x10/0x10 [ 69.091004][ T5356] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 69.093576][ T5356] do_splice_direct+0x181/0x270 [ 69.095739][ T5356] ? __pfx_do_splice_direct+0x10/0x10 [ 69.098855][ T5356] ? rcu_read_lock_any_held+0xb3/0x120 [ 69.101236][ T5356] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 69.103743][ T5356] ? vfs_copy_file_range+0xa73/0x1310 [ 69.105962][ T5356] vfs_copy_file_range+0xabc/0x1310 [ 69.108263][ T5356] ? __pfx_vfs_copy_file_range+0x10/0x10 [ 69.110738][ T5356] __se_sys_copy_file_range+0x2fb/0x470 [ 69.113064][ T5356] ? __pfx___se_sys_copy_file_range+0x10/0x10 [ 69.115709][ T5356] ? rcu_is_watching+0x15/0xb0 [ 69.117776][ T5356] ? __x64_sys_copy_file_range+0x21/0xf0 [ 69.120090][ T5356] do_syscall_64+0xfa/0x3b0 [ 69.121988][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.124195][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.126796][ T5356] ? clear_bhb_loop+0x60/0xb0 [ 69.128912][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.131363][ T5356] RIP: 0033:0x7fe82998eec9 [ 69.133692][ T5356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.143175][ T5356] RSP: 002b:00007fe82a7ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 69.146663][ T5356] RAX: ffffffffffffffda RBX: 00007fe829be5fa0 RCX: 00007fe82998eec9 [ 69.150030][ T5356] RDX: 000000000000000a RSI: 0000000000000000 RDI: 000000000000000a [ 69.153510][ T5356] RBP: 00007fe829a11f91 R08: 0000000000000863 R09: 0000000000000000 [ 69.156738][ T5356] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 69.160212][ T5356] R13: 00007fe829be6038 R14: 00007fe829be5fa0 R15: 00007fff1e60c678 [ 69.163624][ T5356] [ 69.165275][ T5356] Kernel Offset: disabled [ 69.167127][ T5356] Rebooting in 86400 seconds..