program: syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000100)={[{@acl}, {@heartbeat_none}, {@localflocks}, {@coherency_full}, {@dir_resv_level={'dir_resv_level', 0x3d, 0x6}}, {@barrier={'barrier', 0x3d, 0x3}}, {@intr}, {@noacl}]}, 0x1, 0x443a, &(0x7f0000004480)="$eJzs3b1vHGkZAPBnxj7ODpfDPq44JCRW4iQQIMu+CvBJOI4Tn30xQYE7IZrN2t5LDGtvZK8RxRWmO4kKiQJRRCDRuYpc0IY/gYYy1JGgoEFCijDa3VlnZ3ZX3lhem4Tfr/DsvN+7z3y8U4zfNNO4v7VX2torVXZK9Y1P9t4r/bxe29+uRnpB+vb/2sX1z3BGcZxc9rH3/+z29Zs//Pi9iD9v/vXp8fHxcTSNR19zXZ//9c9PN7q3HWmhTrPd/q2dl59ExNs942oai4gf/ykiiYhrWdpitp2MiKvRzvv401/dLZ3TaB49qb5ffrb22dH8u6uHD48Gf/ck4ne1L33r3vbfvzo2/7dvnFP3AAAAAAAAAAAAAAAAAAC85Jbv3P7oB7Nz8TiJ8cOk933d5Ww76P3Y43PzldF/WQAAAAAAAAAAAAAAAAAAAPgf9fz9/1LyVtf7/50lwJey7cKA+sffu5hxMhor37+9dGN2Llv/PenJ/3aW9I9rYzHdZ9334vrv1wr1+6//3tvPWXXG1+l3KmJqJrefpjMzEX/IFn5/J7mS1up7jW9+Ut/f2Ty3Yby08vFvr96fi062oP+w8V8stD/69f+/2HM0Nffvnt8h9krLx39sYLk//jLpjX/aG//rhXoXEX/OLh//9l1/srvAQvsC0Iz/r8dPP/+XCu0PHf+JFxv3mxFRSppjLeWuAM05TDN90HyFvHz8X2ul5S6d2Q/Z9/yPiH8X4n+j0P5lXf8Pijci+srH/3OttPyp+Pz8n05PP/9vFtq/jPg3x3/g/j+UfPxfbyeO54q0fslhr//LhfZHFf+P0mycbya5I+AwaacP+n915OXj33sTfv78lw41//+gUP+inv86/U5Fks50PYd8PWk//9FfPv6TA8sNe/6vFOqN+vq/0Jr/cVb5+F9ppeXnzlOtv8PGf7XQ/qji35qVTHTin5w8uP7n9Xb6783/hpKP/+fbiWl3iYPW39b8Lzl9/v9hof3LmP81x3+QjrbXV0U+/m8MLNeM/1+GuP/fKtQbffwjZs31zywf/6sDy7XO/4nT479WqDfq+H9tlI0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvAQWs+1UJOlMbj9NZ2Yirmf778SVZL2yWV6v1Td+thexlKWX4q3kXq2+XqmVt3bqm9VypVarb0TcyPLfjolkr1ZvlLcrD26etDWZ3K9Wdhvr1UojIpaz9C/H1U5b61uN7cqDiPjgJO8LaX33wf3KTnlza/e7s7Ozs7FyMobppPqLRnWn0e69nRuxelJ3KukaXCv7w5OxvJH8tL6/u1OptdJvddWp1Tcqta46a1neb2I6aezu72xUGtVyrX6v099lWsi2Syt3fnTn1lxP/t2kvV282GEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8IIez3/ntxEx3t5LI2Kh8yHpV/7Rk+r75Wdrnx3Nv7t6+PDo6aByAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBfduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBLxygNBFEYgN+Mhdp5DKtlt7NdUUQLVwRPoMfwMHoUL+EdUqRImyIEklkIm13YJqm+r3kwPzPvwTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCep/fu461uIlJcbS4j/r7+F4f5S6k/9+P3L84wI6fz/No9PNZN+fd0lN+Vo2Wbd+l69f0ZI7X3O9iT4T7t9X2uJ+ea2rep+fq+N5FyFRFtyW9TzlU17y0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC07cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZR9G0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8CgAA//8LEB8u") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r0, 0x0, 0x0, 0x1001f0) write$UHID_CREATE2(r0, &(0x7f00000001c0)={0xb, {'syz0\x00', 'syz0\x00', 'syz1\x00', 0x0, 0x7, 0x800, 0x6, 0xb, 0x1}}, 0x118) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000e80)=@bpf_lsm={0x1d, 0x4, &(0x7f0000001440)=ANY=[@ANYBLOB="180004000600000000000000fc73000009000000000000001f877575f658353bedec17e8ba1c3a42d599ed387cfbbcadf6c6fdedf909f4ef2c0bc38e831da4da049a78b7d3a86cd52eff461687de0600582ba57dab57606a8afcd737df387fbb3a51c2a1f05d597dbe6dfecb4c475e378c25db161187feff9fd4269ee6177e9c60d4145f275a7664020091c75a71254e8b1c9fcafbeb594138045b218500000000000000e0ffffffffffffff00000000000000000000000000000000000000aa1b810865241b23b840d0cd6c8fad0bbcf8febf4aa21bfee9a98a5df0f8824c97f855c8ce5c256fbd9019789c9bb6c8c8423b50043c2cd3dd6152acce4b5f40e04d55e0bdc5da50d14c5f3d5134f5c5debef33ef1373a5ad82c5e94b7c18e942505194819e78a01a048d7761dc91b4eceefc3e47e4dc3eb2ab90b769fe4884d831e58339416e04d50dd68e3e4963703c602f219b0baefce4fc62d9e77a7d5b4ae0b9cbc1443d181e6fb420af4a1690ae6a3283ef307b774b6088cd7d3455623d66b7ef066dda67625f099920596fb5a808e00de55099e38eb6d98365f2f2861"], &(0x7f0000000880)='GPL\x00', 0x1f, 0x93, &(0x7f0000000cc0)=""/147, 0x0, 0x2, '\x00', r2, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000b80)={0x9}, 0x8, 0x10, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1c, 0x17, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x40}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4800000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @map_val={0x18, 0x7, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @generic={0x3, 0xc, 0x9, 0x10, 0x2}, @call={0x85, 0x0, 0x0, 0x43}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6}]}, &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x1f, &(0x7f0000000500)=""/31, 0x41000, 0x60, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r0, 0x1, &(0x7f0000000580)=[r0, r0, r0, r0, r0], &(0x7f00000005c0)=[{0x2, 0x5, 0x1, 0xb}], 0x10, 0xfffffff9, @void, @value}, 0x94) r5 = socket$nl_audit(0x10, 0x3, 0x9) getsockopt$sock_buf(r5, 0x1, 0x4c, 0x0, &(0x7f0000000540)) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xd, 0x11, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8}, [@printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x5}, @jmp={0x5, 0x0, 0x6, 0x6, 0xa, 0xfffffffffffffff4, 0x4}, @jmp={0x5, 0x1, 0x9, 0xa, 0x1, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000000)='GPL\x00', 0x206, 0x34, &(0x7f0000000080)=""/52, 0x41100, 0x0, '\x00', r1, @sock_ops=0x3, r0, 0x8, &(0x7f00000003c0)={0x5, 0x1}, 0x8, 0x10, 0x0, 0x0, r3, r4, 0x0, &(0x7f00000006c0)=[r0], 0x0, 0x10, 0xcf, @void, @value}, 0x94) r6 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x60) fallocate(r6, 0x0, 0x0, 0x1001f0) [ 76.956746][ T4669] Bluetooth: hci0: command tx timeout [ 76.967681][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.970462][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.432011][ T5323] loop0: detected capacity change from 0 to 32768 [ 77.446344][ T5323] ======================================================= [ 77.446344][ T5323] WARNING: The mand mount option has been deprecated and [ 77.446344][ T5323] and is ignored by this kernel. Remove the mand [ 77.446344][ T5323] option from the mount to silence this warning. [ 77.446344][ T5323] ======================================================= [ 77.549401][ T5323] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 77.566789][ T5323] ================================================================== [ 77.569998][ T5323] BUG: KASAN: slab-out-of-bounds in ocfs2_claim_suballoc_bits+0x10d3/0x2560 [ 77.573664][ T5323] Read of size 4 at addr ffff8880422fc2c0 by task syz.0.0/5323 [ 77.576861][ T5323] [ 77.577916][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0 [ 77.577934][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.577943][ T5323] Call Trace: [ 77.577951][ T5323] [ 77.577958][ T5323] dump_stack_lvl+0x241/0x360 [ 77.577980][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.577992][ T5323] ? __pfx__printk+0x10/0x10 [ 77.578006][ T5323] ? _printk+0xd5/0x120 [ 77.578018][ T5323] ? __virt_addr_valid+0x183/0x530 [ 77.578038][ T5323] ? __virt_addr_valid+0x183/0x530 [ 77.578054][ T5323] print_report+0x169/0x550 [ 77.578070][ T5323] ? __virt_addr_valid+0x183/0x530 [ 77.578090][ T5323] ? __virt_addr_valid+0x183/0x530 [ 77.578110][ T5323] ? __virt_addr_valid+0x45f/0x530 [ 77.578126][ T5323] ? __phys_addr+0xba/0x170 [ 77.578142][ T5323] ? ocfs2_claim_suballoc_bits+0x10d3/0x2560 [ 77.578159][ T5323] kasan_report+0x143/0x180 [ 77.578178][ T5323] ? ocfs2_claim_suballoc_bits+0x10d3/0x2560 [ 77.578198][ T5323] ocfs2_claim_suballoc_bits+0x10d3/0x2560 [ 77.578214][ T5323] ? mark_lock+0x9a/0x360 [ 77.578231][ T5323] ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10 [ 77.578254][ T5323] ? mark_lock+0x9a/0x360 [ 77.578268][ T5323] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 77.578291][ T5323] ocfs2_claim_new_inode+0x338/0x870 [ 77.578312][ T5323] ? __pfx_ocfs2_claim_new_inode+0x10/0x10 [ 77.578328][ T5323] ? __set_current_blocked+0x310/0x380 [ 77.578343][ T5323] ? __pfx___set_current_blocked+0x10/0x10 [ 77.578357][ T5323] ? rcu_is_watching+0x15/0xb0 [ 77.578372][ T5323] ocfs2_mknod_locked+0x17a/0x3b0 [ 77.578390][ T5323] ? __pfx_sigprocmask+0x10/0x10 [ 77.578404][ T5323] ? __pfx_ocfs2_mknod_locked+0x10/0x10 [ 77.578418][ T5323] ? ocfs2_start_trans+0x4e3/0x700 [ 77.578436][ T5323] ? __pfx_ocfs2_block_signals+0x10/0x10 [ 77.578451][ T5323] ? ocfs2_init_security_get+0x134/0x1a0 [ 77.578463][ T5323] ocfs2_mknod+0x17d4/0x2b30 [ 77.578476][ T5323] ? __pfx_validate_chain+0x10/0x10 [ 77.578494][ T5323] ? __pfx_ocfs2_mknod+0x10/0x10 [ 77.578514][ T5323] ? __lock_acquire+0x1397/0x2100 [ 77.578535][ T5323] ? __pfx_lock_acquire+0x10/0x10 [ 77.578551][ T5323] ? ocfs2_inode_unlock+0xa7/0x150 [ 77.578574][ T5323] ? __pfx_lock_release+0x10/0x10 [ 77.578588][ T5323] ? do_raw_spin_lock+0x14f/0x370 [ 77.578604][ T5323] ? do_raw_spin_unlock+0x58/0x8b0 [ 77.578620][ T5323] ? _raw_spin_unlock+0x28/0x50 [ 77.578691][ T5323] ? rcu_is_watching+0x15/0xb0 [ 77.578704][ T5323] ? ocfs2_lookup+0x503/0xa30 [ 77.578721][ T5323] ocfs2_create+0x1ab/0x470 [ 77.578737][ T5323] ? __pfx_ocfs2_create+0x10/0x10 [ 77.578753][ T5323] ? inode_permission+0xff/0x460 [ 77.578771][ T5323] ? __pfx_ocfs2_permission+0x10/0x10 [ 77.578783][ T5323] ? bpf_lsm_inode_create+0x9/0x10 [ 77.578795][ T5323] ? security_inode_create+0xbe/0x340 [ 77.578806][ T5323] ? __pfx_ocfs2_create+0x10/0x10 [ 77.578820][ T5323] path_openat+0x193c/0x3590 [ 77.578840][ T5323] ? __pfx_path_openat+0x10/0x10 [ 77.578855][ T5323] do_filp_open+0x27f/0x4e0 [ 77.578867][ T5323] ? __pfx_do_filp_open+0x10/0x10 [ 77.578877][ T5323] ? do_raw_spin_lock+0x14f/0x370 [ 77.578900][ T5323] do_sys_openat2+0x13e/0x1d0 [ 77.578916][ T5323] ? __might_fault+0xaa/0x120 [ 77.578934][ T5323] ? __pfx_do_sys_openat2+0x10/0x10 [ 77.578948][ T5323] ? rcu_is_watching+0x15/0xb0 [ 77.578961][ T5323] ? __rseq_handle_notify_resume+0x34d/0x14e0 [ 77.578982][ T5323] __x64_sys_open+0x225/0x270 [ 77.578997][ T5323] ? __pfx___x64_sys_open+0x10/0x10 [ 77.579013][ T5323] ? do_syscall_64+0x100/0x230 [ 77.579028][ T5323] ? do_syscall_64+0xb6/0x230 [ 77.579041][ T5323] do_syscall_64+0xf3/0x230 [ 77.579055][ T5323] ? clear_bhb_loop+0x35/0x90 [ 77.579073][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.579090][ T5323] RIP: 0033:0x7f1d7138cde9 [ 77.579104][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.579114][ T5323] RSP: 002b:00007f1d72259038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 77.579129][ T5323] RAX: ffffffffffffffda RBX: 00007f1d715a5fa0 RCX: 00007f1d7138cde9 [ 77.579140][ T5323] RDX: 0000000000000000 RSI: 000000000014927e RDI: 0000400000000180 [ 77.579149][ T5323] RBP: 00007f1d7140e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 77.579157][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.579164][ T5323] R13: 0000000000000000 R14: 00007f1d715a5fa0 R15: 00007ffe00c59a28 [ 77.579175][ T5323] [ 77.579179][ T5323] [ 77.768426][ T5323] Allocated by task 5306: [ 77.770179][ T5323] kasan_save_track+0x3f/0x80 [ 77.771751][ T5323] __kasan_kmalloc+0x98/0xb0 [ 77.773391][ T5323] __kmalloc_node_noprof+0x290/0x4d0 [ 77.775416][ T5323] qdisc_alloc+0x9a/0xa80 [ 77.777006][ T5323] qdisc_create_dflt+0x62/0x4b0 [ 77.779079][ T5323] dev_activate+0x3c0/0x1240 [ 77.781075][ T5323] __dev_open+0x38e/0x4a0 [ 77.782765][ T5323] __dev_change_flags+0x1e2/0x6f0 [ 77.784838][ T5323] dev_change_flags+0x8b/0x1a0 [ 77.786636][ T5323] do_setlink+0xcca/0x4300 [ 77.788489][ T5323] rtnl_newlink+0x1704/0x1d30 [ 77.790395][ T5323] rtnetlink_rcv_msg+0x791/0xcf0 [ 77.792612][ T5323] netlink_rcv_skb+0x206/0x480 [ 77.794646][ T5323] netlink_unicast+0x7f6/0x990 [ 77.796832][ T5323] netlink_sendmsg+0x8de/0xcb0 [ 77.798980][ T5323] __sock_sendmsg+0x221/0x270 [ 77.800746][ T5323] __sys_sendto+0x363/0x4c0 [ 77.802457][ T5323] __x64_sys_sendto+0xde/0x100 [ 77.804499][ T5323] do_syscall_64+0xf3/0x230 [ 77.806643][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.809523][ T5323] [ 77.810590][ T5323] The buggy address belongs to the object at ffff8880422fc000 [ 77.810590][ T5323] which belongs to the cache kmalloc-1k of size 1024 [ 77.815319][ T5323] The buggy address is located 0 bytes to the right of [ 77.815319][ T5323] allocated 704-byte region [ffff8880422fc000, ffff8880422fc2c0) [ 77.820438][ T5323] [ 77.821397][ T5323] The buggy address belongs to the physical page: [ 77.823782][ T5323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x422fc [ 77.827532][ T5323] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 77.831844][ T5323] ksm flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 77.834926][ T5323] page_type: f5(slab) [ 77.836464][ T5323] raw: 04fff00000000040 ffff88801b041dc0 ffffea0001026f00 dead000000000003 [ 77.839629][ T5323] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 77.842838][ T5323] head: 04fff00000000040 ffff88801b041dc0 ffffea0001026f00 dead000000000003 [ 77.846657][ T5323] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 77.850489][ T5323] head: 04fff00000000002 ffffea000108bf01 ffffffffffffffff 0000000000000000 [ 77.854003][ T5323] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 77.857497][ T5323] page dumped because: kasan: bad access detected [ 77.860016][ T5323] page_owner tracks the page as allocated [ 77.862273][ T5323] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5261, tgid 5261 (sshd), ts 54394775793, free_ts 53142951054 [ 77.871205][ T5323] post_alloc_hook+0x1f4/0x240 [ 77.873036][ T5323] get_page_from_freelist+0x365c/0x37a0 [ 77.875089][ T5323] __alloc_frozen_pages_noprof+0x292/0x710 [ 77.877329][ T5323] alloc_pages_mpol+0x311/0x660 [ 77.879365][ T5323] allocate_slab+0x8f/0x3a0 [ 77.881561][ T5323] ___slab_alloc+0xc27/0x14a0 [ 77.884118][ T5323] __slab_alloc+0x58/0xa0 [ 77.886066][ T5323] __kmalloc_node_track_caller_noprof+0x2e9/0x4c0 [ 77.888776][ T5323] kmalloc_reserve+0x111/0x2a0 [ 77.890723][ T5323] pskb_expand_head+0x1ee/0x1440 [ 77.892665][ T5323] __skb_pad+0x33b/0x5e0 [ 77.894227][ T5323] e1000_xmit_frame+0x3eaa/0x56c0 [ 77.896267][ T5323] dev_hard_start_xmit+0x27a/0x7d0 [ 77.898515][ T5323] sch_direct_xmit+0x29c/0x5d0 [ 77.900559][ T5323] __dev_queue_xmit+0x1a8f/0x3f50 [ 77.902839][ T5323] ip_finish_output2+0xcd3/0x12e0 [ 77.905014][ T5323] page last free pid 5273 tgid 5273 stack trace: [ 77.907368][ T5323] free_frozen_pages+0xe0d/0x10e0 [ 77.909447][ T5323] stack_depot_save_flags+0x7c6/0x940 [ 77.911548][ T5323] kasan_save_track+0x51/0x80 [ 77.913718][ T5323] __kasan_slab_alloc+0x66/0x80 [ 77.916307][ T5323] kmem_cache_alloc_noprof+0x1d9/0x380 [ 77.918785][ T5323] jbd2__journal_start+0x14d/0x5d0 [ 77.920921][ T5323] __ext4_journal_start_sb+0x239/0x600 [ 77.922991][ T5323] ext4_dirty_inode+0x92/0x110 [ 77.924707][ T5323] __mark_inode_dirty+0x2ee/0xe90 [ 77.926439][ T5323] file_modified_flags+0x43f/0x4e0 [ 77.928412][ T5323] ext4_write_checks+0x24a/0x2c0 [ 77.930499][ T5323] ext4_buffered_write_iter+0xa1/0x390 [ 77.932723][ T5323] ext4_file_write_iter+0x88f/0x1cd0 [ 77.934928][ T5323] vfs_write+0xacf/0xd10 [ 77.936392][ T5323] ksys_write+0x18f/0x2b0 [ 77.937944][ T5323] do_syscall_64+0xf3/0x230 [ 77.939788][ T5323] [ 77.940764][ T5323] Memory state around the buggy address: [ 77.942986][ T5323] ffff8880422fc180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.947237][ T5323] ffff8880422fc200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.951027][ T5323] >ffff8880422fc280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 77.954422][ T5323] ^ [ 77.956744][ T5323] ffff8880422fc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.959501][ T5323] ffff8880422fc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.963393][ T5323] ================================================================== [ 77.983759][ T5323] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 77.987270][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0 [ 77.991720][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.995445][ T5323] Call Trace: [ 77.996668][ T5323] [ 77.997735][ T5323] dump_stack_lvl+0x241/0x360 [ 77.999989][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.002832][ T5323] ? __pfx__printk+0x10/0x10 [ 78.004855][ T5323] ? preempt_schedule+0xe1/0xf0 [ 78.006939][ T5323] ? vscnprintf+0x5d/0x90 [ 78.008915][ T5323] panic+0x349/0x880 [ 78.010506][ T5323] ? check_panic_on_warn+0x21/0xb0 [ 78.012415][ T5323] ? __pfx_panic+0x10/0x10 [ 78.014015][ T5323] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 78.016196][ T5323] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 78.018968][ T5323] ? print_report+0x502/0x550 [ 78.020971][ T5323] check_panic_on_warn+0x86/0xb0 [ 78.022799][ T5323] ? ocfs2_claim_suballoc_bits+0x10d3/0x2560 [ 78.025231][ T5323] end_report+0x77/0x160 [ 78.026854][ T5323] kasan_report+0x154/0x180 [ 78.028577][ T5323] ? ocfs2_claim_suballoc_bits+0x10d3/0x2560 [ 78.031025][ T5323] ocfs2_claim_suballoc_bits+0x10d3/0x2560 [ 78.033452][ T5323] ? mark_lock+0x9a/0x360 [ 78.035404][ T5323] ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10 [ 78.037722][ T5323] ? mark_lock+0x9a/0x360 [ 78.039250][ T5323] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 78.041463][ T5323] ocfs2_claim_new_inode+0x338/0x870 [ 78.043479][ T5323] ? __pfx_ocfs2_claim_new_inode+0x10/0x10 [ 78.045871][ T5323] ? __set_current_blocked+0x310/0x380 [ 78.048417][ T5323] ? __pfx___set_current_blocked+0x10/0x10 [ 78.051450][ T5323] ? rcu_is_watching+0x15/0xb0 [ 78.053533][ T5323] ocfs2_mknod_locked+0x17a/0x3b0 [ 78.055681][ T5323] ? __pfx_sigprocmask+0x10/0x10 [ 78.057736][ T5323] ? __pfx_ocfs2_mknod_locked+0x10/0x10 [ 78.059842][ T5323] ? ocfs2_start_trans+0x4e3/0x700 [ 78.061829][ T5323] ? __pfx_ocfs2_block_signals+0x10/0x10 [ 78.064288][ T5323] ? ocfs2_init_security_get+0x134/0x1a0 [ 78.066733][ T5323] ocfs2_mknod+0x17d4/0x2b30 [ 78.068691][ T5323] ? __pfx_validate_chain+0x10/0x10 [ 78.070973][ T5323] ? __pfx_ocfs2_mknod+0x10/0x10 [ 78.073091][ T5323] ? __lock_acquire+0x1397/0x2100 [ 78.075144][ T5323] ? __pfx_lock_acquire+0x10/0x10 [ 78.077196][ T5323] ? ocfs2_inode_unlock+0xa7/0x150 [ 78.079216][ T5323] ? __pfx_lock_release+0x10/0x10 [ 78.081237][ T5323] ? do_raw_spin_lock+0x14f/0x370 [ 78.083519][ T5323] ? do_raw_spin_unlock+0x58/0x8b0 [ 78.086014][ T5323] ? _raw_spin_unlock+0x28/0x50 [ 78.088224][ T5323] ? rcu_is_watching+0x15/0xb0 [ 78.090772][ T5323] ? ocfs2_lookup+0x503/0xa30 [ 78.092804][ T5323] ocfs2_create+0x1ab/0x470 [ 78.094698][ T5323] ? __pfx_ocfs2_create+0x10/0x10 [ 78.096953][ T5323] ? inode_permission+0xff/0x460 [ 78.098973][ T5323] ? __pfx_ocfs2_permission+0x10/0x10 [ 78.101151][ T5323] ? bpf_lsm_inode_create+0x9/0x10 [ 78.103101][ T5323] ? security_inode_create+0xbe/0x340 [ 78.105175][ T5323] ? __pfx_ocfs2_create+0x10/0x10 [ 78.107407][ T5323] path_openat+0x193c/0x3590 [ 78.110066][ T5323] ? __pfx_path_openat+0x10/0x10 [ 78.112617][ T5323] do_filp_open+0x27f/0x4e0 [ 78.115080][ T5323] ? __pfx_do_filp_open+0x10/0x10 [ 78.117117][ T5323] ? do_raw_spin_lock+0x14f/0x370 [ 78.119151][ T5323] do_sys_openat2+0x13e/0x1d0 [ 78.121183][ T5323] ? __might_fault+0xaa/0x120 [ 78.123132][ T5323] ? __pfx_do_sys_openat2+0x10/0x10 [ 78.125209][ T5323] ? rcu_is_watching+0x15/0xb0 [ 78.127155][ T5323] ? __rseq_handle_notify_resume+0x34d/0x14e0 [ 78.129737][ T5323] __x64_sys_open+0x225/0x270 [ 78.131828][ T5323] ? __pfx___x64_sys_open+0x10/0x10 [ 78.134007][ T5323] ? do_syscall_64+0x100/0x230 [ 78.135901][ T5323] ? do_syscall_64+0xb6/0x230 [ 78.137863][ T5323] do_syscall_64+0xf3/0x230 [ 78.139528][ T5323] ? clear_bhb_loop+0x35/0x90 [ 78.141174][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.143414][ T5323] RIP: 0033:0x7f1d7138cde9 [ 78.145214][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.153844][ T5323] RSP: 002b:00007f1d72259038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 78.157523][ T5323] RAX: ffffffffffffffda RBX: 00007f1d715a5fa0 RCX: 00007f1d7138cde9 [ 78.160771][ T5323] RDX: 0000000000000000 RSI: 000000000014927e RDI: 0000400000000180 [ 78.164259][ T5323] RBP: 00007f1d7140e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 78.167909][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 78.171261][ T5323] R13: 0000000000000000 R14: 00007f1d715a5fa0 R15: 00007ffe00c59a28 [ 78.174428][ T5323] [ 78.175892][ T5323] Kernel Offset: disabled [ 78.177575][ T5323] Rebooting in 86400 seconds..