program:
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x85c, 0x0, @perf_config_ext={0x101}, 0x120ce, 0xeb, 0x0, 0x3, 0x59f4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r0 = syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x4432, &(0x7f00000088c0)="$eJzs3c9PXFsdAPDvvfAs1NcnPN/ivcTESXyJRg2Bt1JpIqW0FFqsqbYxbqYDTFt0YBoYjIsucNfElYkL46LRxB2rhoXb+ie4cVnXTXThxsSkETMzd4B7mQljw8Br8/ksuNzzG773njl3ceekmcajta3S2lapslGqrzzY+qz0i3pte70a6Rnp2v97Z9c//Tn5OvlkAG0yKLevXv/Rvc8i/rL6t1f7+/v70TQcXU0d+f3f/3qycvTYkRbqNNvt3tpp+WlEfHRsXE1DEfGTP0ckEXElS5vNjqMRcSnaefee/Pp+6ZRG8/xl9XL59dLTvelPF3ef7fX+25OI39c++fbD9X98bWj67988pe4BAAAAAAAAAAAAAAAAAHjLzd+5ffeHk1PxIonh3eT4+7rz2bHX+7H7p+arEWOD/3sBAAAAAAAAAAAAAAAAAADg8+jw/f9S8mGX9//nsuNMj/r73x/8GBmchR/cnrs2OZXt/54cy/9OlvTPK0Mx3mXf9+L+71cK9bvv/368nzfVGV+n37FI0onceZpOTMSFP2Ybv3+cXExr9a3Gtx7UtzdWT20Yb618/Nu79ydHfnY29O83/rOF9ge///+Xj11NzfP7p3eJvdPy8R/qWe5Pv0r6iv/VQr2ziD9vLh//4WbSF3IFZtoTQDP+vxk+Of5zhfYHFf8PIqKURIxGKTcDNNcwzfRe6xXy8vF/r5WWmzqzf2Sv+/8/hfhfK7R/XvP/TvGDiK7y8W/f+iO5Eof3/3h68v1/vdD+ecS/Of4dn/99ycf/QjtxOFek9Z/sd/6fL7Q/qPjfTbNxfpDkroDdpJ3e6/vqyMvHf+RY/uHzX9rX+u9Gof5ZPf91+u08/3Wm/28krec/esjHf7RnuX7v/4VCvUHP/zOt9V9hzUrf8vG/2ErLr53bX8rZb/wXC+0PKv6tVclIJ/6H88l/L7TT/2D915d8/L/YTkyPlthp/Wyt/5KT1/83C+2fx/qvOf6ddLC9vivy8X+/Z7lm/P/ax+f/rUK9wcc/YtJa/43l43+pZ7nW/T9ycvyXCvUGHf+vD7JxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLfAbHYciySdyJ2n6cRExNXs/OO4mCxXVsvLtfrKz7ci5rL0UnyYPKzVlyu18tpGfbVartRq9ZWIa1n+RzGSbNXqjfJ65fH1g7ZGk0fVymZjuVppRMR8lv6VuNRpa3mtsV55HBE3DvK+lNY3Hz+qbJRX1za/Nzk5ORkLB2MYT6q/bFQ3Gu3e27kRiwd1x5Ijg2tl3zwYy/vJz+rbmxuVWiv91pE6tfpKpXakzlKW99sYTxqb2xsrlUa1XKs/7PR3nmay49zCnR/fuTV1LP9+0j7Onu2wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg/vZj+7u8iYrh9lkbETOeXpFv55y+rl8uvl57uTX+6uPts71WvcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2MHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKu3SM0kAQhQH4zVioncewWnY72xVFtHBF8AR6DA+jR/ES3iFFirQpQiCZhbDZhW2S6vuaB/Mz8x7MAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgnqf37uOtbiJSXG0uI/6+/heH+UupP/fj9y/OMCOn8/zaPTzWTfn3dJTflaNlm3fpevX9GSO19zvYk+E+7fV9rifnmtq3qfn6vjeRchURbclvU85VNe8tAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYsgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUXfBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AoAAP//vJgfQg==")
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x8, 0xf, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x56}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r2, 0x2007ffc)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r0, 0x40047211, &(0x7f0000000400))
sendfile(r2, r2, 0x0, 0x800000009)
syz_mount_image$cramfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x10080, &(0x7f00000006c0)=ANY=[@ANYRES16=0x0], 0x1, 0x14c, &(0x7f00000004c0)="$eJzsz09LInEYwPHvOP5ZdnUV1gV3D7sLe2hIzHHEbhEaSUI2UHjpEIFOFGiKQnisoFuHXoCHSugkHqJjh7IulkLY6xA6BB2LcYQyOnX+fS7DfJ+HB36zU10FH8hYZoqFUtmoVIzcv0U9nVw6PTv/bnYX8GWwUSiVzeWctX8Rh3Xza4f+jpWvPLC2kTcmssW8+d+PgwIkvpndgYq1+9Vsfms3MmzKf2j9tJr2QYsO2287JLxWM+89H8EYYOP13iNQrQWbjZuFTjsVGj9ZkdlLBf/+kEb7H2NfS/6quwMyGeP6ePDMau0+3A7dhZuNXreTntfTejeqaZNRNaKqsZ5+20nFtg+wz7m3YPndPacTyMCuBDUJGoN5/1LyAK3DJ73gdfmBh00fSG8nMDrJrgYc9Wm/z4asICEIgiAIgiAIgiAIn/QSAAD//7KQaFQ=")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x0, 0x0)
open(&(0x7f0000000280)='./file3\x00', 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
r4 = fsopen(&(0x7f0000000380)='ufs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f0000000300)='#\\\x00', &(0x7f0000000400)="34e4", 0x2)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000040), 0x4)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000340)={0x12, 0x4, 0x5, 0x1, 0x4, 0x5, 0xb, 0x3, 0x6, 0x2c, 0xd4, 0x6, 0x7, 0x4}, 0xe)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x989, 0x0, 0x10}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x0, 0x20}, 0xc)
sendmmsg$inet6(r3, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000440)="62ca78", 0x3}], 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./bus\x00', 0x40942, 0x3c)
r6 = open(&(0x7f00000000c0)='./file1\x00', 0x185042, 0x182)
copy_file_range(r6, 0x0, r5, 0x0, 0xfffffbffa003e45c, 0x700000000000000)
truncate(&(0x7f0000000280)='./bus\x00', 0x9)
[ 69.342120][ T49] Bluetooth: hci0: command tx timeout
[ 69.597197][ T5326] loop0: detected capacity change from 0 to 32768
[ 69.606988][ T5326] =======================================================
[ 69.606988][ T5326] WARNING: The mand mount option has been deprecated and
[ 69.606988][ T5326] and is ignored by this kernel. Remove the mand
[ 69.606988][ T5326] option from the mount to silence this warning.
[ 69.606988][ T5326] =======================================================
[ 69.676654][ T5326] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[ 69.694867][ T25] audit: type=1800 audit(1741442662.443:2): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=17058 res=0 errno=0
[ 69.808626][ T5327] sctp: [Deprecated]: syz.0.0 (pid 5327) Use of int in max_burst socket option deprecated.
[ 69.808626][ T5327] Use struct sctp_assoc_value instead
[ 69.836385][ T25] audit: type=1800 audit(1741442662.583:3): pid=5327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=17058 res=0 errno=0
[ 69.849068][ T5327] ==================================================================
[ 69.852337][ T5327] BUG: KASAN: slab-use-after-free in ocfs2_claim_suballoc_bits+0x10d3/0x2560
[ 69.855948][ T5327] Read of size 4 at addr ffff8880409f8000 by task syz.0.0/5327
[ 69.859005][ T5327]
[ 69.860080][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0
[ 69.860096][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.860103][ T5327] Call Trace:
[ 69.860110][ T5327]
[ 69.860116][ T5327] dump_stack_lvl+0x241/0x360
[ 69.860134][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.860146][ T5327] ? __pfx__printk+0x10/0x10
[ 69.860157][ T5327] ? _printk+0xd5/0x120
[ 69.860167][ T5327] ? __virt_addr_valid+0x183/0x530
[ 69.860176][ T5327] ? __virt_addr_valid+0x183/0x530
[ 69.860183][ T5327] print_report+0x16e/0x5b0
[ 69.860193][ T5327] ? __virt_addr_valid+0x183/0x530
[ 69.860200][ T5327] ? __virt_addr_valid+0x183/0x530
[ 69.860209][ T5327] ? __virt_addr_valid+0x45f/0x530
[ 69.860217][ T5327] ? __phys_addr+0xba/0x170
[ 69.860227][ T5327] ? ocfs2_claim_suballoc_bits+0x10d3/0x2560
[ 69.860243][ T5327] kasan_report+0x143/0x180
[ 69.860256][ T5327] ? ocfs2_claim_suballoc_bits+0x10d3/0x2560
[ 69.860274][ T5327] ocfs2_claim_suballoc_bits+0x10d3/0x2560
[ 69.860294][ T5327] ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[ 69.860311][ T5327] ? __mutex_unlock_slowpath+0x227/0x800
[ 69.860359][ T5327] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 69.860375][ T5327] ? jbd2_write_access_granted+0x71/0x310
[ 69.860391][ T5327] ? jbd2_write_access_granted+0x2f8/0x310
[ 69.860404][ T5327] ? jbd2_write_access_granted+0x71/0x310
[ 69.860419][ T5327] ocfs2_claim_metadata+0x16d/0x580
[ 69.860433][ T5327] ? jbd2__journal_start+0x3b8/0x5d0
[ 69.860448][ T5327] ? __pfx_ocfs2_claim_metadata+0x10/0x10
[ 69.860464][ T5327] ? __pfx_ocfs2_start_trans+0x10/0x10
[ 69.860481][ T5327] ? ocfs2_metadata_cache_get_super+0x43/0x80
[ 69.860490][ T5327] ? ocfs2_inode_cache_get_super+0xd/0x40
[ 69.860499][ T5327] ocfs2_create_refcount_tree+0x699/0x1580
[ 69.860510][ T5327] ? add_lock_to_list+0x1e8/0x2f0
[ 69.860519][ T5327] ? __pfx_ocfs2_create_refcount_tree+0x10/0x10
[ 69.860531][ T5327] ? __pfx_validate_chain+0x10/0x10
[ 69.860538][ T5327] ? stack_trace_save+0x118/0x1d0
[ 69.860548][ T5327] ? __pfx_stack_trace_save+0x10/0x10
[ 69.860557][ T5327] ocfs2_reflink_remap_blocks+0x2f6/0x1f30
[ 69.860570][ T5327] ? __pfx_ocfs2_reflink_remap_blocks+0x10/0x10
[ 69.860580][ T5327] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 69.860594][ T5327] ? down_write_nested+0x195/0x220
[ 69.860602][ T5327] ? __pfx_down_write_nested+0x10/0x10
[ 69.860610][ T5327] ? generic_remap_file_range_prep+0x3e/0x60
[ 69.860621][ T5327] ocfs2_remap_file_range+0x5fa/0x8d0
[ 69.860634][ T5327] ? __pfx_ocfs2_remap_file_range+0x10/0x10
[ 69.860648][ T5327] ? rcu_read_lock_any_held+0xb7/0x160
[ 69.860659][ T5327] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 69.860673][ T5327] ? __pfx_ocfs2_remap_file_range+0x10/0x10
[ 69.860687][ T5327] vfs_copy_file_range+0xc07/0x14f0
[ 69.860706][ T5327] ? __pfx_vfs_copy_file_range+0x10/0x10
[ 69.860719][ T5327] ? __fget_files+0x395/0x410
[ 69.860728][ T5327] ? __fget_files+0x2a/0x410
[ 69.860738][ T5327] __se_sys_copy_file_range+0x3fa/0x600
[ 69.860747][ T5327] ? __pfx___se_sys_copy_file_range+0x10/0x10
[ 69.860756][ T5327] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 69.860771][ T5327] ? do_syscall_64+0x100/0x230
[ 69.860786][ T5327] ? __x64_sys_copy_file_range+0x21/0xf0
[ 69.860800][ T5327] do_syscall_64+0xf3/0x230
[ 69.860814][ T5327] ? clear_bhb_loop+0x35/0x90
[ 69.860840][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.860855][ T5327] RIP: 0033:0x7f97e3f8d169
[ 69.860866][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 69.860875][ T5327] RSP: 002b:00007f97e4dd0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[ 69.860888][ T5327] RAX: ffffffffffffffda RBX: 00007f97e41a6080 RCX: 00007f97e3f8d169
[ 69.860896][ T5327] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 000000000000000a
[ 69.860902][ T5327] RBP: 00007f97e400e2a0 R08: fffffbffa003e45c R09: 0700000000000000
[ 69.860909][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 69.860915][ T5327] R13: 0000000000000000 R14: 00007f97e41a6080 R15: 00007ffc7e7393b8
[ 69.860925][ T5327]
[ 69.860929][ T5327]
[ 70.028087][ T5327] Allocated by task 4728:
[ 70.029837][ T5327] kasan_save_track+0x3f/0x80
[ 70.031797][ T5327] __kasan_slab_alloc+0x66/0x80
[ 70.033810][ T5327] kmem_cache_alloc_noprof+0x1d9/0x380
[ 70.036078][ T5327] copy_mm+0x176/0x2160
[ 70.037674][ T5327] copy_process+0x17d1/0x3cf0
[ 70.039546][ T5327] kernel_clone+0x226/0x8e0
[ 70.041395][ T5327] __x64_sys_clone+0x267/0x2e0
[ 70.043395][ T5327] do_syscall_64+0xf3/0x230
[ 70.045199][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.047509][ T5327]
[ 70.048453][ T5327] Freed by task 4854:
[ 70.050104][ T5327] kasan_save_track+0x3f/0x80
[ 70.051956][ T5327] kasan_save_free_info+0x40/0x50
[ 70.054086][ T5327] __kasan_slab_free+0x59/0x70
[ 70.056020][ T5327] kmem_cache_free+0x195/0x410
[ 70.057930][ T5327] exec_mmap+0x7a5/0x890
[ 70.059598][ T5327] begin_new_exec+0x1281/0x2100
[ 70.061719][ T5327] load_elf_binary+0x973/0x2820
[ 70.063751][ T5327] bprm_execve+0x979/0x1430
[ 70.065808][ T5327] do_execveat_common+0x57f/0x710
[ 70.068232][ T5327] __x64_sys_execve+0x92/0xb0
[ 70.070610][ T5327] do_syscall_64+0xf3/0x230
[ 70.072831][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.075808][ T5327]
[ 70.076972][ T5327] The buggy address belongs to the object at ffff8880409f8000
[ 70.076972][ T5327] which belongs to the cache mm_struct of size 2392
[ 70.082619][ T5327] The buggy address is located 0 bytes inside of
[ 70.082619][ T5327] freed 2392-byte region [ffff8880409f8000, ffff8880409f8958)
[ 70.087828][ T5327]
[ 70.088840][ T5327] The buggy address belongs to the physical page:
[ 70.091471][ T5327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880409fa800 pfn:0x409f8
[ 70.095411][ T5327] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 70.098790][ T5327] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff)
[ 70.102345][ T5327] page_type: f5(slab)
[ 70.104017][ T5327] raw: 04fff00000000240 ffff88801b04fb40 ffffea0000dba810 ffff888030402b88
[ 70.107381][ T5327] raw: ffff8880409fa800 00000000000c0000 00000000f5000000 0000000000000000
[ 70.110986][ T5327] head: 04fff00000000240 ffff88801b04fb40 ffffea0000dba810 ffff888030402b88
[ 70.114623][ T5327] head: ffff8880409fa800 00000000000c0000 00000000f5000000 0000000000000000
[ 70.118206][ T5327] head: 04fff00000000003 ffffea0001027e01 ffffffffffffffff 0000000000000000
[ 70.121615][ T5327] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 70.124957][ T5327] page dumped because: kasan: bad access detected
[ 70.127453][ T5327] page_owner tracks the page as allocated
[ 70.129745][ T5327] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4756, tgid 4756 (udevd), ts 26643920661, free_ts 26642872899
[ 70.137891][ T5327] post_alloc_hook+0x1f4/0x240
[ 70.139844][ T5327] get_page_from_freelist+0x365c/0x37a0
[ 70.142045][ T5327] __alloc_frozen_pages_noprof+0x292/0x710
[ 70.144409][ T5327] alloc_pages_mpol+0x311/0x660
[ 70.146433][ T5327] allocate_slab+0x8f/0x3a0
[ 70.148269][ T5327] ___slab_alloc+0xc27/0x14a0
[ 70.150095][ T5327] __slab_alloc+0x58/0xa0
[ 70.151827][ T5327] kmem_cache_alloc_noprof+0x268/0x380
[ 70.153928][ T5327] mm_alloc+0x23/0xc0
[ 70.155876][ T5327] alloc_bprm+0x397/0xbe0
[ 70.157976][ T5327] do_execveat_common+0x1ae/0x710
[ 70.160532][ T5327] __x64_sys_execve+0x92/0xb0
[ 70.162900][ T5327] do_syscall_64+0xf3/0x230
[ 70.165051][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.167464][ T5327] page last free pid 4726 tgid 4726 stack trace:
[ 70.170404][ T5327] free_frozen_pages+0xe0d/0x10e0
[ 70.172297][ T5327] __slab_free+0x2c2/0x380
[ 70.174044][ T5327] qlist_free_all+0x9a/0x140
[ 70.175889][ T5327] kasan_quarantine_reduce+0x14f/0x170
[ 70.178043][ T5327] __kasan_slab_alloc+0x23/0x80
[ 70.180015][ T5327] __kmalloc_cache_noprof+0x1d9/0x390
[ 70.182190][ T5327] kernfs_fop_open+0x3e0/0xd10
[ 70.184099][ T5327] do_dentry_open+0xdec/0x1960
[ 70.186020][ T5327] vfs_open+0x3b/0x370
[ 70.187662][ T5327] path_openat+0x2c81/0x3590
[ 70.189537][ T5327] do_filp_open+0x27f/0x4e0
[ 70.191769][ T5327] do_sys_openat2+0x13e/0x1d0
[ 70.193740][ T5327] __x64_sys_openat+0x247/0x2a0
[ 70.195709][ T5327] do_syscall_64+0xf3/0x230
[ 70.197557][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.200135][ T5327]
[ 70.201108][ T5327] Memory state around the buggy address:
[ 70.203304][ T5327] ffff8880409f7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 70.206448][ T5327] ffff8880409f7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 70.209549][ T5327] >ffff8880409f8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 70.212654][ T5327] ^
[ 70.214299][ T5327] ffff8880409f8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 70.217371][ T5327] ffff8880409f8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 70.220565][ T5327] ==================================================================
[ 70.239804][ T5327] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 70.242685][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0
[ 70.246737][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 70.251062][ T5327] Call Trace:
[ 70.252395][ T5327]
[ 70.253619][ T5327] dump_stack_lvl+0x241/0x360
[ 70.255697][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 70.257755][ T5327] ? __pfx__printk+0x10/0x10
[ 70.259618][ T5327] ? preempt_schedule+0xe1/0xf0
[ 70.261717][ T5327] ? vscnprintf+0x5d/0x90
[ 70.263567][ T5327] panic+0x349/0x880
[ 70.265062][ T5327] ? check_panic_on_warn+0x21/0xb0
[ 70.267121][ T5327] ? __pfx_panic+0x10/0x10
[ 70.268816][ T5327] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 70.271171][ T5327] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 70.273526][ T5327] ? print_report+0x519/0x5b0
[ 70.275433][ T5327] check_panic_on_warn+0x86/0xb0
[ 70.277277][ T5327] ? ocfs2_claim_suballoc_bits+0x10d3/0x2560
[ 70.279592][ T5327] end_report+0x77/0x160
[ 70.281320][ T5327] kasan_report+0x154/0x180
[ 70.283102][ T5327] ? ocfs2_claim_suballoc_bits+0x10d3/0x2560
[ 70.285469][ T5327] ocfs2_claim_suballoc_bits+0x10d3/0x2560
[ 70.287972][ T5327] ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[ 70.290456][ T5327] ? __mutex_unlock_slowpath+0x227/0x800
[ 70.292767][ T5327] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 70.295030][ T5327] ? jbd2_write_access_granted+0x71/0x310
[ 70.297244][ T5327] ? jbd2_write_access_granted+0x2f8/0x310
[ 70.299595][ T5327] ? jbd2_write_access_granted+0x71/0x310
[ 70.301825][ T5327] ocfs2_claim_metadata+0x16d/0x580
[ 70.303923][ T5327] ? jbd2__journal_start+0x3b8/0x5d0
[ 70.306034][ T5327] ? __pfx_ocfs2_claim_metadata+0x10/0x10
[ 70.308384][ T5327] ? __pfx_ocfs2_start_trans+0x10/0x10
[ 70.310504][ T5327] ? ocfs2_metadata_cache_get_super+0x43/0x80
[ 70.312705][ T5327] ? ocfs2_inode_cache_get_super+0xd/0x40
[ 70.314994][ T5327] ocfs2_create_refcount_tree+0x699/0x1580
[ 70.317357][ T5327] ? add_lock_to_list+0x1e8/0x2f0
[ 70.319373][ T5327] ? __pfx_ocfs2_create_refcount_tree+0x10/0x10
[ 70.321757][ T5327] ? __pfx_validate_chain+0x10/0x10
[ 70.323748][ T5327] ? stack_trace_save+0x118/0x1d0
[ 70.325803][ T5327] ? __pfx_stack_trace_save+0x10/0x10
[ 70.327921][ T5327] ocfs2_reflink_remap_blocks+0x2f6/0x1f30
[ 70.330274][ T5327] ? __pfx_ocfs2_reflink_remap_blocks+0x10/0x10
[ 70.332759][ T5327] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 70.335187][ T5327] ? down_write_nested+0x195/0x220
[ 70.337300][ T5327] ? __pfx_down_write_nested+0x10/0x10
[ 70.339513][ T5327] ? generic_remap_file_range_prep+0x3e/0x60
[ 70.342027][ T5327] ocfs2_remap_file_range+0x5fa/0x8d0
[ 70.344196][ T5327] ? __pfx_ocfs2_remap_file_range+0x10/0x10
[ 70.346598][ T5327] ? rcu_read_lock_any_held+0xb7/0x160
[ 70.348741][ T5327] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 70.350959][ T5327] ? __pfx_ocfs2_remap_file_range+0x10/0x10
[ 70.353157][ T5327] vfs_copy_file_range+0xc07/0x14f0
[ 70.355131][ T5327] ? __pfx_vfs_copy_file_range+0x10/0x10
[ 70.357361][ T5327] ? __fget_files+0x395/0x410
[ 70.359292][ T5327] ? __fget_files+0x2a/0x410
[ 70.361310][ T5327] __se_sys_copy_file_range+0x3fa/0x600
[ 70.363649][ T5327] ? __pfx___se_sys_copy_file_range+0x10/0x10
[ 70.366012][ T5327] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 70.368596][ T5327] ? do_syscall_64+0x100/0x230
[ 70.370668][ T5327] ? __x64_sys_copy_file_range+0x21/0xf0
[ 70.372976][ T5327] do_syscall_64+0xf3/0x230
[ 70.374931][ T5327] ? clear_bhb_loop+0x35/0x90
[ 70.376902][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.379398][ T5327] RIP: 0033:0x7f97e3f8d169
[ 70.381344][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 70.389576][ T5327] RSP: 002b:00007f97e4dd0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[ 70.393008][ T5327] RAX: ffffffffffffffda RBX: 00007f97e41a6080 RCX: 00007f97e3f8d169
[ 70.396159][ T5327] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 000000000000000a
[ 70.399265][ T5327] RBP: 00007f97e400e2a0 R08: fffffbffa003e45c R09: 0700000000000000
[ 70.402598][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 70.405783][ T5327] R13: 0000000000000000 R14: 00007f97e41a6080 R15: 00007ffc7e7393b8
[ 70.409074][ T5327]
[ 70.410767][ T5327] Kernel Offset: disabled
[ 70.412597][ T5327] Rebooting in 86400 seconds..