program:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
r3 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xc9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000000}, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000000)='cpu&\t\t')
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x3811}]}, 0x24}}, 0x0)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f00000000c0)={@default, @default, 0x3, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @null]})
ioctl$SIOCAX25OPTRT(r1, 0x89e7, &(0x7f0000000140)={@default, @default, 0x2, 0x56})
r7 = socket$netlink(0x10, 0x3, 0x0)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=000000006,coherency=full,localflocks,coherency=full,noacl,\x00'/136], 0xfe, 0x4435, &(0x7f0000008940)="$eJzs3c9vG1kdAPDvTAKblN2SLHtYJCQssRIIUJTsCchKpGnaNGlDUaEV4uI6idsGnLhKHMShh3CrxAmJA+JQgcQtpyoHruVP4MKxcK0EBzggIVUE2R4nnomtmipOttXnIzXjeb/tr+f5zWH60kzjwcZOaWOnVNkq1f8WOx+Xflav7W5WIz0j3f2v3Tv7/jl2GNH3cx9GnMT+/Ny8fPUHdz6O+NP6X14cHh42Qx8xGj3NdL3+9z8frXUfO9JCnWa7vVs7LT+OiA9OjKtpJCJ+9MeIJCIuZWnz2XE8Ii5GO+/Oo1/eLZ3SaJ4+r35Sfrny+GD2o+X9Jwf933sS8dvaF795f/PvXxmZ/evXT6l7AAAAAAAAAAAAAAAAAADecIu3bt7+/vRMPEtidD85+bzuYnbs93zs4an58vDfLAAAAAAAAAAAAAAAAAAAAHxKHT//X0re7/H8/0J2nOtT//C7wx8jw7P0vZsLV6Znsv3fkxP538qS/nFpJCZ77Pte3P/9UqF+7/3fT/bzujrj6/Q7EUk6lTtP06mpiN9nG79/mFxIa/Wdxjfu1Xe31k9tGG+sfPzbu/fnopNt6D9o/OcL7Q9///8vnPg2Nc/vnt5X7K2Wj/9I33J/+EUyUPwvF+qdRfx5ffn4j7bSxrsLzLUngGb8fzX66vgvFNofVvwvRkQpaY61lJsBmmuYZnq/9Qp5+fh/ppWWmzqzD7Lf9f+fQvyvFNo/r/l/r/hDRE/5+H+2lTaWK3F8/U+mr77+rxbaP4/4N8e/5/d/IPn4v9NOHM0VaX2Sg87/i4X2hxX/22k2zotJ7huwn7TT+/1/deTl4z92Iv/4/i8daP13rVD/rO7/Ov127v860//Xkvb9H73l4z/et9yg1/9Sod6w5/+5KMW/3h1mD2+3fPwvtNLya+eJ1t9B479caH9Y8W+tSsba8e+e///7Tjv9d9Z/A8nH/3PtxLS7xF7rb2v9l7x6/X+90P55rP+a499Lh9vr2yIf//4TaTP+fx7g9/9God7w4x8xba3/2vLxf69vudb1P9Yv/sfrhpVCvWHH/6vDbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgDTCfHSciSady52k6NRVxOTv/MC4kq5X18mqtvvbTnYiFLL0U7yf3a/XVSq28sVVfr5YrtVp9LeJKlv9BjCU7tXqjvFl5ePWorfHkQbWy3VitVhoRsZilfyne67S1utHYrDyMiGtHeZ9P69sPH1S2yusb29+Znp6ejqWjMUwm1Z83qluNdu/t3Ijlo7oTSdfgWtnXj8bybvKT+u72VqXWSr/RVadWX6vUuuqsZHm/jsmksb27tVZpVMu1+v1Of+dpLjsuLN364a0bMyfy7ybt4/zZDgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/9Oz2W//JiJG22dpRJSS7EWS/ct5+rz6SfnlyuOD2Y+W958cvOhVBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sQMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYVd+kdpIIjiAPxmLLT0GFbLbme7oogWrgieQI/hYfQoXsI7WKRImyIEklkI+we2Sarvax7Mj5n3YB4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMByj2/d+2vdRKS42l5G/H7+/R/nz6V+303fvzjDjJzO00t3/1A35d/TKL8tR6s279PN+usjJmrvZ7Anw306GPcZmtu3ufn6vteRchURbclvUs5VtewtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAdO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AoAAP//LWwhVA==")
r8 = open(&(0x7f0000004ac0)='./file1\x00', 0x60142, 0xe8)
r9 = creat(&(0x7f0000000040)='./bus\x00', 0x130)
pwrite64(r9, &(0x7f0000000280)='+', 0x1, 0x0)
r10 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
r11 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x14, 0x13, 0xa01, 0x0, 0x0, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0)
copy_file_range(r10, 0x0, r8, &(0x7f00000000c0)=0x10000, 0x6, 0x0)
lsetxattr(&(0x7f0000000280)='./file1\x00', &(0x7f0000000040)=@random={'os2.', '$},@}-&\x00'}, 0x0, 0x0, 0x0)
unlink(&(0x7f0000000180)='./file1\x00')
close_range(r7, 0xffffffffffffffff, 0x0)
r12 = accept$unix(r8, &(0x7f0000000100)=@abs, &(0x7f0000000000)=0x6e)
getsockname$unix(r12, &(0x7f00000001c0)=@abs, &(0x7f0000000240)=0x6e)

[   69.090584][ T5310] Bluetooth: hci0: command tx timeout
[   69.171175][ T5329] bpq0: entered promiscuous mode
[   69.495430][ T5329] loop0: detected capacity change from 0 to 32768
[   69.544905][ T5329] JBD2: Ignoring recovery information on journal
[   69.623683][ T5329] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   69.680396][   T25] audit: type=1804 audit(1759496223.206:2): pid=5329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/file1/bus" dev="loop0" ino=17059 res=1 errno=0
[   69.692503][ T5329] ==================================================================
[   69.695883][ T5329] BUG: KASAN: use-after-free in ocfs2_reserve_suballoc_bits+0xdd0/0x4640
[   69.701766][ T5329] Read of size 4 at addr ffff88805234f004 by task syz.0.0/5329
[   69.705047][ T5329] 
[   69.706142][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   69.706158][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.706166][ T5329] Call Trace:
[   69.706174][ T5329]  <TASK>
[   69.706181][ T5329]  dump_stack_lvl+0x189/0x250
[   69.706200][ T5329]  ? __kasan_check_byte+0x12/0x40
[   69.706218][ T5329]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.706232][ T5329]  ? lock_release+0x4b/0x3e0
[   69.706244][ T5329]  ? __virt_addr_valid+0x4a5/0x5c0
[   69.706260][ T5329]  print_report+0xca/0x240
[   69.706272][ T5329]  ? ocfs2_reserve_suballoc_bits+0xdd0/0x4640
[   69.706285][ T5329]  kasan_report+0x118/0x150
[   69.706300][ T5329]  ? ocfs2_reserve_suballoc_bits+0xdd0/0x4640
[   69.706312][ T5329]  ocfs2_reserve_suballoc_bits+0xdd0/0x4640
[   69.706328][ T5329]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   69.706386][ T5329]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.706399][ T5329]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.706416][ T5329]  ? __pfx_ocfs2_reserve_suballoc_bits+0x10/0x10
[   69.706424][ T5329]  ? stack_depot_save_flags+0x41b/0x860
[   69.706436][ T5329]  ? kasan_save_track+0x4f/0x80
[   69.706444][ T5329]  ? kasan_save_track+0x3e/0x80
[   69.706451][ T5329]  ? __kasan_kmalloc+0x93/0xb0
[   69.706459][ T5329]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[   69.706467][ T5329]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[   69.706479][ T5329]  ? ocfs2_create_refcount_tree+0x284/0x1250
[   69.706492][ T5329]  ? ocfs2_reflink_remap_blocks+0x2ea/0x1930
[   69.706503][ T5329]  ? ocfs2_remap_file_range+0x4b7/0x730
[   69.706513][ T5329]  ? vfs_copy_file_range+0xd7e/0x1370
[   69.706527][ T5329]  ? __se_sys_copy_file_range+0x2fb/0x470
[   69.706541][ T5329]  ? do_syscall_64+0xfa/0x3b0
[   69.706553][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.706575][ T5329]  ? __kasan_kmalloc+0x93/0xb0
[   69.706588][ T5329]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[   69.706601][ T5329]  ? do_raw_spin_unlock+0x4d/0x240
[   69.706617][ T5329]  ocfs2_reserve_new_metadata_blocks+0x403/0x940
[   69.706629][ T5329]  ? is_bpf_text_address+0x292/0x2b0
[   69.706642][ T5329]  ? __pfx_ocfs2_reserve_new_metadata_blocks+0x10/0x10
[   69.706657][ T5329]  ? __kernel_text_address+0xd/0x40
[   69.706674][ T5329]  ? unwind_get_return_address+0x4d/0x90
[   69.706687][ T5329]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   69.706702][ T5329]  ? arch_stack_walk+0xfc/0x150
[   69.706716][ T5329]  ? unwind_next_frame+0xa5/0x2390
[   69.706727][ T5329]  ? rcu_is_watching+0x15/0xb0
[   69.706740][ T5329]  ? __kasan_check_byte+0x12/0x40
[   69.706756][ T5329]  ocfs2_create_refcount_tree+0x284/0x1250
[   69.706772][ T5329]  ? __kasan_check_byte+0x12/0x40
[   69.706785][ T5329]  ? __pfx_ocfs2_create_refcount_tree+0x10/0x10
[   69.706799][ T5329]  ? lock_release+0x4b/0x3e0
[   69.706811][ T5329]  ? is_bpf_text_address+0x292/0x2b0
[   69.706829][ T5329]  ? is_bpf_text_address+0x26/0x2b0
[   69.706841][ T5329]  ? kernel_text_address+0xa5/0xe0
[   69.706856][ T5329]  ? __kernel_text_address+0xd/0x40
[   69.706877][ T5329]  ? unwind_get_return_address+0x4d/0x90
[   69.706890][ T5329]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   69.706911][ T5329]  ? arch_stack_walk+0xfc/0x150
[   69.706931][ T5329]  ocfs2_reflink_remap_blocks+0x2ea/0x1930
[   69.706948][ T5329]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[   69.706959][ T5329]  ? lockdep_unlock+0x89/0x120
[   69.706973][ T5329]  ? __pfx_ocfs2_reflink_remap_blocks+0x10/0x10
[   69.706991][ T5329]  ? __lock_acquire+0xab9/0xd20
[   69.707008][ T5329]  ? __pfx___generic_remap_file_range_prep+0x10/0x10
[   69.707021][ T5329]  ? down_write_nested+0x169/0x200
[   69.707036][ T5329]  ? __pfx_down_write_nested+0x10/0x10
[   69.707052][ T5329]  ? generic_remap_file_range_prep+0x3e/0x60
[   69.707067][ T5329]  ocfs2_remap_file_range+0x4b7/0x730
[   69.707085][ T5329]  ? __lock_acquire+0xab9/0xd20
[   69.707097][ T5329]  ? __pfx_ocfs2_remap_file_range+0x10/0x10
[   69.707109][ T5329]  ? rcu_read_lock_any_held+0xb3/0x120
[   69.707125][ T5329]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   69.707141][ T5329]  ? __pfx_ocfs2_remap_file_range+0x10/0x10
[   69.707153][ T5329]  vfs_copy_file_range+0xd7e/0x1370
[   69.707171][ T5329]  ? __pfx_vfs_copy_file_range+0x10/0x10
[   69.707189][ T5329]  __se_sys_copy_file_range+0x2fb/0x470
[   69.707205][ T5329]  ? __pfx___rseq_handle_notify_resume+0x10/0x10
[   69.707222][ T5329]  ? __pfx___se_sys_copy_file_range+0x10/0x10
[   69.707237][ T5329]  ? rcu_is_watching+0x15/0xb0
[   69.707250][ T5329]  ? __x64_sys_copy_file_range+0x21/0xf0
[   69.707265][ T5329]  do_syscall_64+0xfa/0x3b0
[   69.707277][ T5329]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.707288][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.707299][ T5329]  ? clear_bhb_loop+0x60/0xb0
[   69.707311][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.707323][ T5329] RIP: 0033:0x7f1469f8eec9
[   69.707335][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.707345][ T5329] RSP: 002b:00007f146ae57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[   69.707359][ T5329] RAX: ffffffffffffffda RBX: 00007f146a1e5fa0 RCX: 00007f1469f8eec9
[   69.707368][ T5329] RDX: 000000000000000b RSI: 0000000000000000 RDI: 000000000000000d
[   69.707375][ T5329] RBP: 00007f146a011f91 R08: 0000000000000006 R09: 0000000000000000
[   69.707382][ T5329] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[   69.707390][ T5329] R13: 00007f146a1e6038 R14: 00007f146a1e5fa0 R15: 00007ffe7c37aa48
[   69.707400][ T5329]  </TASK>
[   69.707404][ T5329] 
[   69.941789][ T5329] The buggy address belongs to the physical page:
[   69.944443][ T5329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7ff30f37a pfn:0x5234f
[   69.948502][ T5329] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   69.951683][ T5329] raw: 04fff00000000000 ffffea000148d348 ffffea000148d408 0000000000000000
[   69.955350][ T5329] raw: 00000007ff30f37a 0000000000000000 00000000ffffffff 0000000000000000
[   69.959125][ T5329] page dumped because: kasan: bad access detected
[   69.961959][ T5329] page_owner tracks the page as freed
[   69.964252][ T5329] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 5307, tgid 5307 (udevd), ts 69543917061, free_ts 69643120190
[   69.971593][ T5329]  post_alloc_hook+0x240/0x2a0
[   69.973685][ T5329]  get_page_from_freelist+0x2365/0x2440
[   69.976044][ T5329]  __alloc_frozen_pages_noprof+0x181/0x370
[   69.978510][ T5329]  alloc_pages_mpol+0x232/0x4a0
[   69.980609][ T5329]  vma_alloc_folio_noprof+0xe4/0x200
[   69.982926][ T5329]  folio_prealloc+0x30/0x180
[   69.984925][ T5329]  __handle_mm_fault+0x2a8b/0x5400
[   69.987173][ T5329]  handle_mm_fault+0x40a/0x8e0
[   69.989238][ T5329]  do_user_addr_fault+0x764/0x1380
[   69.991454][ T5329]  exc_page_fault+0x76/0xf0
[   69.993464][ T5329]  asm_exc_page_fault+0x26/0x30
[   69.995579][ T5329] page last free pid 5307 tgid 5307 stack trace:
[   69.998342][ T5329]  free_unref_folios+0xdb3/0x14f0
[   70.000537][ T5329]  folios_put_refs+0x584/0x670
[   70.002662][ T5329]  free_pages_and_swap_cache+0x4be/0x520
[   70.005122][ T5329]  tlb_flush_mmu+0x3a0/0x680
[   70.007197][ T5329]  tlb_finish_mmu+0xc3/0x1d0
[   70.009227][ T5329]  vms_clear_ptes+0x42c/0x540
[   70.011323][ T5329]  vms_complete_munmap_vmas+0x206/0x8a0
[   70.013744][ T5329]  do_vmi_align_munmap+0x364/0x440
[   70.015783][ T5329]  do_vmi_munmap+0x253/0x2e0
[   70.017669][ T5329]  __vm_munmap+0x207/0x380
[   70.019458][ T5329]  __x64_sys_munmap+0x60/0x70
[   70.021378][ T5329]  do_syscall_64+0xfa/0x3b0
[   70.023420][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.026030][ T5329] 
[   70.027099][ T5329] Memory state around the buggy address:
[   70.029409][ T5329]  ffff88805234ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   70.032871][ T5329]  ffff88805234ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   70.036395][ T5329] >ffff88805234f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.039834][ T5329]                    ^
[   70.041670][ T5329]  ffff88805234f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.045005][ T5329]  ffff88805234f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.048449][ T5329] ==================================================================
[   70.076572][ T5329] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   70.080238][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   70.084065][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.088916][ T5329] Call Trace:
[   70.090651][ T5329]  <TASK>
[   70.091988][ T5329]  dump_stack_lvl+0x99/0x250
[   70.093963][ T5329]  ? __asan_memcpy+0x40/0x70
[   70.095957][ T5329]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.098567][ T5329]  ? __pfx__printk+0x10/0x10
[   70.100908][ T5329]  vpanic+0x237/0x6d0
[   70.102897][ T5329]  ? __pfx_vpanic+0x10/0x10
[   70.104755][ T5329]  ? preempt_schedule+0xae/0xc0
[   70.106830][ T5329]  ? __pfx_preempt_schedule+0x10/0x10
[   70.109166][ T5329]  panic+0xb9/0xc0
[   70.110819][ T5329]  ? __pfx_panic+0x10/0x10
[   70.112735][ T5329]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   70.115264][ T5329]  ? ocfs2_reserve_suballoc_bits+0xdd0/0x4640
[   70.117922][ T5329]  check_panic_on_warn+0x89/0xb0
[   70.120206][ T5329]  ? ocfs2_reserve_suballoc_bits+0xdd0/0x4640
[   70.122896][ T5329]  end_report+0x78/0x160
[   70.124740][ T5329]  kasan_report+0x129/0x150
[   70.126793][ T5329]  ? ocfs2_reserve_suballoc_bits+0xdd0/0x4640
[   70.129396][ T5329]  ocfs2_reserve_suballoc_bits+0xdd0/0x4640
[   70.132158][ T5329]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   70.134838][ T5329]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.137102][ T5329]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   70.139894][ T5329]  ? __pfx_ocfs2_reserve_suballoc_bits+0x10/0x10
[   70.142728][ T5329]  ? stack_depot_save_flags+0x41b/0x860
[   70.145284][ T5329]  ? kasan_save_track+0x4f/0x80
[   70.147508][ T5329]  ? kasan_save_track+0x3e/0x80
[   70.149667][ T5329]  ? __kasan_kmalloc+0x93/0xb0
[   70.151767][ T5329]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[   70.154109][ T5329]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[   70.156704][ T5329]  ? ocfs2_create_refcount_tree+0x284/0x1250
[   70.159240][ T5329]  ? ocfs2_reflink_remap_blocks+0x2ea/0x1930
[   70.161877][ T5329]  ? ocfs2_remap_file_range+0x4b7/0x730
[   70.164227][ T5329]  ? vfs_copy_file_range+0xd7e/0x1370
[   70.166395][ T5329]  ? __se_sys_copy_file_range+0x2fb/0x470
[   70.168882][ T5329]  ? do_syscall_64+0xfa/0x3b0
[   70.170894][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.173556][ T5329]  ? __kasan_kmalloc+0x93/0xb0
[   70.175693][ T5329]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[   70.177966][ T5329]  ? do_raw_spin_unlock+0x4d/0x240
[   70.180686][ T5329]  ocfs2_reserve_new_metadata_blocks+0x403/0x940
[   70.183767][ T5329]  ? is_bpf_text_address+0x292/0x2b0
[   70.186191][ T5329]  ? __pfx_ocfs2_reserve_new_metadata_blocks+0x10/0x10
[   70.189184][ T5329]  ? __kernel_text_address+0xd/0x40
[   70.191332][ T5329]  ? unwind_get_return_address+0x4d/0x90
[   70.193680][ T5329]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   70.196409][ T5329]  ? arch_stack_walk+0xfc/0x150
[   70.198600][ T5329]  ? unwind_next_frame+0xa5/0x2390
[   70.200867][ T5329]  ? rcu_is_watching+0x15/0xb0
[   70.202897][ T5329]  ? __kasan_check_byte+0x12/0x40
[   70.204934][ T5329]  ocfs2_create_refcount_tree+0x284/0x1250
[   70.207414][ T5329]  ? __kasan_check_byte+0x12/0x40
[   70.209588][ T5329]  ? __pfx_ocfs2_create_refcount_tree+0x10/0x10
[   70.212233][ T5329]  ? lock_release+0x4b/0x3e0
[   70.214192][ T5329]  ? is_bpf_text_address+0x292/0x2b0
[   70.216338][ T5329]  ? is_bpf_text_address+0x26/0x2b0
[   70.218592][ T5329]  ? kernel_text_address+0xa5/0xe0
[   70.220846][ T5329]  ? __kernel_text_address+0xd/0x40
[   70.223085][ T5329]  ? unwind_get_return_address+0x4d/0x90
[   70.225489][ T5329]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   70.228123][ T5329]  ? arch_stack_walk+0xfc/0x150
[   70.230268][ T5329]  ocfs2_reflink_remap_blocks+0x2ea/0x1930
[   70.232780][ T5329]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[   70.235458][ T5329]  ? lockdep_unlock+0x89/0x120
[   70.237413][ T5329]  ? __pfx_ocfs2_reflink_remap_blocks+0x10/0x10
[   70.240180][ T5329]  ? __lock_acquire+0xab9/0xd20
[   70.242275][ T5329]  ? __pfx___generic_remap_file_range_prep+0x10/0x10
[   70.245141][ T5329]  ? down_write_nested+0x169/0x200
[   70.247455][ T5329]  ? __pfx_down_write_nested+0x10/0x10
[   70.249840][ T5329]  ? generic_remap_file_range_prep+0x3e/0x60
[   70.252451][ T5329]  ocfs2_remap_file_range+0x4b7/0x730
[   70.254763][ T5329]  ? __lock_acquire+0xab9/0xd20
[   70.256882][ T5329]  ? __pfx_ocfs2_remap_file_range+0x10/0x10
[   70.259471][ T5329]  ? rcu_read_lock_any_held+0xb3/0x120
[   70.261935][ T5329]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   70.265090][ T5329]  ? __pfx_ocfs2_remap_file_range+0x10/0x10
[   70.267750][ T5329]  vfs_copy_file_range+0xd7e/0x1370
[   70.269914][ T5329]  ? __pfx_vfs_copy_file_range+0x10/0x10
[   70.272514][ T5329]  __se_sys_copy_file_range+0x2fb/0x470
[   70.274984][ T5329]  ? __pfx___rseq_handle_notify_resume+0x10/0x10
[   70.277796][ T5329]  ? __pfx___se_sys_copy_file_range+0x10/0x10
[   70.280463][ T5329]  ? rcu_is_watching+0x15/0xb0
[   70.282662][ T5329]  ? __x64_sys_copy_file_range+0x21/0xf0
[   70.285195][ T5329]  do_syscall_64+0xfa/0x3b0
[   70.287324][ T5329]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.289670][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.292286][ T5329]  ? clear_bhb_loop+0x60/0xb0
[   70.294422][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.297026][ T5329] RIP: 0033:0x7f1469f8eec9
[   70.299036][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.307412][ T5329] RSP: 002b:00007f146ae57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[   70.311010][ T5329] RAX: ffffffffffffffda RBX: 00007f146a1e5fa0 RCX: 00007f1469f8eec9
[   70.314188][ T5329] RDX: 000000000000000b RSI: 0000000000000000 RDI: 000000000000000d
[   70.317611][ T5329] RBP: 00007f146a011f91 R08: 0000000000000006 R09: 0000000000000000
[   70.321494][ T5329] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[   70.325111][ T5329] R13: 00007f146a1e6038 R14: 00007f146a1e5fa0 R15: 00007ffe7c37aa48
[   70.328640][ T5329]  </TASK>
[   70.330310][ T5329] Kernel Offset: disabled
[   70.332275][ T5329] Rebooting in 86400 seconds..