program: syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000180)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c00598f2f223a0a12f76404ad3bd59a04fbd75d1008c039c51a2a013e63af1c9ed7416faa1e2ea98d0f1c7337a5c81920988a4299a77054cdb12285fd7a0e5b43382d962372b73042593a5bd6b7db4a1b3721c62f11018727c29f3a1bd1e554474ea0d1da2a20b205df342a04a34b65e16a23e8e7811a984963073ebcbead85f9e4332bdef4c1ce54a1c6f7a47b75aa95b9e8cb616be40a0000b1309ee426d1803ef09abb9509846c34b9ac0bf109cedbd12c850effda9ae677566159f9c83da7ff6e247e3ac43c0a663c8c83650692e474bac2c047b238601bd5187d6bed82fe2034512ef11b74a98252198c4402bcf3165561157678e9d50831c27d1094a04d8c7607d7164033cda7a8170482"], 0x1, 0x4436, &(0x7f0000004480)="$eJzs3c9PXNUeAPBzL/QV+to+6OtL+pKXvElsolFDoCuVJlJKS6HFmmob42Y6wLRFB6aBwbjoAndNXJm4MC6amrhj1XThtv4JblzWlYsmunBjYtKImZk7wL3MhJEwYOvns+DOPb/he++ZcxeXEycqt+aWcnNLucJCrjxzY+lU7qNyaXm+GOI90rT/A3vXP+3pxHWy39fe39nls+ffuXYqhG9nv3+ytra2Fqq6Q1NDmz7/+sudmc3HhjhTp9pu89Z2y/shhONbxlXVFUJ475sQohDCmSRtNDn2hhCOhHretTufXs/t0mgePC6ezj+duvtw+OTk6r2HrX/3KIQvS/999eb8Ty90Df/w8i51DwAAAAAAAAAAAAAAAADAM278yuWrbw8OhUdR6F6Ntr6vO54cW70fu7Zr/t/5XxYAAAAAAAAAAAAAAAAAAAD+ojbe/89Fx5q8/z+WHEda1F97s/NjpHMm3ro8dm5wKNn/PdqS/1qS9POZrtDfZN/37P7vZzL1m+//vrWfnWqMr9FvX4jigdR5HA8MhPBVsvH7iehQXCovVV65UV5emN21YTyz0vGv796fik6yoX+78R/NtN/5/f//veVqqp5f371L7LmWjn9Xy3JffxK1Ff+zmXp7EX92Lh3/7lpa7+YCI/UJoBr/z7q3j/9Ypv1Oxf9oCCEXVceaS80A1TVMNb3VeoW0dPwP1NJSU2fyh2x1//+Wif+5TPv7Nf+vZL+IaCod/3/U0npSJTbu//54+/v/fKb9/Yh/dfwrvv/bko7/wXpid6pI7S/Z7vw/nmm/U/G/GifjPBqlroDVqJ7e6v/VkZaOf8+W/I3nv7it9d+FTP29ev5r9Nt4/mtM/y9F9ec/mkvHv7dluXbv/4lMvU7P/yO19R87lY7/oVpaeu3cV/vZbvwnM+1n4//jP3dn3LVVSU8j/hvzye8H6+n3rf/ako5/Epx4c4mV2s/a+i/afv1/MdP+fqz/quNfiTvb6/MiHf/D2ez/DCcfqvH/ro3v/0uZBjof/xAGrfV3LB3/Iy3L1e7/nu3jP5Wp1+n4v9jJxgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeAaPJsS9E8UDqPI4HBkI4m5yfCIei6cJsfrpUnvlwKYSxJD0XjkU3S+XpQik/t1CeLeYLpVJ5JoRzSf7x0BMtlcqV/Hzh9vn1tnqjW8XCYmW6WKiEEMaT9P+FI422pucq84XbIYQL63n/isuLt28VFvKzc4tvDA4ODoaJ9TH0R8WPK8WFSr33em4Ik+t1+6JNg6tlX1wfy+Hog/Ly4kKhVEu/tKlOqTxTKG2qM5XkfR76o8ri8sJMoVLMl8o3G/3tp5HkODZx5d0rl4a25F+P6sfRvR0WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH/So+HXvwghdNfP4hDCSOND1Kz8g8fF0/mnU3cfDp+cXL13/0mrcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwB/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYZeOUSIGojAAvxkLY+cxrELS2UYU0cKI4An0GB5Gj+IlvIOFha2FCDoDkp3ANrvV9zUP8hPeg/kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDuXd/P97TBGpOi+DyNeH9/e/+fXZT6ftf8/2MON7M7VzXx+MYzl3dNGflo+fUz5N/36fHqIxqxeFj1Z9ulP3XO0elerb12jbPW+uvc4Uu4jYir5Scq571fXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W2fRtQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKwAAAD//2ASIEg=") openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x7ff80000000, 0x50d4c0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000340)={0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0], &(0x7f0000000280), 0x2, r3}) ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r3], &(0x7f0000000280), &(0x7f0000000300)=[r4], &(0x7f0000000340)}) write$cgroup_type(r0, &(0x7f0000000200), 0xf642e7e) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b) creat(&(0x7f0000000380)='./file0\x00', 0x180) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000400)={[], [{@func={'func', 0x3d, 'PATH_CHECK'}}, {@appraise_type}, {@uid_gt}]}, 0x1, 0x792, &(0x7f0000001a40)="$eJzs3ctrXFUYAPDvTl5NWk0EQesqINhA6cTU2Cq4qLgQwUJB17ZhMg01k0zJTEoTAraI4EZQcSHopmsfdefWx1b/CxdSKZoWKy4kciczybSZSSdpZiaQ3w9O5pz7yDnfnPs4d+5lJoADazT9k4k4GhEfJxHD1elJRPRVcr0RZ9aXu7e6kktTEmtrb/2ZVJa5u7qSi7p1Uoerhacj4qcPIo5nttZbWlqenSoU8gvV8nh57vJ4aWn5xKW5qZn8TH7+1MTk5MnTL54+tXex/v3r8pE/Pnn92Ldn/n3/qZsf/ZzEmThSnVcfx14ZjdHqe9KXvoX3eW2vK+uypNsNYFfSXbNnfS+PozEcPZVcE4Ob2YnljjQPAGiD9yJiDQA4YBLnfwA4YGqfA9xdXcnVUnc/keis269GxKH1+Gv3N9fn9Fbv2R2q3Acdupvcd2ckiYiRPah/NCK+/P6dr9MU1X5wLw3ohGvXI+LCyOjW43+y5ZmFnXp+u5lrA5WX0QcmH7TzD3TTD+n456VG47/MxvgnGox/Bhrsu7vx8P0/c2sPqmkqHf+9Uvds2726+KtGeqqlxypjvr7k4qVCPj22PR4RY9E3kJYnKos2HrmN3fnvTrP668d/f3367ldp/enr5hKZW70D968zPVWeetS4a25fj3imt1H8yUb/J03Gv+darOONlz/8otm8NP403lraGn97rd2IeK5h/2/2ZbLt84njlc1hvLZRNPDdb58PNat/9Fj/Rv+nKa2/di3QCWn/D20f/0hS/7xmaed1/HJj+Mdm8+q3/8bxN97++5O3K/n+6rSrU+XywkREf/Lm1uknN9etlWvLp/GPPdt4/1+vtvH2n14TXmgx/t7e+Gb38bdXGv/0jvp/55mb92Z7mtXfWv9PVnJj1SmtHP9abeCjvHcAAAAAAAAAAAAAAAAAAAAAAAAA0KpMRByJJJPdyGcy2ez6b3g/GUOZQrFUPn6xuDg/HZXfyh6Jvkztqy6H674PdaL6ffi18skHyi9ExBMR8dnAYKWczRUL090OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqDjf5/f/U7wPdbh0A0DaHut0AAKDjnP8B4ODZ2fl/sG3tAAA6x/U/ABw8LZ//L7S3HQBA57j+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM3OnT2bprV/VldyaXn6ytLibPHKiel8aTY7t5jL5ooLl7MzxeJMIZ/NFeea/qNr6y+FYvHyZMwvXh0v50vl8dLS8vm54uJ8+fyluamZ/Pl8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDWlZaWZ6cKhfyCzLaZwf3RjH2T6Y190QyZh2QyEbG71euPEoPdO0ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HP/BwAA///F9Cf0") openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r6, &(0x7f0000004200)='t', 0x1) r7 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r8, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r7, &(0x7f00000003c0)="ff581b0e5327cd91cf358ac6539d4087a44ed657474862a9", 0x18}]) r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r9, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r10 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r10, 0x2007ffb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r10, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) [ 82.192554][ T5096] Bluetooth: hci0: command tx timeout [ 82.630339][ T5111] loop0: detected capacity change from 0 to 32768 [ 82.642619][ T5111] ======================================================= [ 82.642619][ T5111] WARNING: The mand mount option has been deprecated and [ 82.642619][ T5111] and is ignored by this kernel. Remove the mand [ 82.642619][ T5111] option from the mount to silence this warning. [ 82.642619][ T5111] ======================================================= [ 82.765248][ T5111] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 83.434899][ T5112] ================================================================== [ 83.437533][ T5112] BUG: KASAN: slab-use-after-free in ocfs2_fault+0xe9/0x3d0 [ 83.440483][ T5112] Read of size 8 at addr ffff88801aad6a30 by task syz.0.0/5112 [ 83.444440][ T5112] [ 83.445555][ T5112] CPU: 0 UID: 0 PID: 5112 Comm: syz.0.0 Not tainted 6.12.0-rc3-syzkaller-00007-g6485cf5ea253 #0 [ 83.449295][ T5112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.452901][ T5112] Call Trace: [ 83.454057][ T5112] [ 83.455080][ T5112] dump_stack_lvl+0x241/0x360 [ 83.456739][ T5112] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.458690][ T5112] ? __pfx__printk+0x10/0x10 [ 83.461215][ T5112] ? _printk+0xd5/0x120 [ 83.463808][ T5112] ? __virt_addr_valid+0x183/0x530 [ 83.466172][ T5112] ? __virt_addr_valid+0x183/0x530 [ 83.468005][ T5112] print_report+0x169/0x550 [ 83.469675][ T5112] ? __virt_addr_valid+0x183/0x530 [ 83.471507][ T5112] ? __virt_addr_valid+0x183/0x530 [ 83.473406][ T5112] ? __virt_addr_valid+0x45f/0x530 [ 83.475148][ T5112] ? __phys_addr+0xba/0x170 [ 83.476612][ T5112] ? ocfs2_fault+0xe9/0x3d0 [ 83.478235][ T5112] kasan_report+0x143/0x180 [ 83.479855][ T5112] ? ocfs2_fault+0xe9/0x3d0 [ 83.481940][ T5112] ocfs2_fault+0xe9/0x3d0 [ 83.484023][ T5112] ? handle_pte_fault+0x334/0x6800 [ 83.486226][ T5112] ? __pfx_ocfs2_fault+0x10/0x10 [ 83.488154][ T5112] ? pte_offset_map_nolock+0x137/0x1f0 [ 83.490315][ T5112] __do_fault+0x135/0x460 [ 83.491990][ T5112] handle_pte_fault+0x2d1c/0x6800 [ 83.494216][ T5112] ? mark_lock+0x9a/0x360 [ 83.495909][ T5112] ? __lock_acquire+0x1384/0x2050 [ 83.498289][ T5112] ? mark_lock+0x9a/0x360 [ 83.500437][ T5112] ? __pfx_handle_pte_fault+0x10/0x10 [ 83.503197][ T5112] ? __lock_acquire+0x1384/0x2050 [ 83.505142][ T5112] ? __pfx_lock_acquire+0x10/0x10 [ 83.506828][ T5112] ? count_memcg_event_mm+0x94/0x420 [ 83.508744][ T5112] ? do_raw_spin_lock+0x14f/0x370 [ 83.510609][ T5112] handle_mm_fault+0x1106/0x1bb0 [ 83.512353][ T5112] ? __pfx_handle_mm_fault+0x10/0x10 [ 83.514176][ T5112] ? follow_page_pte+0x9cc/0x2010 [ 83.516009][ T5112] ? __pfx_find_vma+0x10/0x10 [ 83.517940][ T5112] ? vma_is_secretmem+0xd/0x50 [ 83.519990][ T5112] ? check_vma_flags+0x4fa/0x5a0 [ 83.521726][ T5112] __get_user_pages+0x1b16/0x48d0 [ 83.523954][ T5112] ? __pfx_lock_release+0x10/0x10 [ 83.526112][ T5112] ? __pfx___get_user_pages+0x10/0x10 [ 83.528191][ T5112] ? __pfx_mt_find+0x10/0x10 [ 83.530064][ T5112] populate_vma_page_range+0x264/0x330 [ 83.532228][ T5112] ? __pfx_populate_vma_page_range+0x10/0x10 [ 83.534566][ T5112] ? userfaultfd_unmap_complete+0x30c/0x360 [ 83.536970][ T5112] ? do_mmap+0x958/0x1000 [ 83.538935][ T5112] __mm_populate+0x27a/0x460 [ 83.541456][ T5112] ? __pfx___mm_populate+0x10/0x10 [ 83.544296][ T5112] vm_mmap_pgoff+0x2c3/0x3d0 [ 83.546287][ T5112] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 83.548478][ T5112] ? __fget_files+0x29/0x470 [ 83.550379][ T5112] ? __fget_files+0x3f3/0x470 [ 83.552238][ T5112] ? __fget_files+0x29/0x470 [ 83.553961][ T5112] ksys_mmap_pgoff+0x4eb/0x720 [ 83.555878][ T5112] ? __x64_sys_mmap+0x7f/0x140 [ 83.558003][ T5112] do_syscall_64+0xf3/0x230 [ 83.559784][ T5112] ? clear_bhb_loop+0x35/0x90 [ 83.561611][ T5112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.563908][ T5112] RIP: 0033:0x7fd28137dff9 [ 83.565633][ T5112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.572693][ T5112] RSP: 002b:00007fd28219d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 83.575469][ T5112] RAX: ffffffffffffffda RBX: 00007fd281536058 RCX: 00007fd28137dff9 [ 83.578179][ T5112] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 [ 83.580797][ T5112] RBP: 00007fd2813f0296 R08: 000000000000000d R09: 0000000000000000 [ 83.583479][ T5112] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 83.586096][ T5112] R13: 0000000000000000 R14: 00007fd281536058 R15: 00007ffd7252bcc8 [ 83.589143][ T5112] [ 83.590385][ T5112] [ 83.591339][ T5112] Allocated by task 5112: [ 83.593014][ T5112] kasan_save_track+0x3f/0x80 [ 83.594651][ T5112] __kasan_slab_alloc+0x66/0x80 [ 83.596366][ T5112] kmem_cache_alloc_noprof+0x135/0x2a0 [ 83.598450][ T5112] vm_area_alloc+0x24/0x1d0 [ 83.600188][ T5112] mmap_region+0x1132/0x2990 [ 83.601915][ T5112] do_mmap+0x8f0/0x1000 [ 83.603438][ T5112] vm_mmap_pgoff+0x1dd/0x3d0 [ 83.605117][ T5112] ksys_mmap_pgoff+0x4eb/0x720 [ 83.607095][ T5112] do_syscall_64+0xf3/0x230 [ 83.608891][ T5112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.611213][ T5112] [ 83.612155][ T5112] Freed by task 5112: [ 83.613690][ T5112] kasan_save_track+0x3f/0x80 [ 83.615540][ T5112] kasan_save_free_info+0x40/0x50 [ 83.617502][ T5112] __kasan_slab_free+0x59/0x70 [ 83.619307][ T5112] kmem_cache_free+0x1a2/0x420 [ 83.621106][ T5112] rcu_core+0xaaa/0x17a0 [ 83.622629][ T5112] handle_softirqs+0x2c5/0x980 [ 83.624375][ T5112] __irq_exit_rcu+0xf4/0x1c0 [ 83.626127][ T5112] irq_exit_rcu+0x9/0x30 [ 83.627964][ T5112] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 83.630213][ T5112] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 83.632677][ T5112] [ 83.634123][ T5112] Last potentially related work creation: [ 83.637184][ T5112] kasan_save_stack+0x3f/0x60 [ 83.639142][ T5112] __kasan_record_aux_stack+0xac/0xc0 [ 83.641514][ T5112] call_rcu+0x167/0xa70 [ 83.642895][ T5112] vms_complete_munmap_vmas+0x665/0x910 [ 83.644707][ T5112] mmap_region+0x10a4/0x2990 [ 83.646436][ T5112] do_mmap+0x8f0/0x1000 [ 83.647971][ T5112] vm_mmap_pgoff+0x1dd/0x3d0 [ 83.650011][ T5112] ksys_mmap_pgoff+0x4eb/0x720 [ 83.652641][ T5112] do_syscall_64+0xf3/0x230 [ 83.654978][ T5112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.657381][ T5112] [ 83.658238][ T5112] The buggy address belongs to the object at ffff88801aad69b0 [ 83.658238][ T5112] which belongs to the cache vm_area_struct of size 184 [ 83.662977][ T5112] The buggy address is located 128 bytes inside of [ 83.662977][ T5112] freed 184-byte region [ffff88801aad69b0, ffff88801aad6a68) [ 83.668841][ T5112] [ 83.670303][ T5112] The buggy address belongs to the physical page: [ 83.673620][ T5112] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1aad6 [ 83.677447][ T5112] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 83.680350][ T5112] page_type: f5(slab) [ 83.681948][ T5112] raw: 00fff00000000000 ffff888030406b40 ffffea0000485d40 dead000000000002 [ 83.685871][ T5112] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 83.690316][ T5112] page dumped because: kasan: bad access detected [ 83.693340][ T5112] page_owner tracks the page as allocated [ 83.695750][ T5112] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4918, tgid 4918 (cmp), ts 49269666733, free_ts 49264941270 [ 83.703099][ T5112] post_alloc_hook+0x1f3/0x230 [ 83.704982][ T5112] get_page_from_freelist+0x3045/0x3190 [ 83.707056][ T5112] __alloc_pages_noprof+0x292/0x710 [ 83.708868][ T5112] alloc_pages_mpol_noprof+0x3e8/0x680 [ 83.710891][ T5112] alloc_slab_page+0x6a/0x120 [ 83.712948][ T5112] allocate_slab+0x5a/0x2f0 [ 83.714972][ T5112] ___slab_alloc+0xcd1/0x14b0 [ 83.717178][ T5112] __slab_alloc+0x58/0xa0 [ 83.719022][ T5112] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 83.721196][ T5112] vm_area_alloc+0x24/0x1d0 [ 83.722919][ T5112] mmap_region+0x1132/0x2990 [ 83.724652][ T5112] do_mmap+0x8f0/0x1000 [ 83.726325][ T5112] vm_mmap_pgoff+0x1dd/0x3d0 [ 83.728186][ T5112] elf_load+0x25d/0x6f0 [ 83.730290][ T5112] load_elf_binary+0x1024/0x2710 [ 83.733489][ T5112] bprm_execve+0xaf8/0x1770 [ 83.735975][ T5112] page last free pid 4917 tgid 4917 stack trace: [ 83.739194][ T5112] free_unref_folios+0xf12/0x18d0 [ 83.741112][ T5112] folios_put_refs+0x76c/0x860 [ 83.742971][ T5112] free_pages_and_swap_cache+0x5c8/0x690 [ 83.745005][ T5112] tlb_flush_mmu+0x3a3/0x680 [ 83.746566][ T5112] tlb_finish_mmu+0xd4/0x200 [ 83.748277][ T5112] exit_mmap+0x496/0xc40 [ 83.749799][ T5112] __mmput+0x115/0x390 [ 83.751295][ T5112] exit_mm+0x220/0x310 [ 83.752779][ T5112] do_exit+0x9b2/0x28e0 [ 83.754337][ T5112] do_group_exit+0x207/0x2c0 [ 83.756097][ T5112] __x64_sys_exit_group+0x3f/0x40 [ 83.758279][ T5112] x64_sys_call+0x2634/0x2640 [ 83.760193][ T5112] do_syscall_64+0xf3/0x230 [ 83.761952][ T5112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.764316][ T5112] [ 83.765262][ T5112] Memory state around the buggy address: [ 83.767340][ T5112] ffff88801aad6900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 83.770237][ T5112] ffff88801aad6980: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb [ 83.773518][ T5112] >ffff88801aad6a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 83.777306][ T5112] ^ [ 83.779359][ T5112] ffff88801aad6a80: fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb [ 83.781885][ T5112] ffff88801aad6b00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 83.784557][ T5112] ================================================================== [ 84.192989][ T5112] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 84.195817][ T5112] CPU: 0 UID: 0 PID: 5112 Comm: syz.0.0 Not tainted 6.12.0-rc3-syzkaller-00007-g6485cf5ea253 #0 [ 84.200395][ T5112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.204952][ T5112] Call Trace: [ 84.206205][ T5112] [ 84.207335][ T5112] dump_stack_lvl+0x241/0x360 [ 84.209070][ T5112] ? __pfx_dump_stack_lvl+0x10/0x10 [ 84.210996][ T5112] ? __pfx__printk+0x10/0x10 [ 84.213005][ T5112] ? preempt_schedule+0xe1/0xf0 [ 84.216015][ T5112] ? vscnprintf+0x5d/0x90 [ 84.218440][ T5112] panic+0x349/0x880 [ 84.220138][ T5112] ? check_panic_on_warn+0x21/0xb0 [ 84.222060][ T5112] ? __pfx_panic+0x10/0x10 [ 84.223837][ T5112] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 84.226076][ T5112] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 84.228386][ T5112] ? print_report+0x502/0x550 [ 84.230133][ T5112] check_panic_on_warn+0x86/0xb0 [ 84.232192][ T5112] ? ocfs2_fault+0xe9/0x3d0 [ 84.234391][ T5112] end_report+0x77/0x160 [ 84.236420][ T5112] kasan_report+0x154/0x180 [ 84.238384][ T5112] ? ocfs2_fault+0xe9/0x3d0 [ 84.240279][ T5112] ocfs2_fault+0xe9/0x3d0 [ 84.241988][ T5112] ? handle_pte_fault+0x334/0x6800 [ 84.244077][ T5112] ? __pfx_ocfs2_fault+0x10/0x10 [ 84.245889][ T5112] ? pte_offset_map_nolock+0x137/0x1f0 [ 84.248086][ T5112] __do_fault+0x135/0x460 [ 84.249791][ T5112] handle_pte_fault+0x2d1c/0x6800 [ 84.251748][ T5112] ? mark_lock+0x9a/0x360 [ 84.253713][ T5112] ? __lock_acquire+0x1384/0x2050 [ 84.256295][ T5112] ? mark_lock+0x9a/0x360 [ 84.258298][ T5112] ? __pfx_handle_pte_fault+0x10/0x10 [ 84.260497][ T5112] ? __lock_acquire+0x1384/0x2050 [ 84.262657][ T5112] ? __pfx_lock_acquire+0x10/0x10 [ 84.264380][ T5112] ? count_memcg_event_mm+0x94/0x420 [ 84.266167][ T5112] ? do_raw_spin_lock+0x14f/0x370 [ 84.267912][ T5112] handle_mm_fault+0x1106/0x1bb0 [ 84.269559][ T5112] ? __pfx_handle_mm_fault+0x10/0x10 [ 84.271318][ T5112] ? follow_page_pte+0x9cc/0x2010 [ 84.273321][ T5112] ? __pfx_find_vma+0x10/0x10 [ 84.275341][ T5112] ? vma_is_secretmem+0xd/0x50 [ 84.277269][ T5112] ? check_vma_flags+0x4fa/0x5a0 [ 84.279189][ T5112] __get_user_pages+0x1b16/0x48d0 [ 84.280998][ T5112] ? __pfx_lock_release+0x10/0x10 [ 84.282688][ T5112] ? __pfx___get_user_pages+0x10/0x10 [ 84.284754][ T5112] ? __pfx_mt_find+0x10/0x10 [ 84.286596][ T5112] populate_vma_page_range+0x264/0x330 [ 84.288756][ T5112] ? __pfx_populate_vma_page_range+0x10/0x10 [ 84.291330][ T5112] ? userfaultfd_unmap_complete+0x30c/0x360 [ 84.294242][ T5112] ? do_mmap+0x958/0x1000 [ 84.296479][ T5112] __mm_populate+0x27a/0x460 [ 84.298493][ T5112] ? __pfx___mm_populate+0x10/0x10 [ 84.300553][ T5112] vm_mmap_pgoff+0x2c3/0x3d0 [ 84.302398][ T5112] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 84.304315][ T5112] ? __fget_files+0x29/0x470 [ 84.306082][ T5112] ? __fget_files+0x3f3/0x470 [ 84.307740][ T5112] ? __fget_files+0x29/0x470 [ 84.309476][ T5112] ksys_mmap_pgoff+0x4eb/0x720 [ 84.311999][ T5112] ? __x64_sys_mmap+0x7f/0x140 [ 84.314968][ T5112] do_syscall_64+0xf3/0x230 [ 84.317399][ T5112] ? clear_bhb_loop+0x35/0x90 [ 84.319251][ T5112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.321540][ T5112] RIP: 0033:0x7fd28137dff9 [ 84.323343][ T5112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.331015][ T5112] RSP: 002b:00007fd28219d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 84.335274][ T5112] RAX: ffffffffffffffda RBX: 00007fd281536058 RCX: 00007fd28137dff9 [ 84.338938][ T5112] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 [ 84.342019][ T5112] RBP: 00007fd2813f0296 R08: 000000000000000d R09: 0000000000000000 [ 84.344971][ T5112] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 84.347865][ T5112] R13: 0000000000000000 R14: 00007fd281536058 R15: 00007ffd7252bcc8 [ 84.350770][ T5112] [ 84.352553][ T5112] Kernel Offset: disabled [ 84.355046][ T5112] Rebooting in 86400 seconds..