program: syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000100)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=") openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0xc240, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x792, &(0x7f0000001a40)="$eJzs3ctrXFUYAPDvTl5NWk0EQesqINhA6cTU2Cq4qLgQwUJB17ZhMg01k0zJTEoTAraI4EZQcSHopmsfdefWx1b/CxdSKZoWKy4kciczybSZSSdpZiaQ3w9O5pz7yDnfnPs4d+5lJoADazT9k4k4GhEfJxHD1elJRPRVcr0RZ9aXu7e6kktTEmtrb/2ZVJa5u7qSi7p1Uoerhacj4qcPIo5nttZbWlqenSoU8gvV8nh57vJ4aWn5xKW5qZn8TH7+1MTk5MnTL54+tXex/v3r8pE/Pnn92Ldn/n3/qZsf/ZzEmThSnVcfx14ZjdHqe9KXvoX3eW2vK+uypNsNYFfSXbNnfS+PozEcPZVcE4Ob2YnljjQPAGiD9yJiDQA4YBLnfwA4YGqfA9xdXcnVUnc/keis269GxKH1+Gv3N9fn9Fbv2R2q3Acdupvcd2ckiYiRPah/NCK+/P6dr9MU1X5wLw3ohGvXI+LCyOjW43+y5ZmFnXp+u5lrA5WX0QcmH7TzD3TTD+n456VG47/MxvgnGox/Bhrsu7vx8P0/c2sPqmkqHf+9Uvds2726+KtGeqqlxypjvr7k4qVCPj22PR4RY9E3kJYnKos2HrmN3fnvTrP668d/f3367ldp/enr5hKZW70D968zPVWeetS4a25fj3imt1H8yUb/J03Gv+darOONlz/8otm8NP403lraGn97rd2IeK5h/2/2ZbLt84njlc1hvLZRNPDdb58PNat/9Fj/Rv+nKa2/di3QCWn/D20f/0hS/7xmaed1/HJj+Mdm8+q3/8bxN97++5O3K/n+6rSrU+XywkREf/Lm1uknN9etlWvLp/GPPdt4/1+vtvH2n14TXmgx/t7e+Gb38bdXGv/0jvp/55mb92Z7mtXfWv9PVnJj1SmtHP9abeCjvHcAAAAAAAAAAAAAAAAAAAAAAAAA0KpMRByJJJPdyGcy2ez6b3g/GUOZQrFUPn6xuDg/HZXfyh6Jvkztqy6H674PdaL6ffi18skHyi9ExBMR8dnAYKWczRUL090OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqDjf5/f/U7wPdbh0A0DaHut0AAKDjnP8B4ODZ2fl/sG3tAAA6x/U/ABw8LZ//L7S3HQBA57j+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM3OnT2bprV/VldyaXn6ytLibPHKiel8aTY7t5jL5ooLl7MzxeJMIZ/NFeea/qNr6y+FYvHyZMwvXh0v50vl8dLS8vm54uJ8+fyluamZ/Pl8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDWlZaWZ6cKhfyCzLaZwf3RjH2T6Y190QyZh2QyEbG71euPEoPdO0ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HP/BwAA///F9Cf0") r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, &(0x7f0000000040)=0xfecd) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f0000000300)={0x25, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000400)="9c7d5fb098463d52fd8ce2894716e8a42c6fa2b104c94dab69ff2426c1dfe26cfa514e3c0d089c0634aee2704a579dd629e0a75699becbcdec522930f3", 0x3d}]) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r6 = open(&(0x7f0000000100)='./bus\x00', 0x84102, 0x0) ftruncate(r6, 0x2007ffb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@delchain={0x34, 0x64, 0xf31, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xe}, {0xe, 0xffff}, {0x0, 0x4}}, [@filter_kind_options=@f_flower={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20040810) r9 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) r10 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100), 0x8240, 0x0) mmap(&(0x7f000004c000/0x1000)=nil, 0x1000, 0x1000001, 0x28011, r10, 0x300000) acct(&(0x7f0000000000)='./file1\x00') ioctl$LOOP_SET_STATUS(r9, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x40010001, 0x5, 0x8, 0x0, "9e959f16b6787b08aa26e66c40568a1695284854c382ec6bcfeef4fb0efcc1d8a6078ed98e203fd5f0643902dd8f6fac274de9d940bba5e51e92bbd4ce85450d", "f625c1076e4c36c800def96015e0fb7e904d865c2fdc458ec58d347f41be5a08", [0x4, 0x7]}) acct(0x0) [ 78.685073][ T4538] Bluetooth: hci0: command tx timeout [ 80.237829][ T5115] loop0: detected capacity change from 0 to 32768 [ 80.245830][ T5115] ======================================================= [ 80.245830][ T5115] WARNING: The mand mount option has been deprecated and [ 80.245830][ T5115] and is ignored by this kernel. Remove the mand [ 80.245830][ T5115] option from the mount to silence this warning. [ 80.245830][ T5115] ======================================================= [ 80.343204][ T5115] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 80.394354][ T24] audit: type=1800 audit(1725396141.516:2): pid=5115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 80.547313][ T24] audit: type=1800 audit(1725396141.676:3): pid=5116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=17059 res=0 errno=0 [ 80.727297][ T4538] Bluetooth: hci0: command tx timeout [ 80.765635][ T24] audit: type=1804 audit(1725396141.886:4): pid=5122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.0" name="/newroot/0/file1/file1" dev="loop0" ino=17058 res=1 errno=0 [ 80.794763][ T5116] ================================================================== [ 80.797343][ T5116] BUG: KASAN: slab-use-after-free in ocfs2_fault+0xe9/0x3d0 [ 80.799794][ T5116] Read of size 8 at addr ffff888012015080 by task syz.0.0/5116 [ 80.802511][ T5116] [ 80.803672][ T5116] CPU: 0 UID: 0 PID: 5116 Comm: syz.0.0 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 80.807502][ T5116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.811426][ T5116] Call Trace: [ 80.812662][ T5116] [ 80.813774][ T5116] dump_stack_lvl+0x241/0x360 [ 80.815604][ T5116] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.817427][ T5116] ? __pfx__printk+0x10/0x10 [ 80.819117][ T5116] ? _printk+0xd5/0x120 [ 80.820656][ T5116] ? __virt_addr_valid+0x183/0x530 [ 80.822586][ T5116] ? __virt_addr_valid+0x183/0x530 [ 80.824428][ T5116] print_report+0x169/0x550 [ 80.826252][ T5116] ? __virt_addr_valid+0x183/0x530 [ 80.828201][ T5116] ? __virt_addr_valid+0x183/0x530 [ 80.830043][ T5116] ? __virt_addr_valid+0x45f/0x530 [ 80.831925][ T5116] ? __phys_addr+0xba/0x170 [ 80.833618][ T5116] ? ocfs2_fault+0xe9/0x3d0 [ 80.835416][ T5116] kasan_report+0x143/0x180 [ 80.837092][ T5116] ? ocfs2_fault+0xe9/0x3d0 [ 80.838770][ T5116] ocfs2_fault+0xe9/0x3d0 [ 80.840412][ T5116] ? handle_pte_fault+0x331/0x6fc0 [ 80.842268][ T5116] ? __pfx_ocfs2_fault+0x10/0x10 [ 80.844106][ T5116] ? pte_offset_map_nolock+0x137/0x1f0 [ 80.845854][ T5116] ? __lock_acquire+0x137a/0x2040 [ 80.847823][ T5116] __do_fault+0x135/0x460 [ 80.849548][ T5116] handle_pte_fault+0x321f/0x6fc0 [ 80.851280][ T5116] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 80.853529][ T5116] ? __pfx_lock_acquire+0x10/0x10 [ 80.855499][ T5116] ? __pfx_handle_pte_fault+0x10/0x10 [ 80.857495][ T5116] ? do_raw_spin_lock+0x14f/0x370 [ 80.859421][ T5116] ? follow_page_pte+0x29a/0x1ee0 [ 80.861295][ T5116] ? follow_page_pte+0x83f/0x1ee0 [ 80.863161][ T5116] ? __pfx_lock_release+0x10/0x10 [ 80.865033][ T5116] ? do_raw_spin_unlock+0x58/0x8b0 [ 80.867059][ T5116] handle_mm_fault+0x1109/0x1bc0 [ 80.869019][ T5116] ? __pfx_handle_mm_fault+0x10/0x10 [ 80.871099][ T5116] ? __pfx_find_vma+0x10/0x10 [ 80.872788][ T5116] ? vma_is_secretmem+0xd/0x50 [ 80.874691][ T5116] ? check_vma_flags+0x500/0x5a0 [ 80.876667][ T5116] __get_user_pages+0x6ec/0x16a0 [ 80.878561][ T5116] ? __pfx___get_user_pages+0x10/0x10 [ 80.880151][ T5116] populate_vma_page_range+0x264/0x330 [ 80.881954][ T5116] ? __pfx_populate_vma_page_range+0x10/0x10 [ 80.883919][ T5116] ? do_mmap+0x961/0x1010 [ 80.885373][ T5116] __mm_populate+0x27a/0x460 [ 80.886956][ T5116] ? __pfx___mm_populate+0x10/0x10 [ 80.888744][ T5116] vm_mmap_pgoff+0x2c3/0x3d0 [ 80.890356][ T5116] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 80.892097][ T5116] ? __fget_files+0x29/0x470 [ 80.893668][ T5116] ? __fget_files+0x3f6/0x470 [ 80.895361][ T5116] ksys_mmap_pgoff+0x4f1/0x720 [ 80.897042][ T5116] ? __x64_sys_mmap+0x7f/0x140 [ 80.898783][ T5116] do_syscall_64+0xf3/0x230 [ 80.900420][ T5116] ? clear_bhb_loop+0x35/0x90 [ 80.902131][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.904158][ T5116] RIP: 0033:0x7f3a03b7cef9 [ 80.905801][ T5116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.912791][ T5116] RSP: 002b:00007f3a0496f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 80.916146][ T5116] RAX: ffffffffffffffda RBX: 00007f3a03d36058 RCX: 00007f3a03b7cef9 [ 80.919189][ T5116] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 [ 80.922398][ T5116] RBP: 00007f3a03bef01e R08: 000000000000000a R09: 0000000000000000 [ 80.925695][ T5116] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 80.928947][ T5116] R13: 0000000000000000 R14: 00007f3a03d36058 R15: 00007fffb8722f38 [ 80.931984][ T5116] [ 80.933208][ T5116] [ 80.934132][ T5116] Allocated by task 5116: [ 80.935738][ T5116] kasan_save_track+0x3f/0x80 [ 80.937489][ T5116] __kasan_slab_alloc+0x66/0x80 [ 80.939247][ T5116] kmem_cache_alloc_noprof+0x135/0x2a0 [ 80.941385][ T5116] vm_area_alloc+0x24/0x1d0 [ 80.943160][ T5116] mmap_region+0xc3d/0x2090 [ 80.944789][ T5116] do_mmap+0x8f9/0x1010 [ 80.946374][ T5116] vm_mmap_pgoff+0x1dd/0x3d0 [ 80.948147][ T5116] ksys_mmap_pgoff+0x4f1/0x720 [ 80.950012][ T5116] do_syscall_64+0xf3/0x230 [ 80.951785][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.954126][ T5116] [ 80.955088][ T5116] Freed by task 16: [ 80.956586][ T5116] kasan_save_track+0x3f/0x80 [ 80.958408][ T5116] kasan_save_free_info+0x40/0x50 [ 80.960237][ T5116] poison_slab_object+0xe0/0x150 [ 80.961963][ T5116] __kasan_slab_free+0x37/0x60 [ 80.963724][ T5116] kmem_cache_free+0x145/0x350 [ 80.965428][ T5116] rcu_core+0xafd/0x1830 [ 80.967037][ T5116] handle_softirqs+0x2c4/0x970 [ 80.968702][ T5116] run_ksoftirqd+0xca/0x130 [ 80.970333][ T5116] smpboot_thread_fn+0x544/0xa30 [ 80.972016][ T5116] kthread+0x2f0/0x390 [ 80.973600][ T5116] ret_from_fork+0x4b/0x80 [ 80.975158][ T5116] ret_from_fork_asm+0x1a/0x30 [ 80.976682][ T5116] [ 80.977459][ T5116] Last potentially related work creation: [ 80.979295][ T5116] kasan_save_stack+0x3f/0x60 [ 80.980957][ T5116] __kasan_record_aux_stack+0xac/0xc0 [ 80.982760][ T5116] call_rcu+0x167/0xa70 [ 80.984095][ T5116] do_vmi_align_munmap+0x155c/0x18c0 [ 80.985847][ T5116] do_vmi_munmap+0x261/0x2f0 [ 80.987413][ T5116] mmap_region+0x72f/0x2090 [ 80.989062][ T5116] do_mmap+0x8f9/0x1010 [ 80.990548][ T5116] vm_mmap_pgoff+0x1dd/0x3d0 [ 80.992071][ T5116] ksys_mmap_pgoff+0x4f1/0x720 [ 80.993795][ T5116] do_syscall_64+0xf3/0x230 [ 80.995268][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.997364][ T5116] [ 80.998184][ T5116] The buggy address belongs to the object at ffff888012015000 [ 80.998184][ T5116] which belongs to the cache vm_area_struct of size 184 [ 81.003284][ T5116] The buggy address is located 128 bytes inside of [ 81.003284][ T5116] freed 184-byte region [ffff888012015000, ffff8880120150b8) [ 81.008373][ T5116] [ 81.009308][ T5116] The buggy address belongs to the physical page: [ 81.011386][ T5116] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12015 [ 81.014400][ T5116] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 81.016977][ T5116] page_type: 0xfdffffff(slab) [ 81.018763][ T5116] raw: 00fff00000000000 ffff88801be90b40 dead000000000100 dead000000000122 [ 81.021699][ T5116] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 81.024727][ T5116] page dumped because: kasan: bad access detected [ 81.027124][ T5116] page_owner tracks the page as allocated [ 81.028937][ T5116] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4814, tgid 4814 (dhcpcd), ts 49914646081, free_ts 49681178375 [ 81.035722][ T5116] post_alloc_hook+0x1f3/0x230 [ 81.037557][ T5116] get_page_from_freelist+0x2e4c/0x2f10 [ 81.039823][ T5116] __alloc_pages_noprof+0x256/0x6c0 [ 81.041821][ T5116] alloc_slab_page+0x5f/0x120 [ 81.043555][ T5116] allocate_slab+0x5a/0x2f0 [ 81.045215][ T5116] ___slab_alloc+0xcd1/0x14b0 [ 81.046960][ T5116] __slab_alloc+0x58/0xa0 [ 81.048516][ T5116] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 81.050489][ T5116] vm_area_dup+0x27/0x290 [ 81.051963][ T5116] copy_mm+0xc7b/0x1f30 [ 81.053301][ T5116] copy_process+0x187a/0x3dc0 [ 81.054779][ T5116] kernel_clone+0x226/0x8f0 [ 81.056226][ T5116] __x64_sys_clone+0x258/0x2a0 [ 81.057971][ T5116] do_syscall_64+0xf3/0x230 [ 81.059789][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.062131][ T5116] page last free pid 4895 tgid 4895 stack trace: [ 81.064561][ T5116] free_unref_folios+0x103a/0x1b00 [ 81.066484][ T5116] folios_put_refs+0x76e/0x860 [ 81.068304][ T5116] free_pages_and_swap_cache+0x5c8/0x690 [ 81.070464][ T5116] tlb_flush_mmu+0x3a3/0x680 [ 81.072277][ T5116] tlb_finish_mmu+0xd4/0x200 [ 81.074085][ T5116] exit_mmap+0x44f/0xc80 [ 81.075764][ T5116] __mmput+0x115/0x390 [ 81.077343][ T5116] exit_mm+0x220/0x310 [ 81.078925][ T5116] do_exit+0x9b2/0x27f0 [ 81.080703][ T5116] do_group_exit+0x207/0x2c0 [ 81.082580][ T5116] __x64_sys_exit_group+0x3f/0x40 [ 81.084410][ T5116] x64_sys_call+0x2634/0x2640 [ 81.086243][ T5116] do_syscall_64+0xf3/0x230 [ 81.088007][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.090159][ T5116] [ 81.091026][ T5116] Memory state around the buggy address: [ 81.093050][ T5116] ffff888012014f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.095915][ T5116] ffff888012015000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.098665][ T5116] >ffff888012015080: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa [ 81.101191][ T5116] ^ [ 81.102519][ T5116] ffff888012015100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.105090][ T5116] ffff888012015180: fb fb fb fb fb fb fc fc fc fc fc fc fc fc 00 00 [ 81.107838][ T5116] ================================================================== [ 81.235263][ T5123] Process accounting resumed [ 81.254147][ T5122] loop0: detected capacity change from 32768 to 0 [ 81.498304][ T5116] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 81.501190][ T5116] CPU: 0 UID: 0 PID: 5116 Comm: syz.0.0 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 81.505058][ T5116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.509954][ T5116] Call Trace: [ 81.511509][ T5116] [ 81.512855][ T5116] dump_stack_lvl+0x241/0x360 [ 81.514812][ T5116] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.516740][ T5116] ? __pfx__printk+0x10/0x10 [ 81.518527][ T5116] ? preempt_schedule+0xe1/0xf0 [ 81.520424][ T5116] ? vscnprintf+0x5d/0x90 [ 81.522107][ T5116] panic+0x349/0x860 [ 81.523624][ T5116] ? check_panic_on_warn+0x21/0xb0 [ 81.525585][ T5116] ? __pfx_panic+0x10/0x10 [ 81.527320][ T5116] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 81.529500][ T5116] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 81.531811][ T5116] ? print_report+0x502/0x550 [ 81.533548][ T5116] check_panic_on_warn+0x86/0xb0 [ 81.535382][ T5116] ? ocfs2_fault+0xe9/0x3d0 [ 81.537074][ T5116] end_report+0x77/0x160 [ 81.538668][ T5116] kasan_report+0x154/0x180 [ 81.540437][ T5116] ? ocfs2_fault+0xe9/0x3d0 [ 81.542162][ T5116] ocfs2_fault+0xe9/0x3d0 [ 81.543838][ T5116] ? handle_pte_fault+0x331/0x6fc0 [ 81.545802][ T5116] ? __pfx_ocfs2_fault+0x10/0x10 [ 81.547806][ T5116] ? pte_offset_map_nolock+0x137/0x1f0 [ 81.549918][ T5116] ? __lock_acquire+0x137a/0x2040 [ 81.551870][ T5116] __do_fault+0x135/0x460 [ 81.553414][ T5116] handle_pte_fault+0x321f/0x6fc0 [ 81.555231][ T5116] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 81.557049][ T5116] ? __pfx_lock_acquire+0x10/0x10 [ 81.558829][ T5116] ? __pfx_handle_pte_fault+0x10/0x10 [ 81.560771][ T5116] ? do_raw_spin_lock+0x14f/0x370 [ 81.562581][ T5116] ? follow_page_pte+0x29a/0x1ee0 [ 81.564387][ T5116] ? follow_page_pte+0x83f/0x1ee0 [ 81.566345][ T5116] ? __pfx_lock_release+0x10/0x10 [ 81.568288][ T5116] ? do_raw_spin_unlock+0x58/0x8b0 [ 81.570128][ T5116] handle_mm_fault+0x1109/0x1bc0 [ 81.572109][ T5116] ? __pfx_handle_mm_fault+0x10/0x10 [ 81.574116][ T5116] ? __pfx_find_vma+0x10/0x10 [ 81.575940][ T5116] ? vma_is_secretmem+0xd/0x50 [ 81.577700][ T5116] ? check_vma_flags+0x500/0x5a0 [ 81.579618][ T5116] __get_user_pages+0x6ec/0x16a0 [ 81.581108][ T5116] ? __pfx___get_user_pages+0x10/0x10 [ 81.582979][ T5116] populate_vma_page_range+0x264/0x330 [ 81.585057][ T5116] ? __pfx_populate_vma_page_range+0x10/0x10 [ 81.587346][ T5116] ? do_mmap+0x961/0x1010 [ 81.588962][ T5116] __mm_populate+0x27a/0x460 [ 81.590705][ T5116] ? __pfx___mm_populate+0x10/0x10 [ 81.592644][ T5116] vm_mmap_pgoff+0x2c3/0x3d0 [ 81.594414][ T5116] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 81.596356][ T5116] ? __fget_files+0x29/0x470 [ 81.598047][ T5116] ? __fget_files+0x3f6/0x470 [ 81.599862][ T5116] ksys_mmap_pgoff+0x4f1/0x720 [ 81.601706][ T5116] ? __x64_sys_mmap+0x7f/0x140 [ 81.603563][ T5116] do_syscall_64+0xf3/0x230 [ 81.605302][ T5116] ? clear_bhb_loop+0x35/0x90 [ 81.607138][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.609338][ T5116] RIP: 0033:0x7f3a03b7cef9 [ 81.611003][ T5116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.618028][ T5116] RSP: 002b:00007f3a0496f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 81.620761][ T5116] RAX: ffffffffffffffda RBX: 00007f3a03d36058 RCX: 00007f3a03b7cef9 [ 81.623468][ T5116] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 [ 81.626054][ T5116] RBP: 00007f3a03bef01e R08: 000000000000000a R09: 0000000000000000 [ 81.628859][ T5116] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 81.631619][ T5116] R13: 0000000000000000 R14: 00007f3a03d36058 R15: 00007fffb8722f38 [ 81.634154][ T5116] [ 81.635400][ T5116] Kernel Offset: disabled [ 81.636780][ T5116] Rebooting in 86400 seconds..