program:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r1, 0xc048ae65, 0x0)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000400)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c0050890e1d2cc1bbbdf08d08fe06ff2766758d8955927fab01a7ccdecfc59b2041a9461723f1db971e775e0e358c03b00c510998283ed6f1dba0502d352e58b65a28492b0a7053e14eccd84ac5b3452602d77c0ca0"], 0x1, 0x4436, &(0x7f0000004480)="$eJzs3c9PHG0dAPDvLLy+UN9WqD3UxMRNbKJRQ6AnlSZSSkuhxZpqG+Nlu8C2RRe2gcV46AFvTTyZeDAeGk28cWo4eK1/gheP9dxED15MmjRidncWmGE3rIQFWz+fA8M8v9nvzLPPkMxMIVV/urJRXNkolteKtaXHG1eLP69VN1crUTglHfv/5PT6pzf9OE7O+tj7f3bvxq0fPrwa8eflv77d3d3djYbB6GjiwO//+ufzpYPbtkKuTqPdzq2dlJ9ExKVD42oYiIgf/ykiiYjradp0uh2OiPPRynv4/FePiic0mldvKtdK7xde7Exemd9+udP9b08iflf90reerP79qwOTf/vGCXUPAAAAAAAAAAAAAAAAAMAHbvb+vQc/GJ+I10kMbieH79edTbf5+3rbdk/MV/r/xwIAAAAAAAAAAAAAAAAAAMD/qP37/4vJxQ73/8+k26ku9Xe/1/8x0j9z3783c3N8In3/e3Io/9tp0j+uD8Roh/e+59//fj1Xv/P73w/3c1zt8bX7HYmkMJbZLxTGxiL+kL74/XJyrlCtbdS/+bi2ubZ8YsP4YGXj33rKRxKD+wXSB3/0Gv/pXPv9f///Fw8dTY39Ryd3iH3UsvEf6Fruj79Meor/jVy904g/x5eNf+u8Hz5YYKo1ATTi/+vBo+M/k2u/X/G/EBHFpDHWYmYGaKxhGund1itkZeP/STMtM3WmH2S38/9dLv43c+2f1fy/lf8ioqNs/D/XTBvKlNg//0cLR5//t3Ltn0X8G+Pf8v3fk2z8P20lDmaKND/JXuf/2Vz7/Yr/g0I6zgtJ5gjYTlrpxX50+hHKxn/oUP7+9V/hqPVf88vjdq7+aV3/tfttX/+1p/+vJ63rPzrLxn+4a7lez/+5XL1+z/9TzfUfx5WN/7lmWnbtPNL82Wv853Pt9yv+zVXJUBr/d+kjRCPi35+20n9v/deTbPw/30rMPOx1q/mzuf5Ljl7/38m1fxbrv8b4t7o9sJaMbPw/61quEf+/9PD/n7u5ev2Pf8S4tf6xZeN/vnOhxmVh4/wfOjr+C7mq/Y7/1/rZOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAHYDrdjkRSGMvsFwpjYxE30v3LcS5ZLC+XFqu1pZ9tRMyk6cW4mDyp1hbL1dLKWm25UipXq7WliJtp/qUYSjaqtXpptfzs1l5bw8nTSnm9vlgp1yNiNk3/cpxvt7W4Ul8tP4uI23t5XyjU1p89La+VllfWvzs+Pj4ec3tjGE0qv6hX1uqt3lu5EfN7dUeSA4NrZt/ZG8tnyU9rm+tr5Woz/e6BOtXaUrl6oM5CmvebGE3q65trS+V6pVStPWn3d5am0u3M3P0f3b87cSj/UdLaTp/usAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4L72e/M5vI2KwtVeIiKn2L0mn8q/eVK6V3i+82Jm8Mr/9cudtt3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9hBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCrt0jBMhFIQBeHgUaucxrAh0thiN0UKMiSeQY3gYPQqX8A4WW2y7xWazu1AsgYSG7vuaSd7kzUzxAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwzPNH8/leVhFZXO+vIro2v+i/9vXnYfp/vv6JrOjlrXl8Kqvo2r//YwjG7vunTZ1O3d32+ysm6uB3lJPz3LFhz83sXXN5m7tv2HsbWSoiou77d1lKRbFsFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwYAcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoq+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH4FAAD//0guJJI=")
r2 = open(&(0x7f00000000c0)='./bus\x00', 0x68042, 0x62)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
write$dsp(r2, &(0x7f0000000100)='n', 0x1)
sendfile(r2, r3, 0x0, 0x1000000201005)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x1a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4006, &(0x7f00000001c0)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+tj7O+jg6ZHi9g09WKh2urrsO1KWTvi42hE0p1bpp9Ff7/0CUYvXkDcSrn3a1ccC2qlQqlQfaH16qAP9jSXS7BUB3FF/02fy32HZo6HFXuPFSbQKUxX0r32pH+iLNy/Q3zW87aTgiziz981W2xfbchwAAaPB9Nv55ttX4L436+0L35msogxFxX0QcjIhTEXEoIu6PqJZ9MCIe2mT9zYska8c/6fUtBbZB2fjvxXxtq3H8V4z+YrCU5w5U4+9Pzs6WZ47n78lI9O/O8uPr1PHDK7990e5Y/fgv27L6i7Fg3o7rfbsbXzM9uTB5JzHXu/FJxFBfq/iTlZWAJCIOR8TQFuuYffqbo+2O3T7+dXRgnanydcRTtfO/FE3xF5L11yfH7onyzPGx4qpY65dfr77Zrv47ir8DsvO/t+X1vxL/YFK/Xju/+Tqu/vF52znNVq//XcnbDfs+nFxYuDQesSt5vdbo+v0TTeUmVstn8Y8ca93/D8bqO3EkIrKL+OGIeCQiHs3b/lhEPB4Rx9aJ/6eXn3hv6/Fvryz+6U2d/9XErmje0zpROv/jdw2VDm4m/uz8n6ymRvI9G/n820i7tnY1AwAAwH9PGhH7I0lHV9JpOjpa+w3/odiblufmF545O/fBxenaMwKD0Z8Wd7oG6u6HjufT+iI/0ZQ/kd83/rK0p5ofnZorT3c7eOhx+9r0/8yfpW63Dth2nteC3qX/Q+/S/6F36f/Qu1r0/z3daAew81p9/3/chXYAO6+p/1v2gx5i/g+9S/+H3qX/Q0+a3xO3f0heQmJNItK7ohkS25To9icTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//+i45rU=")

[   68.936742][ T5309] Bluetooth: hci0: command tx timeout
[   69.223083][ T5324] loop0: detected capacity change from 0 to 32768
[   69.233730][ T5324] =======================================================
[   69.233730][ T5324] WARNING: The mand mount option has been deprecated and
[   69.233730][ T5324]          and is ignored by this kernel. Remove the mand
[   69.233730][ T5324]          option from the mount to silence this warning.
[   69.233730][ T5324] =======================================================
[   69.303187][ T5324] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   69.317230][ T5324] ==================================================================
[   69.320654][ T5324] BUG: KASAN: slab-use-after-free in ocfs2_claim_suballoc_bits+0x10d3/0x2560
[   69.324706][ T5324] Read of size 4 at addr ffff888042623000 by task syz.0.0/5324
[   69.327920][ T5324] 
[   69.328916][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller #0
[   69.328934][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.328943][ T5324] Call Trace:
[   69.328951][ T5324]  <TASK>
[   69.328957][ T5324]  dump_stack_lvl+0x241/0x360
[   69.328979][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.328992][ T5324]  ? __pfx__printk+0x10/0x10
[   69.329004][ T5324]  ? _printk+0xd5/0x120
[   69.329015][ T5324]  ? __virt_addr_valid+0x183/0x530
[   69.329028][ T5324]  ? __virt_addr_valid+0x183/0x530
[   69.329036][ T5324]  print_report+0x16e/0x5b0
[   69.329052][ T5324]  ? __virt_addr_valid+0x183/0x530
[   69.329061][ T5324]  ? __virt_addr_valid+0x183/0x530
[   69.329070][ T5324]  ? __virt_addr_valid+0x45f/0x530
[   69.329079][ T5324]  ? __phys_addr+0xba/0x170
[   69.329093][ T5324]  ? ocfs2_claim_suballoc_bits+0x10d3/0x2560
[   69.329111][ T5324]  kasan_report+0x143/0x180
[   69.329123][ T5324]  ? ocfs2_claim_suballoc_bits+0x10d3/0x2560
[   69.329139][ T5324]  ocfs2_claim_suballoc_bits+0x10d3/0x2560
[   69.329154][ T5324]  ? mark_lock+0x9a/0x360
[   69.329169][ T5324]  ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[   69.329189][ T5324]  ? mark_lock+0x9a/0x360
[   69.329204][ T5324]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.329221][ T5324]  ocfs2_claim_new_inode+0x338/0x870
[   69.329238][ T5324]  ? __pfx_ocfs2_claim_new_inode+0x10/0x10
[   69.329253][ T5324]  ? __set_current_blocked+0x310/0x380
[   69.329267][ T5324]  ? __pfx___set_current_blocked+0x10/0x10
[   69.329280][ T5324]  ? rcu_is_watching+0x15/0xb0
[   69.329292][ T5324]  ocfs2_mknod_locked+0x17a/0x3b0
[   69.329309][ T5324]  ? __pfx_sigprocmask+0x10/0x10
[   69.329321][ T5324]  ? __pfx_ocfs2_mknod_locked+0x10/0x10
[   69.329333][ T5324]  ? ocfs2_start_trans+0x4e3/0x700
[   69.329351][ T5324]  ? __pfx_ocfs2_block_signals+0x10/0x10
[   69.329365][ T5324]  ? ocfs2_init_security_get+0x134/0x1a0
[   69.329376][ T5324]  ocfs2_mknod+0x17d4/0x2b30
[   69.329388][ T5324]  ? __pfx_validate_chain+0x10/0x10
[   69.329403][ T5324]  ? __pfx_ocfs2_mknod+0x10/0x10
[   69.329420][ T5324]  ? __lock_acquire+0x1397/0x2100
[   69.329440][ T5324]  ? __pfx_lock_acquire+0x10/0x10
[   69.329454][ T5324]  ? ocfs2_inode_unlock+0xa7/0x150
[   69.329468][ T5324]  ? __pfx_lock_release+0x10/0x10
[   69.329481][ T5324]  ? do_raw_spin_lock+0x14f/0x370
[   69.329494][ T5324]  ? do_raw_spin_unlock+0x58/0x8b0
[   69.329508][ T5324]  ? _raw_spin_unlock+0x28/0x50
[   69.329583][ T5324]  ? rcu_is_watching+0x15/0xb0
[   69.329597][ T5324]  ? ocfs2_lookup+0x503/0xa30
[   69.329614][ T5324]  ocfs2_create+0x1ab/0x470
[   69.329629][ T5324]  ? __pfx_ocfs2_create+0x10/0x10
[   69.329645][ T5324]  ? inode_permission+0xff/0x460
[   69.329659][ T5324]  ? __pfx_ocfs2_permission+0x10/0x10
[   69.329680][ T5324]  ? bpf_lsm_inode_create+0x9/0x10
[   69.329696][ T5324]  ? security_inode_create+0xbe/0x340
[   69.329712][ T5324]  ? __pfx_ocfs2_create+0x10/0x10
[   69.329726][ T5324]  path_openat+0x193c/0x3590
[   69.329743][ T5324]  ? __pfx_path_openat+0x10/0x10
[   69.329757][ T5324]  do_filp_open+0x27f/0x4e0
[   69.329767][ T5324]  ? __pfx_do_filp_open+0x10/0x10
[   69.329777][ T5324]  ? do_raw_spin_lock+0x14f/0x370
[   69.329795][ T5324]  do_sys_openat2+0x13e/0x1d0
[   69.329809][ T5324]  ? __might_fault+0xaa/0x120
[   69.329819][ T5324]  ? __pfx_do_sys_openat2+0x10/0x10
[   69.329832][ T5324]  ? rcu_is_watching+0x15/0xb0
[   69.329844][ T5324]  ? __rseq_handle_notify_resume+0x34d/0x14e0
[   69.329863][ T5324]  __x64_sys_open+0x225/0x270
[   69.329877][ T5324]  ? __pfx___x64_sys_open+0x10/0x10
[   69.329893][ T5324]  ? do_syscall_64+0x100/0x230
[   69.329905][ T5324]  ? do_syscall_64+0xb6/0x230
[   69.329917][ T5324]  do_syscall_64+0xf3/0x230
[   69.329930][ T5324]  ? clear_bhb_loop+0x35/0x90
[   69.329947][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.329964][ T5324] RIP: 0033:0x7fe2f758d169
[   69.329978][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.329987][ T5324] RSP: 002b:00007fe2f8459038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   69.330002][ T5324] RAX: ffffffffffffffda RBX: 00007fe2f77a5fa0 RCX: 00007fe2f758d169
[   69.330012][ T5324] RDX: 0000000000000062 RSI: 0000000000068042 RDI: 00004000000000c0
[   69.330021][ T5324] RBP: 00007fe2f760e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.330028][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.330036][ T5324] R13: 0000000000000000 R14: 00007fe2f77a5fa0 R15: 00007ffd1570abf8
[   69.330048][ T5324]  </TASK>
[   69.330052][ T5324] 
[   69.509303][ T5324] Allocated by task 5292:
[   69.510858][ T5324]  kasan_save_track+0x3f/0x80
[   69.512463][ T5324]  __kasan_slab_alloc+0x66/0x80
[   69.514064][ T5324]  kmem_cache_alloc_noprof+0x1d9/0x380
[   69.516125][ T5324]  alloc_empty_file+0x9e/0x1d0
[   69.518069][ T5324]  path_openat+0x107/0x3590
[   69.519955][ T5324]  do_filp_open+0x27f/0x4e0
[   69.521728][ T5324]  do_open_execat+0x165/0x4f0
[   69.523629][ T5324]  open_exec+0x40/0x60
[   69.525422][ T5324]  load_elf_binary+0x1957/0x2820
[   69.527265][ T5324]  bprm_execve+0x979/0x1430
[   69.529643][ T5324]  do_execveat_common+0x57f/0x710
[   69.531978][ T5324]  __x64_sys_execve+0x92/0xb0
[   69.533871][ T5324]  do_syscall_64+0xf3/0x230
[   69.535559][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.537707][ T5324] 
[   69.538683][ T5324] Freed by task 16:
[   69.540045][ T5324]  kasan_save_track+0x3f/0x80
[   69.541811][ T5324]  kasan_save_free_info+0x40/0x50
[   69.543544][ T5324]  __kasan_slab_free+0x59/0x70
[   69.545824][ T5324]  slab_free_after_rcu_debug+0x11a/0x280
[   69.548388][ T5324]  rcu_core+0xaaa/0x17a0
[   69.550070][ T5324]  handle_softirqs+0x2d4/0x9b0
[   69.551959][ T5324]  run_ksoftirqd+0xca/0x130
[   69.553875][ T5324]  smpboot_thread_fn+0x544/0xa30
[   69.555988][ T5324]  kthread+0x7a9/0x920
[   69.557901][ T5324]  ret_from_fork+0x4b/0x80
[   69.559835][ T5324]  ret_from_fork_asm+0x1a/0x30
[   69.561812][ T5324] 
[   69.562815][ T5324] Last potentially related work creation:
[   69.565052][ T5324]  kasan_save_stack+0x3f/0x60
[   69.566844][ T5324]  kasan_record_aux_stack+0xaa/0xc0
[   69.568848][ T5324]  kmem_cache_free+0x2fb/0x410
[   69.571051][ T5324]  task_work_run+0x24f/0x310
[   69.573039][ T5324]  do_exit+0xa2a/0x28e0
[   69.574419][ T5324]  do_group_exit+0x207/0x2c0
[   69.576140][ T5324]  __x64_sys_exit_group+0x3f/0x40
[   69.578110][ T5324]  x64_sys_call+0x26a8/0x26b0
[   69.579748][ T5324]  do_syscall_64+0xf3/0x230
[   69.581703][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.584494][ T5324] 
[   69.585719][ T5324] Second to last potentially related work creation:
[   69.588739][ T5324]  kasan_save_stack+0x3f/0x60
[   69.590384][ T5324]  kasan_record_aux_stack+0xaa/0xc0
[   69.592337][ T5324]  task_work_add+0xb8/0x450
[   69.593922][ T5324]  fput+0x17a/0x290
[   69.595327][ T5324]  remove_vma+0xe7/0x160
[   69.596885][ T5324]  exit_mmap+0x6b9/0xd40
[   69.598471][ T5324]  __mmput+0x115/0x420
[   69.600241][ T5324]  exit_mm+0x220/0x310
[   69.602037][ T5324]  do_exit+0x9ad/0x28e0
[   69.603680][ T5324]  do_group_exit+0x207/0x2c0
[   69.605494][ T5324]  __x64_sys_exit_group+0x3f/0x40
[   69.607481][ T5324]  x64_sys_call+0x26a8/0x26b0
[   69.609310][ T5324]  do_syscall_64+0xf3/0x230
[   69.610908][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.612847][ T5324] 
[   69.613736][ T5324] The buggy address belongs to the object at ffff888042623000
[   69.613736][ T5324]  which belongs to the cache filp of size 360
[   69.618472][ T5324] The buggy address is located 0 bytes inside of
[   69.618472][ T5324]  freed 360-byte region [ffff888042623000, ffff888042623168)
[   69.624124][ T5324] 
[   69.625200][ T5324] The buggy address belongs to the physical page:
[   69.628052][ T5324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888042623000 pfn:0x42623
[   69.631839][ T5324] flags: 0x4fff00000000200(workingset|node=1|zone=1|lastcpupid=0x7ff)
[   69.634713][ T5324] page_type: f5(slab)
[   69.636089][ T5324] raw: 04fff00000000200 ffff88801c287b40 ffffea0000cad390 ffffea0000e5f250
[   69.639251][ T5324] raw: ffff888042623000 0000000000090007 00000000f5000000 0000000000000000
[   69.643094][ T5324] page dumped because: kasan: bad access detected
[   69.646463][ T5324] page_owner tracks the page as allocated
[   69.648926][ T5324] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5133, tgid 5133 (dhcpcd-run-hook), ts 44843803006, free_ts 44815723418
[   69.656201][ T5324]  post_alloc_hook+0x1f4/0x240
[   69.658175][ T5324]  get_page_from_freelist+0x365c/0x37a0
[   69.660396][ T5324]  __alloc_frozen_pages_noprof+0x292/0x710
[   69.662853][ T5324]  alloc_pages_mpol+0x311/0x660
[   69.665188][ T5324]  allocate_slab+0x8f/0x3a0
[   69.666980][ T5324]  ___slab_alloc+0xc27/0x14a0
[   69.669494][ T5324]  __slab_alloc+0x58/0xa0
[   69.671400][ T5324]  kmem_cache_alloc_noprof+0x268/0x380
[   69.673688][ T5324]  alloc_empty_file+0x9e/0x1d0
[   69.675488][ T5324]  path_openat+0x107/0x3590
[   69.677217][ T5324]  do_filp_open+0x27f/0x4e0
[   69.679227][ T5324]  do_sys_openat2+0x13e/0x1d0
[   69.681497][ T5324]  __x64_sys_openat+0x247/0x2a0
[   69.683704][ T5324]  do_syscall_64+0xf3/0x230
[   69.686321][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.689781][ T5324] page last free pid 16 tgid 16 stack trace:
[   69.692748][ T5324]  free_frozen_pages+0xe0d/0x10e0
[   69.694889][ T5324]  __tlb_remove_table+0x33c/0x420
[   69.696974][ T5324]  tlb_remove_table_rcu+0x76/0xf0
[   69.698770][ T5324]  rcu_core+0xaaa/0x17a0
[   69.700406][ T5324]  handle_softirqs+0x2d4/0x9b0
[   69.702285][ T5324]  run_ksoftirqd+0xca/0x130
[   69.704123][ T5324]  smpboot_thread_fn+0x544/0xa30
[   69.705973][ T5324]  kthread+0x7a9/0x920
[   69.707404][ T5324]  ret_from_fork+0x4b/0x80
[   69.709320][ T5324]  ret_from_fork_asm+0x1a/0x30
[   69.711319][ T5324] 
[   69.712456][ T5324] Memory state around the buggy address:
[   69.715163][ T5324]  ffff888042622f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   69.718281][ T5324]  ffff888042622f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   69.721527][ T5324] >ffff888042623000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.725105][ T5324]                    ^
[   69.726817][ T5324]  ffff888042623080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.730690][ T5324]  ffff888042623100: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[   69.734450][ T5324] ==================================================================
[   69.767594][ T5324] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.770964][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller #0
[   69.774272][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.778185][ T5324] Call Trace:
[   69.779554][ T5324]  <TASK>
[   69.780800][ T5324]  dump_stack_lvl+0x241/0x360
[   69.782789][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.784997][ T5324]  ? __pfx__printk+0x10/0x10
[   69.787160][ T5324]  ? preempt_schedule+0xe1/0xf0
[   69.789344][ T5324]  ? vscnprintf+0x5d/0x90
[   69.791165][ T5324]  panic+0x349/0x880
[   69.792690][ T5324]  ? check_panic_on_warn+0x21/0xb0
[   69.794533][ T5324]  ? __pfx_panic+0x10/0x10
[   69.796317][ T5324]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   69.798600][ T5324]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.801317][ T5324]  ? print_report+0x519/0x5b0
[   69.803513][ T5324]  check_panic_on_warn+0x86/0xb0
[   69.805712][ T5324]  ? ocfs2_claim_suballoc_bits+0x10d3/0x2560
[   69.807982][ T5324]  end_report+0x77/0x160
[   69.809597][ T5324]  kasan_report+0x154/0x180
[   69.811441][ T5324]  ? ocfs2_claim_suballoc_bits+0x10d3/0x2560
[   69.813772][ T5324]  ocfs2_claim_suballoc_bits+0x10d3/0x2560
[   69.816192][ T5324]  ? mark_lock+0x9a/0x360
[   69.818072][ T5324]  ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[   69.820991][ T5324]  ? mark_lock+0x9a/0x360
[   69.823219][ T5324]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.826103][ T5324]  ocfs2_claim_new_inode+0x338/0x870
[   69.828215][ T5324]  ? __pfx_ocfs2_claim_new_inode+0x10/0x10
[   69.830443][ T5324]  ? __set_current_blocked+0x310/0x380
[   69.832702][ T5324]  ? __pfx___set_current_blocked+0x10/0x10
[   69.835065][ T5324]  ? rcu_is_watching+0x15/0xb0
[   69.837049][ T5324]  ocfs2_mknod_locked+0x17a/0x3b0
[   69.839093][ T5324]  ? __pfx_sigprocmask+0x10/0x10
[   69.841172][ T5324]  ? __pfx_ocfs2_mknod_locked+0x10/0x10
[   69.843783][ T5324]  ? ocfs2_start_trans+0x4e3/0x700
[   69.845946][ T5324]  ? __pfx_ocfs2_block_signals+0x10/0x10
[   69.848309][ T5324]  ? ocfs2_init_security_get+0x134/0x1a0
[   69.850441][ T5324]  ocfs2_mknod+0x17d4/0x2b30
[   69.852173][ T5324]  ? __pfx_validate_chain+0x10/0x10
[   69.854105][ T5324]  ? __pfx_ocfs2_mknod+0x10/0x10
[   69.855949][ T5324]  ? __lock_acquire+0x1397/0x2100
[   69.858009][ T5324]  ? __pfx_lock_acquire+0x10/0x10
[   69.860149][ T5324]  ? ocfs2_inode_unlock+0xa7/0x150
[   69.862267][ T5324]  ? __pfx_lock_release+0x10/0x10
[   69.863940][ T5324]  ? do_raw_spin_lock+0x14f/0x370
[   69.866341][ T5324]  ? do_raw_spin_unlock+0x58/0x8b0
[   69.868544][ T5324]  ? _raw_spin_unlock+0x28/0x50
[   69.870192][ T5324]  ? rcu_is_watching+0x15/0xb0
[   69.871918][ T5324]  ? ocfs2_lookup+0x503/0xa30
[   69.873790][ T5324]  ocfs2_create+0x1ab/0x470
[   69.875650][ T5324]  ? __pfx_ocfs2_create+0x10/0x10
[   69.877610][ T5324]  ? inode_permission+0xff/0x460
[   69.879468][ T5324]  ? __pfx_ocfs2_permission+0x10/0x10
[   69.881567][ T5324]  ? bpf_lsm_inode_create+0x9/0x10
[   69.884322][ T5324]  ? security_inode_create+0xbe/0x340
[   69.887386][ T5324]  ? __pfx_ocfs2_create+0x10/0x10
[   69.890395][ T5324]  path_openat+0x193c/0x3590
[   69.892759][ T5324]  ? __pfx_path_openat+0x10/0x10
[   69.894779][ T5324]  do_filp_open+0x27f/0x4e0
[   69.896570][ T5324]  ? __pfx_do_filp_open+0x10/0x10
[   69.898736][ T5324]  ? do_raw_spin_lock+0x14f/0x370
[   69.901400][ T5324]  do_sys_openat2+0x13e/0x1d0
[   69.903946][ T5324]  ? __might_fault+0xaa/0x120
[   69.906006][ T5324]  ? __pfx_do_sys_openat2+0x10/0x10
[   69.907873][ T5324]  ? rcu_is_watching+0x15/0xb0
[   69.909686][ T5324]  ? __rseq_handle_notify_resume+0x34d/0x14e0
[   69.911927][ T5324]  __x64_sys_open+0x225/0x270
[   69.913733][ T5324]  ? __pfx___x64_sys_open+0x10/0x10
[   69.915739][ T5324]  ? do_syscall_64+0x100/0x230
[   69.917676][ T5324]  ? do_syscall_64+0xb6/0x230
[   69.920190][ T5324]  do_syscall_64+0xf3/0x230
[   69.922940][ T5324]  ? clear_bhb_loop+0x35/0x90
[   69.925277][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.927587][ T5324] RIP: 0033:0x7fe2f758d169
[   69.929221][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.936396][ T5324] RSP: 002b:00007fe2f8459038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   69.940013][ T5324] RAX: ffffffffffffffda RBX: 00007fe2f77a5fa0 RCX: 00007fe2f758d169
[   69.943512][ T5324] RDX: 0000000000000062 RSI: 0000000000068042 RDI: 00004000000000c0
[   69.948206][ T5324] RBP: 00007fe2f760e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.951364][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.954688][ T5324] R13: 0000000000000000 R14: 00007fe2f77a5fa0 R15: 00007ffd1570abf8
[   69.957791][ T5324]  </TASK>
[   69.959199][ T5324] Kernel Offset: disabled
[   69.960967][ T5324] Rebooting in 86400 seconds..