program: syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2) (async) arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2) ptrace$ARCH_SHSTK_ENABLE(0x1e, r0, 0x0, 0x5001) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x37) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001680)={r1, &(0x7f0000001540), 0x0}, 0x20) syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000280)={[{@acl}, {@heartbeat_none}, {@nouser_xattr}, {@coherency_full}, {@data_writeback}, {@localalloc={'localalloc', 0x3d, 0x1}}, {@acl}, {@noacl}, {@localalloc}]}, 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=") open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x40010002, 0x2, 0xa, 0x1d, "9e959f16b6787b08aa26e66c4056ec6bcfeef4fb0efcc1d8a6078ed98e203fd5f0643902dd8f6fac274de9d940bba5e51e92bbd4ce85450d00", "f625c1076e4c36c800def96015e0fb7e904d865c2fdc458ec58d347f41be5a08", [0x4, 0x100000000000a]}) open(&(0x7f00000000c0)='./bus\x00', 0x64842, 0x0) (async) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x64842, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r5, 0x2007ffb) (async) ftruncate(r5, 0x2007ffb) r6 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0xfffa, 0x4}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x86dd}, @TCA_FLOWER_KEY_ETH_DST={0xa}, @TCA_FLOWER_KEY_IP_TTL_MASK={0x5, 0x4c, 0x5}]}}]}, 0x50}}, 0x24000000) r8 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r3, 0x84, 0x3, &(0x7f0000000000), &(0x7f0000000200)=0x4) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x28011, r5, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x28011, r5, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x32, 0x0, 0x0) (async) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x32, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./bus\x00', 0x0, &(0x7f0000000540)={[{@nouid32}, {@mblk_io_submit}, {@usrjquota_path={'usrjquota', 0x3d, './bus'}}], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@measure}]}, 0x1, 0x757, &(0x7f00000016c0)="$eJzs3c2LW1UbAPDnZmY6fdu+zhRcWBEMdGGhNGOntVQQqehCipWi7ly06SQdyiRNmWRKZ6hoRRFciRTXfqzc+Q+IIujOpeDaZaFIqRtBiNz0Zkw7SScznTTT5veDW8659ybnPvfjnNM5h9wARlY+/ScXsS8iPksiprL1SURMtFLjESfu7Hf71tW5dEmi2Xz7z6S1T5qPjs+kdmeZpyLip48jDubWlltfXlkoVirlxSw/06hemqkvrxy6UC3Ol+fLF2ePvXhk9vjsC8dntyzWvz9689zJ71775vqHv/7x1nsnn03iROzJtnXGsVXykc/OyUR6Cu/y6lYXNmTJsA+ATUkfzbE7T3nsi6kYa6UAgMfZ+xHRBABGTKL9B4AR0/47QHtsbxDjYNvZzVciYme3+MezMbudrXHQXbeTu0ZGkoiY3oLy8xFx5d1Pvk+XGNA4JEA3H1yLiLPT+bX1X9IxZ2FsU9/9fB/75O/Jq//g4fkx7f8c79b/ya32f6JL/2eyy7O7Ges//7kbW1BMT2n/76Wu/d/VSWvTY1nu/60+30Ry/kKlnNZtT0TEgZiYTPOH71PG0c9f/qXXts7+X7qk5bf7gtlx3BifvPszpWKj+CAxd7p5LeLp8W7xJ6vXP+nR/z3dZxmNn5/5ute29eMfrOZXEc91vf7/zWhLOuYnTsaa+Ykzrfthpn1XrFX4dGpvr/LzsXpahxJ/ev133T/+6aRzvmZ942X89sU/r/fattn7f0fyTiu9I1t3pdhoLB6O2JG8sXZ9xxTSdr69fxr/gf33r/+63f/p/wnP9hn/wpffntt8/IOVxl/a0PXfeGL/7z90j6eZzTZe9/ofbaUOZGv6qf/6PcAHOXcAAAAAAAAAAAAAAAAAAAAAAAAA0K9cROyJJFdYTedyhcKdd3g/GbtylVq9cfB8beliKVrvyp6OiVz7ly6nOn4P9XD2e/jt/Ow9+SMRsTcirk/+r5UvzNUqpWEHDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZ3T3e/5/aOeyDAwAGR0MPAKNH+w8Ao0f7DwCjR/sPAKNH+w8Ao0f7DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwICdPnUqXZp/3bo6l+ZLl5eXFmqXD5XK9YVCdWmuMFdbvFSYr9XmK+XCXK263vdVarVLs8di6cpMo1xvzNSXV85Ua0sXG2cuVIvz5TPliYcSFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsTH15ZaFYqZQXH83E7WazuQ0OQ+JhJ8YiYhscxmOcGHbNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBo+DcAAP//CKMbNA==") r9 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) (async) r10 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r10, 0x0) (async) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r10, 0x0) ioctl$UI_DEV_SETUP(r9, 0x405c5503, &(0x7f0000000040)={{0x1, 0xf9, 0x83e, 0x8}, 'syz1\x00', 0x2}) map_shadow_stack(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x1) (async) map_shadow_stack(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x1) [ 68.819656][ T4661] Bluetooth: hci0: command tx timeout [ 69.132959][ T5315] loop0: detected capacity change from 0 to 32768 [ 69.143608][ T5315] ======================================================= [ 69.143608][ T5315] WARNING: The mand mount option has been deprecated and [ 69.143608][ T5315] and is ignored by this kernel. Remove the mand [ 69.143608][ T5315] option from the mount to silence this warning. [ 69.143608][ T5315] ======================================================= [ 69.208541][ T5315] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 69.222832][ T24] audit: type=1800 audit(1736941856.195:2): pid=5315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 69.259443][ T5315] loop0: detected capacity change from 32768 to 0 [ 69.271151][ T24] audit: type=1800 audit(1736941856.245:3): pid=5316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=17059 res=0 errno=0 [ 69.330635][ T24] audit: type=1800 audit(1736941856.305:4): pid=5315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=17059 res=0 errno=0 [ 69.367210][ T24] audit: type=1800 audit(1736941856.335:5): pid=5315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=17059 res=0 errno=0 [ 69.384404][ T5316] syz.0.0: attempt to access beyond end of device [ 69.384404][ T5316] loop0: rw=0, sector=32, nr_sectors = 1 limit=0 [ 69.391114][ T24] audit: type=1800 audit(1736941856.355:6): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=17059 res=0 errno=0 [ 69.402390][ T5316] (syz.0.0,5316,0):ocfs2_search_chain:1814 ERROR: status = -5 [ 69.405611][ T5316] (syz.0.0,5316,0):ocfs2_search_chain:1926 ERROR: status = -5 [ 69.408401][ T5316] (syz.0.0,5316,0):ocfs2_claim_suballoc_bits:1995 ERROR: status = -5 [ 69.412454][ T5316] (syz.0.0,5316,0):ocfs2_claim_suballoc_bits:2038 ERROR: status = -5 [ 69.415469][ T5316] (syz.0.0,5316,0):__ocfs2_claim_clusters:2412 ERROR: status = -5 [ 69.418490][ T5316] (syz.0.0,5316,0):__ocfs2_claim_clusters:2420 ERROR: status = -5 [ 69.423735][ T5316] (syz.0.0,5316,0):ocfs2_add_clusters_in_btree:4830 ERROR: status = -5 [ 69.427064][ T5316] (syz.0.0,5316,0):ocfs2_write_cluster:1151 ERROR: status = -5 [ 69.430457][ T5316] (syz.0.0,5316,0):ocfs2_write_cluster_by_desc:1246 ERROR: status = -5 [ 69.433662][ T5316] (syz.0.0,5316,0):ocfs2_write_begin_nolock:1818 ERROR: status = -5 [ 69.437068][ T5316] (syz.0.0,5316,0):__ocfs2_page_mkwrite:97 ERROR: status = -5 [ 69.442841][ T5315] ================================================================== [ 69.445832][ T5315] BUG: KASAN: slab-use-after-free in ocfs2_fault+0xe9/0x3d0 [ 69.448690][ T5315] Read of size 8 at addr ffff88801241ac20 by task syz.0.0/5315 [ 69.451376][ T5315] [ 69.452302][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 69.455933][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.459889][ T5315] Call Trace: [ 69.461058][ T5315] [ 69.462185][ T5315] dump_stack_lvl+0x241/0x360 [ 69.463896][ T5315] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.465803][ T5315] ? __pfx__printk+0x10/0x10 [ 69.467581][ T5315] ? _printk+0xd5/0x120 [ 69.469105][ T5315] ? __virt_addr_valid+0x183/0x530 [ 69.471002][ T5315] ? __virt_addr_valid+0x183/0x530 [ 69.472920][ T5315] print_report+0x169/0x550 [ 69.474701][ T5315] ? __virt_addr_valid+0x183/0x530 [ 69.476677][ T5315] ? __virt_addr_valid+0x183/0x530 [ 69.478605][ T5315] ? __virt_addr_valid+0x45f/0x530 [ 69.480525][ T5315] ? __phys_addr+0xba/0x170 [ 69.482249][ T5315] ? ocfs2_fault+0xe9/0x3d0 [ 69.483929][ T5315] kasan_report+0x143/0x180 [ 69.485634][ T5315] ? ocfs2_block_signals+0xab/0xf0 [ 69.487483][ T5315] ? ocfs2_fault+0xe9/0x3d0 [ 69.488974][ T5315] ocfs2_fault+0xe9/0x3d0 [ 69.490585][ T5315] ? __pfx_pte_alloc_one+0x10/0x10 [ 69.492490][ T5315] ? __pfx_ocfs2_fault+0x10/0x10 [ 69.494360][ T5315] ? __pfx_validate_chain+0x10/0x10 [ 69.496319][ T5315] __do_fault+0x135/0x390 [ 69.497880][ T5315] handle_pte_fault+0x39eb/0x5ed0 [ 69.499775][ T5315] ? validate_chain+0x11e/0x5920 [ 69.501618][ T5315] ? mas_find+0x950/0xbb0 [ 69.503275][ T5315] ? __pfx_handle_pte_fault+0x10/0x10 [ 69.505367][ T5315] ? mark_lock+0x9a/0x360 [ 69.507005][ T5315] ? __lock_acquire+0x1397/0x2100 [ 69.508885][ T5315] ? __thp_vma_allowable_orders+0x22c/0x9c0 [ 69.511119][ T5315] ? mt_find+0x2a9/0x920 [ 69.512697][ T5315] handle_mm_fault+0x1106/0x1bb0 [ 69.514587][ T5315] ? __pfx_handle_mm_fault+0x10/0x10 [ 69.516866][ T5315] ? __pfx_find_vma+0x10/0x10 [ 69.518548][ T5315] ? vma_is_secretmem+0xd/0x50 [ 69.520303][ T5315] ? check_vma_flags+0x4fa/0x5a0 [ 69.521961][ T5315] __get_user_pages+0x1c82/0x49e0 [ 69.523768][ T5315] ? __pfx___get_user_pages+0x10/0x10 [ 69.525528][ T5315] ? __pfx_mt_find+0x10/0x10 [ 69.527053][ T5315] populate_vma_page_range+0x264/0x330 [ 69.528821][ T5315] ? __pfx_populate_vma_page_range+0x10/0x10 [ 69.530776][ T5315] ? userfaultfd_unmap_complete+0x30c/0x360 [ 69.532748][ T5315] ? do_mmap+0x9e2/0x10d0 [ 69.534163][ T5315] __mm_populate+0x27a/0x460 [ 69.535787][ T5315] ? __pfx___mm_populate+0x10/0x10 [ 69.537694][ T5315] vm_mmap_pgoff+0x2c3/0x3d0 [ 69.539371][ T5315] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 69.541282][ T5315] ? __fget_files+0x2a/0x410 [ 69.542980][ T5315] ? __fget_files+0x395/0x410 [ 69.544529][ T5315] ? __fget_files+0x2a/0x410 [ 69.546027][ T5315] ksys_mmap_pgoff+0x4eb/0x720 [ 69.547586][ T5315] ? __x64_sys_mmap+0x7f/0x140 [ 69.549193][ T5315] do_syscall_64+0xf3/0x230 [ 69.550688][ T5315] ? clear_bhb_loop+0x35/0x90 [ 69.552427][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.554549][ T5315] RIP: 0033:0x7f4784585d29 [ 69.556132][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.562886][ T5315] RSP: 002b:00007f478533e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 69.565707][ T5315] RAX: ffffffffffffffda RBX: 00007f4784775fa0 RCX: 00007f4784585d29 [ 69.568426][ T5315] RDX: 0000000001000007 RSI: 0000000000b36000 RDI: 0000000020000000 [ 69.571206][ T5315] RBP: 00007f4784601b08 R08: 0000000000000009 R09: 0000000000000000 [ 69.573869][ T5315] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 69.576406][ T5315] R13: 0000000000000000 R14: 00007f4784775fa0 R15: 00007ffe4a940528 [ 69.579238][ T5315] [ 69.580315][ T5315] [ 69.581135][ T5315] Allocated by task 5315: [ 69.582756][ T5315] kasan_save_track+0x3f/0x80 [ 69.584533][ T5315] __kasan_slab_alloc+0x66/0x80 [ 69.586367][ T5315] kmem_cache_alloc_noprof+0x1d9/0x380 [ 69.588449][ T5315] vm_area_alloc+0x24/0x1d0 [ 69.590059][ T5315] __mmap_region+0x1961/0x2d30 [ 69.591806][ T5315] mmap_region+0x226/0x2c0 [ 69.593414][ T5315] do_mmap+0x97a/0x10d0 [ 69.595013][ T5315] vm_mmap_pgoff+0x1dd/0x3d0 [ 69.596692][ T5315] ksys_mmap_pgoff+0x4eb/0x720 [ 69.598470][ T5315] do_syscall_64+0xf3/0x230 [ 69.600122][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.602306][ T5315] [ 69.603172][ T5315] Freed by task 5316: [ 69.604628][ T5315] kasan_save_track+0x3f/0x80 [ 69.606479][ T5315] kasan_save_free_info+0x40/0x50 [ 69.608289][ T5315] __kasan_slab_free+0x59/0x70 [ 69.610016][ T5315] kmem_cache_free+0x195/0x410 [ 69.611771][ T5315] rcu_core+0xaaa/0x17a0 [ 69.613360][ T5315] handle_softirqs+0x2d4/0x9b0 [ 69.615144][ T5315] __irq_exit_rcu+0xf7/0x220 [ 69.616882][ T5315] irq_exit_rcu+0x9/0x30 [ 69.618459][ T5315] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 69.620412][ T5315] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 69.622589][ T5315] [ 69.623456][ T5315] Last potentially related work creation: [ 69.625509][ T5315] kasan_save_stack+0x3f/0x60 [ 69.627194][ T5315] __kasan_record_aux_stack+0xac/0xc0 [ 69.628988][ T5315] call_rcu+0x167/0xa70 [ 69.630500][ T5315] vms_complete_munmap_vmas+0x65b/0x8f0 [ 69.632493][ T5315] __mmap_region+0x17d3/0x2d30 [ 69.634284][ T5315] mmap_region+0x226/0x2c0 [ 69.636006][ T5315] do_mmap+0x97a/0x10d0 [ 69.637403][ T5315] vm_mmap_pgoff+0x1dd/0x3d0 [ 69.638998][ T5315] ksys_mmap_pgoff+0x4eb/0x720 [ 69.640498][ T5315] do_syscall_64+0xf3/0x230 [ 69.642145][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.644253][ T5315] [ 69.644995][ T5315] The buggy address belongs to the object at ffff88801241aba0 [ 69.644995][ T5315] which belongs to the cache vm_area_struct of size 184 [ 69.649740][ T5315] The buggy address is located 128 bytes inside of [ 69.649740][ T5315] freed 184-byte region [ffff88801241aba0, ffff88801241ac58) [ 69.654327][ T5315] [ 69.655218][ T5315] The buggy address belongs to the physical page: [ 69.657469][ T5315] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1241a [ 69.660564][ T5315] memcg:ffff8880122b1b01 [ 69.662192][ T5315] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 69.664984][ T5315] page_type: f5(slab) [ 69.666537][ T5315] raw: 00fff00000000000 ffff88801be90b40 0000000000000000 dead000000000001 [ 69.669831][ T5315] raw: 0000000000000000 0000000000100010 00000001f5000000 ffff8880122b1b01 [ 69.672876][ T5315] page dumped because: kasan: bad access detected [ 69.675277][ T5315] page_owner tracks the page as allocated [ 69.677388][ T5315] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4694, tgid 4694 (swapon), ts 21696783143, free_ts 21696739669 [ 69.683658][ T5315] post_alloc_hook+0x1f3/0x230 [ 69.685384][ T5315] get_page_from_freelist+0x365c/0x37a0 [ 69.687265][ T5315] __alloc_pages_noprof+0x292/0x710 [ 69.689059][ T5315] alloc_pages_mpol_noprof+0x3e1/0x780 [ 69.691030][ T5315] alloc_slab_page+0x6a/0x110 [ 69.692760][ T5315] allocate_slab+0x5a/0x2b0 [ 69.694427][ T5315] ___slab_alloc+0xc27/0x14a0 [ 69.696198][ T5315] __slab_alloc+0x58/0xa0 [ 69.697810][ T5315] kmem_cache_alloc_noprof+0x268/0x380 [ 69.699832][ T5315] vm_area_alloc+0x24/0x1d0 [ 69.701520][ T5315] __mmap_region+0x1961/0x2d30 [ 69.703254][ T5315] mmap_region+0x1d0/0x2c0 [ 69.704787][ T5315] do_mmap+0x97a/0x10d0 [ 69.706277][ T5315] vm_mmap_pgoff+0x1dd/0x3d0 [ 69.707877][ T5315] elf_load+0x151/0x700 [ 69.709436][ T5315] load_elf_binary+0x100c/0x2770 [ 69.711148][ T5315] page last free pid 4694 tgid 4694 stack trace: [ 69.713526][ T5315] free_unref_folios+0xe39/0x18b0 [ 69.715354][ T5315] folios_put_refs+0x76c/0x860 [ 69.716995][ T5315] free_pages_and_swap_cache+0x5c8/0x690 [ 69.718938][ T5315] tlb_flush_mmu+0x3a3/0x680 [ 69.720626][ T5315] tlb_finish_mmu+0xd4/0x200 [ 69.722440][ T5315] relocate_vma_down+0x504/0x600 [ 69.724375][ T5315] setup_arg_pages+0x668/0xc10 [ 69.726142][ T5315] load_elf_binary+0xb62/0x2770 [ 69.727968][ T5315] bprm_execve+0xaf5/0x17a0 [ 69.729601][ T5315] do_execveat_common+0x55f/0x6f0 [ 69.731383][ T5315] __x64_sys_execve+0x92/0xb0 [ 69.733067][ T5315] do_syscall_64+0xf3/0x230 [ 69.734743][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.736859][ T5315] [ 69.737767][ T5315] Memory state around the buggy address: [ 69.739890][ T5315] ffff88801241ab00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 69.742969][ T5315] ffff88801241ab80: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb [ 69.746057][ T5315] >ffff88801241ac00: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 69.748643][ T5315] ^ [ 69.750753][ T5315] ffff88801241ac80: fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb [ 69.753634][ T5315] ffff88801241ad00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 69.756434][ T5315] ================================================================== [ 69.843795][ T5315] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.846468][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 69.850138][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.854135][ T5315] Call Trace: [ 69.855410][ T5315] [ 69.856497][ T5315] dump_stack_lvl+0x241/0x360 [ 69.858251][ T5315] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.860201][ T5315] ? __pfx__printk+0x10/0x10 [ 69.861896][ T5315] ? preempt_schedule+0xe1/0xf0 [ 69.863818][ T5315] ? vscnprintf+0x5d/0x90 [ 69.865453][ T5315] panic+0x349/0x880 [ 69.866923][ T5315] ? check_panic_on_warn+0x21/0xb0 [ 69.868918][ T5315] ? __pfx_panic+0x10/0x10 [ 69.870598][ T5315] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 69.872913][ T5315] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.875196][ T5315] ? print_report+0x502/0x550 [ 69.876889][ T5315] check_panic_on_warn+0x86/0xb0 [ 69.878697][ T5315] ? ocfs2_fault+0xe9/0x3d0 [ 69.880622][ T5315] end_report+0x77/0x160 [ 69.882199][ T5315] kasan_report+0x154/0x180 [ 69.883901][ T5315] ? ocfs2_block_signals+0xab/0xf0 [ 69.885748][ T5315] ? ocfs2_fault+0xe9/0x3d0 [ 69.887403][ T5315] ocfs2_fault+0xe9/0x3d0 [ 69.888897][ T5315] ? __pfx_pte_alloc_one+0x10/0x10 [ 69.890748][ T5315] ? __pfx_ocfs2_fault+0x10/0x10 [ 69.892611][ T5315] ? __pfx_validate_chain+0x10/0x10 [ 69.894426][ T5315] __do_fault+0x135/0x390 [ 69.896049][ T5315] handle_pte_fault+0x39eb/0x5ed0 [ 69.897864][ T5315] ? validate_chain+0x11e/0x5920 [ 69.899658][ T5315] ? mas_find+0x950/0xbb0 [ 69.901152][ T5315] ? __pfx_handle_pte_fault+0x10/0x10 [ 69.903061][ T5315] ? mark_lock+0x9a/0x360 [ 69.904631][ T5315] ? __lock_acquire+0x1397/0x2100 [ 69.906485][ T5315] ? __thp_vma_allowable_orders+0x22c/0x9c0 [ 69.908449][ T5315] ? mt_find+0x2a9/0x920 [ 69.909899][ T5315] handle_mm_fault+0x1106/0x1bb0 [ 69.911576][ T5315] ? __pfx_handle_mm_fault+0x10/0x10 [ 69.913310][ T5315] ? __pfx_find_vma+0x10/0x10 [ 69.914988][ T5315] ? vma_is_secretmem+0xd/0x50 [ 69.916754][ T5315] ? check_vma_flags+0x4fa/0x5a0 [ 69.918568][ T5315] __get_user_pages+0x1c82/0x49e0 [ 69.920435][ T5315] ? __pfx___get_user_pages+0x10/0x10 [ 69.922373][ T5315] ? __pfx_mt_find+0x10/0x10 [ 69.924073][ T5315] populate_vma_page_range+0x264/0x330 [ 69.926090][ T5315] ? __pfx_populate_vma_page_range+0x10/0x10 [ 69.928318][ T5315] ? userfaultfd_unmap_complete+0x30c/0x360 [ 69.930449][ T5315] ? do_mmap+0x9e2/0x10d0 [ 69.931995][ T5315] __mm_populate+0x27a/0x460 [ 69.933699][ T5315] ? __pfx___mm_populate+0x10/0x10 [ 69.935565][ T5315] vm_mmap_pgoff+0x2c3/0x3d0 [ 69.937305][ T5315] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 69.939211][ T5315] ? __fget_files+0x2a/0x410 [ 69.940973][ T5315] ? __fget_files+0x395/0x410 [ 69.942959][ T5315] ? __fget_files+0x2a/0x410 [ 69.944767][ T5315] ksys_mmap_pgoff+0x4eb/0x720 [ 69.946575][ T5315] ? __x64_sys_mmap+0x7f/0x140 [ 69.948140][ T5315] do_syscall_64+0xf3/0x230 [ 69.949780][ T5315] ? clear_bhb_loop+0x35/0x90 [ 69.951411][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.953319][ T5315] RIP: 0033:0x7f4784585d29 [ 69.954801][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.960792][ T5315] RSP: 002b:00007f478533e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 69.963586][ T5315] RAX: ffffffffffffffda RBX: 00007f4784775fa0 RCX: 00007f4784585d29 [ 69.966214][ T5315] RDX: 0000000001000007 RSI: 0000000000b36000 RDI: 0000000020000000 [ 69.968911][ T5315] RBP: 00007f4784601b08 R08: 0000000000000009 R09: 0000000000000000 [ 69.971616][ T5315] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 69.975196][ T5315] R13: 0000000000000000 R14: 00007f4784775fa0 R15: 00007ffe4a940528 [ 69.978339][ T5315] [ 69.979693][ T5315] Kernel Offset: disabled [ 69.981217][ T5315] Rebooting in 86400 seconds..