program: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000300)='./file0\x00') r0 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00') open_by_handle_at(r0, &(0x7f0000002480)=ANY=[@ANYBLOB="28000000f1000000b8f7153ee309c5b7000000000000000005010080f8ffffff3d00000000000000b84bcd0e118be798758d51c97fa8ad01363fdfa8045affbd49c9c31ee975e31cc3ee32b315224be0f3fc0ab7600c35cbad797ac96e857ac2a9ef166e8e56ed16439d2e59c95be6d24b16faa6f78066bacc786f3fd121703ae3d9e83a631f5564bf2bb154c2216a58157c68eeb776f4d6dfb578523fe9a4fb10f79483a4aafe6db445f7fba873621b84b9f9a777d18257d21d8e6504d2cd98552b2cf7592180483d6a8c0d9a511cf6962f5d8ba97c7f645d8372f3d9ca1643bd1c57c97f90499c9f9997ac8cbec911f22cab629c4d6325868627e150e857ccffdb42ae23845cf63f3e3ce184e6f7bcd80729cf5021718e066ff4fc38735066829e18b87e9e4889d0ab06246a"], 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0) fsopen(&(0x7f0000000040)='sysfs\x00', 0x1) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {0x0, 0xffffffffffffffff}}, './bus\x00'}) ioctl$PPPIOCGNPMODE(r2, 0xc008744c, &(0x7f0000000200)={0xfd}) (async) ioctl$PPPIOCGNPMODE(r2, 0xc008744c, &(0x7f0000000200)={0xfd}) open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x80000) (async) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x80000) read$FUSE(r3, &(0x7f0000000440)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$tmpfs(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180), 0x31, &(0x7f0000000280)=ANY=[@ANYBLOB='|\x00\x00\x00\x00u[=', @ANYRESHEX=r4, @ANYBLOB=',mask=MAY_EXEC,fsuuid=2b5ca\x00b3-5c15-ca2f-2d70-764e3574,smackfsroot=\'},\x00']) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) (async) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet(r5, &(0x7f00000001c0)={0x2, 0xc, @loopback}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r7, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) (async) ioctl$KVM_CAP_EXIT_HYPERCALL(r7, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_CAP_HYPERV_SYNIC2(r8, 0x4068aea3, &(0x7f0000000340)) (async) ioctl$KVM_CAP_HYPERV_SYNIC2(r8, 0x4068aea3, &(0x7f0000000340)) syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='pids.events\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x0) [ 92.949643][ T5293] Bluetooth: hci0: command tx timeout [ 92.954404][ T1351] cfg80211: failed to load regulatory.db [ 93.660473][ T5314] loop0: detected capacity change from 0 to 32768 [ 93.705933][ T5314] (syz.0.0,5314,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 93.726307][ T5314] (syz.0.0,5314,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 93.791556][ T5314] JBD2: Ignoring recovery information on journal [ 93.851700][ T5314] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 95.738109][ T4661] Bluetooth: hci0: command tx timeout [ 95.802809][ T5314] ================================================================== [ 95.806288][ T5314] BUG: KASAN: slab-use-after-free in ocfs2_fault+0xda/0x3e0 [ 95.809303][ T5314] Read of size 8 at addr ffff8880425ae418 by task syz.0.0/5314 [ 95.812345][ T5314] [ 95.813439][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 95.815360][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 95.815368][ T5314] Call Trace: [ 95.815426][ T5314] [ 95.815447][ T5314] dump_stack_lvl+0xe8/0x150 [ 95.815497][ T5314] print_report+0xba/0x230 [ 95.815511][ T5314] ? ocfs2_fault+0xda/0x3e0 [ 95.815523][ T5314] kasan_report+0x117/0x150 [ 95.815539][ T5314] ? ocfs2_fault+0xda/0x3e0 [ 95.815552][ T5314] ocfs2_fault+0xda/0x3e0 [ 95.815563][ T5314] ? __pfx_ocfs2_fault+0x10/0x10 [ 95.815573][ T5314] ? css_rstat_updated+0x23a/0x530 [ 95.815595][ T5314] ? __pte_offset_map+0x29/0x240 [ 95.815609][ T5314] __do_fault+0x138/0x390 [ 95.815622][ T5314] do_pte_missing+0x21a2/0x37a0 [ 95.815636][ T5314] ? handle_mm_fault+0xee/0x32a0 [ 95.815647][ T5314] handle_mm_fault+0x1b8c/0x32a0 [ 95.815660][ T5314] ? handle_mm_fault+0xee/0x32a0 [ 95.815671][ T5314] ? __pfx_handle_mm_fault+0x10/0x10 [ 95.815681][ T5314] ? follow_page_pte+0x825/0x1460 [ 95.815693][ T5314] ? __pfx_follow_page_pte+0x10/0x10 [ 95.815705][ T5314] __get_user_pages+0x165b/0x29d0 [ 95.815728][ T5314] populate_vma_page_range+0x2be/0x3c0 [ 95.815744][ T5314] ? __pfx_populate_vma_page_range+0x10/0x10 [ 95.815760][ T5314] ? down_read+0x272/0x2e0 [ 95.815869][ T5314] ? __mm_populate+0x173/0x390 [ 95.815886][ T5314] __mm_populate+0x25f/0x390 [ 95.815901][ T5314] ? __pfx___mm_populate+0x10/0x10 [ 95.815917][ T5314] vm_mmap_pgoff+0x3aa/0x4f0 [ 95.815935][ T5314] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 95.815950][ T5314] ? __fget_files+0x2a/0x420 [ 95.815972][ T5314] ? __fget_files+0x3a0/0x420 [ 95.815986][ T5314] ? __fget_files+0x2a/0x420 [ 95.816002][ T5314] ksys_mmap_pgoff+0x51e/0x760 [ 95.816014][ T5314] do_syscall_64+0x14d/0xf80 [ 95.816028][ T5314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.816040][ T5314] ? trace_irq_disable+0x37/0x100 [ 95.816053][ T5314] ? clear_bhb_loop+0x40/0x90 [ 95.816065][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.816076][ T5314] RIP: 0033:0x7fe9c359bf79 [ 95.816089][ T5314] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.816098][ T5314] RSP: 002b:00007fe9c4432028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 95.816127][ T5314] RAX: ffffffffffffffda RBX: 00007fe9c3815fa0 RCX: 00007fe9c359bf79 [ 95.816135][ T5314] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 95.816142][ T5314] RBP: 00007fe9c36327e0 R08: 000000000000000e R09: 0000000000000000 [ 95.816149][ T5314] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 95.816155][ T5314] R13: 00007fe9c3816038 R14: 00007fe9c3815fa0 R15: 00007ffddaf33738 [ 95.816166][ T5314] [ 95.816170][ T5314] [ 95.936121][ T5314] Allocated by task 5314: [ 95.937960][ T5314] kasan_save_track+0x3e/0x80 [ 95.939928][ T5314] __kasan_slab_alloc+0x6c/0x80 [ 95.941926][ T5314] kmem_cache_alloc_noprof+0x2bc/0x650 [ 95.944154][ T5314] vm_area_alloc+0x24/0x140 [ 95.946038][ T5314] mmap_region+0xf85/0x1f40 [ 95.947976][ T5314] do_mmap+0xc39/0x10c0 [ 95.949815][ T5314] vm_mmap_pgoff+0x2c9/0x4f0 [ 95.951838][ T5314] ksys_mmap_pgoff+0x51e/0x760 [ 95.953944][ T5314] do_syscall_64+0x14d/0xf80 [ 95.955939][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.958447][ T5314] [ 95.959500][ T5314] Freed by task 1045: [ 95.961298][ T5314] kasan_save_track+0x3e/0x80 [ 95.963372][ T5314] kasan_save_free_info+0x46/0x50 [ 95.965584][ T5314] __kasan_slab_free+0x5c/0x80 [ 95.967723][ T5314] slab_free_after_rcu_debug+0x126/0x220 [ 95.970087][ T5314] rcu_core+0x7cd/0x1070 [ 95.972003][ T5314] handle_softirqs+0x22a/0x7c0 [ 95.974149][ T5314] do_softirq+0x76/0xd0 [ 95.976088][ T5314] __local_bh_enable_ip+0xf8/0x130 [ 95.978311][ T5314] __dev_queue_xmit+0x1e6c/0x3850 [ 95.980480][ T5314] batadv_send_skb_packet+0x418/0x690 [ 95.982718][ T5314] batadv_iv_send_outstanding_bat_ogm_packet+0x631/0x7e0 [ 95.985825][ T5314] process_scheduled_works+0xaec/0x17a0 [ 95.988223][ T5314] worker_thread+0xa50/0xfc0 [ 95.990141][ T5314] kthread+0x388/0x470 [ 95.991924][ T5314] ret_from_fork+0x51e/0xb90 [ 95.993926][ T5314] ret_from_fork_asm+0x1a/0x30 [ 95.996084][ T5314] [ 95.997204][ T5314] Last potentially related work creation: [ 95.999655][ T5314] kasan_save_stack+0x3e/0x60 [ 96.001703][ T5314] kasan_record_aux_stack+0xbd/0xd0 [ 96.004044][ T5314] kmem_cache_free+0x434/0x610 [ 96.006114][ T5314] vms_complete_munmap_vmas+0x625/0x890 [ 96.008602][ T5314] __mmap_complete+0x7b/0x610 [ 96.010653][ T5314] mmap_region+0x141b/0x1f40 [ 96.012725][ T5314] do_mmap+0xc39/0x10c0 [ 96.014577][ T5314] vm_mmap_pgoff+0x2c9/0x4f0 [ 96.016582][ T5314] ksys_mmap_pgoff+0x51e/0x760 [ 96.018448][ T5314] do_syscall_64+0x14d/0xf80 [ 96.020290][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.022726][ T5314] [ 96.023850][ T5314] The buggy address belongs to the object at ffff8880425ae3c0 [ 96.023850][ T5314] which belongs to the cache vm_area_struct of size 256 [ 96.029896][ T5314] The buggy address is located 88 bytes inside of [ 96.029896][ T5314] freed 256-byte region [ffff8880425ae3c0, ffff8880425ae4c0) [ 96.035678][ T5314] [ 96.036841][ T5314] The buggy address belongs to the physical page: [ 96.039578][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880425aea00 pfn:0x425ae [ 96.043849][ T5314] memcg:ffff8880330cb801 [ 96.045717][ T5314] flags: 0x4fff00000000200(workingset|node=1|zone=1|lastcpupid=0x7ff) [ 96.049244][ T5314] page_type: f5(slab) [ 96.051001][ T5314] raw: 04fff00000000200 ffff88801be9cb40 ffff888030408dc8 ffffea00010bc490 [ 96.054726][ T5314] raw: ffff8880425aea00 00000008000c0009 00000000f5000000 ffff8880330cb801 [ 96.058569][ T5314] page dumped because: kasan: bad access detected [ 96.061508][ T5314] page_owner tracks the page as allocated [ 96.063969][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5048, tgid 5048 (dhcpcd-run-hook), ts 55034104745, free_ts 55028868929 [ 96.072904][ T5314] post_alloc_hook+0x228/0x280 [ 96.075093][ T5314] get_page_from_freelist+0x24dc/0x2580 [ 96.077541][ T5314] __alloc_frozen_pages_noprof+0x18d/0x380 [ 96.080100][ T5314] allocate_slab+0x77/0x660 [ 96.082215][ T5314] refill_objects+0x331/0x3c0 [ 96.084342][ T5314] __pcs_replace_empty_main+0x2b9/0x620 [ 96.086888][ T5314] kmem_cache_alloc_noprof+0x37d/0x650 [ 96.089289][ T5314] vm_area_alloc+0x24/0x140 [ 96.091263][ T5314] mmap_region+0xf85/0x1f40 [ 96.093338][ T5314] do_mmap+0xc39/0x10c0 [ 96.095232][ T5314] vm_mmap_pgoff+0x2c9/0x4f0 [ 96.097256][ T5314] ksys_mmap_pgoff+0x51e/0x760 [ 96.099394][ T5314] do_syscall_64+0x14d/0xf80 [ 96.101504][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.104194][ T5314] page last free pid 5006 tgid 5006 stack trace: [ 96.107135][ T5314] __free_frozen_pages+0xbf8/0xd70 [ 96.109421][ T5314] tlb_remove_table_rcu+0x85/0x100 [ 96.111697][ T5314] rcu_core+0x7cd/0x1070 [ 96.113606][ T5314] handle_softirqs+0x22a/0x7c0 [ 96.115715][ T5314] __irq_exit_rcu+0x5f/0x150 [ 96.117819][ T5314] irq_exit_rcu+0x9/0x30 [ 96.119754][ T5314] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 96.122299][ T5314] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 96.124850][ T5314] [ 96.125890][ T5314] Memory state around the buggy address: [ 96.128325][ T5314] ffff8880425ae300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 96.131723][ T5314] ffff8880425ae380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 96.135260][ T5314] >ffff8880425ae400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 96.138841][ T5314] ^ [ 96.141019][ T5314] ffff8880425ae480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 96.144405][ T5314] ffff8880425ae500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 96.147861][ T5314] ================================================================== [ 96.151617][ T5314] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 96.154622][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 96.158501][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 96.162840][ T5314] Call Trace: [ 96.164381][ T5314] [ 96.165756][ T5314] vpanic+0x1e0/0x670 [ 96.167673][ T5314] panic+0xc5/0xd0 [ 96.169384][ T5314] ? __pfx_panic+0x10/0x10 [ 96.171418][ T5314] ? ocfs2_fault+0xda/0x3e0 [ 96.173536][ T5314] ? ocfs2_fault+0xda/0x3e0 [ 96.175590][ T5314] check_panic_on_warn+0x89/0xb0 [ 96.177832][ T5314] ? ocfs2_fault+0xda/0x3e0 [ 96.179902][ T5314] end_report+0x6f/0x140 [ 96.181811][ T5314] kasan_report+0x128/0x150 [ 96.183906][ T5314] ? ocfs2_fault+0xda/0x3e0 [ 96.185916][ T5314] ocfs2_fault+0xda/0x3e0 [ 96.187851][ T5314] ? __pfx_ocfs2_fault+0x10/0x10 [ 96.190138][ T5314] ? css_rstat_updated+0x23a/0x530 [ 96.192500][ T5314] ? __pte_offset_map+0x29/0x240 [ 96.194794][ T5314] __do_fault+0x138/0x390 [ 96.196840][ T5314] do_pte_missing+0x21a2/0x37a0 [ 96.199065][ T5314] ? handle_mm_fault+0xee/0x32a0 [ 96.201349][ T5314] handle_mm_fault+0x1b8c/0x32a0 [ 96.203680][ T5314] ? handle_mm_fault+0xee/0x32a0 [ 96.205981][ T5314] ? __pfx_handle_mm_fault+0x10/0x10 [ 96.208347][ T5314] ? follow_page_pte+0x825/0x1460 [ 96.210631][ T5314] ? __pfx_follow_page_pte+0x10/0x10 [ 96.213131][ T5314] __get_user_pages+0x165b/0x29d0 [ 96.215514][ T5314] populate_vma_page_range+0x2be/0x3c0 [ 96.218073][ T5314] ? __pfx_populate_vma_page_range+0x10/0x10 [ 96.220848][ T5314] ? down_read+0x272/0x2e0 [ 96.222865][ T5314] ? __mm_populate+0x173/0x390 [ 96.225066][ T5314] __mm_populate+0x25f/0x390 [ 96.227206][ T5314] ? __pfx___mm_populate+0x10/0x10 [ 96.229498][ T5314] vm_mmap_pgoff+0x3aa/0x4f0 [ 96.231637][ T5314] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 96.233973][ T5314] ? __fget_files+0x2a/0x420 [ 96.236183][ T5314] ? __fget_files+0x3a0/0x420 [ 96.238302][ T5314] ? __fget_files+0x2a/0x420 [ 96.240405][ T5314] ksys_mmap_pgoff+0x51e/0x760 [ 96.242524][ T5314] do_syscall_64+0x14d/0xf80 [ 96.244577][ T5314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.247303][ T5314] ? trace_irq_disable+0x37/0x100 [ 96.249453][ T5314] ? clear_bhb_loop+0x40/0x90 [ 96.251591][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.254255][ T5314] RIP: 0033:0x7fe9c359bf79 [ 96.256305][ T5314] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 96.264518][ T5314] RSP: 002b:00007fe9c4432028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 96.268083][ T5314] RAX: ffffffffffffffda RBX: 00007fe9c3815fa0 RCX: 00007fe9c359bf79 [ 96.271661][ T5314] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 96.275188][ T5314] RBP: 00007fe9c36327e0 R08: 000000000000000e R09: 0000000000000000 [ 96.278726][ T5314] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 96.282179][ T5314] R13: 00007fe9c3816038 R14: 00007fe9c3815fa0 R15: 00007ffddaf33738 [ 96.285770][ T5314] [ 96.287729][ T5314] Kernel Offset: disabled [ 96.289727][ T5314] Rebooting in 86400 seconds..