program:
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000280)={[{@acl}, {@heartbeat_none}, {@nouser_xattr}, {@coherency_full}, {@data_writeback}, {@localalloc={'localalloc', 0x3d, 0x1}}, {@acl}, {@noacl}, {@localalloc}]}, 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x40010002, 0x2, 0xa, 0x1d, "9e959f16b6787b08aa26e66c4056ec6bcfeef4fb0efcc1d8a6078ed98e203fd5f0643902dd8f6fac274de9d940bba5e51e92bbd4ce85450d00", "f625c1076e4c36c800def96015e0fb7e904d865c2fdc458ec58d347f41be5a08", [0x4, 0x100000000000a]})
open(&(0x7f00000000c0)='./bus\x00', 0x64842, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_open_dev$dmmidi(&(0x7f0000000040), 0x2, 0x2600) (async)
syz_open_dev$dmmidi(&(0x7f0000000040), 0x2, 0x2600)
open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) (async)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r2, 0x2007ffb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x28011, r2, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x28011, r2, 0x0)

[   69.628398][ T4664] Bluetooth: hci0: command tx timeout
[   70.032453][ T5320] loop0: detected capacity change from 0 to 32768
[   70.044395][ T5320] =======================================================
[   70.044395][ T5320] WARNING: The mand mount option has been deprecated and
[   70.044395][ T5320]          and is ignored by this kernel. Remove the mand
[   70.044395][ T5320]          option from the mount to silence this warning.
[   70.044395][ T5320] =======================================================
[   70.119794][ T5320] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[   70.141573][   T24] audit: type=1800 audit(1739441316.950:2): pid=5320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=17058 res=0 errno=0
[   70.186753][ T5320] loop0: detected capacity change from 32768 to 0
[   70.214894][   T24] audit: type=1800 audit(1739441317.020:3): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=17059 res=0 errno=0
[   70.270083][   T24] audit: type=1800 audit(1739441317.080:4): pid=5320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=17059 res=0 errno=0
[   70.296897][   T24] audit: type=1800 audit(1739441317.100:5): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=17059 res=0 errno=0
[   70.312957][ T5321] syz.0.0: attempt to access beyond end of device
[   70.312957][ T5321] loop0: rw=0, sector=32, nr_sectors = 1 limit=0
[   70.322546][   T24] audit: type=1800 audit(1739441317.100:6): pid=5320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=17059 res=0 errno=0
[   70.337728][   T24] audit: type=1800 audit(1739441317.100:7): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=17059 res=0 errno=0
[   70.347819][ T5321] (syz.0.0,5321,0):ocfs2_search_chain:1814 ERROR: status = -5
[   70.356904][ T5321] (syz.0.0,5321,0):ocfs2_search_chain:1926 ERROR: status = -5
[   70.360785][ T5321] (syz.0.0,5321,0):ocfs2_claim_suballoc_bits:1995 ERROR: status = -5
[   70.364686][ T5321] (syz.0.0,5321,0):ocfs2_claim_suballoc_bits:2038 ERROR: status = -5
[   70.369529][ T5321] (syz.0.0,5321,0):__ocfs2_claim_clusters:2412 ERROR: status = -5
[   70.373658][ T5321] (syz.0.0,5321,0):__ocfs2_claim_clusters:2420 ERROR: status = -5
[   70.377760][ T5321] (syz.0.0,5321,0):ocfs2_add_clusters_in_btree:4830 ERROR: status = -5
[   70.381316][ T5321] (syz.0.0,5321,0):ocfs2_write_cluster:1138 ERROR: status = -5
[   70.385363][ T5321] (syz.0.0,5321,0):ocfs2_write_cluster_by_desc:1232 ERROR: status = -5
[   70.390324][ T5321] (syz.0.0,5321,0):ocfs2_write_begin_nolock:1805 ERROR: status = -5
[   70.394669][ T5321] (syz.0.0,5321,0):__ocfs2_page_mkwrite:97 ERROR: status = -5
[   70.407978][ T5324] ==================================================================
[   70.411888][ T5324] BUG: KASAN: slab-use-after-free in ocfs2_fault+0xe9/0x3d0
[   70.416661][ T5324] Read of size 8 at addr ffff8880408a6368 by task syz.0.0/5324
[   70.419655][ T5324] 
[   70.420715][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
[   70.420732][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.420740][ T5324] Call Trace:
[   70.420749][ T5324]  <TASK>
[   70.420755][ T5324]  dump_stack_lvl+0x241/0x360
[   70.420775][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.420787][ T5324]  ? __pfx__printk+0x10/0x10
[   70.420803][ T5324]  ? _printk+0xd5/0x120
[   70.420818][ T5324]  ? __virt_addr_valid+0x183/0x530
[   70.420834][ T5324]  ? __virt_addr_valid+0x183/0x530
[   70.420848][ T5324]  print_report+0x169/0x550
[   70.420864][ T5324]  ? __virt_addr_valid+0x183/0x530
[   70.420878][ T5324]  ? __virt_addr_valid+0x183/0x530
[   70.420892][ T5324]  ? __virt_addr_valid+0x45f/0x530
[   70.420905][ T5324]  ? __phys_addr+0xba/0x170
[   70.420919][ T5324]  ? ocfs2_fault+0xe9/0x3d0
[   70.420933][ T5324]  kasan_report+0x143/0x180
[   70.420948][ T5324]  ? ocfs2_block_signals+0xab/0xf0
[   70.420965][ T5324]  ? ocfs2_fault+0xe9/0x3d0
[   70.420981][ T5324]  ocfs2_fault+0xe9/0x3d0
[   70.420995][ T5324]  ? __pfx_ocfs2_fault+0x10/0x10
[   70.421009][ T5324]  ? __raw_spin_lock_init+0x45/0x100
[   70.421023][ T5324]  __do_fault+0x135/0x390
[   70.421039][ T5324]  __handle_mm_fault+0x4c44/0x70f0
[   70.421055][ T5324]  ? __pfx___handle_mm_fault+0x10/0x10
[   70.421069][ T5324]  ? mt_find+0x2a9/0x920
[   70.421139][ T5324]  ? __pfx_lock_release+0x10/0x10
[   70.421157][ T5324]  ? mt_find+0x2a9/0x920
[   70.421169][ T5324]  ? mt_find+0x6c8/0x920
[   70.421182][ T5324]  ? mt_find+0x2a9/0x920
[   70.421200][ T5324]  ? __pfx___might_resched+0x10/0x10
[   70.421215][ T5324]  handle_mm_fault+0x3e5/0x8d0
[   70.421229][ T5324]  __get_user_pages+0x1a92/0x4140
[   70.421251][ T5324]  ? __pfx___get_user_pages+0x10/0x10
[   70.421264][ T5324]  ? __pfx_mt_find+0x10/0x10
[   70.421281][ T5324]  populate_vma_page_range+0x264/0x330
[   70.421295][ T5324]  ? __pfx_populate_vma_page_range+0x10/0x10
[   70.421307][ T5324]  ? userfaultfd_unmap_complete+0x30c/0x360
[   70.421334][ T5324]  __mm_populate+0x27a/0x460
[   70.421349][ T5324]  ? __pfx___mm_populate+0x10/0x10
[   70.421365][ T5324]  vm_mmap_pgoff+0x303/0x430
[   70.421381][ T5324]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   70.421395][ T5324]  ? __fget_files+0x2a/0x410
[   70.421406][ T5324]  ? __fget_files+0x395/0x410
[   70.421416][ T5324]  ? __fget_files+0x2a/0x410
[   70.421427][ T5324]  ksys_mmap_pgoff+0x4eb/0x720
[   70.421440][ T5324]  ? __x64_sys_mmap+0x7f/0x140
[   70.421458][ T5324]  do_syscall_64+0xf3/0x230
[   70.421473][ T5324]  ? clear_bhb_loop+0x35/0x90
[   70.421488][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.421503][ T5324] RIP: 0033:0x7f792118cde9
[   70.421515][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.421524][ T5324] RSP: 002b:00007f791d5b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   70.421539][ T5324] RAX: ffffffffffffffda RBX: 00007f79213a6160 RCX: 00007f792118cde9
[   70.421547][ T5324] RDX: 0000000001000007 RSI: 0000000000b36000 RDI: 0000400000000000
[   70.421555][ T5324] RBP: 00007f792120e2a0 R08: 0000000000000009 R09: 0000000000000000
[   70.421562][ T5324] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000
[   70.421569][ T5324] R13: 0000000000000000 R14: 00007f79213a6160 R15: 00007fff84d6f678
[   70.421580][ T5324]  </TASK>
[   70.421585][ T5324] 
[   70.583610][ T5324] Allocated by task 5324:
[   70.585625][ T5324]  kasan_save_track+0x3f/0x80
[   70.587955][ T5324]  __kasan_slab_alloc+0x66/0x80
[   70.590278][ T5324]  kmem_cache_alloc_noprof+0x1d9/0x380
[   70.592442][ T5324]  vm_area_alloc+0x24/0x1d0
[   70.594193][ T5324]  mmap_region+0x1ae6/0x2f80
[   70.596094][ T5324]  do_mmap+0xecc/0x13a0
[   70.598052][ T5324]  vm_mmap_pgoff+0x214/0x430
[   70.600425][ T5324]  ksys_mmap_pgoff+0x4eb/0x720
[   70.602781][ T5324]  do_syscall_64+0xf3/0x230
[   70.604822][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.607463][ T5324] 
[   70.608553][ T5324] Freed by task 5324:
[   70.610677][ T5324]  kasan_save_track+0x3f/0x80
[   70.612932][ T5324]  kasan_save_free_info+0x40/0x50
[   70.614953][ T5324]  __kasan_slab_free+0x59/0x70
[   70.616967][ T5324]  kmem_cache_free+0x195/0x410
[   70.618988][ T5324]  rcu_core+0xaaa/0x17a0
[   70.621068][ T5324]  handle_softirqs+0x2d4/0x9b0
[   70.623421][ T5324]  __irq_exit_rcu+0xf7/0x220
[   70.625615][ T5324]  irq_exit_rcu+0x9/0x30
[   70.627520][ T5324]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   70.629887][ T5324]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   70.632489][ T5324] 
[   70.633463][ T5324] Last potentially related work creation:
[   70.636008][ T5324]  kasan_save_stack+0x3f/0x60
[   70.638583][ T5324]  kasan_record_aux_stack+0xaa/0xc0
[   70.640832][ T5324]  call_rcu+0x168/0xac0
[   70.642506][ T5324]  vms_complete_munmap_vmas+0x65b/0x8f0
[   70.644645][ T5324]  mmap_region+0x197a/0x2f80
[   70.646646][ T5324]  do_mmap+0xecc/0x13a0
[   70.648616][ T5324]  vm_mmap_pgoff+0x214/0x430
[   70.650872][ T5324]  ksys_mmap_pgoff+0x4eb/0x720
[   70.652955][ T5324]  do_syscall_64+0xf3/0x230
[   70.654838][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.657227][ T5324] 
[   70.658267][ T5324] The buggy address belongs to the object at ffff8880408a62e8
[   70.658267][ T5324]  which belongs to the cache vm_area_struct of size 184
[   70.664777][ T5324] The buggy address is located 128 bytes inside of
[   70.664777][ T5324]  freed 184-byte region [ffff8880408a62e8, ffff8880408a63a0)
[   70.670608][ T5324] 
[   70.671643][ T5324] The buggy address belongs to the physical page:
[   70.674034][ T5324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x408a6
[   70.678269][ T5324] memcg:ffff888042ce4c01
[   70.680425][ T5324] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   70.683474][ T5324] page_type: f5(slab)
[   70.685117][ T5324] raw: 04fff00000000000 ffff88801be86b40 ffffea00010ba180 000000000000000a
[   70.689224][ T5324] raw: 0000000000000000 0000000080100010 00000000f5000000 ffff888042ce4c01
[   70.692987][ T5324] page dumped because: kasan: bad access detected
[   70.695712][ T5324] page_owner tracks the page as allocated
[   70.697870][ T5324] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5296, tgid 5296 (sshd), ts 61108282256, free_ts 57736149933
[   70.708572][ T5324]  post_alloc_hook+0x1f4/0x240
[   70.711311][ T5324]  get_page_from_freelist+0x365c/0x37a0
[   70.714212][ T5324]  __alloc_frozen_pages_noprof+0x292/0x710
[   70.717226][ T5324]  alloc_pages_mpol+0x311/0x660
[   70.721261][ T5324]  allocate_slab+0x8f/0x3a0
[   70.723555][ T5324]  ___slab_alloc+0xc27/0x14a0
[   70.725605][ T5324]  __slab_alloc+0x58/0xa0
[   70.727175][ T5324]  kmem_cache_alloc_noprof+0x268/0x380
[   70.729107][ T5324]  vm_area_dup+0x27/0x290
[   70.730707][ T5324]  __split_vma+0x1cb/0xc50
[   70.732366][ T5324]  vms_gather_munmap_vmas+0x2e6/0x1600
[   70.734463][ T5324]  mmap_region+0xa32/0x2f80
[   70.736428][ T5324]  do_mmap+0xecc/0x13a0
[   70.740104][ T5324]  vm_mmap_pgoff+0x214/0x430
[   70.742361][ T5324]  ksys_mmap_pgoff+0x4eb/0x720
[   70.745633][ T5324]  do_syscall_64+0xf3/0x230
[   70.749324][ T5324] page last free pid 16 tgid 16 stack trace:
[   70.753175][ T5324]  free_frozen_pages+0xe0d/0x10e0
[   70.756135][ T5324]  __tlb_remove_table+0x33c/0x420
[   70.758032][ T5324]  tlb_remove_table_rcu+0x76/0xf0
[   70.760076][ T5324]  rcu_core+0xaaa/0x17a0
[   70.761640][ T5324]  handle_softirqs+0x2d4/0x9b0
[   70.763453][ T5324]  run_ksoftirqd+0xca/0x130
[   70.765225][ T5324]  smpboot_thread_fn+0x544/0xa30
[   70.767064][ T5324]  kthread+0x7a9/0x920
[   70.768647][ T5324]  ret_from_fork+0x4b/0x80
[   70.770607][ T5324]  ret_from_fork_asm+0x1a/0x30
[   70.772914][ T5324] 
[   70.774185][ T5324] Memory state around the buggy address:
[   70.777219][ T5324]  ffff8880408a6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.781324][ T5324]  ffff8880408a6280: fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb
[   70.785874][ T5324] >ffff8880408a6300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.790139][ T5324]                                                           ^
[   70.793712][ T5324]  ffff8880408a6380: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb
[   70.798484][ T5324]  ffff8880408a6400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.802400][ T5324] ==================================================================
[   71.000608][ T5324] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.005926][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
[   71.012681][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.017324][ T5324] Call Trace:
[   71.018816][ T5324]  <TASK>
[   71.020236][ T5324]  dump_stack_lvl+0x241/0x360
[   71.022793][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.025532][ T5324]  ? __pfx__printk+0x10/0x10
[   71.028508][ T5324]  ? preempt_schedule+0xe1/0xf0
[   71.031799][ T5324]  ? vscnprintf+0x5d/0x90
[   71.034857][ T5324]  panic+0x349/0x880
[   71.037566][ T5324]  ? check_panic_on_warn+0x21/0xb0
[   71.040599][ T5324]  ? __pfx_panic+0x10/0x10
[   71.042910][ T5324]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   71.045941][ T5324]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   71.049032][ T5324]  ? print_report+0x502/0x550
[   71.051339][ T5324]  check_panic_on_warn+0x86/0xb0
[   71.053682][ T5324]  ? ocfs2_fault+0xe9/0x3d0
[   71.055681][ T5324]  end_report+0x77/0x160
[   71.057543][ T5324]  kasan_report+0x154/0x180
[   71.059974][ T5324]  ? ocfs2_block_signals+0xab/0xf0
[   71.063791][ T5324]  ? ocfs2_fault+0xe9/0x3d0
[   71.067041][ T5324]  ocfs2_fault+0xe9/0x3d0
[   71.069991][ T5324]  ? __pfx_ocfs2_fault+0x10/0x10
[   71.073147][ T5324]  ? __raw_spin_lock_init+0x45/0x100
[   71.077066][ T5324]  __do_fault+0x135/0x390
[   71.080152][ T5324]  __handle_mm_fault+0x4c44/0x70f0
[   71.082566][ T5324]  ? __pfx___handle_mm_fault+0x10/0x10
[   71.085012][ T5324]  ? mt_find+0x2a9/0x920
[   71.087476][ T5324]  ? __pfx_lock_release+0x10/0x10
[   71.089610][ T5324]  ? mt_find+0x2a9/0x920
[   71.091953][ T5324]  ? mt_find+0x6c8/0x920
[   71.094395][ T5324]  ? mt_find+0x2a9/0x920
[   71.096441][ T5324]  ? __pfx___might_resched+0x10/0x10
[   71.098676][ T5324]  handle_mm_fault+0x3e5/0x8d0
[   71.100825][ T5324]  __get_user_pages+0x1a92/0x4140
[   71.103102][ T5324]  ? __pfx___get_user_pages+0x10/0x10
[   71.105986][ T5324]  ? __pfx_mt_find+0x10/0x10
[   71.109115][ T5324]  populate_vma_page_range+0x264/0x330
[   71.111870][ T5324]  ? __pfx_populate_vma_page_range+0x10/0x10
[   71.114865][ T5324]  ? userfaultfd_unmap_complete+0x30c/0x360
[   71.118176][ T5324]  __mm_populate+0x27a/0x460
[   71.120295][ T5324]  ? __pfx___mm_populate+0x10/0x10
[   71.122459][ T5324]  vm_mmap_pgoff+0x303/0x430
[   71.124512][ T5324]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   71.127468][ T5324]  ? __fget_files+0x2a/0x410
[   71.130079][ T5324]  ? __fget_files+0x395/0x410
[   71.132142][ T5324]  ? __fget_files+0x2a/0x410
[   71.134095][ T5324]  ksys_mmap_pgoff+0x4eb/0x720
[   71.136082][ T5324]  ? __x64_sys_mmap+0x7f/0x140
[   71.138331][ T5324]  do_syscall_64+0xf3/0x230
[   71.140578][ T5324]  ? clear_bhb_loop+0x35/0x90
[   71.142984][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.145489][ T5324] RIP: 0033:0x7f792118cde9
[   71.147384][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.155899][ T5324] RSP: 002b:00007f791d5b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   71.158860][ T5324] RAX: ffffffffffffffda RBX: 00007f79213a6160 RCX: 00007f792118cde9
[   71.162574][ T5324] RDX: 0000000001000007 RSI: 0000000000b36000 RDI: 0000400000000000
[   71.166724][ T5324] RBP: 00007f792120e2a0 R08: 0000000000000009 R09: 0000000000000000
[   71.170242][ T5324] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000
[   71.174316][ T5324] R13: 0000000000000000 R14: 00007f79213a6160 R15: 00007fff84d6f678
[   71.179722][ T5324]  </TASK>
[   71.181965][ T5324] Kernel Offset: disabled
[   71.184308][ T5324] Rebooting in 86400 seconds..