program:
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x10008d0, &(0x7f0000000280)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c7072656665727265645f736c6f743d30303030303030303030303030303030303030312c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c00b83578110c8182871d1a888ab910bda6ed5eb8d85850b69e5f00a4b2822944f8a40011442cbdd903ae8f5dbd229f91fe1093b9e1d8042b3023b0ec8f09897497044a104701d3013512e0487b6bd6650f232292d8b0155a94728bba1a8248fed123795bcc184683b33d0d5f4455ea61c1cb567c01edd33f14c229437ce876bf88798ec1e2f28b87b591031c3d50710d9cc51b760aff0105a5c3772f54bdf7395bb2bb7b4a0323ca"], 0x1, 0x4432, &(0x7f0000004480)="$eJzs3c9PG1ceAPA3A9lANtmFbA5ZaaW1tJF2tbtCkFNbIpUQEgIJTZU2UdWLY8BJaA2OwFQ95EBvkXqq1EPVQ9RKvXGKOPSa/gm99JieI7WHXlpVikplewyewRYuwtCkn8+B8bzf9nfm+fkwvDhRubuwkltYyRWWcuW52ytnc++VS6uLxRAfkJb9Hzm4/ulMN66Tw772/siuXbj0xs2zIXw1/83Tzc3NzVDVG1oaaXr94w/355qPDXGmTrXd1q3tl7dDCKd2jKuqJ4Tw1pchRCGE80naeHLsDyGcCPW8m/c/vJXbp9E8elI8l38282Bj9Mz0+sON9u89CuHT0t//f2fxu3/1jH77333qHgAAAAAAAAAAAAAAAACA59zk9Ws3Xh8eCY+j0Lse7XxedzI5tns+dnPf/LP7bxYAAAAAAAAAAAAAAAAAAAB+p7af/89FJ1s8/z+RHMfa1N98tftjpHumXrs2cXF4JNn/PdqR/1KS9P35njDYYt/37P7v5zP1W+//vrOfvWqMr9HvQIjiodR5HA8NhfB5svH76ehYXCqvVP53u7y6NL9vw3hupeNf370/FZ1kQ/9O4z+eab/7+///bcfVVD2/tX+X2AstHf+etuW++CDqKP4XMvUOIv7sXTr+vbW0/uYCY/UJoBr/j3p3j/9Epv3uxP/I1qv+kEvNANU1TC5qv14hLR3/+ueamjqTD7Ld/f9zJv4XM+0f1vy/lv0ioqV0/P9US+tLldi+/wfj3e//S5n2DyP+1fGv+f7vSDr+R+uJvakitU+y0/l/MtN+U/x/2s9x34iTcf4lSl0B61E9vd3/qyMtHf++Hfnbv//ijtZ/lzP1D+r3X6Pfxu+/xvT/n6j++4/W0vHvb1uu0/t/KlOv2/P/WG39x16l43+slpZeOw/U/nYa/+lM+92Kf21V0teI//Z88svRevpn1n8dScf/z/XEuLnEWu1vbf0X7b7+v5Jp/zDWf9Xxr8Xd7fVFkY7/8bblqvH/uoPv/6uZet2PfwjD1vp7lo7/ibblavd/3+7xn8nU63b8/93NxgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeA+PJcSBE8VDqPI6HhkK4kJyfDsei2cJ8frZUnnt3JYSJJD0XTkZ3SuXZQim/sFSeL+YLpVJ5LoSLSf6p0BetlMqV/GLh3qWttvqju8XCcmW2WKiEECaT9H+EE422Zhcqi4V7IYTLW3l/jcvL9+4WlvLzC8uvDA8PD4eprTEMRsX3K8WlSr33em4I01t1B6KmwdWyr2yN5Xj0Tnl1ealQqqVfbapTKs8VSk11ZpK8j8NgVFleXZorVIr5UvlOo7/DNJYcJ6auv3n96siO/FtR/Th+sMMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Dd6PPryJyGE3vpZHEIYa7yIWpV/9KR4Lv9s5sHG6Jnp9YcbT9uVAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBXduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBL/ygRA1EcgN+MhX8qj2EVks42oogWRgRPoMfwMHoUL+EdLCxsLWRhd4ZdshtIs1t9X/NIfsy8B/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADmuX0anh/bLiLFyf9xxOfr1/dmfl/q+9Xu80cHmJH9uXsYrm/arrx72sovy6+fPi/Tv9+3l1jXs/pdfYz2ZLxPK7XP6eRcU/s2NV/tex4pNxHRl/wi5dw08+4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMEOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UUfRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADArwAAAP//sfkf5w==")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) (async)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x40042, 0x0)
pwrite64(r0, &(0x7f0000000540)="9e", 0x1, 0xfecf)
r1 = open(&(0x7f000001f580)='./file1\x00', 0x145142, 0x0)
ftruncate(r1, 0x96ef)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r3, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r3, 0x0)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r4, r4, r4}, &(0x7f0000001cc0)=""/194, 0xc2, 0x0) (async)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r4, r4, r4}, &(0x7f0000001cc0)=""/194, 0xc2, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
r6 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r6, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) (async)
connect$pppoe(r6, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r8, 0x40047438, &(0x7f0000000180)=""/246) (async)
ioctl$EVIOCGPROP(r8, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r8, 0x4004743a, &(0x7f0000000300))
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x6}]})
socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(r9, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r5, 0x7, 0x0, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1c0000000, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]}) (async)
ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1c0000000, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
socket$vsock_stream(0x28, 0x1, 0x0) (async)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockname(r10, 0x0, &(0x7f0000001540)) (async)
getsockname(r10, 0x0, &(0x7f0000001540))
socket(0x11, 0xa, 0x81)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7) (async)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
[ 86.476467][ T5327] loop0: detected capacity change from 0 to 32768
[ 86.482205][ T5327] =======================================================
[ 86.482205][ T5327] WARNING: The mand mount option has been deprecated and
[ 86.482205][ T5327] and is ignored by this kernel. Remove the mand
[ 86.482205][ T5327] option from the mount to silence this warning.
[ 86.482205][ T5327] =======================================================
[ 86.612044][ T5303] Bluetooth: hci0: command tx timeout
[ 86.617202][ T5327] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 86.721180][ T5328] ==================================================================
[ 86.724871][ T5328] BUG: KASAN: slab-use-after-free in ocfs2_fault+0xd3/0x3f0
[ 86.728264][ T5328] Read of size 8 at addr ffff88804202f058 by task syz.0.0/5328
[ 86.731706][ T5328]
[ 86.732907][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 86.732935][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 86.732943][ T5328] Call Trace:
[ 86.732950][ T5328]
[ 86.732957][ T5328] dump_stack_lvl+0x189/0x250
[ 86.732976][ T5328] ? __kasan_check_byte+0x12/0x40
[ 86.733006][ T5328] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.733021][ T5328] ? lock_release+0x4b/0x3e0
[ 86.733033][ T5328] ? __virt_addr_valid+0x4a5/0x5c0
[ 86.733048][ T5328] print_report+0xca/0x240
[ 86.733073][ T5328] ? ocfs2_fault+0xd3/0x3f0
[ 86.733085][ T5328] kasan_report+0x118/0x150
[ 86.733100][ T5328] ? ocfs2_fault+0xd3/0x3f0
[ 86.733115][ T5328] ocfs2_fault+0xd3/0x3f0
[ 86.733130][ T5328] ? __pfx_ocfs2_fault+0x10/0x10
[ 86.733147][ T5328] __do_fault+0x138/0x390
[ 86.733161][ T5328] __handle_mm_fault+0x1847/0x5400
[ 86.733177][ T5328] ? __pfx___handle_mm_fault+0x10/0x10
[ 86.733194][ T5328] ? find_vma+0xe7/0x160
[ 86.733217][ T5328] ? __pfx_find_vma+0x10/0x10
[ 86.733231][ T5328] handle_mm_fault+0x40a/0x8e0
[ 86.733247][ T5328] do_user_addr_fault+0x764/0x1380
[ 86.733262][ T5328] exc_page_fault+0x82/0x100
[ 86.733315][ T5328] asm_exc_page_fault+0x26/0x30
[ 86.733325][ T5328] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 86.733343][ T5328] Code: 31 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[ 86.733364][ T5328] RSP: 0018:ffffc9000d357988 EFLAGS: 00050202
[ 86.733375][ T5328] RAX: ffffffff848b0c01 RBX: 0000000000000050 RCX: 0000000000000050
[ 86.733385][ T5328] RDX: 0000000000000000 RSI: ffff88803ea24500 RDI: 0000200000001cc0
[ 86.733392][ T5328] RBP: ffffc9000d357bd0 R08: ffff88803ea2454f R09: 1ffff11007d448a9
[ 86.733398][ T5328] R10: dffffc0000000000 R11: ffffed1007d448aa R12: 0000200000001d10
[ 86.733405][ T5328] R13: 00007ffffffff000 R14: ffff88803ea24500 R15: 0000200000001cc0
[ 86.733414][ T5328] ? _copy_from_user+0x61/0xb0
[ 86.733425][ T5328] _copy_to_user+0x8a/0xb0
[ 86.733442][ T5328] __keyctl_dh_compute+0x9ef/0xca0
[ 86.733458][ T5328] ? __pfx___keyctl_dh_compute+0x10/0x10
[ 86.733477][ T5328] ? futex_private_hash_put+0x4b/0x280
[ 86.733492][ T5328] ? futex_private_hash_put+0x4b/0x280
[ 86.733518][ T5328] keyctl_dh_compute+0x109/0x160
[ 86.733534][ T5328] ? __pfx_keyctl_dh_compute+0x10/0x10
[ 86.733552][ T5328] ? __might_fault+0xb0/0x130
[ 86.733566][ T5328] __se_sys_keyctl+0x423/0x910
[ 86.733577][ T5328] ? __pfx___se_sys_keyctl+0x10/0x10
[ 86.733589][ T5328] ? rcu_is_watching+0x15/0xb0
[ 86.733601][ T5328] ? __rseq_handle_notify_resume+0x384/0x1220
[ 86.733619][ T5328] ? __se_sys_futex+0x36f/0x400
[ 86.733637][ T5328] ? rcu_is_watching+0x15/0xb0
[ 86.733662][ T5328] ? do_syscall_64+0xbe/0xfa0
[ 86.733675][ T5328] ? __x64_sys_keyctl+0x20/0xc0
[ 86.733685][ T5328] do_syscall_64+0xfa/0xfa0
[ 86.733698][ T5328] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.733709][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.733721][ T5328] ? clear_bhb_loop+0x60/0xb0
[ 86.733740][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.733751][ T5328] RIP: 0033:0x7fb38b98efc9
[ 86.733762][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 86.733772][ T5328] RSP: 002b:00007fb38c8a4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 86.733782][ T5328] RAX: ffffffffffffffda RBX: 00007fb38bbe6090 RCX: 00007fb38b98efc9
[ 86.733791][ T5328] RDX: 0000200000001cc0 RSI: 0000200000000040 RDI: 0000000000000017
[ 86.733798][ T5328] RBP: 00007fb38ba11f91 R08: 0000000000000000 R09: 0000000000000000
[ 86.733804][ T5328] R10: 00000000000000c2 R11: 0000000000000246 R12: 0000000000000000
[ 86.733811][ T5328] R13: 00007fb38bbe6128 R14: 00007fb38bbe6090 R15: 00007ffe942e75b8
[ 86.733835][ T5328]
[ 86.733839][ T5328]
[ 86.906999][ T5328] Allocated by task 5328:
[ 86.909132][ T5328] kasan_save_track+0x3e/0x80
[ 86.911244][ T5328] __kasan_slab_alloc+0x6c/0x80
[ 86.913543][ T5328] kmem_cache_alloc_noprof+0x367/0x6e0
[ 86.916126][ T5328] vm_area_alloc+0x24/0x140
[ 86.918192][ T5328] mmap_region+0xdcd/0x2110
[ 86.920350][ T5328] do_mmap+0xc45/0x10d0
[ 86.922227][ T5328] vm_mmap_pgoff+0x2a6/0x4d0
[ 86.924303][ T5328] ksys_mmap_pgoff+0x51f/0x760
[ 86.926364][ T5328] do_syscall_64+0xfa/0xfa0
[ 86.928401][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.931084][ T5328]
[ 86.932220][ T5328] Freed by task 16:
[ 86.933911][ T5328] kasan_save_track+0x3e/0x80
[ 86.936018][ T5328] __kasan_save_free_info+0x46/0x50
[ 86.938295][ T5328] __kasan_slab_free+0x5c/0x80
[ 86.940521][ T5328] slab_free_after_rcu_debug+0x12c/0x2a0
[ 86.943031][ T5328] rcu_core+0xcab/0x1770
[ 86.945262][ T5328] handle_softirqs+0x286/0x870
[ 86.948133][ T5328] __irq_exit_rcu+0xca/0x1f0
[ 86.950690][ T5328] irq_exit_rcu+0x9/0x30
[ 86.953074][ T5328] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 86.955947][ T5328] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 86.958693][ T5328]
[ 86.959856][ T5328] Last potentially related work creation:
[ 86.962347][ T5328] kasan_save_stack+0x3e/0x60
[ 86.964396][ T5328] kasan_record_aux_stack+0xbd/0xd0
[ 86.966613][ T5328] kmem_cache_free+0x4a2/0x690
[ 86.968683][ T5328] vms_complete_munmap_vmas+0x626/0x8a0
[ 86.971102][ T5328] mmap_region+0x11e1/0x2110
[ 86.973087][ T5328] do_mmap+0xc45/0x10d0
[ 86.974950][ T5328] vm_mmap_pgoff+0x2a6/0x4d0
[ 86.976994][ T5328] ksys_mmap_pgoff+0x51f/0x760
[ 86.979060][ T5328] do_syscall_64+0xfa/0xfa0
[ 86.981103][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.984142][ T5328]
[ 86.985245][ T5328] The buggy address belongs to the object at ffff88804202f000
[ 86.985245][ T5328] which belongs to the cache vm_area_struct of size 256
[ 86.991423][ T5328] The buggy address is located 88 bytes inside of
[ 86.991423][ T5328] freed 256-byte region [ffff88804202f000, ffff88804202f100)
[ 86.997486][ T5328]
[ 86.998563][ T5328] The buggy address belongs to the physical page:
[ 87.001468][ T5328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4202f
[ 87.005218][ T5328] memcg:ffff88803ea24181
[ 87.007061][ T5328] anon flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 87.010320][ T5328] page_type: f5(slab)
[ 87.012031][ T5328] raw: 04fff00000000000 ffff888030415b40 0000000000000000 0000000000000001
[ 87.015671][ T5328] raw: 0000000000000000 00000000800c000c 00000000f5000000 ffff88803ea24181
[ 87.019255][ T5328] page dumped because: kasan: bad access detected
[ 87.022111][ T5328] page_owner tracks the page as allocated
[ 87.024562][ T5328] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5263, tgid 5263 (dhcpcd-run-hook), ts 64522180848, free_ts 64100690458
[ 87.033558][ T5328] post_alloc_hook+0x240/0x2a0
[ 87.035772][ T5328] get_page_from_freelist+0x2365/0x2440
[ 87.038233][ T5328] __alloc_frozen_pages_noprof+0x181/0x370
[ 87.040790][ T5328] alloc_pages_mpol+0x232/0x4a0
[ 87.043017][ T5328] allocate_slab+0x96/0x3a0
[ 87.045025][ T5328] ___slab_alloc+0xe94/0x18a0
[ 87.047084][ T5328] __kmem_cache_alloc_bulk+0x1e2/0x590
[ 87.049534][ T5328] __pcs_replace_empty_main+0x292/0x540
[ 87.051988][ T5328] kmem_cache_alloc_noprof+0x453/0x6e0
[ 87.054246][ T5328] vm_area_dup+0x2b/0x680
[ 87.056091][ T5328] dup_mmap+0x903/0x1b10
[ 87.057986][ T5328] copy_mm+0x13c/0x4b0
[ 87.059797][ T5328] copy_process+0x1706/0x3c00
[ 87.061871][ T5328] kernel_clone+0x21e/0x840
[ 87.063925][ T5328] __x64_sys_clone+0x18b/0x1e0
[ 87.066032][ T5328] do_syscall_64+0xfa/0xfa0
[ 87.068093][ T5328] page last free pid 15 tgid 15 stack trace:
[ 87.070686][ T5328] __free_frozen_pages+0xbc4/0xd30
[ 87.072964][ T5328] tlb_remove_table_rcu+0x85/0x100
[ 87.075241][ T5328] rcu_core+0xcab/0x1770
[ 87.077079][ T5328] handle_softirqs+0x286/0x870
[ 87.079135][ T5328] run_ksoftirqd+0x9b/0x100
[ 87.081191][ T5328] smpboot_thread_fn+0x542/0xa60
[ 87.083395][ T5328] kthread+0x711/0x8a0
[ 87.085157][ T5328] ret_from_fork+0x4bc/0x870
[ 87.087175][ T5328] ret_from_fork_asm+0x1a/0x30
[ 87.089375][ T5328]
[ 87.090500][ T5328] Memory state around the buggy address:
[ 87.092885][ T5328] ffff88804202ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 87.096443][ T5328] ffff88804202ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 87.099953][ T5328] >ffff88804202f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.103493][ T5328] ^
[ 87.106521][ T5328] ffff88804202f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.110092][ T5328] ffff88804202f100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 87.113592][ T5328] ==================================================================
[ 87.162261][ T10] cfg80211: failed to load regulatory.db
[ 87.278211][ T25] audit: type=1326 audit(1761113532.500:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5326 comm="syz.0.0" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb38b98efc9 code=0x0
[ 87.289812][ T5328] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 87.293044][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 87.297140][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.301934][ T5328] Call Trace:
[ 87.303488][ T5328]
[ 87.304959][ T5328] dump_stack_lvl+0x99/0x250
[ 87.307121][ T5328] ? __asan_memcpy+0x40/0x70
[ 87.309287][ T5328] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.311743][ T5328] ? __pfx__printk+0x10/0x10
[ 87.313797][ T5328] vpanic+0x237/0x6d0
[ 87.315679][ T5328] ? __pfx_vpanic+0x10/0x10
[ 87.317677][ T5328] ? preempt_schedule+0xae/0xc0
[ 87.319899][ T5328] ? __pfx_preempt_schedule+0x10/0x10
[ 87.322382][ T5328] panic+0xb9/0xc0
[ 87.324132][ T5328] ? __pfx_panic+0x10/0x10
[ 87.326204][ T5328] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 87.328998][ T5328] ? ocfs2_fault+0xd3/0x3f0
[ 87.331114][ T5328] check_panic_on_warn+0x89/0xb0
[ 87.333394][ T5328] ? ocfs2_fault+0xd3/0x3f0
[ 87.335391][ T5328] end_report+0x78/0x160
[ 87.337252][ T5328] kasan_report+0x129/0x150
[ 87.339268][ T5328] ? ocfs2_fault+0xd3/0x3f0
[ 87.341333][ T5328] ocfs2_fault+0xd3/0x3f0
[ 87.343273][ T5328] ? __pfx_ocfs2_fault+0x10/0x10
[ 87.345485][ T5328] __do_fault+0x138/0x390
[ 87.347484][ T5328] __handle_mm_fault+0x1847/0x5400
[ 87.349874][ T5328] ? __pfx___handle_mm_fault+0x10/0x10
[ 87.352454][ T5328] ? find_vma+0xe7/0x160
[ 87.354385][ T5328] ? __pfx_find_vma+0x10/0x10
[ 87.356646][ T5328] handle_mm_fault+0x40a/0x8e0
[ 87.358893][ T5328] do_user_addr_fault+0x764/0x1380
[ 87.361300][ T5328] exc_page_fault+0x82/0x100
[ 87.363446][ T5328] asm_exc_page_fault+0x26/0x30
[ 87.365702][ T5328] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 87.368280][ T5328] Code: 31 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[ 87.376940][ T5328] RSP: 0018:ffffc9000d357988 EFLAGS: 00050202
[ 87.379561][ T5328] RAX: ffffffff848b0c01 RBX: 0000000000000050 RCX: 0000000000000050
[ 87.383188][ T5328] RDX: 0000000000000000 RSI: ffff88803ea24500 RDI: 0000200000001cc0
[ 87.386744][ T5328] RBP: ffffc9000d357bd0 R08: ffff88803ea2454f R09: 1ffff11007d448a9
[ 87.390164][ T5328] R10: dffffc0000000000 R11: ffffed1007d448aa R12: 0000200000001d10
[ 87.393446][ T5328] R13: 00007ffffffff000 R14: ffff88803ea24500 R15: 0000200000001cc0
[ 87.396748][ T5328] ? _copy_from_user+0x61/0xb0
[ 87.398755][ T5328] _copy_to_user+0x8a/0xb0
[ 87.400646][ T5328] __keyctl_dh_compute+0x9ef/0xca0
[ 87.402802][ T5328] ? __pfx___keyctl_dh_compute+0x10/0x10
[ 87.405214][ T5328] ? futex_private_hash_put+0x4b/0x280
[ 87.407737][ T5328] ? futex_private_hash_put+0x4b/0x280
[ 87.410296][ T5328] keyctl_dh_compute+0x109/0x160
[ 87.412605][ T5328] ? __pfx_keyctl_dh_compute+0x10/0x10
[ 87.415041][ T5328] ? __might_fault+0xb0/0x130
[ 87.417175][ T5328] __se_sys_keyctl+0x423/0x910
[ 87.419385][ T5328] ? __pfx___se_sys_keyctl+0x10/0x10
[ 87.421695][ T5328] ? rcu_is_watching+0x15/0xb0
[ 87.423587][ T5328] ? __rseq_handle_notify_resume+0x384/0x1220
[ 87.426184][ T5328] ? __se_sys_futex+0x36f/0x400
[ 87.428220][ T5328] ? rcu_is_watching+0x15/0xb0
[ 87.430234][ T5328] ? do_syscall_64+0xbe/0xfa0
[ 87.432312][ T5328] ? __x64_sys_keyctl+0x20/0xc0
[ 87.434152][ T5328] do_syscall_64+0xfa/0xfa0
[ 87.436040][ T5328] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.438312][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.440852][ T5328] ? clear_bhb_loop+0x60/0xb0
[ 87.442899][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.445406][ T5328] RIP: 0033:0x7fb38b98efc9
[ 87.447264][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 87.455325][ T5328] RSP: 002b:00007fb38c8a4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 87.458683][ T5328] RAX: ffffffffffffffda RBX: 00007fb38bbe6090 RCX: 00007fb38b98efc9
[ 87.462132][ T5328] RDX: 0000200000001cc0 RSI: 0000200000000040 RDI: 0000000000000017
[ 87.465692][ T5328] RBP: 00007fb38ba11f91 R08: 0000000000000000 R09: 0000000000000000
[ 87.469157][ T5328] R10: 00000000000000c2 R11: 0000000000000246 R12: 0000000000000000
[ 87.472591][ T5328] R13: 00007fb38bbe6128 R14: 00007fb38bbe6090 R15: 00007ffe942e75b8
[ 87.476132][ T5328]
[ 87.477919][ T5328] Kernel Offset: disabled
[ 87.479861][ T5328] Rebooting in 86400 seconds..