program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000000000000000060000000800030074fe15bb4ff2fec2d5bfedf15569ec34a6c888763d89b01ef82aa21a67689d90826e1949ecb5755dd47425c55d554800cb40057f7192dd09d3fb5c56c0aa7efd50f12976e4688b4c3cc89dd4482dd7559a", @ANYRES32=0x0, @ANYBLOB="0800050003000000"], 0x24}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x1929, 0x80) close(r3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000680)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="010028bd7000fddbdf2507000000080001003100000008000300", @ANYRES32=r4, @ANYBLOB="0c00990002000000700000001400040073797a6b616c6c6572300000000000000800050004000000"], 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000002151ad22f634c5edfb5a18a114759ecc7cd0c12c74e50e00e9cf36c85eecdefc8cb740e159266bd116a0ee95f3209b88ca75c2781c"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x9, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18062000000000000000000001fcffff18120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000007a000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'erspan0\x00', &(0x7f0000000540)={'tunl0\x00', 0x0, 0x8000, 0x10, 0x9, 0x900, {{0x16, 0x4, 0x0, 0x3f, 0x58, 0x67, 0x0, 0x1, 0x29, 0x0, @private=0xa010102, @local, {[@generic={0x44, 0x11, "418313636a6d36218431b0788f1daf"}, @lsrr={0x83, 0x13, 0x38, [@loopback, @multicast1, @multicast2, @remote]}, @generic={0x94, 0x2}, @rr={0x7, 0x3, 0x7}, @end, @rr={0x7, 0x17, 0x5, [@broadcast, @local, @private=0xa010101, @loopback, @remote]}, @end, @noop]}}}}}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1e00000008000000080000000400000080b00000", @ANYRES32=r5, @ANYBLOB='\x00\x00\x00@\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000005000000000000000f00000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xc, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000004000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000066090600000003e70400000006000000180100002020702500000000002020207b9af8ff000037010000f8ffffffb702000008000000b70300000000000014000000060000005d93000000000000b50302000000000085000000c4000000b7000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000940)={{0x1, 0x1, 0x18, r3, {0x1, 0x4276}}, './file0\x00'}) r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r9, &(0x7f0000000300)=""/104, 0x68) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='cmdline\x00') r10 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000009c0)=@generic={&(0x7f0000000380)='./file0\x00'}, 0x18) r11 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="636f686572656e63793d62756666657265642c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6a6f75726e616c5f6173796e635f636f6d6d69742c6c6f63616c666c6f636b732c696e74722c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030302c003b0cb2c0ba9712fd03ce355aa491cc5f61813e9176fd595048f5094cd6fed1109c0660126a81d7e1656e6486961ae248203b7844c4cf817c54087b2984df5130648beca655de632257577d76c1ccce9cf88767d0b804fc5b31382d9086dfc8971e6330019719d4ca3d772eb79c46a0e8cfaa3e2d7424d47a406bac7435aad5308dee60ed828b"], 0x8, 0x4438, &(0x7f00000088c0)="$eJzs3c9PXNUeAPBzL/QV+voD+rroS17yJnlNnlFDoCuVJlJKS6HFmmob42Y6wLRFB6aBwbjoAndNXJm4MC4aTdyxali4rX+CG5d13UQXbkxMGjEzcwfmXpgwVgba+vksuNzze/jee+bcxeXEicrtuaXc3FKusJArz9xcOp37qFxani+GeI9s2/+Bveuf9nTiOtnva+/v7Mq5C+9cPx3Cd7M/PF5fX18PVd0hEYVmQ02///rL3ZnmY0Mc0qrtho56P4RwYsu4qrpCCO99W/8UZ5O00eTYG0I4knzC63c/vZHbpdE8eFQ8k38ydW9t+NTk6v211p89CuHL0r9fvTX/0/+6hn98eZe6BwAAAAAAAAAAAAAAAADgOTd+9cq1tweHwsModK9GW9/XHU+Ord6PXd81/+38hwUAAAAAAAAAAAAAAAAAAIBn1Ob7/7no+Dbv/48lx5EW9dff7PwY6ZyJt66MnR8cSvZ/j7bkv5Yk/Xy2K/Rvs+97dv/3s5n62+//vrWfp9UYX6PfvhDFA6nzOB4YCOHrZOP3k9GhuFReqrxys7y8MLtrw3hupeNf370/FZ1kQ/924z+aab/z+///a8vVVD2/sXuX2AstHf+uluW++SRqK/7nMvX2Iv48vXT8u2tpvc0FRuoTQDX+n3XvHP+xTPudiv/REEIuqo41l5oBqmuYanqr9Qpp6fgfqKWlps7kD9nq/v8tE//zmfb3a/5fyX4Rsa10/P9RS+tJldi8//vjne//C5n29yP+1fGv+P5vSzr+B+uJ3akitb9ku/P/eKb9TsX/WpyM82iUugJWo3p6q/9XR1o6/j1b8jef/+K21n8XM/X36vmv0W/j+a8x/b8U1Z//2F46/r0ty7V7/09k6mXiH+/u6KvLk5wngL8gHf9DtbT02rmv9rPd+E9m2u/U/F+7kHoa8d+cT34/WE//yvqvLen4/7OemLpLV2o/a+u/aOf1/6VM+/ux/quOf2XXZ5oXU3P8u8LhluWq8f++je//y5l6nY9/CIPW+k8tff8faVmudv/37Bz/qUy9Tsf//yEc62T7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+60eTYF6J4IHUexwMDIZxLzk+GQ9F0YTY/XSrPfLgUwliSngvHo1ul8nShlJ9bKM8W84VSqTwTwvkk/0ToiZZK5Up+vnDnwkZbvdHtYmGxMl0sVEII40n6f8KRRlvTc5X5wp0QwsWNvGNxefHO7cJCfnZu8Y3BwcHBMLExhv6o+HGluFCp917PDWFyo25f1DS4WvaljbEcjj4oLy8uFEq19MtNdUrlmUKpqc5Ukvd56I8qi8sLM4VKMV8q32r0t59GkuPYxNV3r14e2pJ/I6ofR/d2WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8SQ+HX/8ihNBdP4tDCCONX6Ltyj94VDyTfzJ1b2341OTq/bXHrcoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwBztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYpWOUiIEoDMBvxkLtPIZVSDrbiCJaGBE8gR7Dw2jvJbyEd7CwsLVwFzYTWLIJpNmtvq95IT8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGVuHrunh7qJSHHyfxzx+fL1vZ3flfp2OX3+6AAzsj+3993Vdd2Ud087+UX59dPmTfr3+/ocE3XwPtqT8T71hj6ns3PN7dvcfEPfs0i5ioi25Ocp56rqvz9Wy+4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYswMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUXfBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADApwAAAP//q60e0g==") r12 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r12, 0xc0185879, &(0x7f00000004c0)={0x1000000, 0xffffffffffffffff, 0x400000, 0x2, 0x0, 0x0, 0x2401}) pwritev2(r11, &(0x7f00000001c0)=[{&(0x7f00000000c0)="df7c", 0x2}], 0x1, 0xe7b, 0x0, 0x41) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0x7c}], 0x0, 0x4, 0x74) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x1b, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000004000000430102000700000095004000"/32], &(0x7f00000001c0)='GPL\x00', 0x6, 0xc5, &(0x7f0000000440)=""/197, 0xa84f15daf96e41ab, 0x1e, '\x00', r6, @fallback=0xb, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x1, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4, &(0x7f0000000a00)=[r7, r8, r9, r10, r3, r11, 0xffffffffffffffff, r11], &(0x7f0000000a40)=[{0x2, 0x5, 0x9, 0x1}, {0x5, 0x5, 0x0, 0x1}, {0x2, 0x1, 0xb}, {0x2, 0x3, 0xe, 0xb}], 0x10, 0x9, @void, @value}, 0x94) r13 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r13) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r13, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) [ 74.319912][ T5299] Bluetooth: hci0: command tx timeout [ 74.348394][ T5314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'. [ 74.565577][ T5314] loop0: detected capacity change from 0 to 32768 [ 74.575345][ T5314] ======================================================= [ 74.575345][ T5314] WARNING: The mand mount option has been deprecated and [ 74.575345][ T5314] and is ignored by this kernel. Remove the mand [ 74.575345][ T5314] option from the mount to silence this warning. [ 74.575345][ T5314] ======================================================= [ 74.645433][ T5314] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 74.664361][ T5314] ================================================================== [ 74.667864][ T5314] BUG: KASAN: slab-use-after-free in __ocfs2_flush_truncate_log+0x7c7/0x10e0 [ 74.671703][ T5314] Read of size 4 at addr ffff8880362fd2c0 by task syz.0.0/5314 [ 74.674941][ T5314] [ 74.675883][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 74.675894][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.675900][ T5314] Call Trace: [ 74.675906][ T5314] [ 74.675909][ T5314] dump_stack_lvl+0x189/0x250 [ 74.675924][ T5314] ? __virt_addr_valid+0x1c8/0x5c0 [ 74.675935][ T5314] ? rcu_is_watching+0x15/0xb0 [ 74.675945][ T5314] ? __kasan_check_byte+0x12/0x40 [ 74.675955][ T5314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.675966][ T5314] ? rcu_is_watching+0x15/0xb0 [ 74.675975][ T5314] ? lock_release+0x4b/0x3e0 [ 74.675986][ T5314] ? __virt_addr_valid+0x1c8/0x5c0 [ 74.675996][ T5314] ? __virt_addr_valid+0x4a5/0x5c0 [ 74.676007][ T5314] print_report+0xd2/0x2b0 [ 74.676018][ T5314] ? __ocfs2_flush_truncate_log+0x7c7/0x10e0 [ 74.676030][ T5314] kasan_report+0x118/0x150 [ 74.676040][ T5314] ? __ocfs2_flush_truncate_log+0x7c7/0x10e0 [ 74.676051][ T5314] __ocfs2_flush_truncate_log+0x7c7/0x10e0 [ 74.676064][ T5314] ? __pfx___ocfs2_flush_truncate_log+0x10/0x10 [ 74.676075][ T5314] ? ocfs2_flush_truncate_log+0x47/0x70 [ 74.676085][ T5314] ? __lock_acquire+0xab9/0xd20 [ 74.676093][ T5314] ? down_write+0x162/0x1f0 [ 74.676144][ T5314] ? __pfx_down_write+0x10/0x10 [ 74.676160][ T5314] ocfs2_flush_truncate_log+0x4f/0x70 [ 74.676176][ T5314] ocfs2_sync_fs+0x116/0x310 [ 74.676186][ T5314] ? __pfx_ocfs2_sync_fs+0x10/0x10 [ 74.676195][ T5314] ? __pfx___writeback_inodes_sb_nr+0x10/0x10 [ 74.676207][ T5314] ? __dentry_kill+0x53d/0x660 [ 74.676219][ T5314] ? get_nr_dirty_inodes+0x1c4/0x210 [ 74.676231][ T5314] sync_filesystem+0x1cc/0x230 [ 74.676245][ T5314] generic_shutdown_super+0x6f/0x2c0 [ 74.676257][ T5314] kill_block_super+0x44/0x90 [ 74.676271][ T5314] deactivate_locked_super+0xbc/0x130 [ 74.676282][ T5314] cleanup_mnt+0x425/0x4c0 [ 74.676290][ T5314] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.676321][ T5314] task_work_run+0x1d1/0x260 [ 74.676335][ T5314] ? __pfx_task_work_run+0x10/0x10 [ 74.676346][ T5314] ? exit_to_user_mode_loop+0x40/0x110 [ 74.676356][ T5314] exit_to_user_mode_loop+0xec/0x110 [ 74.676364][ T5314] do_syscall_64+0x2bd/0x3b0 [ 74.676374][ T5314] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.676382][ T5314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.676389][ T5314] ? clear_bhb_loop+0x60/0xb0 [ 74.676397][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.676404][ T5314] RIP: 0033:0x7fc5d6f9010a [ 74.676412][ T5314] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.676419][ T5314] RSP: 002b:00007fc5d7e30e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.676428][ T5314] RAX: ffffffffffffffec RBX: 00007fc5d7e30ef0 RCX: 00007fc5d6f9010a [ 74.676433][ T5314] RDX: 0000200000004440 RSI: 0000200000000040 RDI: 00007fc5d7e30eb0 [ 74.676439][ T5314] RBP: 0000200000004440 R08: 00007fc5d7e30ef0 R09: 00000000000008c0 [ 74.676444][ T5314] R10: 00000000000008c0 R11: 0000000000000246 R12: 0000200000000040 [ 74.676449][ T5314] R13: 00007fc5d7e30eb0 R14: 0000000000004438 R15: 0000200000000dc0 [ 74.676457][ T5314] [ 74.676459][ T5314] [ 74.807199][ T5314] Allocated by task 5298: [ 74.809178][ T5314] kasan_save_track+0x3e/0x80 [ 74.811245][ T5314] __kasan_slab_alloc+0x6c/0x80 [ 74.813400][ T5314] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 [ 74.815951][ T5314] __alloc_skb+0x112/0x2d0 [ 74.817961][ T5314] rtmsg_ifinfo_build_skb+0x84/0x260 [ 74.820794][ T5314] rtnetlink_event+0x1b7/0x270 [ 74.823080][ T5314] notifier_call_chain+0x1b3/0x3e0 [ 74.825018][ T5314] netif_set_mac_address+0x37c/0x4c0 [ 74.827311][ T5314] do_setlink+0x88c/0x41c0 [ 74.829283][ T5314] rtnl_newlink+0x160b/0x1c70 [ 74.831243][ T5314] rtnetlink_rcv_msg+0x7cf/0xb70 [ 74.833512][ T5314] netlink_rcv_skb+0x208/0x470 [ 74.835657][ T5314] netlink_unicast+0x75b/0x8d0 [ 74.837769][ T5314] netlink_sendmsg+0x805/0xb30 [ 74.839868][ T5314] __sock_sendmsg+0x21c/0x270 [ 74.841927][ T5314] __sys_sendto+0x3bd/0x520 [ 74.843933][ T5314] __x64_sys_sendto+0xde/0x100 [ 74.846020][ T5314] do_syscall_64+0xfa/0x3b0 [ 74.848058][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.850725][ T5314] [ 74.851809][ T5314] Freed by task 5298: [ 74.853353][ T5314] kasan_save_track+0x3e/0x80 [ 74.855330][ T5314] kasan_save_free_info+0x46/0x50 [ 74.857434][ T5314] __kasan_slab_free+0x62/0x70 [ 74.859451][ T5314] kmem_cache_free+0x18f/0x400 [ 74.861534][ T5314] netlink_broadcast_filtered+0x103c/0x1140 [ 74.864026][ T5314] nlmsg_notify+0xf0/0x1a0 [ 74.865854][ T5314] rtnetlink_event+0x224/0x270 [ 74.868034][ T5314] notifier_call_chain+0x1b3/0x3e0 [ 74.870282][ T5314] netif_set_mac_address+0x37c/0x4c0 [ 74.872638][ T5314] do_setlink+0x88c/0x41c0 [ 74.874606][ T5314] rtnl_newlink+0x160b/0x1c70 [ 74.876617][ T5314] rtnetlink_rcv_msg+0x7cf/0xb70 [ 74.878871][ T5314] netlink_rcv_skb+0x208/0x470 [ 74.880992][ T5314] netlink_unicast+0x75b/0x8d0 [ 74.883132][ T5314] netlink_sendmsg+0x805/0xb30 [ 74.885175][ T5314] __sock_sendmsg+0x21c/0x270 [ 74.887126][ T5314] __sys_sendto+0x3bd/0x520 [ 74.889312][ T5314] __x64_sys_sendto+0xde/0x100 [ 74.892003][ T5314] do_syscall_64+0xfa/0x3b0 [ 74.893937][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.896435][ T5314] [ 74.897475][ T5314] The buggy address belongs to the object at ffff8880362fd280 [ 74.897475][ T5314] which belongs to the cache skbuff_head_cache of size 240 [ 74.903675][ T5314] The buggy address is located 64 bytes inside of [ 74.903675][ T5314] freed 240-byte region [ffff8880362fd280, ffff8880362fd370) [ 74.909519][ T5314] [ 74.910558][ T5314] The buggy address belongs to the physical page: [ 74.913270][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x362fd [ 74.917069][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 74.920096][ T5314] page_type: f5(slab) [ 74.921871][ T5314] raw: 04fff00000000000 ffff888030ab78c0 dead000000000122 0000000000000000 [ 74.925574][ T5314] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 74.929016][ T5314] page dumped because: kasan: bad access detected [ 74.931629][ T5314] page_owner tracks the page as allocated [ 74.934095][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5298, tgid 5298 (syz-executor), ts 72514469034, free_ts 72370460007 [ 74.941825][ T5314] post_alloc_hook+0x240/0x2a0 [ 74.943891][ T5314] get_page_from_freelist+0x21e0/0x22c0 [ 74.946192][ T5314] __alloc_frozen_pages_noprof+0x181/0x370 [ 74.948754][ T5314] alloc_pages_mpol+0x232/0x4a0 [ 74.950792][ T5314] allocate_slab+0x8a/0x3b0 [ 74.952727][ T5314] ___slab_alloc+0xbfc/0x1480 [ 74.954720][ T5314] kmem_cache_alloc_node_noprof+0x280/0x3c0 [ 74.957173][ T5314] __alloc_skb+0x112/0x2d0 [ 74.959010][ T5314] netlink_sendmsg+0x5c6/0xb30 [ 74.960980][ T5314] __sock_sendmsg+0x21c/0x270 [ 74.962959][ T5314] __sys_sendto+0x3bd/0x520 [ 74.964898][ T5314] __x64_sys_sendto+0xde/0x100 [ 74.966790][ T5314] do_syscall_64+0xfa/0x3b0 [ 74.968763][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.970969][ T5314] page last free pid 15 tgid 15 stack trace: [ 74.973413][ T5314] __free_frozen_pages+0xc6e/0xe50 [ 74.975580][ T5314] rcu_core+0xca8/0x1710 [ 74.977467][ T5314] handle_softirqs+0x286/0x870 [ 74.979403][ T5314] run_ksoftirqd+0x9b/0x100 [ 74.981095][ T5314] smpboot_thread_fn+0x53f/0xa60 [ 74.982822][ T5314] kthread+0x70e/0x8a0 [ 74.984457][ T5314] ret_from_fork+0x3fc/0x770 [ 74.986574][ T5314] ret_from_fork_asm+0x1a/0x30 [ 74.988958][ T5314] [ 74.990197][ T5314] Memory state around the buggy address: [ 74.993071][ T5314] ffff8880362fd180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.997195][ T5314] ffff8880362fd200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 75.001417][ T5314] >ffff8880362fd280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.004902][ T5314] ^ [ 75.007446][ T5314] ffff8880362fd300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 75.010860][ T5314] ffff8880362fd380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 75.014042][ T5314] ================================================================== [ 75.057481][ T5314] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.060511][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) [ 75.065111][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.069709][ T5314] Call Trace: [ 75.071174][ T5314] [ 75.072528][ T5314] dump_stack_lvl+0x99/0x250 [ 75.074637][ T5314] ? __asan_memcpy+0x40/0x70 [ 75.076641][ T5314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.078898][ T5314] ? __pfx__printk+0x10/0x10 [ 75.080890][ T5314] panic+0x2db/0x790 [ 75.082553][ T5314] ? __pfx_panic+0x10/0x10 [ 75.084452][ T5314] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 75.086930][ T5314] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.089674][ T5314] ? print_memory_metadata+0x314/0x400 [ 75.091899][ T5314] ? __ocfs2_flush_truncate_log+0x7c7/0x10e0 [ 75.094468][ T5314] check_panic_on_warn+0x89/0xb0 [ 75.096587][ T5314] ? __ocfs2_flush_truncate_log+0x7c7/0x10e0 [ 75.099045][ T5314] end_report+0x78/0x160 [ 75.100904][ T5314] kasan_report+0x129/0x150 [ 75.102792][ T5314] ? __ocfs2_flush_truncate_log+0x7c7/0x10e0 [ 75.105428][ T5314] __ocfs2_flush_truncate_log+0x7c7/0x10e0 [ 75.107867][ T5314] ? __pfx___ocfs2_flush_truncate_log+0x10/0x10 [ 75.110536][ T5314] ? ocfs2_flush_truncate_log+0x47/0x70 [ 75.112939][ T5314] ? __lock_acquire+0xab9/0xd20 [ 75.115110][ T5314] ? down_write+0x162/0x1f0 [ 75.117136][ T5314] ? __pfx_down_write+0x10/0x10 [ 75.119299][ T5314] ocfs2_flush_truncate_log+0x4f/0x70 [ 75.121679][ T5314] ocfs2_sync_fs+0x116/0x310 [ 75.123798][ T5314] ? __pfx_ocfs2_sync_fs+0x10/0x10 [ 75.126078][ T5314] ? __pfx___writeback_inodes_sb_nr+0x10/0x10 [ 75.128730][ T5314] ? __dentry_kill+0x53d/0x660 [ 75.130719][ T5314] ? get_nr_dirty_inodes+0x1c4/0x210 [ 75.132820][ T5314] sync_filesystem+0x1cc/0x230 [ 75.134886][ T5314] generic_shutdown_super+0x6f/0x2c0 [ 75.137205][ T5314] kill_block_super+0x44/0x90 [ 75.139300][ T5314] deactivate_locked_super+0xbc/0x130 [ 75.141634][ T5314] cleanup_mnt+0x425/0x4c0 [ 75.143592][ T5314] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.145940][ T5314] task_work_run+0x1d1/0x260 [ 75.148085][ T5314] ? __pfx_task_work_run+0x10/0x10 [ 75.150378][ T5314] ? exit_to_user_mode_loop+0x40/0x110 [ 75.152792][ T5314] exit_to_user_mode_loop+0xec/0x110 [ 75.155092][ T5314] do_syscall_64+0x2bd/0x3b0 [ 75.157107][ T5314] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.159325][ T5314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.161735][ T5314] ? clear_bhb_loop+0x60/0xb0 [ 75.163789][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.166542][ T5314] RIP: 0033:0x7fc5d6f9010a [ 75.168617][ T5314] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.177179][ T5314] RSP: 002b:00007fc5d7e30e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 75.180952][ T5314] RAX: ffffffffffffffec RBX: 00007fc5d7e30ef0 RCX: 00007fc5d6f9010a [ 75.184466][ T5314] RDX: 0000200000004440 RSI: 0000200000000040 RDI: 00007fc5d7e30eb0 [ 75.187962][ T5314] RBP: 0000200000004440 R08: 00007fc5d7e30ef0 R09: 00000000000008c0 [ 75.191233][ T5314] R10: 00000000000008c0 R11: 0000000000000246 R12: 0000200000000040 [ 75.194458][ T5314] R13: 00007fc5d7e30eb0 R14: 0000000000004438 R15: 0000200000000dc0 [ 75.197595][ T5314] [ 75.199155][ T5314] Kernel Offset: disabled [ 75.200957][ T5314] Rebooting in 86400 seconds..