program: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0) r1 = dup(r0) r2 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80000, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000000c0)={'\x00', 0xfff9, 0x1ff, 0xb, 0x6, 0x5}) syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x88c0, &(0x7f00000007c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c0050890e1d2cc1bbbdf08d08fe06ff2766758d8955927fab01a7ccdecfc59b2041a9461723f1db971e775e0e358c03b00c510998283ed6f1dba0502d352e58b65a28492b0a7053e14eccd84ac5b3452602d77c0ca06fcbf3756ab0c1000b6cd9257f69726afcec2859414f3e35e002dcdf2b18b581c33cd87be229bc4302b017e3c3"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=") open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x40042, 0x0) pwrite64(r3, &(0x7f0000000540)="9e", 0x1, 0xfecf) r4 = open(&(0x7f000001f580)='./file1\x00', 0x145142, 0x0) ftruncate(r4, 0x96ef) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000100)=ANY=[], 0xb, 0x0, &(0x7f0000000100)) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r5, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r6, 0x0) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) r7 = socket$kcm(0xa, 0x922000000003, 0x11) sendmsg$kcm(r7, &(0x7f0000000100)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1={0xff, 0x2}}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000000), 0x4c00}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=@setlink={0x28, 0x13, 0xbaa23f3d13f2d1f5, 0x0, 0x0, {0x0, 0x0, 0x0, r8}, [@IFLA_TXQLEN={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x2c93a000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15) [ 68.395535][ T4667] Bluetooth: hci0: command tx timeout [ 68.768029][ T5320] loop0: detected capacity change from 0 to 32768 [ 68.778636][ T5320] ======================================================= [ 68.778636][ T5320] WARNING: The mand mount option has been deprecated and [ 68.778636][ T5320] and is ignored by this kernel. Remove the mand [ 68.778636][ T5320] option from the mount to silence this warning. [ 68.778636][ T5320] ======================================================= [ 68.854534][ T5320] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 68.916240][ T5320] (syz.0.0,5320,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options [ 68.947253][ T5320] loop0: detected capacity change from 32768 to 64 [ 68.986642][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 68.990149][ T5320] (syz.0.0,5320,0):ocfs2_assign_bh:2417 ERROR: status = -12 [ 68.993405][ T5320] (syz.0.0,5320,0):ocfs2_inode_lock_full_nested:2512 ERROR: status = -12 [ 69.032526][ T5320] (syz.0.0,5320,0):ocfs2_inode_lock_atime:2602 ERROR: status = -12 [ 69.037735][ T5320] (syz.0.0,5320,0):ocfs2_mmap_prepare:170 ERROR: status = -12 [ 69.043261][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.048860][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.052091][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.056991][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 0 [ 69.062148][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.066407][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.069718][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.073186][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 0 [ 69.078467][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.081716][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.085477][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.089059][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 1 [ 69.114627][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.118227][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.121534][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.135713][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 2 [ 69.140454][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.143740][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.164391][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.174156][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 3 [ 69.183549][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.191785][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.199161][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.206606][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 4 [ 69.217455][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.224527][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.234311][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.251200][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 5 [ 69.279189][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.282475][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.308142][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.311957][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 6 [ 69.317278][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.320612][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.323865][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.328568][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 7 [ 69.333675][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.337512][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.340781][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.344393][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 0 [ 69.349712][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.353050][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.357899][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.361544][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 1 [ 69.367546][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.370706][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.373871][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.378230][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 2 [ 69.382857][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.390174][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.393252][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.397165][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 3 [ 69.401967][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.405368][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.408297][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.411757][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 4 [ 69.416934][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.420175][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.423355][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.427365][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 5 [ 69.432050][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.435448][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.438608][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.442076][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 6 [ 69.447734][ T5320] (syz.0.0,5320,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 69.451234][ T5320] (syz.0.0,5320,0):ocfs2_get_clusters:627 ERROR: status = -12 [ 69.454361][ T5320] (syz.0.0,5320,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -12 [ 69.458986][ T5320] (syz.0.0,5320,0):ocfs2_get_block:153 ERROR: get_blocks() failed, inode: 0xffff8880427acfb8, block: 7 [ 69.463942][ T5320] ================================================================== [ 69.467500][ T5320] BUG: KASAN: slab-use-after-free in ocfs2_fault+0xd3/0x3f0 [ 69.470865][ T5320] Read of size 8 at addr ffff88801158a7d8 by task syz.0.0/5320 [ 69.474157][ T5320] [ 69.475268][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.475285][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.475293][ T5320] Call Trace: [ 69.475301][ T5320] [ 69.475306][ T5320] dump_stack_lvl+0x189/0x250 [ 69.475325][ T5320] ? __kasan_check_byte+0x12/0x40 [ 69.475343][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.475357][ T5320] ? lock_release+0x4b/0x3e0 [ 69.475368][ T5320] ? __virt_addr_valid+0x4a5/0x5c0 [ 69.475383][ T5320] print_report+0xca/0x240 [ 69.475395][ T5320] ? ocfs2_fault+0xd3/0x3f0 [ 69.475408][ T5320] kasan_report+0x118/0x150 [ 69.475424][ T5320] ? ocfs2_fault+0xd3/0x3f0 [ 69.475441][ T5320] ocfs2_fault+0xd3/0x3f0 [ 69.475455][ T5320] ? __pfx_ocfs2_fault+0x10/0x10 [ 69.475471][ T5320] __do_fault+0x138/0x390 [ 69.475486][ T5320] __handle_mm_fault+0x35e3/0x5400 [ 69.475501][ T5320] ? __pfx___handle_mm_fault+0x10/0x10 [ 69.475518][ T5320] ? find_vma+0xe7/0x160 [ 69.475529][ T5320] ? __pfx_find_vma+0x10/0x10 [ 69.475541][ T5320] handle_mm_fault+0x40a/0x8e0 [ 69.475555][ T5320] do_user_addr_fault+0x764/0x1380 [ 69.475576][ T5320] exc_page_fault+0x82/0x100 [ 69.475639][ T5320] asm_exc_page_fault+0x26/0x30 [ 69.475650][ T5320] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 69.475664][ T5320] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 69.475674][ T5320] RSP: 0018:ffffc9000d487b18 EFLAGS: 00050206 [ 69.475686][ T5320] RAX: 00007ffffffff001 RBX: 0000000000000038 RCX: 0000000000000038 [ 69.475694][ T5320] RDX: 0000000000000001 RSI: 0000200000000100 RDI: ffffc9000d487b80 [ 69.475701][ T5320] RBP: ffffc9000d487d90 R08: ffffc9000d487bb7 R09: 1ffff92001a90f76 [ 69.475708][ T5320] R10: dffffc0000000000 R11: fffff52001a90f77 R12: ffffc9000d487de0 [ 69.475716][ T5320] R13: 1ffff92001a90f6c R14: ffffc9000d487b80 R15: 0000200000000100 [ 69.475727][ T5320] _copy_from_user+0x7a/0xb0 [ 69.475740][ T5320] ___sys_sendmsg+0x158/0x2a0 [ 69.475751][ T5320] ? __pfx____sys_sendmsg+0x10/0x10 [ 69.475778][ T5320] ? __fget_files+0x2a/0x420 [ 69.475794][ T5320] ? __fget_files+0x3a0/0x420 [ 69.475807][ T5320] __x64_sys_sendmsg+0x19b/0x260 [ 69.475818][ T5320] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 69.475830][ T5320] ? do_syscall_64+0xbe/0xfa0 [ 69.475845][ T5320] do_syscall_64+0xfa/0xfa0 [ 69.475858][ T5320] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.475872][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.475882][ T5320] ? clear_bhb_loop+0x60/0xb0 [ 69.475892][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.475900][ T5320] RIP: 0033:0x7fb28498f7c9 [ 69.475915][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.475924][ T5320] RSP: 002b:00007fb28579a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.475937][ T5320] RAX: ffffffffffffffda RBX: 00007fb284be5fa0 RCX: 00007fb28498f7c9 [ 69.475945][ T5320] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 000000000000000c [ 69.475952][ T5320] RBP: 00007fb284a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 69.475959][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.475966][ T5320] R13: 00007fb284be6038 R14: 00007fb284be5fa0 R15: 00007ffc72298868 [ 69.475977][ T5320] [ 69.475981][ T5320] [ 69.621384][ T5320] Allocated by task 5320: [ 69.623382][ T5320] kasan_save_track+0x3e/0x80 [ 69.625403][ T5320] __kasan_slab_alloc+0x6c/0x80 [ 69.627396][ T5320] kmem_cache_alloc_noprof+0x367/0x6e0 [ 69.629558][ T5320] vm_area_alloc+0x24/0x140 [ 69.631535][ T5320] mmap_region+0xdcd/0x2110 [ 69.633458][ T5320] do_mmap+0xc45/0x10d0 [ 69.635265][ T5320] vm_mmap_pgoff+0x2a6/0x4d0 [ 69.637281][ T5320] ksys_mmap_pgoff+0x51f/0x760 [ 69.639355][ T5320] do_syscall_64+0xfa/0xfa0 [ 69.641378][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.643924][ T5320] [ 69.645035][ T5320] Freed by task 5320: [ 69.646848][ T5320] kasan_save_track+0x3e/0x80 [ 69.648915][ T5320] __kasan_save_free_info+0x46/0x50 [ 69.651200][ T5320] __kasan_slab_free+0x5c/0x80 [ 69.653282][ T5320] slab_free_after_rcu_debug+0x12c/0x2a0 [ 69.655669][ T5320] rcu_core+0xcab/0x1770 [ 69.657482][ T5320] handle_softirqs+0x286/0x870 [ 69.659590][ T5320] __irq_exit_rcu+0xca/0x1f0 [ 69.661624][ T5320] irq_exit_rcu+0x9/0x30 [ 69.663533][ T5320] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 69.666017][ T5320] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 69.668682][ T5320] [ 69.669748][ T5320] Last potentially related work creation: [ 69.672283][ T5320] kasan_save_stack+0x3e/0x60 [ 69.674373][ T5320] kasan_record_aux_stack+0xbd/0xd0 [ 69.676606][ T5320] kmem_cache_free+0x4a2/0x690 [ 69.678796][ T5320] vms_complete_munmap_vmas+0x626/0x8a0 [ 69.681089][ T5320] mmap_region+0x11e1/0x2110 [ 69.683167][ T5320] do_mmap+0xc45/0x10d0 [ 69.684961][ T5320] vm_mmap_pgoff+0x2a6/0x4d0 [ 69.687026][ T5320] ksys_mmap_pgoff+0x51f/0x760 [ 69.689405][ T5320] do_syscall_64+0xfa/0xfa0 [ 69.691309][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.693725][ T5320] [ 69.694822][ T5320] The buggy address belongs to the object at ffff88801158a780 [ 69.694822][ T5320] which belongs to the cache vm_area_struct of size 256 [ 69.701022][ T5320] The buggy address is located 88 bytes inside of [ 69.701022][ T5320] freed 256-byte region [ffff88801158a780, ffff88801158a880) [ 69.707374][ T5320] [ 69.708498][ T5320] The buggy address belongs to the physical page: [ 69.711183][ T5320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1158a [ 69.714926][ T5320] memcg:ffff88801feabb01 [ 69.716797][ T5320] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 69.720071][ T5320] page_type: f5(slab) [ 69.721830][ T5320] raw: 00fff00000000000 ffff888030413b40 ffffea000045aa00 dead000000000005 [ 69.725589][ T5320] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff88801feabb01 [ 69.729369][ T5320] page dumped because: kasan: bad access detected [ 69.732215][ T5320] page_owner tracks the page as allocated [ 69.734646][ T5320] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4694, tgid 4694 (rcS), ts 26134440216, free_ts 26115355611 [ 69.742442][ T5320] post_alloc_hook+0x234/0x290 [ 69.744502][ T5320] get_page_from_freelist+0x2365/0x2440 [ 69.746968][ T5320] __alloc_frozen_pages_noprof+0x181/0x370 [ 69.749474][ T5320] alloc_pages_mpol+0x232/0x4a0 [ 69.751661][ T5320] allocate_slab+0x96/0x350 [ 69.753603][ T5320] ___slab_alloc+0xf56/0x1990 [ 69.755673][ T5320] __kmem_cache_alloc_bulk+0x1e2/0x590 [ 69.758003][ T5320] __pcs_replace_empty_main+0x292/0x540 [ 69.760609][ T5320] kmem_cache_alloc_noprof+0x453/0x6e0 [ 69.762823][ T5320] vm_area_dup+0x2b/0x680 [ 69.764547][ T5320] __split_vma+0x1a9/0xa00 [ 69.766387][ T5320] vms_gather_munmap_vmas+0x2e2/0x12e0 [ 69.768527][ T5320] mmap_region+0x722/0x2110 [ 69.770540][ T5320] do_mmap+0xc45/0x10d0 [ 69.772770][ T5320] vm_mmap_pgoff+0x2a6/0x4d0 [ 69.774915][ T5320] ksys_mmap_pgoff+0x51f/0x760 [ 69.776993][ T5320] page last free pid 15 tgid 15 stack trace: [ 69.779523][ T5320] __free_frozen_pages+0xbc4/0xd30 [ 69.781739][ T5320] tlb_remove_table_rcu+0x85/0x100 [ 69.783891][ T5320] rcu_core+0xcab/0x1770 [ 69.785571][ T5320] handle_softirqs+0x286/0x870 [ 69.787530][ T5320] run_ksoftirqd+0x9b/0x100 [ 69.789483][ T5320] smpboot_thread_fn+0x542/0xa60 [ 69.791646][ T5320] kthread+0x711/0x8a0 [ 69.793403][ T5320] ret_from_fork+0x4bc/0x870 [ 69.795378][ T5320] ret_from_fork_asm+0x1a/0x30 [ 69.797469][ T5320] [ 69.798586][ T5320] Memory state around the buggy address: [ 69.800909][ T5320] ffff88801158a680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.804529][ T5320] ffff88801158a700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 69.807868][ T5320] >ffff88801158a780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.811420][ T5320] ^ [ 69.814366][ T5320] ffff88801158a800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.817685][ T5320] ffff88801158a880: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 69.820883][ T5320] ================================================================== [ 69.845728][ T5320] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.848893][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.853524][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.858948][ T5320] Call Trace: [ 69.860441][ T5320] [ 69.861905][ T5320] dump_stack_lvl+0x99/0x250 [ 69.864103][ T5320] ? __asan_memcpy+0x40/0x70 [ 69.866183][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.868467][ T5320] ? __pfx__printk+0x10/0x10 [ 69.870584][ T5320] vpanic+0x237/0x6d0 [ 69.872220][ T5320] ? __pfx_vpanic+0x10/0x10 [ 69.874127][ T5320] ? preempt_schedule+0xae/0xc0 [ 69.876270][ T5320] ? __pfx_preempt_schedule+0x10/0x10 [ 69.878708][ T5320] panic+0xb9/0xc0 [ 69.880404][ T5320] ? __pfx_panic+0x10/0x10 [ 69.882473][ T5320] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 69.884961][ T5320] ? ocfs2_fault+0xd3/0x3f0 [ 69.887037][ T5320] check_panic_on_warn+0x89/0xb0 [ 69.889180][ T5320] ? ocfs2_fault+0xd3/0x3f0 [ 69.891229][ T5320] end_report+0x78/0x160 [ 69.892965][ T5320] kasan_report+0x129/0x150 [ 69.895017][ T5320] ? ocfs2_fault+0xd3/0x3f0 [ 69.897159][ T5320] ocfs2_fault+0xd3/0x3f0 [ 69.899200][ T5320] ? __pfx_ocfs2_fault+0x10/0x10 [ 69.901525][ T5320] __do_fault+0x138/0x390 [ 69.903561][ T5320] __handle_mm_fault+0x35e3/0x5400 [ 69.905846][ T5320] ? __pfx___handle_mm_fault+0x10/0x10 [ 69.908205][ T5320] ? find_vma+0xe7/0x160 [ 69.910093][ T5320] ? __pfx_find_vma+0x10/0x10 [ 69.912220][ T5320] handle_mm_fault+0x40a/0x8e0 [ 69.914346][ T5320] do_user_addr_fault+0x764/0x1380 [ 69.916648][ T5320] exc_page_fault+0x82/0x100 [ 69.918741][ T5320] asm_exc_page_fault+0x26/0x30 [ 69.920934][ T5320] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 69.923501][ T5320] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 69.931875][ T5320] RSP: 0018:ffffc9000d487b18 EFLAGS: 00050206 [ 69.934544][ T5320] RAX: 00007ffffffff001 RBX: 0000000000000038 RCX: 0000000000000038 [ 69.938087][ T5320] RDX: 0000000000000001 RSI: 0000200000000100 RDI: ffffc9000d487b80 [ 69.941950][ T5320] RBP: ffffc9000d487d90 R08: ffffc9000d487bb7 R09: 1ffff92001a90f76 [ 69.946379][ T5320] R10: dffffc0000000000 R11: fffff52001a90f77 R12: ffffc9000d487de0 [ 69.950704][ T5320] R13: 1ffff92001a90f6c R14: ffffc9000d487b80 R15: 0000200000000100 [ 69.955087][ T5320] _copy_from_user+0x7a/0xb0 [ 69.957359][ T5320] ___sys_sendmsg+0x158/0x2a0 [ 69.959489][ T5320] ? __pfx____sys_sendmsg+0x10/0x10 [ 69.961899][ T5320] ? __fget_files+0x2a/0x420 [ 69.964025][ T5320] ? __fget_files+0x3a0/0x420 [ 69.966187][ T5320] __x64_sys_sendmsg+0x19b/0x260 [ 69.968387][ T5320] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 69.970851][ T5320] ? do_syscall_64+0xbe/0xfa0 [ 69.972999][ T5320] do_syscall_64+0xfa/0xfa0 [ 69.974945][ T5320] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.977130][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.979760][ T5320] ? clear_bhb_loop+0x60/0xb0 [ 69.981786][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.984314][ T5320] RIP: 0033:0x7fb28498f7c9 [ 69.986194][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.994324][ T5320] RSP: 002b:00007fb28579a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.997821][ T5320] RAX: ffffffffffffffda RBX: 00007fb284be5fa0 RCX: 00007fb28498f7c9 [ 70.001375][ T5320] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 000000000000000c [ 70.004832][ T5320] RBP: 00007fb284a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 70.008245][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.011392][ T5320] R13: 00007fb284be6038 R14: 00007fb284be5fa0 R15: 00007ffc72298868 [ 70.014887][ T5320] [ 70.016642][ T5320] Kernel Offset: disabled [ 70.018593][ T5320] Rebooting in 86400 seconds..