program:
syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
sendfile(r0, r0, 0x0, 0x800000009)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x10)
ftruncate(r2, 0x2007ffb)
sendfile(r1, r2, 0x0, 0x1000000201005)
syz_mount_image$bcachefs(&(0x7f00000002c0), &(0x7f0000000340)='./bus\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESOCT, @ANYBLOB="5a3f8fa4067a10650f26471a6ee9e9c641a62f221aacd71851d8ccee1e3265ad24d3b77aa6accfea0b3a7c6a61c75a8dac28cdad621664353a45d77ecba7895ff1351e13f469f44963edf9a76633362c9b8045bccf1a21e98a429bf90d005dc4590f9177e4efe2295c52c2c76c5837b1", @ANYRES16, @ANYRES32, @ANYRES32, @ANYRESDEC, @ANYBLOB="39287ca62b3bc2d352aea732da4208801a4fdd37620ca3929ea549314caf0a"], 0xfc, 0x5a13, &(0x7f00000088c0)="$eJzs3X+QHNV9IPDXM7Pa1a5+rAQOMpjVIqOEQGyt+FXYpOJNLrFTQCi5SDmIkw0LWhHZklDpRwBBgsiBDxXgwilSCU7+IC7gDqO4qIKLUSgTASdxNraKi4+6wtSZO+w/fEUIKgM6yuXzpnan3+xsz/T27OyskNDnU9L29Js33379+k1Pf9/M7gQAAABOCAfv3H7k8lN/77t/Pvrubb//j5tvD33lifKeWKE/Xd70frWQo6m7smximR0Xv3bLN34yeN3vfOfx3offO7D+jA0//N2Trnv6i5fse+Bvnn1n4ZO/fL0obhxPZ0+uJ28mIfR8+/BffvnAi6eMlyWLxn+WdoewJFn67JIkE2Lo5yGE9enKssydT7x73obx5e13d08pX5ypZ7yf2MaP8/jA2nXkxnPCj3577R3fX/7Nv+/a+8buySpJT914CmHRNfWP7wohzE//j4ujLY7HOGjXhBB66x53UUG7Ptpi+1flrJ+WLuely76COPH+FZn1UqZedj3qyix7C7Y3W3ntaLdekQWZ9ezJaLby2hnLl6TLb6XLs2cYv5zuQzkJpSRUas3flEyOkVB33JKQTBzLntp6qXZsQ7r/mfUks17KrJe7Mvs1sd10oJWTZGp5rJcpj6fjSlp+Rv25uokrcso/nC570ifqe3E9ZG9U9TXcqO3XhNiuw9O05Wgo1Z2DmpXXDnx6MPrSsr5kacNjxpqI9x1Ye8/K8rrnDvbntCN5PEnjJ23F3/W9JQu+8NiendnX9Vr8a0pp/FJb8V+79NBbV+35+tdy498X45fbin/uM71vXvr8nSty++dw7J9KW/FHXn/h3uUnX7s3t/0Pxvg9bcUf3neoe+GRZ/bntn8o9s/8tuK/evGnf/zoy0+9kRs/xPi9bcVft2/rV7oHjpyVG39/7J++9sbP23svfGVg4KeDefFfivEXthX/kd0PfPKhxXdfknt818T+6W8r/mVnPn3HgiNPnZ537kwe7NQrJ8CJ6aT0GuuudL3dPHO26vKFvx6sVK/5FqT/F3ZyQ5mLz/HtLOpkfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIXzonP/2mf/zuf43K+l6d3rj1VJ1GcvnhZDMDyFs3zGybcfGLdcPfvGGndu2jGwaHNkxOLplx7abB8//jcFto1s3jdw8fu/Qx86rPm5pSKrL5PSGbXePjY2V+qeWxe39uzP3/mjlRf/3X0IY+tAPBiq57V/1wOaHTm7yMyMZHvvU5p2X/+CCv0v3qz9tV3+Tdo2NjY2FnHb965W/eOgvDv/krBCGfmW6dr3w6m/905QGTRRMxkmVukO1Qd1Jb9N21Fqdtif2V2XDxk2jQ9P37/jjyzn78e9veePnG2766i+q/duTux8t9u/84bFNpb9ae9n//6tbqwVF7Xq/jntRf8e9iO2L/deT9veidL8W5exXJWe/7vz+/pe/feqed3aHocrbyxu3XbRfXekA6Eo+3NJ24xZ6kyVTynvS+vGIx8et2rF566rtN+/62MbNI9ePXj+65ROrz1994dAFF16wamLPV3V4/+P2f7XF/T8642nxn+z+VvzZ2nia2q55M+6P8XYV90d9i/Kef71XfPn+Tzzw/OXVgqJxHmvXzifpsnf8OK8OdeOtsa+a7VfR8QkhDDbrh7feuSSc8j833lF0Hqo/MvU/M5LhsRdX/OzvLvrbZb9ZLTgq5/n6BrV5nq+1erI9E/3Vkx6PsWO0f7tDOd2vvqbtWv3i8133HPyXP621b968cNPIjh3bVld/LkhbuiA5rWm7sqVxv5ZP/CyHtFtCbZg2Ga/jukK1fdnzZ6ye7dW+9L6+ZGnT/cqK9x1Ye8/K8rrnDub1dPJ4dYvzw8LqMvlITs1NmQeWaw1utv1j9flXND4GPvO3T37uyX84v2F8nFv9WbRfSc5+ffPlR+5/+Kv/8R86t1+f+a1D/T/7X3+8slpwzJ9XytWG1FqdtiepP6+cG0LR8295aL4fuc+/UvP9KXr+ZbczWb95vMHMel8ot/V8PfeZ3jcvff7OFbnP18PTPV/rd/bWKY8rFzxfj5Xxk31+JZWp7Zi759eUgZIMj33nrpN2P3vbmlOrBUWvl7Xazcb1eS3kHzn79U9XvTJww+B/+B+dO2984zeeuPqHI8N/Vi1o/7jHtnTmuPek/duT07+1Vse8s75/P37dDZvWV8uL+vn9u/5NlwX5TzyVbL9515dGNm0a3ba9tf1q9fU0bifby83Hz77bMtUaXk/j2W1pwX6VGvZr7m600l+tPt9i+9e31F/Fz7e+kLT1urDre0sWfOGxPTv7Gx6VbuiaUhq/1Fb81y499NZVe77+tdz498X4lbbij7z+wr3LT752b278B5M0fk9b8Yf3HepeeOSZ/bnxh2L757cV/9WLP/3jR19+6o3c+On565R/be86/bW39174ysDAT3Pjv5Sk2xm/RgrhiXfP21BdT0JX+nyL7eia0q6QXU8y66XMerl+vRRnEdINlJNkanmsl5afUdeWZv4opzxehfUsqy7fi+she2P68mNNqe7c36y86DoVAOCDLr7/H69B4/v/o+mFUv5MA0zqm8i028/DluXEjXnY5HzO1PdYl6Xx4+PjPODAx8PQ+PL2weqF/kzfR4jPh+w8Z9zOWR+dGqNwnnNsYvsN85xF8+8rMuuxXdX58kpdHppqzGsqoYX598btTD//ntn94vezBu9qaNZg3bxV9vh1pTNmzT7vkGlvZTxC3vjIzovFz3MMLAprJrbX4vjIfo4mHofs52jidk7NnDjb/RxN3vjob+yHKe2K4yPWm2Z8TDS5+P3IxuMXpunfyePXPFr2+M3gePeM15/r92c7MG/Y9JR29OYN5/b9MPOSOfHTJ9ixPm8Yy+N+VFqcT/xcTnmn5hPj6SK26/A0bTkazCcCH1Qx/4+vEeP5//gF+P/L1CvKU7JXjTFe7ueEys3bU5R3NH5Or7et1/F1+7Z+pXvgyFm51zn7W/2c3tYpa70Fn/sp6seVmfXCfsyZoCnK97LbKer37Ocy+sLCtvr9kd0PfPKhxXdfktvva6ovpMX9fv+UtYUF/X4c5AvN48sXToh8Ya7nz963fCT94NNc5SN/mFM+03ykt+FGbb8mHLv5yOQL6ZR8pOvotgsAOH7E/L/2/lma///vWCG9jijKW8/OrMd4uXlrzvVJXt76B+nypkz9vvQ3KmZ63XzZmU/fseDIU6fn5i0PtpqH/ucpa/2Feejs8ubcPGJNZz4vnptH1PKs2eWJue2v5Ymzy9Nz3qaty9Nnl0fn9k8tj546D3D/odbix3mA3Pi1eYAO5rm/nKx09PLcgvm6zMbiaqvzde9LHr1o6n7OSR6d/vrsXOXRV+SUzzSP7mu4UduvCcduHj21XB4NAHxQxfw/XsbF/P/5TL3Zvs+emxd06Lo9+/dAavFfmpO8cjJ+h97/Lc775jpvneu8fq7nJY7393/nel6of+IPeM7VPNn79v7ysZIXpxuVFwMAcCyL+f/8dD0//59dftKQv3VVLyEn85PjLz+vryc/z4n/gcnPj/f5r7n9nMwJn//H9XR17MTL/3N+cwgAgGNJzP/jrz3Gv//3X9P17N+tPx7z9OB9dHn6cZOnd3ieLcav/xyAeYCj+/n4+ZP1T4B5AAAAjkFdE5lS4+/Zfz5dZn/PPu/38q/Kqd+qSnp5fO2ObaOjV+/cun5kx+jVW25YP7r96hu3bdyxY3RLtd5s88bcvCXNG7tCJe2P5vWyedvi9O8hLM75ewjZ+jHsaRM3Gv8eQnaz8wv+jsDk8WutvXnHrzRN/WbjI+9458X/o5z6Ue34X/fH5169YfvVG7ds3LFxZNPGXaNT641nrb0z+N7MJP0/o+9LzfxoUJr593fGwzO7dpQa2tGV9kfe97MnmXYsSVuyJO/7D3La/d3//hd/cubYLx4NYehD5Y/Mqv+S4bH/cuXoH+w4+IOt4+0vTdv+Ws20XUXfV5qtH/ensumG7TvO2XDDzi3Zb5RsT5zPKNXW52g+I336l1ucn1iXUz7T398vN9w4NrU8PwEAwBTx/f94PRvfP/xqegEVy1vP09t//zgJz+zPzdOHWsvTs99LVpSnZ+vH/W01T++ZZZ6e3X5Rnt6sfrM8PS/vzov/hzn1Z6r1cdLG5zxi+vnYnp254+Sa1sZJ9vsMisZJtv5Mx0kyy3GS3X7ROGlWv9k4yTvuefE/m1M/T9F4qNTGw+w+l5M7Hu5rbTz8ema9aDxk6890PJRmOR6y2y8aD83qNxsPecc3L/7lOfVbNXV8jA+MiXExevWNN2z7Ul29uf7+i9D4kYxW2jdv8rFz+/0f7Xl44mdr/Tu3n/tq12T/hzA8UZLX/rn9XNns21/U/zP4XNmi0PC5stz2vzS7mbDW2z+33++SkVe98fFHa742PRMUff6saB53bU75TOdx5zXcODY1n8ftMo8LR0HM/+PbPTH/vztddvptoOP/e9J8j1nT+B36HrOi65gT7vU8+5b7cfl67n1ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKzuyrKJ5cE7tx+5/NTf++6fj7572+//4+bbf+2Wb/xk8Lrf+c7jvQ+/d2D9GRt++LsnXff0Fy/Z98DfPPvOwid/+Xph4P6Jn5Wz09WeEJI3kxB6vn34L7984MVTxsuSEEI56d8dwpJk6bNLkkyEoZ+HENbX2jn1zifePW/D+PL2u7unlC/OBMnuV+grx/bUtzOEmwr3iONQTzrOdh258Zzwo99ee8f3l3/z77v2vrF7skrSUzeeQlh0Tf3ju0II89P/4+JoWxYfnC7XhBB66x53UUG7Ptpi+1flrJ+WLuely76COPH+FZn1UqZedj3qyix7C7Y3W3ntqBlusV6LFmTWsyej2cprZyxfki6/lS7PnmH8cvyfhFISKrXmb0omx0ioO25JSCaOZU9tvVQ7tiHd/8x6klkvZdbLXU32a3c60MpJUiuvb08pUx5Px5W0/Iz6c3UTV+SUfzhd9qRP1PfiesjeqOpruFHbrwmxXYenaUvqPxVXaV+p7hzUrLx24NOD0ZeW9SVLGx4z1kS878Dae1aW1z13sD+nHcnjSRo/aSv+ru8tWfCFx/bsXJYX/5pSGr/UVvzXLj301lV7vv613Pj3xfjltuKf+0zvm5c+f+eK3P45HPun0lb8kddfuHf5ydfuzW3/gzF+T1vxh/cd6l545Jn9ue0fiv0zv634r1786R8/+vJTb+TGDzF+b1vx1+3b+pXugSNnVeM3niGS/bF/+tobP2/vvfCVgYGfDua1/6UYf2Fb8R/Z/cAnH1p89yW5x3dN7J/+tuJfdubTdyw48tTpeefO5MFOvXICnJhOSq+x7krX280zZ6suX/jrwUr1mm9B+n9hJzeUMb6dRXMYHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD6Z/vvX8z1/5qc+urSQhJDl1xpqI95XnDQ8PtrHdkddfuHf5ydfurS9b1kYcAAAAoFjMw0u1kp6wLNyYzA+nNa0f5whOi2vJ1PLsHEKMk50jaDdOqUmcUhtxyh1qT6VDcbo6FGdeh+J0dyhOT0GcntBanPnTxKmMj4AW29M7bXtaj9PXoTgLOhRnYYfiLOpQnMUditM/bZzWx+GSDsVZ2qE4J3UozskdivOhDsX5lQ7FOaVDcbJzyjMdhwvTmqfmxZm4US6MU0nKtTuazaefkm7n9Flup69gOwuLXo9b3M78Frfz0czjSjPcTk+L2/nVWW4naXE7vz7L7ZQKthPH7U3Z9sXtxLUWx//NHYqzq0NxbulQnFs7FOdPOxTnzzoU57ZZxgFoVcz/J/O9/tBd+c3Qm55xsrMAMd9dPvGz8fUu74QU430kUz6vKF42Uc/EWz7T9mUnEDLxVmTKu6bEq9TykWni9dTHW5m5c7r9vXi4edvq452dKe+eJt6UHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAo+Cfbz3/81d+6rNrQxLG/zU11kS8rzxveHiwje0eWHvPyvK65w7Wl3VX2ggEAAAAFIp5eFetpCd0V1aH7mTelHo96TxAT7pe7q8uBxaFNePLZLA0sd6bLJn2cZX0cat2bN66avvNuz62cfPI9aPXj275xOrzV184dMGFF6zasHHT6FD1ZwjdBfFCCBPTD9tv3vWlkU2bRrdtrxZm278sfdyydD1JHzfw8TA0vrw9bf/Sgu2VGrY3dzeKjx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBv7NpvqGR1+QDw58zMnRmv7s/54b9xcddhXWUrK7VraIn3QJDgn8WLEHOtmyy5knR1F90Vs0kXUlOKQFlYNnzRhkma9MY/KZF/WDDMErqbhEr5ol4UWoaKL0KZuHfmzJ2ZO+PcBtldt8/nxTlnnu/z/T7ne15ceM49AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwbXQmJqrT8/MTiYRyZCc5gDZWL6YprUx6n7lye0/KK1/d1N3rFQYYyEAAABgpKwPn+hEylEq5CMfJy/92hBdA7Hc9wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP97FhpTc/Xpmdmjk4hkSE5zgGwsX0zT2hh1X3v74c++vH7937pj1THWAQAAAEbL+vBcJ1KOapwWE8nJi51/J5q9G1jbN7+VtyxbZ90q8/rfHQzLO22VeWesMu9jI/I2t883BwAAAHz0Zf1/oROpRKmwZkU/nPX/o/r6LO/Uvrx8+7z6bwWKq84EAAAAPljW/5c6kWqUCtVOv77afn9DX142f9T/7bP5pw+ZP+r/+Ze1z/5PDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHQuNqbn69MxsPolIhuQ0B8jG8sU0rY1R95ynJv9xyf47NnTHSoUxFgIAAABGyvrw5da7HKXCZEzE0Ut9//qL7nv0S48+PhURrTa/WIybt+zYccM5rWOWd/YL+ye+/9wb316Rd3breMg2CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfGgWGlNz9emZ2aOSiGRITnOAbCxfTNPaGHVf/fwX//LgS0+83h2rjrEOAAAAMFrWhy/3/uWoRjGKceLSr+5ef1Gub/6wdwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAkePGb97yjS3z81tvcHFoLpr5iMPgNlwMvtgUEYfBbRyCi0P9lwkAAPiwnRpJNP9LJ11+qO8aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HCw0pubq0zOz5SQiGZLTHCAbyxfTtDZG3fTJF0tr3n3qme5YdYx1AAAAgNGyPny59y9HNSZiIk5Y+jXoncBS/185iDcJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHFYWGlNz9emZ2TVJRDIkpzlANpYvpmltjLoP7Nr7ufuP/d7F3bFSYYyFAAAAgJGyPrzYiZSjVPh4lOKU9u/53glJvn0e/F5ged72nmmTq57X6JmXX/W8u/p2VmjvpjWvnK1XaZ0782rL83LtebWuedXolK915i09rN091daMuM+VTx4AAAAOnqz/L3UilSgVSl39/0978ivj9bnbhn1bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcORYaU3P16ZnZJIlIhuQ0B8jG8sU0rY1R95bf/v8xX/3Z3Tu7Y9Ux1gEAAABGy/rw5d6/HNVYF/8X65b6/qj05md5/6y/d/+9//rrpoizTjywvtC/7I+yi1+/euHT/YeIXG92LuLYdr1kSL3f/P7emzY233sw4qwT8qesqBcfXK93ybT5WH3rZTueO7B9xMMBAACAI0TW/090IpUoFa4f2v9nnfeI/r9jqQE/9qZdvzi+fWx35H0zcpV2vdyQel/Y+PCfTz/v728s9v8r632yc/Xpvdfdf3xPwVakT5I2p6/bufnAufty2a5b9fN99bPn8uVvvf7va26+571W/XKU2/G1fbfSqrby2Fc+0uZ8bs/spe/vafTWLwzZ/x2/e+alX629+53F+m+fOtmpf0YMqt/aeWFo/TgqbU5ecefu8/fu39xbPyJqg+q/+c7FcdIfr729f/+TfQt3P/nuY/8DSJsvbHhr33n3VS/orZ/01c+e/89femD3T+757uNZ/exbkU2nrbZ+rq/+83cdt+vZ2y5f21s/N2T/T1/58vptte/8oX//V/esWhh6Fyv3/9CZj1z1ypb01v4hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAI8tCY2quPj0zm0sikiE5zQGysXwxTWtj1H3tkhffvPLuH/+wO1YdYx0AAABgtKwPX+79y1GNYhRjcqnvf6y+9bIdzx3YHpXWaNI+F+a33bjjE9ds23n91YfozgEAAIDVeu2SZKn/L3QilSgVNsZEu/+fvm7n5gPn7stl/X9u8ZxExDXXzm89Kzp5z9913K5nb7t8bec9QcTSZwHlxbzPLOdddOGLlbf+9PXTB+ads5z3woa39p13X/WCLC+6886OzvuJh8585KpXtqS3du6vO+9TX9s23349ka07ecWdu8/fu39zLnuP0T5PttfN8uZze2YvfX9PI1eJ0uJ4vp1Xbu8bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhpoTE1V5+emY18RDIkp9mtHcjG8sU0rY1R99KNv7z9mHefWNcdKxXGWAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhx/5CpCr7OIA/z8zuu7M7u7qrL7QVrasVhV0oBRF1U1ERGiF0ZUhYmhdREEQUdtEaGokV3QRZNxIVVFsIBrlJosUa/ZNuuqigwLoIRFqoXaSLipl5zjh7nNPorAXV5wPDM89zzvme3znPM2d2FgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/lL6e0Xp7ZMdDc7dfcPMnT9w7+/it7z2w7bLH3vhhfNONH+8dePXk9OblW76+aemmA/etmdr90uFfht757VjH4EcbzcrUrYQQT8QQKu/PPP/k9Kfn1cZiCKEchydCGIlLDo/EXMLqX0MIm5t1zt+4b/aqLbV2266+eeOLcyH56wrVclZPw/D8evl3qaR1tnXukSvCtzes3/75srff6p08PnFql1jbp5zWUwiLNrYe3xtC6E+vmmy1jWYHp3ZdCGGg5bhrOtR18RnWv6qgf2Fq/5faaoecbPuKXL+U2y/fz/Tm2oEO51uoojq63a+TwVw//zBaqGadq9qPj6T23dSuPMv8cvaKoRRDT7P8++OpNRJa5i2GWJ/LSrNfas5tSNef68dcv5Trl3tz11U/b1po5Rjnj2f75cazx3FPGl/e+qxu446C8fNTW0kf1JNZP+TfNFRPe9O8rrqsrpk/qeXvUGp5BrUbb058moxqGqvGJacd83sb2bbp9U9fWt7wwZHhgjri3pjyY1f5Wz8bGbzrzZ0Pjxblbyyl/FJX+d+tPfrTnTtffrEw/7ksv9xV/pUHB06s/XDHisL7M5Pdn54zyo+pn227+9hHzyz7/z2T7ea6nr8ny690Vf/1U0f7huYOHiqsf3V2f/q7yv/mulu+f/3L/ccL80OWP9BV/oapB5/tG5u7vDD/UOOjUK2v0C7Wz8+TV381NvbjeFH+F9n9H2qTHzvmvzax+9pXFu9aU7g+12X3Zzjl959V/bddcmD74Nz+i4qenXHPufrmBPiPafwbISxNf2M9lYY7/c7cN1tq+ztzoVp+L7ww3tP4BhpMr6FzeaKc2nkW/YX5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAf7MABCQAAAICg/6/bESgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//f+0pog==")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x800)
creat(&(0x7f00000002c0)='./file1\x00', 0x11)
[ 75.222807][ T4686] Bluetooth: hci0: command tx timeout
[ 75.329892][ T5337] loop0: detected capacity change from 0 to 2048
[ 75.353055][ T5337] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[ 75.398955][ T5337] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[ 75.432854][ T5337] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 75.459890][ T25] audit: type=1800 audit(1753555139.396:2): pid=5337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1346 res=0 errno=0
[ 76.345240][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.348253][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[ 77.125804][ T5337] getblk(): invalid block size 512 requested
[ 77.128647][ T5337] logical block size: 2048
[ 77.130633][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full)
[ 77.130653][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 77.130662][ T5337] Call Trace:
[ 77.130671][ T5337]
[ 77.130679][ T5337] dump_stack_lvl+0x189/0x250
[ 77.130791][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.130808][ T5337] ? __pfx__printk+0x10/0x10
[ 77.130830][ T5337] ? fs_reclaim_acquire+0x7d/0x100
[ 77.130889][ T5337] bdev_getblk+0x5b0/0x690
[ 77.130913][ T5337] ? udf_get_pblock_spar15+0x2d0/0x420
[ 77.130936][ T5337] udf_setup_indirect_aext+0x190/0x800
[ 77.130975][ T5337] udf_free_blocks+0x13f2/0x17f0
[ 77.131002][ T5337] ? do_raw_spin_lock+0x121/0x290
[ 77.131016][ T5337] ? __mark_inode_dirty+0x3d6/0xdf0
[ 77.131037][ T5337] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 77.131054][ T5337] ? __pfx_udf_free_blocks+0x10/0x10
[ 77.131075][ T5337] ? __mark_inode_dirty+0x3ab/0xdf0
[ 77.131095][ T5337] ? rcu_is_watching+0x15/0xb0
[ 77.131109][ T5337] ? __mark_inode_dirty+0x3ab/0xdf0
[ 77.131126][ T5337] extent_trunc+0x35c/0x450
[ 77.131145][ T5337] ? __pfx_extent_trunc+0x10/0x10
[ 77.131157][ T5337] ? udf_current_aext+0x51f/0xad0
[ 77.131177][ T5337] udf_truncate_extents+0x5b0/0xec0
[ 77.131200][ T5337] ? __pfx_udf_truncate_extents+0x10/0x10
[ 77.131228][ T5337] ? do_raw_spin_unlock+0x4d/0x240
[ 77.131247][ T5337] udf_setsize+0x972/0x1000
[ 77.131272][ T5337] ? __pfx_udf_setsize+0x10/0x10
[ 77.131284][ T5337] ? down_write+0x162/0x1f0
[ 77.131344][ T5337] ? __pfx_down_write+0x10/0x10
[ 77.131358][ T5337] ? __pfx_current_time+0x10/0x10
[ 77.131378][ T5337] udf_setattr+0x3a1/0x5a0
[ 77.131393][ T5337] ? __pfx_udf_setattr+0x10/0x10
[ 77.131410][ T5337] notify_change+0xb36/0xe40
[ 77.131431][ T5337] do_truncate+0x1a4/0x220
[ 77.131447][ T5337] ? __pfx_do_truncate+0x10/0x10
[ 77.131461][ T5337] ? apparmor_file_truncate+0x23e/0x2d0
[ 77.131495][ T5337] path_openat+0x306c/0x3830
[ 77.131508][ T5337] ? arch_stack_walk+0xfc/0x150
[ 77.131550][ T5337] ? __pfx_path_openat+0x10/0x10
[ 77.131561][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.131591][ T5337] do_filp_open+0x1fa/0x410
[ 77.131603][ T5337] ? __lock_acquire+0xab9/0xd20
[ 77.131617][ T5337] ? __pfx_do_filp_open+0x10/0x10
[ 77.131648][ T5337] ? _raw_spin_unlock+0x28/0x50
[ 77.131665][ T5337] ? alloc_fd+0x64c/0x6c0
[ 77.131690][ T5337] do_sys_openat2+0x121/0x1c0
[ 77.131712][ T5337] ? __pfx_do_sys_openat2+0x10/0x10
[ 77.131736][ T5337] ? rcu_is_watching+0x15/0xb0
[ 77.131754][ T5337] __x64_sys_creat+0x8f/0xc0
[ 77.131769][ T5337] do_syscall_64+0xfa/0x3b0
[ 77.131781][ T5337] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.131794][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.131807][ T5337] ? clear_bhb_loop+0x60/0xb0
[ 77.131823][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.131836][ T5337] RIP: 0033:0x7f5f0378e9a9
[ 77.131850][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 77.131860][ T5337] RSP: 002b:00007f5f0462d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 77.131875][ T5337] RAX: ffffffffffffffda RBX: 00007f5f039b5fa0 RCX: 00007f5f0378e9a9
[ 77.131883][ T5337] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 77.131890][ T5337] RBP: 00007f5f03810d69 R08: 0000000000000000 R09: 0000000000000000
[ 77.131897][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 77.131904][ T5337] R13: 0000000000000000 R14: 00007f5f039b5fa0 R15: 00007fffa0d50098
[ 77.131923][ T5337]
[ 77.131977][ T5337] getblk(): invalid block size 512 requested
[ 77.530616][ T4686] Bluetooth: hci0: command tx timeout
[ 77.554278][ T5337] logical block size: 2048
[ 77.558120][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full)
[ 77.558139][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 77.558146][ T5337] Call Trace:
[ 77.558155][ T5337]
[ 77.558162][ T5337] dump_stack_lvl+0x189/0x250
[ 77.558185][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.558198][ T5337] ? __pfx__printk+0x10/0x10
[ 77.558220][ T5337] ? fs_reclaim_acquire+0x7d/0x100
[ 77.558238][ T5337] bdev_getblk+0x5b0/0x690
[ 77.558259][ T5337] ? udf_get_pblock_spar15+0x2d0/0x420
[ 77.558280][ T5337] udf_setup_indirect_aext+0x190/0x800
[ 77.558314][ T5337] udf_free_blocks+0x13f2/0x17f0
[ 77.558339][ T5337] ? do_raw_spin_lock+0x121/0x290
[ 77.558354][ T5337] ? __mark_inode_dirty+0x3d6/0xdf0
[ 77.558373][ T5337] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 77.558387][ T5337] ? __pfx_udf_free_blocks+0x10/0x10
[ 77.558404][ T5337] ? __mark_inode_dirty+0x3ab/0xdf0
[ 77.558423][ T5337] ? rcu_is_watching+0x15/0xb0
[ 77.558437][ T5337] ? __mark_inode_dirty+0x3ab/0xdf0
[ 77.558452][ T5337] extent_trunc+0x35c/0x450
[ 77.558469][ T5337] ? __pfx_extent_trunc+0x10/0x10
[ 77.558478][ T5337] ? udf_current_aext+0x51f/0xad0
[ 77.558525][ T5337] udf_truncate_extents+0x5b0/0xec0
[ 77.558549][ T5337] ? __pfx_udf_truncate_extents+0x10/0x10
[ 77.558576][ T5337] ? do_raw_spin_unlock+0x4d/0x240
[ 77.558594][ T5337] udf_setsize+0x972/0x1000
[ 77.558676][ T5337] ? __pfx_udf_setsize+0x10/0x10
[ 77.558690][ T5337] ? down_write+0x162/0x1f0
[ 77.558704][ T5337] ? __pfx_down_write+0x10/0x10
[ 77.558762][ T5337] ? __pfx_current_time+0x10/0x10
[ 77.558784][ T5337] udf_setattr+0x3a1/0x5a0
[ 77.558799][ T5337] ? __pfx_udf_setattr+0x10/0x10
[ 77.558897][ T5337] notify_change+0xb36/0xe40
[ 77.558957][ T5337] do_truncate+0x1a4/0x220
[ 77.558975][ T5337] ? __pfx_do_truncate+0x10/0x10
[ 77.558988][ T5337] ? apparmor_file_truncate+0x23e/0x2d0
[ 77.559020][ T5337] path_openat+0x306c/0x3830
[ 77.559032][ T5337] ? arch_stack_walk+0xfc/0x150
[ 77.559077][ T5337] ? __pfx_path_openat+0x10/0x10
[ 77.559088][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.559115][ T5337] do_filp_open+0x1fa/0x410
[ 77.559126][ T5337] ? __lock_acquire+0xab9/0xd20
[ 77.559139][ T5337] ? __pfx_do_filp_open+0x10/0x10
[ 77.559188][ T5337] ? _raw_spin_unlock+0x28/0x50
[ 77.559206][ T5337] ? alloc_fd+0x64c/0x6c0
[ 77.559230][ T5337] do_sys_openat2+0x121/0x1c0
[ 77.559250][ T5337] ? __pfx_do_sys_openat2+0x10/0x10
[ 77.559273][ T5337] ? rcu_is_watching+0x15/0xb0
[ 77.559292][ T5337] __x64_sys_creat+0x8f/0xc0
[ 77.559306][ T5337] do_syscall_64+0xfa/0x3b0
[ 77.559317][ T5337] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.559328][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.559340][ T5337] ? clear_bhb_loop+0x60/0xb0
[ 77.559355][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.559366][ T5337] RIP: 0033:0x7f5f0378e9a9
[ 77.559378][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 77.559387][ T5337] RSP: 002b:00007f5f0462d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 77.559400][ T5337] RAX: ffffffffffffffda RBX: 00007f5f039b5fa0 RCX: 00007f5f0378e9a9
[ 77.559409][ T5337] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 77.559416][ T5337] RBP: 00007f5f03810d69 R08: 0000000000000000 R09: 0000000000000000
[ 77.559424][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 77.559432][ T5337] R13: 0000000000000000 R14: 00007f5f039b5fa0 R15: 00007fffa0d50098
[ 77.559451][ T5337]
[ 77.559579][ T5337] ==================================================================
[ 77.911311][ T5337] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x69d/0x7b0
[ 77.917879][ T5337] Write of size 4 at addr ffff888011fad1d8 by task syz.0.0/5337
[ 77.924041][ T5337]
[ 77.925765][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full)
[ 77.925785][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 77.925793][ T5337] Call Trace:
[ 77.925803][ T5337]
[ 77.925810][ T5337] dump_stack_lvl+0x189/0x250
[ 77.925831][ T5337] ? __virt_addr_valid+0x1c8/0x5c0
[ 77.925848][ T5337] ? rcu_is_watching+0x15/0xb0
[ 77.925863][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.925875][ T5337] ? rcu_is_watching+0x15/0xb0
[ 77.925887][ T5337] ? lock_release+0x4b/0x3e0
[ 77.925897][ T5337] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 77.925913][ T5337] ? __virt_addr_valid+0x1c8/0x5c0
[ 77.925928][ T5337] ? __virt_addr_valid+0x4a5/0x5c0
[ 77.925954][ T5337] print_report+0xca/0x240
[ 77.925966][ T5337] ? udf_write_aext+0x69d/0x7b0
[ 77.925979][ T5337] kasan_report+0x118/0x150
[ 77.925996][ T5337] ? udf_write_aext+0x69d/0x7b0
[ 77.926014][ T5337] udf_write_aext+0x69d/0x7b0
[ 77.926031][ T5337] __udf_add_aext+0x2b9/0x6d0
[ 77.926047][ T5337] udf_free_blocks+0x1466/0x17f0
[ 77.926062][ T5337] ? do_raw_spin_lock+0x121/0x290
[ 77.926077][ T5337] ? __mark_inode_dirty+0x3d6/0xdf0
[ 77.926095][ T5337] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 77.926109][ T5337] ? __pfx_udf_free_blocks+0x10/0x10
[ 77.926123][ T5337] ? __mark_inode_dirty+0x3ab/0xdf0
[ 77.926139][ T5337] ? rcu_is_watching+0x15/0xb0
[ 77.926150][ T5337] ? __mark_inode_dirty+0x3ab/0xdf0
[ 77.926164][ T5337] extent_trunc+0x35c/0x450
[ 77.926184][ T5337] ? __pfx_extent_trunc+0x10/0x10
[ 77.926195][ T5337] ? udf_current_aext+0x51f/0xad0
[ 77.926210][ T5337] udf_truncate_extents+0x5b0/0xec0
[ 77.926226][ T5337] ? __pfx_udf_truncate_extents+0x10/0x10
[ 77.926242][ T5337] ? do_raw_spin_unlock+0x4d/0x240
[ 77.926262][ T5337] udf_setsize+0x972/0x1000
[ 77.926284][ T5337] ? __pfx_udf_setsize+0x10/0x10
[ 77.926297][ T5337] ? down_write+0x162/0x1f0
[ 77.926308][ T5337] ? __pfx_down_write+0x10/0x10
[ 77.926320][ T5337] ? __pfx_current_time+0x10/0x10
[ 77.926335][ T5337] udf_setattr+0x3a1/0x5a0
[ 77.926347][ T5337] ? __pfx_udf_setattr+0x10/0x10
[ 77.926363][ T5337] notify_change+0xb36/0xe40
[ 77.926377][ T5337] do_truncate+0x1a4/0x220
[ 77.926393][ T5337] ? __pfx_do_truncate+0x10/0x10
[ 77.926404][ T5337] ? apparmor_file_truncate+0x23e/0x2d0
[ 77.926423][ T5337] path_openat+0x306c/0x3830
[ 77.926434][ T5337] ? arch_stack_walk+0xfc/0x150
[ 77.926456][ T5337] ? __pfx_path_openat+0x10/0x10
[ 77.926465][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.926517][ T5337] do_filp_open+0x1fa/0x410
[ 77.926530][ T5337] ? __lock_acquire+0xab9/0xd20
[ 77.926543][ T5337] ? __pfx_do_filp_open+0x10/0x10
[ 77.926563][ T5337] ? _raw_spin_unlock+0x28/0x50
[ 77.926577][ T5337] ? alloc_fd+0x64c/0x6c0
[ 77.926590][ T5337] do_sys_openat2+0x121/0x1c0
[ 77.926604][ T5337] ? __pfx_do_sys_openat2+0x10/0x10
[ 77.926619][ T5337] ? rcu_is_watching+0x15/0xb0
[ 77.926636][ T5337] __x64_sys_creat+0x8f/0xc0
[ 77.926646][ T5337] do_syscall_64+0xfa/0x3b0
[ 77.926658][ T5337] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.926669][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.926679][ T5337] ? clear_bhb_loop+0x60/0xb0
[ 77.926691][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.926701][ T5337] RIP: 0033:0x7f5f0378e9a9
[ 77.926717][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 77.926726][ T5337] RSP: 002b:00007f5f0462d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 77.926740][ T5337] RAX: ffffffffffffffda RBX: 00007f5f039b5fa0 RCX: 00007f5f0378e9a9
[ 77.926748][ T5337] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 77.926755][ T5337] RBP: 00007f5f03810d69 R08: 0000000000000000 R09: 0000000000000000
[ 77.926762][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 77.926768][ T5337] R13: 0000000000000000 R14: 00007f5f039b5fa0 R15: 00007fffa0d50098
[ 77.926778][ T5337]
[ 77.926787][ T5337]
[ 78.341605][ T5337] Allocated by task 5337:
[ 78.343540][ T5337] kasan_save_track+0x3e/0x80
[ 78.345782][ T5337] __kasan_kmalloc+0x93/0xb0
[ 78.347824][ T5337] __kmalloc_noprof+0x27a/0x4f0
[ 78.350131][ T5337] __udf_iget+0xc66/0x3ae0
[ 78.356250][ T5337] udf_fill_partdesc_info+0x773/0x1310
[ 78.370882][ T5337] udf_process_sequence+0x1133/0x4840
[ 78.372956][ T5337] udf_check_anchor_block+0x28e/0x550
[ 78.375014][ T5337] udf_load_vrs+0x96d/0xf20
[ 78.387342][ T5337] udf_fill_super+0x5ad/0x17a0
[ 78.389758][ T5337] get_tree_bdev_flags+0x40e/0x4d0
[ 78.392241][ T5337] vfs_get_tree+0x92/0x2b0
[ 78.397058][ T5337] do_new_mount+0x24a/0xa40
[ 78.399135][ T5337] __se_sys_mount+0x317/0x410
[ 78.407206][ T5337] do_syscall_64+0xfa/0x3b0
[ 78.409372][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.412183][ T5337]
[ 78.413542][ T5337] The buggy address belongs to the object at ffff888011fad000
[ 78.413542][ T5337] which belongs to the cache kmalloc-512 of size 512
[ 78.437720][ T5337] The buggy address is located 0 bytes to the right of
[ 78.437720][ T5337] allocated 472-byte region [ffff888011fad000, ffff888011fad1d8)
[ 78.462831][ T5337]
[ 78.463841][ T5337] The buggy address belongs to the physical page:
[ 78.466768][ T5337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fac
[ 78.473899][ T5337] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 78.488448][ T5337] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 78.491859][ T5337] page_type: f5(slab)
[ 78.493921][ T5337] raw: 00fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122
[ 78.508724][ T5337] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 78.514546][ T5337] head: 00fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122
[ 78.518894][ T5337] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 78.522995][ T5337] head: 00fff00000000001 ffffea000047eb01 00000000ffffffff 00000000ffffffff
[ 78.552194][ T5337] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 78.566342][ T5337] page dumped because: kasan: bad access detected
[ 78.569445][ T5337] page_owner tracks the page as allocated
[ 78.571917][ T5337] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5118, tgid 5118 (getty), ts 46312920327, free_ts 45743708338
[ 78.580397][ T5337] post_alloc_hook+0x240/0x2a0
[ 78.582580][ T5337] get_page_from_freelist+0x21e4/0x22c0
[ 78.584982][ T5337] __alloc_frozen_pages_noprof+0x181/0x370
[ 78.604172][ T5337] alloc_pages_mpol+0x232/0x4a0
[ 78.613829][ T5337] allocate_slab+0x8a/0x3b0
[ 78.618284][ T5337] ___slab_alloc+0xbfc/0x1480
[ 78.622071][ T5337] __kmalloc_noprof+0x305/0x4f0
[ 78.625741][ T5337] tomoyo_init_log+0x1a6e/0x1f70
[ 78.631366][ T5337] tomoyo_supervisor+0x340/0x1480
[ 78.637237][ T5337] tomoyo_path_number_perm+0x438/0x5a0
[ 78.641823][ T5337] security_file_ioctl+0xcb/0x2d0
[ 78.647619][ T5337] __se_sys_ioctl+0x47/0x170
[ 78.652757][ T5337] do_syscall_64+0xfa/0x3b0
[ 78.657331][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.662099][ T5337] page last free pid 5105 tgid 5105 stack trace:
[ 78.667529][ T5337] __free_frozen_pages+0xc71/0xe70
[ 78.679052][ T5337] __slab_free+0x326/0x400
[ 78.681990][ T5337] qlist_free_all+0x97/0x140
[ 78.684829][ T5337] kasan_quarantine_reduce+0x148/0x160
[ 78.697753][ T5337] __kasan_slab_alloc+0x22/0x80
[ 78.700723][ T5337] __kmalloc_noprof+0x224/0x4f0
[ 78.703388][ T5337] tomoyo_realpath_from_path+0xe3/0x5d0
[ 78.706101][ T5337] tomoyo_path_perm+0x213/0x4b0
[ 78.718456][ T5337] security_inode_getattr+0x12f/0x330
[ 78.722687][ T5337] __x64_sys_newfstat+0xfc/0x200
[ 78.731478][ T5337] do_syscall_64+0xfa/0x3b0
[ 78.734323][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.738204][ T5337]
[ 78.740334][ T5337] Memory state around the buggy address:
[ 78.755849][ T5337] ffff888011fad080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 78.760654][ T5337] ffff888011fad100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 78.770987][ T5337] >ffff888011fad180: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[ 78.777535][ T5337] ^
[ 78.783259][ T5337] ffff888011fad200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.788954][ T5337] ffff888011fad280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.795231][ T5337] ==================================================================
[ 78.886045][ T5337] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 78.889874][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full)
[ 78.899123][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 78.903621][ T5337] Call Trace:
[ 78.905153][ T5337]
[ 78.906835][ T5337] dump_stack_lvl+0x99/0x250
[ 78.909557][ T5337] ? __asan_memcpy+0x40/0x70
[ 78.918984][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10
[ 78.922317][ T5337] ? __pfx__printk+0x10/0x10
[ 78.926672][ T5337] panic+0x2db/0x790
[ 78.928555][ T5337] ? __pfx_preempt_schedule+0x10/0x10
[ 78.931479][ T5337] ? __pfx_panic+0x10/0x10
[ 78.933842][ T5337] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 78.937341][ T5337] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 78.941083][ T5337] ? udf_write_aext+0x69d/0x7b0
[ 78.944145][ T5337] check_panic_on_warn+0x89/0xb0
[ 78.946926][ T5337] ? udf_write_aext+0x69d/0x7b0
[ 78.949420][ T5337] end_report+0x78/0x160
[ 78.951615][ T5337] kasan_report+0x129/0x150
[ 78.954525][ T5337] ? udf_write_aext+0x69d/0x7b0
[ 78.958200][ T5337] udf_write_aext+0x69d/0x7b0
[ 78.961314][ T5337] __udf_add_aext+0x2b9/0x6d0
[ 78.965154][ T5337] udf_free_blocks+0x1466/0x17f0
[ 78.968679][ T5337] ? do_raw_spin_lock+0x121/0x290
[ 78.971661][ T5337] ? __mark_inode_dirty+0x3d6/0xdf0
[ 78.974769][ T5337] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 78.978418][ T5337] ? __pfx_udf_free_blocks+0x10/0x10
[ 78.982354][ T5337] ? __mark_inode_dirty+0x3ab/0xdf0
[ 78.988869][ T5337] ? rcu_is_watching+0x15/0xb0
[ 78.991458][ T5337] ? __mark_inode_dirty+0x3ab/0xdf0
[ 78.994415][ T5337] extent_trunc+0x35c/0x450
[ 78.997537][ T5337] ? __pfx_extent_trunc+0x10/0x10
[ 79.001876][ T5337] ? udf_current_aext+0x51f/0xad0
[ 79.005848][ T5337] udf_truncate_extents+0x5b0/0xec0
[ 79.012025][ T5337] ? __pfx_udf_truncate_extents+0x10/0x10
[ 79.014738][ T5337] ? do_raw_spin_unlock+0x4d/0x240
[ 79.018605][ T5337] udf_setsize+0x972/0x1000
[ 79.020807][ T5337] ? __pfx_udf_setsize+0x10/0x10
[ 79.023381][ T5337] ? down_write+0x162/0x1f0
[ 79.025724][ T5337] ? __pfx_down_write+0x10/0x10
[ 79.028592][ T5337] ? __pfx_current_time+0x10/0x10
[ 79.031586][ T5337] udf_setattr+0x3a1/0x5a0
[ 79.033682][ T5337] ? __pfx_udf_setattr+0x10/0x10
[ 79.036648][ T5337] notify_change+0xb36/0xe40
[ 79.040125][ T5337] do_truncate+0x1a4/0x220
[ 79.042610][ T5337] ? __pfx_do_truncate+0x10/0x10
[ 79.045704][ T5337] ? apparmor_file_truncate+0x23e/0x2d0
[ 79.049536][ T5337] path_openat+0x306c/0x3830
[ 79.053897][ T5337] ? arch_stack_walk+0xfc/0x150
[ 79.056776][ T5337] ? __pfx_path_openat+0x10/0x10
[ 79.059316][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.063237][ T5337] do_filp_open+0x1fa/0x410
[ 79.067078][ T5337] ? __lock_acquire+0xab9/0xd20
[ 79.072028][ T5337] ? __pfx_do_filp_open+0x10/0x10
[ 79.077559][ T5337] ? _raw_spin_unlock+0x28/0x50
[ 79.080811][ T5337] ? alloc_fd+0x64c/0x6c0
[ 79.083240][ T5337] do_sys_openat2+0x121/0x1c0
[ 79.085698][ T5337] ? __pfx_do_sys_openat2+0x10/0x10
[ 79.088106][ T5337] ? rcu_is_watching+0x15/0xb0
[ 79.090308][ T5337] __x64_sys_creat+0x8f/0xc0
[ 79.093191][ T5337] do_syscall_64+0xfa/0x3b0
[ 79.097288][ T5337] ? lockdep_hardirqs_on+0x9c/0x150
[ 79.110369][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.114076][ T5337] ? clear_bhb_loop+0x60/0xb0
[ 79.117088][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.120741][ T5337] RIP: 0033:0x7f5f0378e9a9
[ 79.123466][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 79.140375][ T5337] RSP: 002b:00007f5f0462d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 79.143874][ T5337] RAX: ffffffffffffffda RBX: 00007f5f039b5fa0 RCX: 00007f5f0378e9a9
[ 79.147280][ T5337] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 79.150606][ T5337] RBP: 00007f5f03810d69 R08: 0000000000000000 R09: 0000000000000000
[ 79.154035][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 79.159027][ T5337] R13: 0000000000000000 R14: 00007f5f039b5fa0 R15: 00007fffa0d50098
[ 79.164561][ T5337]
[ 79.166865][ T5337] Kernel Offset: disabled
[ 79.169757][ T5337] Rebooting in 86400 seconds..