program:
r0 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk")
r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r1, 0x2007ffc)
sendfile(r1, r1, 0x0, 0x800000009)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x10)
ftruncate(r3, 0x2007ffb)
sendfile(r2, r3, 0x0, 0x1000000201005)
syz_mount_image$bcachefs(&(0x7f00000002c0), &(0x7f0000000340)='./bus\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESOCT, @ANYBLOB="5a3f8fa4067a10650f26471a6ee9e9c641a62f221aacd71851d8ccee1e3265ad24d3b77aa6accfea0b3a7c6a61c75a8dac28cdad621664353a45d77ecba7895ff1351e13f469f44963edf9a76633362c9b8045bccf1a21e98a429bf90d005dc4590f9177e4efe2295c52c2c76c5837b1", @ANYRES16, @ANYRES32, @ANYRES32, @ANYRESDEC, @ANYBLOB="39287ca62b3bc2d352aea732da4208801a4fdd37620ca3929ea549314caf0a"], 0xfc, 0x5a13, &(0x7f00000088c0)="$eJzs3X+QHNV9IPDXM7Pa1a5+rAQOMpjVIqOEQGyt+FXYpOJNLrFTQCi5SDmIkw0LWhHZklDpRwBBgsiBDxXgwilSCU7+IC7gDqO4qIKLUSgTASdxNraKi4+6wtSZO+w/fEUIKgM6yuXzpnan3+xsz/T27OyskNDnU9L29Js33379+k1Pf9/M7gQAAABOCAfv3H7k8lN/77t/Pvrubb//j5tvD33lifKeWKE/Xd70frWQo6m7smximR0Xv3bLN34yeN3vfOfx3offO7D+jA0//N2Trnv6i5fse+Bvnn1n4ZO/fL0obhxPZ0+uJ28mIfR8+/BffvnAi6eMlyWLxn+WdoewJFn67JIkE2Lo5yGE9enKssydT7x73obx5e13d08pX5ypZ7yf2MaP8/jA2nXkxnPCj3577R3fX/7Nv+/a+8buySpJT914CmHRNfWP7wohzE//j4ujLY7HOGjXhBB66x53UUG7Ptpi+1flrJ+WLuely76COPH+FZn1UqZedj3qyix7C7Y3W3ntaLdekQWZ9ezJaLby2hnLl6TLb6XLs2cYv5zuQzkJpSRUas3flEyOkVB33JKQTBzLntp6qXZsQ7r/mfUks17KrJe7Mvs1sd10oJWTZGp5rJcpj6fjSlp+Rv25uokrcso/nC570ifqe3E9ZG9U9TXcqO3XhNiuw9O05Wgo1Z2DmpXXDnx6MPrSsr5kacNjxpqI9x1Ye8/K8rrnDvbntCN5PEnjJ23F3/W9JQu+8NiendnX9Vr8a0pp/FJb8V+79NBbV+35+tdy498X45fbin/uM71vXvr8nSty++dw7J9KW/FHXn/h3uUnX7s3t/0Pxvg9bcUf3neoe+GRZ/bntn8o9s/8tuK/evGnf/zoy0+9kRs/xPi9bcVft2/rV7oHjpyVG39/7J++9sbP23svfGVg4KeDefFfivEXthX/kd0PfPKhxXdfknt818T+6W8r/mVnPn3HgiNPnZ537kwe7NQrJ8CJ6aT0GuuudL3dPHO26vKFvx6sVK/5FqT/F3ZyQ5mLz/HtLOpkfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIXzonP/2mf/zuf43K+l6d3rj1VJ1GcvnhZDMDyFs3zGybcfGLdcPfvGGndu2jGwaHNkxOLplx7abB8//jcFto1s3jdw8fu/Qx86rPm5pSKrL5PSGbXePjY2V+qeWxe39uzP3/mjlRf/3X0IY+tAPBiq57V/1wOaHTm7yMyMZHvvU5p2X/+CCv0v3qz9tV3+Tdo2NjY2FnHb965W/eOgvDv/krBCGfmW6dr3w6m/905QGTRRMxkmVukO1Qd1Jb9N21Fqdtif2V2XDxk2jQ9P37/jjyzn78e9veePnG2766i+q/duTux8t9u/84bFNpb9ae9n//6tbqwVF7Xq/jntRf8e9iO2L/deT9veidL8W5exXJWe/7vz+/pe/feqed3aHocrbyxu3XbRfXekA6Eo+3NJ24xZ6kyVTynvS+vGIx8et2rF566rtN+/62MbNI9ePXj+65ROrz1994dAFF16wamLPV3V4/+P2f7XF/T8642nxn+z+VvzZ2nia2q55M+6P8XYV90d9i/Kef71XfPn+Tzzw/OXVgqJxHmvXzifpsnf8OK8OdeOtsa+a7VfR8QkhDDbrh7feuSSc8j833lF0Hqo/MvU/M5LhsRdX/OzvLvrbZb9ZLTgq5/n6BrV5nq+1erI9E/3Vkx6PsWO0f7tDOd2vvqbtWv3i8133HPyXP621b968cNPIjh3bVld/LkhbuiA5rWm7sqVxv5ZP/CyHtFtCbZg2Ga/jukK1fdnzZ6ye7dW+9L6+ZGnT/cqK9x1Ye8/K8rrnDub1dPJ4dYvzw8LqMvlITs1NmQeWaw1utv1j9flXND4GPvO3T37uyX84v2F8nFv9WbRfSc5+ffPlR+5/+Kv/8R86t1+f+a1D/T/7X3+8slpwzJ9XytWG1FqdtiepP6+cG0LR8295aL4fuc+/UvP9KXr+ZbczWb95vMHMel8ot/V8PfeZ3jcvff7OFbnP18PTPV/rd/bWKY8rFzxfj5Xxk31+JZWp7Zi759eUgZIMj33nrpN2P3vbmlOrBUWvl7Xazcb1eS3kHzn79U9XvTJww+B/+B+dO2984zeeuPqHI8N/Vi1o/7jHtnTmuPek/duT07+1Vse8s75/P37dDZvWV8uL+vn9u/5NlwX5TzyVbL9515dGNm0a3ba9tf1q9fU0bifby83Hz77bMtUaXk/j2W1pwX6VGvZr7m600l+tPt9i+9e31F/Fz7e+kLT1urDre0sWfOGxPTv7Gx6VbuiaUhq/1Fb81y499NZVe77+tdz498X4lbbij7z+wr3LT752b278B5M0fk9b8Yf3HepeeOSZ/bnxh2L757cV/9WLP/3jR19+6o3c+On565R/be86/bW39174ysDAT3Pjv5Sk2xm/RgrhiXfP21BdT0JX+nyL7eia0q6QXU8y66XMerl+vRRnEdINlJNkanmsl5afUdeWZv4opzxehfUsqy7fi+she2P68mNNqe7c36y86DoVAOCDLr7/H69B4/v/o+mFUv5MA0zqm8i028/DluXEjXnY5HzO1PdYl6Xx4+PjPODAx8PQ+PL2weqF/kzfR4jPh+w8Z9zOWR+dGqNwnnNsYvsN85xF8+8rMuuxXdX58kpdHppqzGsqoYX598btTD//ntn94vezBu9qaNZg3bxV9vh1pTNmzT7vkGlvZTxC3vjIzovFz3MMLAprJrbX4vjIfo4mHofs52jidk7NnDjb/RxN3vjob+yHKe2K4yPWm2Z8TDS5+P3IxuMXpunfyePXPFr2+M3gePeM15/r92c7MG/Y9JR29OYN5/b9MPOSOfHTJ9ixPm8Yy+N+VFqcT/xcTnmn5hPj6SK26/A0bTkazCcCH1Qx/4+vEeP5//gF+P/L1CvKU7JXjTFe7ueEys3bU5R3NH5Or7et1/F1+7Z+pXvgyFm51zn7W/2c3tYpa70Fn/sp6seVmfXCfsyZoCnK97LbKer37Ocy+sLCtvr9kd0PfPKhxXdfktvva6ovpMX9fv+UtYUF/X4c5AvN48sXToh8Ya7nz963fCT94NNc5SN/mFM+03ykt+FGbb8mHLv5yOQL6ZR8pOvotgsAOH7E/L/2/lma///vWCG9jijKW8/OrMd4uXlrzvVJXt76B+nypkz9vvQ3KmZ63XzZmU/fseDIU6fn5i0PtpqH/ucpa/2Feejs8ubcPGJNZz4vnptH1PKs2eWJue2v5Ymzy9Nz3qaty9Nnl0fn9k8tj546D3D/odbix3mA3Pi1eYAO5rm/nKx09PLcgvm6zMbiaqvzde9LHr1o6n7OSR6d/vrsXOXRV+SUzzSP7mu4UduvCcduHj21XB4NAHxQxfw/XsbF/P/5TL3Zvs+emxd06Lo9+/dAavFfmpO8cjJ+h97/Lc775jpvneu8fq7nJY7393/nel6of+IPeM7VPNn79v7ysZIXpxuVFwMAcCyL+f/8dD0//59dftKQv3VVLyEn85PjLz+vryc/z4n/gcnPj/f5r7n9nMwJn//H9XR17MTL/3N+cwgAgGNJzP/jrz3Gv//3X9P17N+tPx7z9OB9dHn6cZOnd3ieLcav/xyAeYCj+/n4+ZP1T4B5AAAAjkFdE5lS4+/Zfz5dZn/PPu/38q/Kqd+qSnp5fO2ObaOjV+/cun5kx+jVW25YP7r96hu3bdyxY3RLtd5s88bcvCXNG7tCJe2P5vWyedvi9O8hLM75ewjZ+jHsaRM3Gv8eQnaz8wv+jsDk8WutvXnHrzRN/WbjI+9458X/o5z6Ue34X/fH5169YfvVG7ds3LFxZNPGXaNT641nrb0z+N7MJP0/o+9LzfxoUJr593fGwzO7dpQa2tGV9kfe97MnmXYsSVuyJO/7D3La/d3//hd/cubYLx4NYehD5Y/Mqv+S4bH/cuXoH+w4+IOt4+0vTdv+Ws20XUXfV5qtH/ensumG7TvO2XDDzi3Zb5RsT5zPKNXW52g+I336l1ucn1iXUz7T398vN9w4NrU8PwEAwBTx/f94PRvfP/xqegEVy1vP09t//zgJz+zPzdOHWsvTs99LVpSnZ+vH/W01T++ZZZ6e3X5Rnt6sfrM8PS/vzov/hzn1Z6r1cdLG5zxi+vnYnp254+Sa1sZJ9vsMisZJtv5Mx0kyy3GS3X7ROGlWv9k4yTvuefE/m1M/T9F4qNTGw+w+l5M7Hu5rbTz8ema9aDxk6890PJRmOR6y2y8aD83qNxsPecc3L/7lOfVbNXV8jA+MiXExevWNN2z7Ul29uf7+i9D4kYxW2jdv8rFz+/0f7Xl44mdr/Tu3n/tq12T/hzA8UZLX/rn9XNns21/U/zP4XNmi0PC5stz2vzS7mbDW2z+33++SkVe98fFHa742PRMUff6saB53bU75TOdx5zXcODY1n8ftMo8LR0HM/+PbPTH/vztddvptoOP/e9J8j1nT+B36HrOi65gT7vU8+5b7cfl67n1ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKzuyrKJ5cE7tx+5/NTf++6fj7572+//4+bbf+2Wb/xk8Lrf+c7jvQ+/d2D9GRt++LsnXff0Fy/Z98DfPPvOwid/+Xph4P6Jn5Wz09WeEJI3kxB6vn34L7984MVTxsuSEEI56d8dwpJk6bNLkkyEoZ+HENbX2jn1zifePW/D+PL2u7unlC/OBMnuV+grx/bUtzOEmwr3iONQTzrOdh258Zzwo99ee8f3l3/z77v2vrF7skrSUzeeQlh0Tf3ju0II89P/4+JoWxYfnC7XhBB66x53UUG7Ptpi+1flrJ+WLuely76COPH+FZn1UqZedj3qyix7C7Y3W3ntqBlusV6LFmTWsyej2cprZyxfki6/lS7PnmH8cvyfhFISKrXmb0omx0ioO25JSCaOZU9tvVQ7tiHd/8x6klkvZdbLXU32a3c60MpJUiuvb08pUx5Px5W0/Iz6c3UTV+SUfzhd9qRP1PfiesjeqOpruFHbrwmxXYenaUvqPxVXaV+p7hzUrLx24NOD0ZeW9SVLGx4z1kS878Dae1aW1z13sD+nHcnjSRo/aSv+ru8tWfCFx/bsXJYX/5pSGr/UVvzXLj301lV7vv613Pj3xfjltuKf+0zvm5c+f+eK3P45HPun0lb8kddfuHf5ydfuzW3/gzF+T1vxh/cd6l545Jn9ue0fiv0zv634r1786R8/+vJTb+TGDzF+b1vx1+3b+pXugSNnVeM3niGS/bF/+tobP2/vvfCVgYGfDua1/6UYf2Fb8R/Z/cAnH1p89yW5x3dN7J/+tuJfdubTdyw48tTpeefO5MFOvXICnJhOSq+x7krX280zZ6suX/jrwUr1mm9B+n9hJzeUMb6dRXMYHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD6Z/vvX8z1/5qc+urSQhJDl1xpqI95XnDQ8PtrHdkddfuHf5ydfurS9b1kYcAAAAoFjMw0u1kp6wLNyYzA+nNa0f5whOi2vJ1PLsHEKMk50jaDdOqUmcUhtxyh1qT6VDcbo6FGdeh+J0dyhOT0GcntBanPnTxKmMj4AW29M7bXtaj9PXoTgLOhRnYYfiLOpQnMUditM/bZzWx+GSDsVZ2qE4J3UozskdivOhDsX5lQ7FOaVDcbJzyjMdhwvTmqfmxZm4US6MU0nKtTuazaefkm7n9Flup69gOwuLXo9b3M78Frfz0czjSjPcTk+L2/nVWW4naXE7vz7L7ZQKthPH7U3Z9sXtxLUWx//NHYqzq0NxbulQnFs7FOdPOxTnzzoU57ZZxgFoVcz/J/O9/tBd+c3Qm55xsrMAMd9dPvGz8fUu74QU430kUz6vKF42Uc/EWz7T9mUnEDLxVmTKu6bEq9TykWni9dTHW5m5c7r9vXi4edvq452dKe+eJt6UHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAo+Cfbz3/81d+6rNrQxLG/zU11kS8rzxveHiwje0eWHvPyvK65w7Wl3VX2ggEAAAAFIp5eFetpCd0V1aH7mTelHo96TxAT7pe7q8uBxaFNePLZLA0sd6bLJn2cZX0cat2bN66avvNuz62cfPI9aPXj275xOrzV184dMGFF6zasHHT6FD1ZwjdBfFCCBPTD9tv3vWlkU2bRrdtrxZm278sfdyydD1JHzfw8TA0vrw9bf/Sgu2VGrY3dzeKjx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBv7NpvqGR1+QDw58zMnRmv7s/54b9xcddhXWUrK7VraIn3QJDgn8WLEHOtmyy5knR1F90Vs0kXUlOKQFlYNnzRhkma9MY/KZF/WDDMErqbhEr5ol4UWoaKL0KZuHfmzJ2ZO+PcBtldt8/nxTlnnu/z/T7ne15ceM49AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwbXQmJqrT8/MTiYRyZCc5gDZWL6YprUx6n7lye0/KK1/d1N3rFQYYyEAAABgpKwPn+hEylEq5CMfJy/92hBdA7Hc9wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP97FhpTc/Xpmdmjk4hkSE5zgGwsX0zT2hh1X3v74c++vH7937pj1THWAQAAAEbL+vBcJ1KOapwWE8nJi51/J5q9G1jbN7+VtyxbZ90q8/rfHQzLO22VeWesMu9jI/I2t883BwAAAHz0Zf1/oROpRKmwZkU/nPX/o/r6LO/Uvrx8+7z6bwWKq84EAAAAPljW/5c6kWqUCtVOv77afn9DX142f9T/7bP5pw+ZP+r/+Ze1z/5PDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHQuNqbn69MxsPolIhuQ0B8jG8sU0rY1R95ynJv9xyf47NnTHSoUxFgIAAABGyvrw5da7HKXCZEzE0Ut9//qL7nv0S48+PhURrTa/WIybt+zYccM5rWOWd/YL+ye+/9wb316Rd3breMg2CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfGgWGlNz9emZ2aOSiGRITnOAbCxfTNPaGHVf/fwX//LgS0+83h2rjrEOAAAAMFrWhy/3/uWoRjGKceLSr+5ef1Gub/6wdwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAkePGb97yjS3z81tvcHFoLpr5iMPgNlwMvtgUEYfBbRyCi0P9lwkAAPiwnRpJNP9LJ11+qO8aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HCw0pubq0zOz5SQiGZLTHCAbyxfTtDZG3fTJF0tr3n3qme5YdYx1AAAAgNGyPny59y9HNSZiIk5Y+jXoncBS/185iDcJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHFYWGlNz9emZ2TVJRDIkpzlANpYvpmltjLoP7Nr7ufuP/d7F3bFSYYyFAAAAgJGyPrzYiZSjVPh4lOKU9u/53glJvn0e/F5ged72nmmTq57X6JmXX/W8u/p2VmjvpjWvnK1XaZ0782rL83LtebWuedXolK915i09rN091daMuM+VTx4AAAAOnqz/L3UilSgVSl39/0978ivj9bnbhn1bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcORYaU3P16ZnZJIlIhuQ0B8jG8sU0rY1R95bf/v8xX/3Z3Tu7Y9Ux1gEAAABGy/rw5d6/HNVYF/8X65b6/qj05md5/6y/d/+9//rrpoizTjywvtC/7I+yi1+/euHT/YeIXG92LuLYdr1kSL3f/P7emzY233sw4qwT8qesqBcfXK93ybT5WH3rZTueO7B9xMMBAACAI0TW/090IpUoFa4f2v9nnfeI/r9jqQE/9qZdvzi+fWx35H0zcpV2vdyQel/Y+PCfTz/v728s9v8r632yc/Xpvdfdf3xPwVakT5I2p6/bufnAufty2a5b9fN99bPn8uVvvf7va26+571W/XKU2/G1fbfSqrby2Fc+0uZ8bs/spe/vafTWLwzZ/x2/e+alX629+53F+m+fOtmpf0YMqt/aeWFo/TgqbU5ecefu8/fu39xbPyJqg+q/+c7FcdIfr729f/+TfQt3P/nuY/8DSJsvbHhr33n3VS/orZ/01c+e/89femD3T+757uNZ/exbkU2nrbZ+rq/+83cdt+vZ2y5f21s/N2T/T1/58vptte/8oX//V/esWhh6Fyv3/9CZj1z1ypb01v4hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAI8tCY2quPj0zm0sikiE5zQGysXwxTWtj1H3tkhffvPLuH/+wO1YdYx0AAABgtKwPX+79y1GNYhRjcqnvf6y+9bIdzx3YHpXWaNI+F+a33bjjE9ds23n91YfozgEAAIDVeu2SZKn/L3QilSgVNsZEu/+fvm7n5gPn7stl/X9u8ZxExDXXzm89Kzp5z9913K5nb7t8bec9QcTSZwHlxbzPLOdddOGLlbf+9PXTB+ads5z3woa39p13X/WCLC+6886OzvuJh8585KpXtqS3du6vO+9TX9s23349ka07ecWdu8/fu39zLnuP0T5PttfN8uZze2YvfX9PI1eJ0uJ4vp1Xbu8bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhpoTE1V5+emY18RDIkp9mtHcjG8sU0rY1R99KNv7z9mHefWNcdKxXGWAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhx/5CpCr7OIA/z8zuu7M7u7qrL7QVrasVhV0oBRF1U1ERGiF0ZUhYmhdREEQUdtEaGokV3QRZNxIVVFsIBrlJosUa/ZNuuqigwLoIRFqoXaSLipl5zjh7nNPorAXV5wPDM89zzvme3znPM2d2FgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/lL6e0Xp7ZMdDc7dfcPMnT9w7+/it7z2w7bLH3vhhfNONH+8dePXk9OblW76+aemmA/etmdr90uFfht757VjH4EcbzcrUrYQQT8QQKu/PPP/k9Kfn1cZiCKEchydCGIlLDo/EXMLqX0MIm5t1zt+4b/aqLbV2266+eeOLcyH56wrVclZPw/D8evl3qaR1tnXukSvCtzes3/75srff6p08PnFql1jbp5zWUwiLNrYe3xtC6E+vmmy1jWYHp3ZdCGGg5bhrOtR18RnWv6qgf2Fq/5faaoecbPuKXL+U2y/fz/Tm2oEO51uoojq63a+TwVw//zBaqGadq9qPj6T23dSuPMv8cvaKoRRDT7P8++OpNRJa5i2GWJ/LSrNfas5tSNef68dcv5Trl3tz11U/b1po5Rjnj2f75cazx3FPGl/e+qxu446C8fNTW0kf1JNZP+TfNFRPe9O8rrqsrpk/qeXvUGp5BrUbb058moxqGqvGJacd83sb2bbp9U9fWt7wwZHhgjri3pjyY1f5Wz8bGbzrzZ0Pjxblbyyl/FJX+d+tPfrTnTtffrEw/7ksv9xV/pUHB06s/XDHisL7M5Pdn54zyo+pn227+9hHzyz7/z2T7ea6nr8ny690Vf/1U0f7huYOHiqsf3V2f/q7yv/mulu+f/3L/ccL80OWP9BV/oapB5/tG5u7vDD/UOOjUK2v0C7Wz8+TV381NvbjeFH+F9n9H2qTHzvmvzax+9pXFu9aU7g+12X3Zzjl959V/bddcmD74Nz+i4qenXHPufrmBPiPafwbISxNf2M9lYY7/c7cN1tq+ztzoVp+L7ww3tP4BhpMr6FzeaKc2nkW/YX5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAf7MABCQAAAICg/6/bESgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//f+0pog==")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r4, 0x4c09, 0x800)
creat(&(0x7f00000002c0)='./file1\x00', 0x11)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
io_uring_setup(0x17c7, &(0x7f00000002c0))
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r6, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abff005597c8ef039a5be42200", 0x38}, 0x60)
listen(r6, 0x0)
accept4$nfc_llcp(r6, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
[ 75.643095][ T4685] Bluetooth: hci0: command tx timeout
[ 75.728413][ T5336] loop0: detected capacity change from 0 to 2048
[ 75.760785][ T5336] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[ 75.770639][ T5336] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[ 75.784660][ T5336] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 75.802377][ T25] audit: type=1800 audit(1753603920.673:2): pid=5336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1346 res=0 errno=0
[ 76.377963][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.380866][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.486398][ T5336] getblk(): invalid block size 512 requested
[ 76.490046][ T5336] logical block size: 2048
[ 76.492195][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full)
[ 76.492217][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 76.492224][ T5336] Call Trace:
[ 76.492231][ T5336]
[ 76.492236][ T5336] dump_stack_lvl+0x189/0x250
[ 76.492327][ T5336] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.492343][ T5336] ? __pfx__printk+0x10/0x10
[ 76.492366][ T5336] ? fs_reclaim_acquire+0x7d/0x100
[ 76.492421][ T5336] bdev_getblk+0x5b0/0x690
[ 76.492443][ T5336] ? udf_get_pblock_spar15+0x2d0/0x420
[ 76.492467][ T5336] udf_setup_indirect_aext+0x190/0x800
[ 76.492497][ T5336] udf_free_blocks+0x13f2/0x17f0
[ 76.492522][ T5336] ? do_raw_spin_lock+0x121/0x290
[ 76.492540][ T5336] ? __mark_inode_dirty+0x3d6/0xdf0
[ 76.492558][ T5336] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 76.492576][ T5336] ? __pfx_udf_free_blocks+0x10/0x10
[ 76.492597][ T5336] ? __mark_inode_dirty+0x3ab/0xdf0
[ 76.492617][ T5336] ? rcu_is_watching+0x15/0xb0
[ 76.492632][ T5336] ? __mark_inode_dirty+0x3ab/0xdf0
[ 76.492652][ T5336] extent_trunc+0x35c/0x450
[ 76.492672][ T5336] ? __pfx_extent_trunc+0x10/0x10
[ 76.492684][ T5336] ? udf_current_aext+0x51f/0xad0
[ 76.492705][ T5336] udf_truncate_extents+0x5b0/0xec0
[ 76.492748][ T5336] ? __pfx_udf_truncate_extents+0x10/0x10
[ 76.492774][ T5336] ? do_raw_spin_unlock+0x4d/0x240
[ 76.492794][ T5336] udf_setsize+0x972/0x1000
[ 76.492820][ T5336] ? __pfx_udf_setsize+0x10/0x10
[ 76.492832][ T5336] ? down_write+0x162/0x1f0
[ 76.492874][ T5336] ? __pfx_down_write+0x10/0x10
[ 76.492891][ T5336] ? __pfx_current_time+0x10/0x10
[ 76.492918][ T5336] udf_setattr+0x3a1/0x5a0
[ 76.492932][ T5336] ? __pfx_udf_setattr+0x10/0x10
[ 76.492948][ T5336] notify_change+0xb36/0xe40
[ 76.492974][ T5336] do_truncate+0x1a4/0x220
[ 76.492993][ T5336] ? __pfx_do_truncate+0x10/0x10
[ 76.493002][ T5336] ? apparmor_file_truncate+0x23e/0x2d0
[ 76.493033][ T5336] path_openat+0x306c/0x3830
[ 76.493050][ T5336] ? arch_stack_walk+0xfc/0x150
[ 76.493090][ T5336] ? __pfx_path_openat+0x10/0x10
[ 76.493101][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.493135][ T5336] do_filp_open+0x1fa/0x410
[ 76.493145][ T5336] ? __lock_acquire+0xab9/0xd20
[ 76.493159][ T5336] ? __pfx_do_filp_open+0x10/0x10
[ 76.493189][ T5336] ? _raw_spin_unlock+0x28/0x50
[ 76.493205][ T5336] ? alloc_fd+0x64c/0x6c0
[ 76.493228][ T5336] do_sys_openat2+0x121/0x1c0
[ 76.493247][ T5336] ? __pfx_do_sys_openat2+0x10/0x10
[ 76.493270][ T5336] ? rcu_is_watching+0x15/0xb0
[ 76.493288][ T5336] __x64_sys_creat+0x8f/0xc0
[ 76.493301][ T5336] do_syscall_64+0xfa/0x3b0
[ 76.493313][ T5336] ? lockdep_hardirqs_on+0x9c/0x150
[ 76.493325][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.493335][ T5336] ? clear_bhb_loop+0x60/0xb0
[ 76.493351][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.493362][ T5336] RIP: 0033:0x7f66be98e9a9
[ 76.493377][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.493385][ T5336] RSP: 002b:00007f66bf7f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 76.493399][ T5336] RAX: ffffffffffffffda RBX: 00007f66bebb5fa0 RCX: 00007f66be98e9a9
[ 76.493406][ T5336] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 76.493413][ T5336] RBP: 00007f66bea10d69 R08: 0000000000000000 R09: 0000000000000000
[ 76.493421][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 76.493427][ T5336] R13: 0000000000000000 R14: 00007f66bebb5fa0 R15: 00007ffc50afd918
[ 76.493446][ T5336]
[ 76.670066][ T5336] getblk(): invalid block size 512 requested
[ 76.674024][ T5336] logical block size: 2048
[ 76.676076][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full)
[ 76.676096][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 76.676103][ T5336] Call Trace:
[ 76.676109][ T5336]
[ 76.676116][ T5336] dump_stack_lvl+0x189/0x250
[ 76.676141][ T5336] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.676156][ T5336] ? __pfx__printk+0x10/0x10
[ 76.676179][ T5336] ? fs_reclaim_acquire+0x7d/0x100
[ 76.676200][ T5336] bdev_getblk+0x5b0/0x690
[ 76.676220][ T5336] ? udf_get_pblock_spar15+0x2d0/0x420
[ 76.676242][ T5336] udf_setup_indirect_aext+0x190/0x800
[ 76.676270][ T5336] udf_free_blocks+0x13f2/0x17f0
[ 76.676295][ T5336] ? do_raw_spin_lock+0x121/0x290
[ 76.676312][ T5336] ? __mark_inode_dirty+0x3d6/0xdf0
[ 76.676332][ T5336] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 76.676349][ T5336] ? __pfx_udf_free_blocks+0x10/0x10
[ 76.676370][ T5336] ? __mark_inode_dirty+0x3ab/0xdf0
[ 76.676391][ T5336] ? rcu_is_watching+0x15/0xb0
[ 76.676407][ T5336] ? __mark_inode_dirty+0x3ab/0xdf0
[ 76.676428][ T5336] extent_trunc+0x35c/0x450
[ 76.676448][ T5336] ? __pfx_extent_trunc+0x10/0x10
[ 76.676462][ T5336] ? udf_current_aext+0x51f/0xad0
[ 76.676482][ T5336] udf_truncate_extents+0x5b0/0xec0
[ 76.676507][ T5336] ? __pfx_udf_truncate_extents+0x10/0x10
[ 76.676535][ T5336] ? do_raw_spin_unlock+0x4d/0x240
[ 76.676554][ T5336] udf_setsize+0x972/0x1000
[ 76.676579][ T5336] ? __pfx_udf_setsize+0x10/0x10
[ 76.676592][ T5336] ? down_write+0x162/0x1f0
[ 76.676607][ T5336] ? __pfx_down_write+0x10/0x10
[ 76.676629][ T5336] ? __pfx_current_time+0x10/0x10
[ 76.676650][ T5336] udf_setattr+0x3a1/0x5a0
[ 76.676665][ T5336] ? __pfx_udf_setattr+0x10/0x10
[ 76.676682][ T5336] notify_change+0xb36/0xe40
[ 76.676702][ T5336] do_truncate+0x1a4/0x220
[ 76.676716][ T5336] ? __pfx_do_truncate+0x10/0x10
[ 76.676727][ T5336] ? apparmor_file_truncate+0x23e/0x2d0
[ 76.676756][ T5336] path_openat+0x306c/0x3830
[ 76.676767][ T5336] ? arch_stack_walk+0xfc/0x150
[ 76.676807][ T5336] ? __pfx_path_openat+0x10/0x10
[ 76.676818][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.676843][ T5336] do_filp_open+0x1fa/0x410
[ 76.676853][ T5336] ? __lock_acquire+0xab9/0xd20
[ 76.676863][ T5336] ? __pfx_do_filp_open+0x10/0x10
[ 76.676890][ T5336] ? _raw_spin_unlock+0x28/0x50
[ 76.676902][ T5336] ? alloc_fd+0x64c/0x6c0
[ 76.676922][ T5336] do_sys_openat2+0x121/0x1c0
[ 76.676939][ T5336] ? __pfx_do_sys_openat2+0x10/0x10
[ 76.676959][ T5336] ? rcu_is_watching+0x15/0xb0
[ 76.676976][ T5336] __x64_sys_creat+0x8f/0xc0
[ 76.676989][ T5336] do_syscall_64+0xfa/0x3b0
[ 76.677002][ T5336] ? lockdep_hardirqs_on+0x9c/0x150
[ 76.677012][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.677022][ T5336] ? clear_bhb_loop+0x60/0xb0
[ 76.677037][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.677047][ T5336] RIP: 0033:0x7f66be98e9a9
[ 76.677059][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.677069][ T5336] RSP: 002b:00007f66bf7f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 76.677091][ T5336] RAX: ffffffffffffffda RBX: 00007f66bebb5fa0 RCX: 00007f66be98e9a9
[ 76.677100][ T5336] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 76.677107][ T5336] RBP: 00007f66bea10d69 R08: 0000000000000000 R09: 0000000000000000
[ 76.677114][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 76.677121][ T5336] R13: 0000000000000000 R14: 00007f66bebb5fa0 R15: 00007ffc50afd918
[ 76.677140][ T5336]
[ 76.677146][ T5336] ==================================================================
[ 76.839704][ T5336] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x69d/0x7b0
[ 76.843099][ T5336] Write of size 4 at addr ffff8880408a31d8 by task syz.0.0/5336
[ 76.846726][ T5336]
[ 76.847850][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full)
[ 76.847867][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 76.847875][ T5336] Call Trace:
[ 76.847883][ T5336]
[ 76.847889][ T5336] dump_stack_lvl+0x189/0x250
[ 76.847906][ T5336] ? __virt_addr_valid+0x1c8/0x5c0
[ 76.847923][ T5336] ? rcu_is_watching+0x15/0xb0
[ 76.847935][ T5336] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.847946][ T5336] ? rcu_is_watching+0x15/0xb0
[ 76.847957][ T5336] ? lock_release+0x4b/0x3e0
[ 76.847967][ T5336] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 76.847985][ T5336] ? __virt_addr_valid+0x1c8/0x5c0
[ 76.848001][ T5336] ? __virt_addr_valid+0x4a5/0x5c0
[ 76.848016][ T5336] print_report+0xca/0x240
[ 76.848027][ T5336] ? udf_write_aext+0x69d/0x7b0
[ 76.848042][ T5336] kasan_report+0x118/0x150
[ 76.848057][ T5336] ? udf_write_aext+0x69d/0x7b0
[ 76.848075][ T5336] udf_write_aext+0x69d/0x7b0
[ 76.848100][ T5336] __udf_add_aext+0x2b9/0x6d0
[ 76.848117][ T5336] udf_free_blocks+0x1466/0x17f0
[ 76.848135][ T5336] ? do_raw_spin_lock+0x121/0x290
[ 76.848153][ T5336] ? __mark_inode_dirty+0x3d6/0xdf0
[ 76.848174][ T5336] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 76.848191][ T5336] ? __pfx_udf_free_blocks+0x10/0x10
[ 76.848209][ T5336] ? __mark_inode_dirty+0x3ab/0xdf0
[ 76.848228][ T5336] ? rcu_is_watching+0x15/0xb0
[ 76.848243][ T5336] ? __mark_inode_dirty+0x3ab/0xdf0
[ 76.848262][ T5336] extent_trunc+0x35c/0x450
[ 76.848278][ T5336] ? __pfx_extent_trunc+0x10/0x10
[ 76.848290][ T5336] ? udf_current_aext+0x51f/0xad0
[ 76.848309][ T5336] udf_truncate_extents+0x5b0/0xec0
[ 76.848326][ T5336] ? __pfx_udf_truncate_extents+0x10/0x10
[ 76.848344][ T5336] ? do_raw_spin_unlock+0x4d/0x240
[ 76.848361][ T5336] udf_setsize+0x972/0x1000
[ 76.848379][ T5336] ? __pfx_udf_setsize+0x10/0x10
[ 76.848392][ T5336] ? down_write+0x162/0x1f0
[ 76.848405][ T5336] ? __pfx_down_write+0x10/0x10
[ 76.848419][ T5336] ? __pfx_current_time+0x10/0x10
[ 76.848438][ T5336] udf_setattr+0x3a1/0x5a0
[ 76.848451][ T5336] ? __pfx_udf_setattr+0x10/0x10
[ 76.848465][ T5336] notify_change+0xb36/0xe40
[ 76.848481][ T5336] do_truncate+0x1a4/0x220
[ 76.848493][ T5336] ? __pfx_do_truncate+0x10/0x10
[ 76.848503][ T5336] ? apparmor_file_truncate+0x23e/0x2d0
[ 76.848522][ T5336] path_openat+0x306c/0x3830
[ 76.848533][ T5336] ? arch_stack_walk+0xfc/0x150
[ 76.848555][ T5336] ? __pfx_path_openat+0x10/0x10
[ 76.848564][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.848581][ T5336] do_filp_open+0x1fa/0x410
[ 76.848591][ T5336] ? __lock_acquire+0xab9/0xd20
[ 76.848601][ T5336] ? __pfx_do_filp_open+0x10/0x10
[ 76.848615][ T5336] ? _raw_spin_unlock+0x28/0x50
[ 76.848628][ T5336] ? alloc_fd+0x64c/0x6c0
[ 76.848642][ T5336] do_sys_openat2+0x121/0x1c0
[ 76.848658][ T5336] ? __pfx_do_sys_openat2+0x10/0x10
[ 76.848672][ T5336] ? rcu_is_watching+0x15/0xb0
[ 76.848686][ T5336] __x64_sys_creat+0x8f/0xc0
[ 76.848695][ T5336] do_syscall_64+0xfa/0x3b0
[ 76.848705][ T5336] ? lockdep_hardirqs_on+0x9c/0x150
[ 76.848714][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.848724][ T5336] ? clear_bhb_loop+0x60/0xb0
[ 76.848737][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.848748][ T5336] RIP: 0033:0x7f66be98e9a9
[ 76.848760][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.848770][ T5336] RSP: 002b:00007f66bf7f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 76.848784][ T5336] RAX: ffffffffffffffda RBX: 00007f66bebb5fa0 RCX: 00007f66be98e9a9
[ 76.848791][ T5336] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 76.848797][ T5336] RBP: 00007f66bea10d69 R08: 0000000000000000 R09: 0000000000000000
[ 76.848803][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 76.848809][ T5336] R13: 0000000000000000 R14: 00007f66bebb5fa0 R15: 00007ffc50afd918
[ 76.848819][ T5336]
[ 76.848822][ T5336]
[ 77.021542][ T5336] Allocated by task 5336:
[ 77.023357][ T5336] kasan_save_track+0x3e/0x80
[ 77.025352][ T5336] __kasan_kmalloc+0x93/0xb0
[ 77.027434][ T5336] __kmalloc_noprof+0x27a/0x4f0
[ 77.029621][ T5336] __udf_iget+0xc66/0x3ae0
[ 77.031606][ T5336] udf_fill_partdesc_info+0x773/0x1310
[ 77.033982][ T5336] udf_process_sequence+0x1133/0x4840
[ 77.036287][ T5336] udf_check_anchor_block+0x28e/0x550
[ 77.038618][ T5336] udf_load_vrs+0x96d/0xf20
[ 77.040667][ T5336] udf_fill_super+0x5ad/0x17a0
[ 77.042909][ T5336] get_tree_bdev_flags+0x40e/0x4d0
[ 77.045313][ T5336] vfs_get_tree+0x92/0x2b0
[ 77.047517][ T5336] do_new_mount+0x24a/0xa40
[ 77.049805][ T5336] __se_sys_mount+0x317/0x410
[ 77.051939][ T5336] do_syscall_64+0xfa/0x3b0
[ 77.054025][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.056595][ T5336]
[ 77.057703][ T5336] The buggy address belongs to the object at ffff8880408a3000
[ 77.057703][ T5336] which belongs to the cache kmalloc-512 of size 512
[ 77.063891][ T5336] The buggy address is located 0 bytes to the right of
[ 77.063891][ T5336] allocated 472-byte region [ffff8880408a3000, ffff8880408a31d8)
[ 77.070269][ T5336]
[ 77.071480][ T5336] The buggy address belongs to the physical page:
[ 77.074480][ T5336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x408a2
[ 77.078359][ T5336] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 77.082054][ T5336] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 77.085389][ T5336] page_type: f5(slab)
[ 77.087272][ T5336] raw: 04fff00000000040 ffff88801a441c80 ffffea0001022900 0000000000000004
[ 77.091136][ T5336] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 77.094883][ T5336] head: 04fff00000000040 ffff88801a441c80 ffffea0001022900 0000000000000004
[ 77.098606][ T5336] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 77.102316][ T5336] head: 04fff00000000001 ffffea0001022881 00000000ffffffff 00000000ffffffff
[ 77.106033][ T5336] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 77.109850][ T5336] page dumped because: kasan: bad access detected
[ 77.112829][ T5336] page_owner tracks the page as allocated
[ 77.115445][ T5336] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5272, tgid 5272 (syz-executor), ts 71911176706, free_ts 61662974919
[ 77.124559][ T5336] post_alloc_hook+0x240/0x2a0
[ 77.126702][ T5336] get_page_from_freelist+0x21e4/0x22c0
[ 77.129074][ T5336] __alloc_frozen_pages_noprof+0x181/0x370
[ 77.131667][ T5336] alloc_pages_mpol+0x232/0x4a0
[ 77.133871][ T5336] allocate_slab+0x8a/0x3b0
[ 77.135908][ T5336] ___slab_alloc+0xbfc/0x1480
[ 77.137986][ T5336] __kmalloc_cache_noprof+0x296/0x3d0
[ 77.140331][ T5336] inetdev_init+0x7d/0x500
[ 77.142389][ T5336] inetdev_event+0x301/0x15b0
[ 77.144592][ T5336] notifier_call_chain+0x1b6/0x3e0
[ 77.147025][ T5336] register_netdevice+0x1608/0x1ae0
[ 77.149317][ T5336] lowpan_newlink+0x3ae/0x5c0
[ 77.151442][ T5336] rtnl_newlink_create+0x30d/0xb00
[ 77.153665][ T5336] rtnl_newlink+0x16d6/0x1c70
[ 77.155805][ T5336] rtnetlink_rcv_msg+0x7cc/0xb70
[ 77.158008][ T5336] netlink_rcv_skb+0x208/0x470
[ 77.160129][ T5336] page last free pid 5270 tgid 5270 stack trace:
[ 77.162908][ T5336] __free_frozen_pages+0xc71/0xe70
[ 77.165555][ T5336] __slab_free+0x326/0x400
[ 77.167640][ T5336] qlist_free_all+0x97/0x140
[ 77.169659][ T5336] kasan_quarantine_reduce+0x148/0x160
[ 77.172051][ T5336] __kasan_slab_alloc+0x22/0x80
[ 77.174212][ T5336] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 77.176623][ T5336] vm_area_dup+0x2b/0x680
[ 77.178519][ T5336] __split_vma+0x1a9/0xa00
[ 77.180492][ T5336] vms_gather_munmap_vmas+0x2de/0x12b0
[ 77.182918][ T5336] mmap_region+0x678/0x1f30
[ 77.184934][ T5336] do_mmap+0xc45/0x10d0
[ 77.186723][ T5336] vm_mmap_pgoff+0x31b/0x4c0
[ 77.188792][ T5336] ksys_mmap_pgoff+0x51f/0x760
[ 77.190937][ T5336] do_syscall_64+0xfa/0x3b0
[ 77.192965][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.195605][ T5336]
[ 77.196676][ T5336] Memory state around the buggy address:
[ 77.199148][ T5336] ffff8880408a3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.202712][ T5336] ffff8880408a3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.206490][ T5336] >ffff8880408a3180: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[ 77.210105][ T5336] ^
[ 77.213179][ T5336] ffff8880408a3200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 77.216776][ T5336] ffff8880408a3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 77.220234][ T5336] ==================================================================
[ 77.315057][ T5336] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 77.318273][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full)
[ 77.323881][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 77.328839][ T5336] Call Trace:
[ 77.330363][ T5336]
[ 77.331712][ T5336] dump_stack_lvl+0x99/0x250
[ 77.333808][ T5336] ? __asan_memcpy+0x40/0x70
[ 77.335878][ T5336] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.338301][ T5336] ? __pfx__printk+0x10/0x10
[ 77.340529][ T5336] panic+0x2db/0x790
[ 77.342446][ T5336] ? __pfx_preempt_schedule+0x10/0x10
[ 77.344860][ T5336] ? __pfx_panic+0x10/0x10
[ 77.346814][ T5336] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 77.349337][ T5336] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 77.352101][ T5336] ? udf_write_aext+0x69d/0x7b0
[ 77.354307][ T5336] check_panic_on_warn+0x89/0xb0
[ 77.356488][ T5336] ? udf_write_aext+0x69d/0x7b0
[ 77.358695][ T5336] end_report+0x78/0x160
[ 77.360738][ T5336] kasan_report+0x129/0x150
[ 77.363059][ T5336] ? udf_write_aext+0x69d/0x7b0
[ 77.365486][ T5336] udf_write_aext+0x69d/0x7b0
[ 77.367663][ T5336] __udf_add_aext+0x2b9/0x6d0
[ 77.369840][ T5336] udf_free_blocks+0x1466/0x17f0
[ 77.372097][ T5336] ? do_raw_spin_lock+0x121/0x290
[ 77.374379][ T5336] ? __mark_inode_dirty+0x3d6/0xdf0
[ 77.376666][ T5336] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 77.379338][ T5336] ? __pfx_udf_free_blocks+0x10/0x10
[ 77.382054][ T5336] ? __mark_inode_dirty+0x3ab/0xdf0
[ 77.384832][ T5336] ? rcu_is_watching+0x15/0xb0
[ 77.386944][ T5336] ? __mark_inode_dirty+0x3ab/0xdf0
[ 77.389183][ T5336] extent_trunc+0x35c/0x450
[ 77.391089][ T5336] ? __pfx_extent_trunc+0x10/0x10
[ 77.393168][ T5336] ? udf_current_aext+0x51f/0xad0
[ 77.395391][ T5336] udf_truncate_extents+0x5b0/0xec0
[ 77.397594][ T5336] ? __pfx_udf_truncate_extents+0x10/0x10
[ 77.400011][ T5336] ? do_raw_spin_unlock+0x4d/0x240
[ 77.402161][ T5336] udf_setsize+0x972/0x1000
[ 77.404124][ T5336] ? __pfx_udf_setsize+0x10/0x10
[ 77.406364][ T5336] ? down_write+0x162/0x1f0
[ 77.408571][ T5336] ? __pfx_down_write+0x10/0x10
[ 77.410982][ T5336] ? __pfx_current_time+0x10/0x10
[ 77.413273][ T5336] udf_setattr+0x3a1/0x5a0
[ 77.415342][ T5336] ? __pfx_udf_setattr+0x10/0x10
[ 77.417575][ T5336] notify_change+0xb36/0xe40
[ 77.419613][ T5336] do_truncate+0x1a4/0x220
[ 77.421531][ T5336] ? __pfx_do_truncate+0x10/0x10
[ 77.423686][ T5336] ? apparmor_file_truncate+0x23e/0x2d0
[ 77.426180][ T5336] path_openat+0x306c/0x3830
[ 77.428203][ T5336] ? arch_stack_walk+0xfc/0x150
[ 77.430412][ T5336] ? __pfx_path_openat+0x10/0x10
[ 77.432579][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.435329][ T5336] do_filp_open+0x1fa/0x410
[ 77.437348][ T5336] ? __lock_acquire+0xab9/0xd20
[ 77.439552][ T5336] ? __pfx_do_filp_open+0x10/0x10
[ 77.441924][ T5336] ? _raw_spin_unlock+0x28/0x50
[ 77.444144][ T5336] ? alloc_fd+0x64c/0x6c0
[ 77.446188][ T5336] do_sys_openat2+0x121/0x1c0
[ 77.448322][ T5336] ? __pfx_do_sys_openat2+0x10/0x10
[ 77.450714][ T5336] ? rcu_is_watching+0x15/0xb0
[ 77.452826][ T5336] __x64_sys_creat+0x8f/0xc0
[ 77.454862][ T5336] do_syscall_64+0xfa/0x3b0
[ 77.456754][ T5336] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.458965][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.461561][ T5336] ? clear_bhb_loop+0x60/0xb0
[ 77.463492][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.465929][ T5336] RIP: 0033:0x7f66be98e9a9
[ 77.467899][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 77.476404][ T5336] RSP: 002b:00007f66bf7f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 77.480172][ T5336] RAX: ffffffffffffffda RBX: 00007f66bebb5fa0 RCX: 00007f66be98e9a9
[ 77.483677][ T5336] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 77.487249][ T5336] RBP: 00007f66bea10d69 R08: 0000000000000000 R09: 0000000000000000
[ 77.491025][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 77.494647][ T5336] R13: 0000000000000000 R14: 00007f66bebb5fa0 R15: 00007ffc50afd918
[ 77.498193][ T5336]
[ 77.499862][ T5336] Kernel Offset: disabled
[ 77.501919][ T5336] Rebooting in 86400 seconds..