program: io_setup(0x202, &(0x7f0000000200)=0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@nolazytime}, {@noblock_validity}]}, 0x3, 0x453, &(0x7f00000005c0)="$eJzs3MtvG8UfAPDvruP0119bEkp59AEECiLikTRtgR44AAKJQ5GQ4ADHKEmrUrdBTZBoVUGLUDkhhMQdceRf4AQXhDghcYU7qlShXNpyMlp7ndiO7SaOXUP8+UjbzOyjM9/Mjj07YyeAoTWR/ZNE7I6I3yNiLCLS5hMmqj9urVyeu71yeS6Jcvntv5Lssri5cnmudmqS/9yVZybTiPSzJA62KHfp4qWzs6XSwoU8P7187oPppYuXnjtzbvb0wumF80dPnDh+bObFF44+35M4szrdPPDx4qH9b7z31Zsnv2iIvymOHpnodPDJcrnHxQ3Wnrp0MjLAirAphYjImqtY6f9jUYi1xhuL1z8daOWAviqXy+Vd7Q9fKQPbWBKNeV0ehkXtjT57/q1tzYOAl/s3/Bi4G69UH4CyuG/lW/XIyOo8SLHp+baXJiLi3St/f5Nt0Z95CACABj9k459nW43/0nig7rx78rWh8Yi4NyL2RsR9EbEvIu6PqJz7YEQ8tMnymxdJ1o9/0utdBbZB2fjvpXxtq3H8t7oKNl7Ic3sq8ReTU2dKC0fy38lkFHdk+ZkOZfz42m9ftjtWP/7Ltqz82lgwr8f1kR2N18zPLs9uJeZ6N65GHBhpFX+yuhKQRMT+iDjQZRlnnv7uULtjd46/gx6sM5W/jXiq2v5Xoin+mqTz+uT0/6K0cGS6dles98uv195qV/6W4u+BrP3/3/L+X41/PKlfr13afBnX/vi87TNNt/f/aPJOJT2a7/todnn5wkzEaHKyWun6/UfXrq3la+dn8U8ebt3/98bab+JgRGQ38cMR8UhEPJrX/bGIeDwiDneI/+dXn3i/+/j7K4t/flPtv5YYjeY9rROFsz9931Do+Lr4b3du/+OV1GS+ZyOvfxupV3d3MwAAAPz3pBGxO5J0ajWdplNT1c/L74tIS4tLy8+cWvzw/Hz1OwLjUUxrM11jdfOhM/ljfTV/NSKqHy2oHT+Wzxt/XdhZyU/NLZbmBx08DLldbfp/5s/CoGsH9J3va8Hw0v9heOn/MLz0fxheLfr/zkHUA7j7Wr3/fzKAegB3X1P/t+wHQ2TEcB+GVtv5v+38l3+ACvP/MJSWdsadvyTfMVH7n7q8fNsmovivqMbWE+WkZeNGOuiKSfQzMdjXJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF75JwAA//+QOeBZ") syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000380)='./file0\x00', 0x10e, &(0x7f0000000140)={[{@inlinecrypt}, {@nodelalloc}, {@jqfmt_vfsold}, {@bh}, {@block_validity}, {@quota}]}, 0xb, 0x460, &(0x7f0000001380)="$eJzs289vFFUcAPDvzLZg+WEr4g9+qFU0Nv5oaUHl4EGNJh40MfGCx9oWgizU0JoIIYrG4NGQeDceTfwLPOnFqCcTr3o3JMRwEU1M1szuDLs77C4U2i5lP59k4L2d17733Tdv9715nQAG1nj2TxKxLSJ+j4jRRra9wHjjvyuXz879c/nsXBK12tt/JfVyf18+O1cULX5ua56ZSCPSz5LY06HepdNnjs9Wqwun8vzU8on3p5ZOn3n22InZowtHF07OHDp08MD0C8/PPHeDkfxX63X2nqytuz9a3Lvr9XcuvDl3+MK7P3+bFPGX4lgl471OPlHr2dwNZ3tLOhnqY0NYkUpEZN01XB//o1GJZueNxmuf9rVxwJqq5bqcPlcD7mBJ9LsFQH8UX/TZ+rc41m/20X+XXm4sgLK4r+RH48xQpNFYGA2X1reraTwiDp/796vsiLW5DwEA0Ob7bP7zTKf5Xxr3t5S7O98bGsv3UnZExL0RsTMi7ouol30gIh5cYf3lTZJr5z/pxZsK7AZl878X872t9vlfWhQZq+S57fXMcHLkWHVhf/6eTMTw5iw/3aOOH1797Ytu51rnf9mR1V/MBfN2XBza3P4z87PLs7cSc6tLn0TsHuoUf3J1JyCJiF0Rsfsm6zj21Dd7u50rxT/SvvlY9lJ7dhX2mWpfRzzZ6P9zUYq/kPTen5y6K6oL+6eKq+Jav/x6/q1u9V+//9dW1v9bOl7/V+MfS1r3a5dWXsf5Pz7vuqaZXPH1vyk65T6cXV4+NR2xKXmj0ejW12ea5Yt8UT6Lf2Jf5/G/I5rvxJ6IyC7ihyLi4Yh4JO+7RyPisYjYVw4sbSZ/euXx95q59gv8duj/+VL/j7UXKfV/M7Epyq90TlSO//hd+29sJm/s8+9gPTWRv5J9/l1v97y1FUmPBt7auwcAAAAbQxoR2yJJJ6+m03RysvE3/DtjS1pdXFp++sjiByfnG88IjMVwWtzpatwPbtwPnc6X9UV+ppQ/kN83/rIyUs9Pzi1W5/sdPAy4rV3Gf+bPSr9bB6w5z2vB4DL+YXAZ/zC4jH8YXB3G/0g/2gGsv07f/x83k7XR9WwMsK5K49+2HwwQ638YXMY/DK7W8d/z+XvgTrI0Er0f3h+ARHp7NGODJSLtW+3pqv/mZI1Hwbb+99dKE/3+ZAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFgd/wcAAP//nHbk3g==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x1304825, &(0x7f0000000140)='usrjquota=') r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000540)=[&(0x7f0000000300)={0x25, 0x0, 0x0, 0x1, 0x4, r1, 0x0}]) syz_mount_image$btrfs(&(0x7f0000000080), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f0000000140)={[{@nodatasum}, {@thread_pool={'thread_pool', 0x3d, 0x7c}}, {@fragment_data}, {@discard}, {@datacow}, {@flushoncommit}, {@metadata_ratio={'metadata_ratio', 0x3d, 0x800000002}}, {@autodefrag}, {@nobarrier}]}, 0x1, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0a00000005000000020000000400000000000000", @ANYRES32, @ANYBLOB="0000364e0000a080d4d00e9a1d003000"/43, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000e40), &(0x7f0000000100)=@udp, 0x8}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x12, 0x4, 0x4, 0xc}, 0x48) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xa10812, &(0x7f0000000580)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0x0, @ANYBLOB=',umask=00000000000000000000004,gid=', @ANYRESHEX=0x0, @ANYBLOB=',namecase=1,iocharset=iso8859-15,utf8,umask=00000000000000000177777,namecase=1,utf8,gid=', @ANYRESHEX=0x0, @ANYBLOB=',errors=continue,umask=00000000000000000005454,dmask=00000000000000000000011,euid=', @ANYRESDEC, @ANYBLOB=',uid>', @ANYRESDEC, @ANYBLOB="2c7375626a5f747970653d696f636861727365742c7375626a5f747970653d2c99708160e42db27072726f72733d636f6e74696e75652c726f6f74636f6e746578743d73797361646d5f752c7375626a5f757365723dc5b09b45c8a2fec720b73428c62e2e2c7375626a5f726f6c653d666f", @ANYRESDEC=0x0, @ANYBLOB=',\x00'], 0x21, 0x14ff, &(0x7f0000000740)="$eJzs3AvUjdXWOPA511oPL0k7yX3NNR92vFgkSS5JckmS5EiSW0KSJElI7rckJCH3JPeQ3EJyv99yT5IkSRISkqz/0On7dE7n+/ed7zvfMMZ552+MZ7xr7mfP9cy15zve53n2O/b+tv3gynWrVKjNzPC/gn/90Q0AUgCgHwBcBwARAJTIUiLL5f0ZNHb73x1E/Gs9NO1qVyCuJul/2ib9T9uk/2mb9D9tk/6nbdL/tE36n7ZJ/4VIy7ZNz3m9bGl3k/f/0zI5//8bOVJkzJcbitzY4Z9Ikf6nbdL/tE36n7ZJ/9M26X/aJv1P26T/aZv0X4i07H/+3rH87+DfYbvav39CCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIdKG8+EKAwD/Mb7adQkhhBBCCCGEEOJfJ6S/2hUIIYQQQgghhBDi/x6CAg0GIkgH6SEFMkBGuAYywbWQGa6DBFwPWeAGyAo3QjbIDjkgJ+SC3JAHLBA4YIghL+SDJNwE+aEApEJBKASFwUMRKAo3QzG4BYrDrVACboOScDuUgtJQBsrCHVAO7oTycBdUgLuhIlSCylAF7oGqcC9Ug/ugOtwPNeABqAkPQi34C9SGh6AOPAx14RGoB49CfWgADaERNP4f5b8IneEl6AJdoRt0hx7QE3pBb+gDfaEfvAz9IeW312YQDIbXYAi8DkPhDRgGw2EEvAkjYRSMhjEwFsbBeHgLJsDbMBHegUkwGabAVJgG02EGvAszYRbMhvdgDrwPc2EezIcFsBA+gEWwGJbAh7AUPoJlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW3wMWyHHbATdsFu2AN74RPYB5/CfvgMDsDn/2T+ub/L74CAgAoVGjSYDtNhCqZgRsyImTATZsbMmMAEZsEsmBWzYjbMViAH5sBcmAvzYB4kJGRkzIt5MYlJzI/5MRVTsRAWQo8ei2JRLIa3YHEsjiWwBJbEklgKS2NpLItlsRyWw/JYHitgBayIFbEyVsZ78B68F6thNayO1bEG1sCaWBNrYS2sjbWxDtbBulgX62E9rI/1sSE2xMbYGJtgE2yKTbE5NscW2AJbYktsha2wNbbGNtgG22JbbIftsD22xw7YETvii/givoQvYVesqLpjD+yBvbAX9sG+2Bdfxv74Cr6Cr+JAHISD8TV8DV/HoXgWh+FwHIEjsJwahaNxDLIah+NxPE7ACTgRJ+IknIyTcSpOw+k4A2fgTJyFs/A9nIPv4/s4D+fhAlyIC3ERLsYluASX4jlchstxBa7EVbgaV+FaXIdrcQNuxA24GTfjVtyKH+PHuAN34C7chXvQAOAn+Cl+igPxAB7Ag3gQD+EhPIyH8QgewaN4FI/hMTyOx/EEnsCTeApP4yk8g2fwLJ7D83geL+AFvIjP5/q6zp6C6weCuswoo9KpdCpFpaiMKqPKpDKpzCqzSqiEyqKyqKwqq8qmsqkcKofKpXKpPCqPIkWKVazyqrwqqZIqv8qvUlWqKqQKKa+8KqqKqmKqmCquiqsS6jZVUt2uSqnSqpkvq8qqcqq5L6/uUhVUBVVRVVKVVRVVRVVVVVU1VU1VV9VVDVVD1VQPqlqqO/bBh9TlztRVg7CeGoz1VQPVUDVSr+Njqokaik1VM9VcPaGG4zBsqZr4Vupp1VqNxjbqWTUGn1Pt1Dhsr15QHVRH1Um9qDqrpr6L6qomYXfVQ03FXqq36qP6qplYSV3uWGX1qhqoBqnB6jW1AF9XQ9UbapgarkaoN9VINUqNVmPUWDVOjVdvqQnqbTVRvaMmqclqipqqpqnpaoZ6V81Us9Rs9Z6ao95Xc9U8NV8tUAvVB2qRWqyWqA/VUvWRWqaWqxVqpVqlVqs1aq1ap9arDWqj2qQ2qy1qq9qmPlbb1Q61U+1Su9UetVd9ovapT9V+9Zk6oD5XB9UX6pD6Uh1WX6kj6mt1VH2jjqlv1XH1nTqhvlcn1Sl1Wv2gzqgf1Vl1Tp1XP6kL6md1Uf2iLqmgQKNWWmujI51Op9cpOoPOqK/RmfS1OrO+Tif09TqLvkFn1TfqbDq7zqFz6lw6t86jrSbtNOtY59X5dFLfpPPrAjpVF9SFdGHtdRFdVN+si+lbdHF9qy6hb9Ml9e26lC6ty+iy+g5dTt+py+u7dAV9t66oK+nKuoq+R1fV9+pq+j5dXd+va+gHdE39oK6l/6Jr64d0Hf2wrqsf0fX0o7q+bqAb6ka6sX5MN9GP66a6mW6un9At9JO6pX5Kt9JP69b6Gd1GP6vb6ud0O/28bq9f0B10R91J/6Iv6aC76K66m+6ue+ieupfurfvovrqffln316/oAfpVPVAP0oP1a3qIfl0P1W/oYXq4HqHf1CP1KD1aj9Fj9Tg9Xr+lJ+i39UT9jp6kJ+speqqepqfrPr/NNPu/kf/2P8gf8OvRt+pt+mO9Xe/QO/UuvVvv0Xv1Xr1P79P79X59QB/QB/VBfUgf0of1YX1EH9FH9VF9TB/Tx/VxfUKf0Cf1Kf2T/kGf0T/qs/qcPqd/0hf0BX3xt9cADBpltDEmMulMepNiMpiM5hqTyVxrMpvrTMJcb7KYG0xWc6PJZrKbHCanyWVymzzGGjLOsIlNXpPPJM1N+NtJ0xQyhY03RUxRc/M/k2/ymwIm1RT8m/w/q6+xaWyamCamqWlqmpvmpoVpYVqalqaVaWVam9amjWlj2pq2pp1pZ9qb9qaD6WA6mU6ms+lsupguppvpZnqYnqaX6W36mL6mn3nZ9Df9zQAzwAw0A81gM9gMMUPMUDPUDDPDzAgzwow0I81oM9qMNWPNeDPeTDATzEQz0Uwyk8wUM8VMM9PMDDPDzDQzzWwz28wxc8xcM9fMN/PNQrPQLDKLzBKzxCw1S80ys9wsNyvNSrParDZrzVqz3qw3G81Gs9lsNsvSbzPbzHaz3ew0O81us9vsNXvNPrPP7Df7zQFzwBw0B80hc8gcNofNEXPEHDVHzTFzzBw3x80Jc8KcNCfNaXPanDFnzFlz1pw3580Fc8FcNBfNJXPp8mVfpCIVmchE6aJ0UUqUEmWMMkaZokxR5ihzlIgSUZYoS5Q1ujHKFmWPckQ5o1xR7ihPZCOKXMRRHOWN8kXJ6KYof1QgSo0KRoWiwpGPikRFo5ujYtEtUfHo1qhEdFtUMro9KhWVjspEZaM7onLRnVH56K6oQnR3VDGqFFWOqkT3RFWje6Nq0X1R9ej+qEb0QFQzejCqFf0lqh09FNWJHo7qRo9E9aJHo/pRg6hh1Chq/C+dP4Sz2R/3XWxX2812tz1sT9vL9rZ9bF/bz75s+9tX7AD7qh1oB9nB9jU7xL5uh9o37DA73I6wb9qRdpQdbcfYsXacHW/fshPs23aifcdOspPtFDvVTrPT7Qz7rp1pZ9nZ9j07x75v59p5dr5dYBfaD+wiu9gusR/apfYju8wutyvsSrvKrrZr7Fq7zq63G+xGu8lutlvsVrvNfmy32x12p91ld9s9dq/9xO6zn9r99jN7wH5uD9ov7CH7pT1sv7JH7Nf2qP3GHrPf2uP2O3vCfm9P2lP2tP3BnrE/2rP2nD1vf7IX7M/2ov3FXrLh8sX95dM7GTKUjtJRCqVQRspImSgTZabMlKAEZaEslJWyUjbKRjkoB+WiXJSH8tBlTEx5KS8lKUn5KT+lUioVokLkyVNRKkrFqBgVp+JUgkpQSSpJpagUlaEydAfdQXfSnXQX3UV3091UiSpRFapCVakqVaNqVJ2qUw2qQTWpJtWiWlSbalMdqkN1qS7Vo3pUn+pTQ2pIjakxNaEm1JSaUnNqTi2oBbWkltSKWlFrak1tqA21pbbUjtpRe2pPHagDdaJO1Jk6UxfqQt2oG/WgHtSLelEf6kP9qB/1p/40gAbQQBpIg2kwDaEhNJSG0jAaTiPoTRpJo2g0jaGxNI7G03iaQBNoIk2kSTSJptAUmkbTaAbNoJk0k2bTbJpDc2guzaX5NJ8W0kJaRItoCS2hpbSUltEyWkEraBWtojW0htbROtpAG2gTbaIttIW20TbaTttpJ+2k3bSb9tJe2kf7aD/tpwN0gA7SQTpEh+gwHaYjdISO0lE6RsfoOB2nE3SCTtJJOk2n6QydobN0ls7TebpAP9NF+oUuUaAUl8FldNe4TO5al9ld5/4+zuFyulwut8vjrMvmsv9NTM65VFfQFXKFnXdFXFF3s0u9fEv1u7iUK+3KuLLuDlfO3enK/yGu6u511dx9rrq731Vx9/xNXMM94Gq6R1wt96ir7Rq4Oq6Rq+secfXco66+a+AaukauhXvStXRPuVbuadfaPfOHeJFb7Na59W6D2+j2uU/defeTO+a+dRfcz66L6+r6uZddf/eKG+BedQPdoD/EI9ybbqQb5Ua7MW6sG/eHeIqb6qa56W6Ge9fNdLP+EC90H7g5bomb6+a5+W7Br/Hlmpa4D91S95Fb5pa7FW6lW+VWuzVu7X/WutJtdlvcVrfXfeK2ux1up9vldrs9v8aX17HffeYOuM/dUfeNO+S+dIfdcXfEff1rfHl9x9137oT73p10p9xp94M74350Z925X9d/ee0/uF/cJRccMLJizYYjTsfpOYUzcEa+hjPxtZyZr+MEX89Z+AbOyjdyNs7OOTgn5+LcnIctEztmjjkv5+Mk38T5uQCnckEuxIXZcxEuyjdzMb6Fi/OtXIJv45J8O5fi0lyGy/IdXI7v5PJ8F1fgu7kiV+LKXIXv4ap8L1fj+7g63881+AGuyQ9yLf4L1+aHuA4/zHX5Ea7Hj3J9bsANuRE35se4CT/OTbkZN+cnuAU/yS35KW7FT3Nrfobb8LPclp/jdvw8t+cXuAN35E78Infml7gLd+Vu3J17cE/uxb25D/flfvwy9+dXeAC/ygN5EA/m13gIv85D+Q0exsN5BL/JI3kUj+YxPJbH8Xh+iyfw2zyR3+FJPJmn8FSextN5Br/LM3kWz+b3eA6/z3N5Hs/nBbyQP+BFvJiX8Ie8lD/iZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+Vt/DFv5x28k3fxbt7De/kT3sef8n7+jA/w53yQv+BD/CUf5q/4CH/NR/kbPsbf8nH+jk/w93yST/Fp/oHP8I98ls/xef6JL/DPfJF/4UscGGKMVaxjE0dxujh9nBJniDPG18SZ4mvjzPF1cSK+Ps4S3xBnjW+Ms8XZ4xxxzjhXnDvOE9uYYhdzHMd543xxMr4pzh8XiFPjgnGhuHDs4yJx0fjmuFh8S1w8vjUuEd8Wl4xvj0vFpeNH7i8b3xGXi++My8d3xRXiu+OKcaW4clwlvieuGt8bV4vvi6vH98fF4wfimvGDMfz2eZU68cNx3fiRuF78aFw/bhA3jBvFjePH4ibx43HTuFncPH4ibhE/GbeMn4pbxU/HreNn/nR/t7h73CPuGfeMQ7hPz08uSC5MfpBclFycXJL8MLk0+VFyWXJ5ckVyZXJVcnVyTXJtcl1yfXJDcmNyU3JzcktyazKEKunBo1dee+Mjn86n9yk+g8/or/GZ/LU+s7/OJ/z1Pou/wWf1N/psPrvP4XP6XD63z+OtJ+88+9jn9fl80t/k8/sCPtUX9IV8Ye99EV/UN/KNfWPfxD/um/pmvrl/wj/hn/RP+qf8U/5p39o/49v4Z31b/5xv55/3z/sXfAff0XfyL/rO/iXfxXf13Xw338P38L18L9/H9/H9fD/f3/f3A/wAP9AP9IP9YD/ED/FD/VA/zA/zI/wIP9KP9KP9aD/Wj/Xj/Xg/wU/wE/1EP8lP8lP8FD/NT/Mz/Aw/08/0s/1sPyd1jp/r5/r5fr5f6Bf6RX6RX+KX+KV+qV/ml/kVfoVf5Vf5NX6NX+fX+Q1+g9/kN/ktfovf5rf57X673+l3+t1+t9/r9/p9fp/f7/f7A/6AP+gP+kP+kD/sv/JH/Nf+qP/GH/Pf+uP+O3/Cf+9P+lP+tP/Bn/E/+rP+nD/vf/IX/M/+ov/FX/LBj0+8lZiQeDsxMfFOYlJicmJKYmpiWmJ6Ykbi3cTMxKzE7MR7iTmJ9xNzE/MS8xMLEgsTHyQWJRYnliQ+TCxNfJRYllieWJFYmViVWJ0IIff2OOQN+UIy3BTyhwIhNRQMhULh4EORUDTcHIqFW0LxcGsoEW4LJcPtoVQoHcqER0P90CA0DI1C4/BYaBIeD01Ds9A8PBFahCdDy/BUaBWeDq3DM6FNeDa0Dc+FduH50D68EDqEjqFTeDF0Di+FLqFr6Ba6hx6hZ+gVeoc+oW/oF14O/cMrYUB4NQwMg8Lg8FoYEl4PQ8MbYVgYHkaEN8PIMCqMDmPC2DAujA9vhQnh7TAxvBMmhclhSpgapoXpYUZ4N8wMs8Ls8F6YE94Pc8O8MD8sCAvDB2FRWByWhA/D0vBRWBaWhxVhZVgVVoc1YW1YF9aHDWFj2BQ2hy1ha9gWPg7bw46wM+wKu8OesDd8EvaFT8P+8Fk4ED4PB8MX4VD4MhwOX4Uj4etwNHwTjoVvw/HwXTgRvg8nw6lwOvwQzoQfw9lwLpwPP4UL4edwMfwSLsln1oQQQggh/lt6/sn+7v/gMQMA6rdxDwC4dkfOI7/frwFgU7a/jnurXC0SAPB01/YP/cdWsWK3bt1+e+4yDVG+eQCQ+LsD/BYvh+bwJLSCZlDsH9bXW3W8wH8yf/I2gIy/y0mBK/GV+b/4L+Z/7IkRi0rG57P8f+afB5Ca70pOBrgSL4fml1cDzaD4fzF/9iZ/Un+GL8cDNP1dTia4El+pvyg8Ds9Aq795phBCCCGEEEII8Ve9VZm2f3b/fPn+PJe5kpMersR/dn8uhBBCCCGEEEKIq++5jp2eeqxVq2ZtZSADGcjgPwdX+y+TEEIIIYQQ4l/tykX/lccyXM2ChBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKINOh3X/qVAQD+T75O7GqvUQghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhLja/l8AAAD//+hQN/Q=") truncate(&(0x7f00000001c0)='./file0\x00', 0x9) r5 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r5, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x7fff, 0x0, 0x200000, 0x0, "22536af39b7c02b753c2acf8852d3c3a9a6c2f359e9ba7d94d93b581061383374a2f79470700000800", "0410b161aec02400cd1a8f2cfdbaee89c5cf8500", [0x1, 0x9]}) rmdir(&(0x7f0000000000)='./file0\x00') fallocate(r4, 0x1, 0x30, 0x6a97) copy_file_range(r3, 0x0, r3, &(0x7f0000000100)=0xae8, 0x863, 0x0) [ 91.729710][ T4651] Bluetooth: hci0: command tx timeout [ 91.741810][ T802] cfg80211: failed to load regulatory.db [ 91.766078][ T5322] loop0: detected capacity change from 0 to 512 [ 91.789901][ T5322] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 91.802682][ T5322] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 91.822528][ T5322] EXT4-fs (loop0): 1 truncate cleaned up [ 91.826064][ T5322] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.841608][ T5322] EXT4-fs: Ignoring removed bh option [ 92.302589][ T5322] loop0: detected capacity change from 512 to 448 [ 92.314425][ T5322] ================================================================== [ 92.317504][ T5322] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.320886][ T5322] Read of size 18446744073709551600 at addr ffff888023e1e2b8 by task syz.0.0/5322 [ 92.324832][ T5322] [ 92.325937][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 92.325953][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 92.325961][ T5322] Call Trace: [ 92.325974][ T5322] [ 92.325981][ T5322] dump_stack_lvl+0xe8/0x150 [ 92.325999][ T5322] print_address_description+0x55/0x1e0 [ 92.326013][ T5322] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.326032][ T5322] print_report+0x58/0x70 [ 92.326043][ T5322] kasan_report+0x117/0x150 [ 92.326060][ T5322] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.326077][ T5322] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.326094][ T5322] kasan_check_range+0x264/0x2c0 [ 92.326108][ T5322] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.326124][ T5322] __asan_memmove+0x29/0x70 [ 92.326136][ T5322] ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.326158][ T5322] ext4_xattr_ibody_set+0x254/0x6a0 [ 92.326176][ T5322] ext4_destroy_inline_data_nolock+0x23a/0x5e0 [ 92.326192][ T5322] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 92.326206][ T5322] ? trace_kmalloc+0x2a/0xf0 [ 92.326219][ T5322] ? __asan_memcpy+0x40/0x70 [ 92.326230][ T5322] ? ext4_read_inline_data+0x103/0x2c0 [ 92.326242][ T5322] ext4_convert_inline_data_nolock+0x208/0x990 [ 92.326259][ T5322] ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10 [ 92.326270][ T5322] ? down_write+0x16d/0x200 [ 92.326339][ T5322] ext4_convert_inline_data+0x4ce/0x600 [ 92.326356][ T5322] ? __pfx_ext4_convert_inline_data+0x10/0x10 [ 92.326369][ T5322] ? down_write+0x16d/0x200 [ 92.326384][ T5322] ? vfs_fallocate+0x5f0/0x7e0 [ 92.326401][ T5322] ext4_fallocate+0x1e2/0x3d0 [ 92.326414][ T5322] vfs_fallocate+0x669/0x7e0 [ 92.326427][ T5322] ? __fget_files+0x2a/0x420 [ 92.326440][ T5322] ? __pfx_vfs_fallocate+0x10/0x10 [ 92.326453][ T5322] ? __fget_files+0x2a/0x420 [ 92.326466][ T5322] __x64_sys_fallocate+0xc0/0x110 [ 92.326481][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.326493][ T5322] do_syscall_64+0x15f/0xf80 [ 92.326508][ T5322] ? trace_irq_disable+0x3b/0x140 [ 92.326526][ T5322] ? clear_bhb_loop+0x40/0x90 [ 92.326539][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.326551][ T5322] RIP: 0033:0x7f56df19cdd9 [ 92.326563][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.326572][ T5322] RSP: 002b:00007f56e010ffe8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 92.326586][ T5322] RAX: ffffffffffffffda RBX: 00007f56df415fa0 RCX: 00007f56df19cdd9 [ 92.326595][ T5322] RDX: 0000000000000030 RSI: 0000000000000001 RDI: 0000000000000007 [ 92.326602][ T5322] RBP: 00007f56df232d69 R08: 0000000000000000 R09: 0000000000000000 [ 92.326609][ T5322] R10: 0000000000006a97 R11: 0000000000000246 R12: 0000000000000000 [ 92.326616][ T5322] R13: 00007f56df416038 R14: 00007f56df415fa0 R15: 00007fff35b29ab8 [ 92.326629][ T5322] [ 92.326634][ T5322] [ 92.446432][ T5322] The buggy address belongs to the physical page: [ 92.448996][ T5322] page: refcount:2 mapcount:0 mapping:ffff88801cc25940 index:0x2 pfn:0x23e1e [ 92.452366][ T5322] memcg:ffff888041a59480 [ 92.453992][ T5322] aops:def_blk_aops ino:700000 dentry name(?):"" [ 92.456330][ T5322] flags: 0xfff78000004224(referenced|lru|workingset|private|node=0|zone=1|lastcpupid=0x7ff) [ 92.460308][ T5322] raw: 00fff78000004224 ffffea00008f8208 ffffea00007c77c8 ffff88801cc25940 [ 92.463746][ T5322] raw: 0000000000000002 ffff888047aaf3a0 00000002ffffffff ffff888041a59480 [ 92.467488][ T5322] page dumped because: kasan: bad access detected [ 92.470071][ T5322] page_owner tracks the page as allocated [ 92.472388][ T5322] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5322, tgid 5321 (syz.0.0), ts 92309974105, free_ts 92283721417 [ 92.480374][ T5322] post_alloc_hook+0x231/0x280 [ 92.482394][ T5322] get_page_from_freelist+0x24ba/0x2540 [ 92.484706][ T5322] __alloc_frozen_pages_noprof+0x18d/0x380 [ 92.487149][ T5322] alloc_pages_mpol+0x235/0x490 [ 92.489208][ T5322] alloc_pages_noprof+0xac/0x2a0 [ 92.491318][ T5322] folio_alloc_noprof+0x1e/0x30 [ 92.493364][ T5322] filemap_alloc_folio_noprof+0x111/0x470 [ 92.495780][ T5322] __filemap_get_folio_mpol+0x3fc/0xb00 [ 92.498093][ T5322] bdev_getblk+0x1f6/0x6e0 [ 92.499979][ T5322] __ext4_get_inode_loc+0x528/0xfa0 [ 92.502146][ T5322] ext4_get_inode_loc+0x81/0xf0 [ 92.504144][ T5322] ext4_convert_inline_data+0x26e/0x600 [ 92.506505][ T5322] ext4_fallocate+0x1e2/0x3d0 [ 92.508520][ T5322] vfs_fallocate+0x669/0x7e0 [ 92.510589][ T5322] __x64_sys_fallocate+0xc0/0x110 [ 92.512777][ T5322] do_syscall_64+0x15f/0xf80 [ 92.514846][ T5322] page last free pid 5322 tgid 5321 stack trace: [ 92.517598][ T5322] free_unref_folios+0xcec/0x1480 [ 92.519689][ T5322] folios_put_refs+0x9ff/0xb40 [ 92.521701][ T5322] shmem_undo_range+0x52c/0x1660 [ 92.523904][ T5322] shmem_evict_inode+0x289/0xae0 [ 92.526010][ T5322] evict+0x61e/0xb10 [ 92.527698][ T5322] __dentry_kill+0x1a2/0x690 [ 92.529783][ T5322] finish_dput+0xc9/0x480 [ 92.531708][ T5322] __fput+0x691/0xa60 [ 92.533412][ T5322] fput_close_sync+0x11f/0x240 [ 92.535497][ T5322] __x64_sys_close+0x7e/0x110 [ 92.537466][ T5322] do_syscall_64+0x15f/0xf80 [ 92.539428][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.541979][ T5322] [ 92.543027][ T5322] Memory state around the buggy address: [ 92.545351][ T5322] ffff888023e1e180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.548599][ T5322] ffff888023e1e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.551823][ T5322] >ffff888023e1e280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.555071][ T5322] ^ [ 92.557547][ T5322] ffff888023e1e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.560831][ T5322] ffff888023e1e380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.564136][ T5322] ================================================================== [ 92.649835][ T5322] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 92.652898][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 92.656821][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 92.661105][ T5322] Call Trace: [ 92.662580][ T5322] [ 92.663952][ T5322] vpanic+0x56c/0xa60 [ 92.665827][ T5322] ? __pfx_vpanic+0x10/0x10 [ 92.667894][ T5322] ? __pfx___schedule+0x10/0x10 [ 92.670079][ T5322] panic+0xc5/0xd0 [ 92.671716][ T5322] ? __pfx_panic+0x10/0x10 [ 92.673700][ T5322] ? preempt_schedule_thunk+0x16/0x30 [ 92.676010][ T5322] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.678294][ T5322] check_panic_on_warn+0x89/0xb0 [ 92.680374][ T5322] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.682753][ T5322] end_report+0x73/0x170 [ 92.684671][ T5322] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.687080][ T5322] kasan_report+0x128/0x150 [ 92.689003][ T5322] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.691297][ T5322] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.693769][ T5322] kasan_check_range+0x264/0x2c0 [ 92.695934][ T5322] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.698475][ T5322] __asan_memmove+0x29/0x70 [ 92.700573][ T5322] ext4_xattr_set_entry+0x9c1/0x1e20 [ 92.703007][ T5322] ext4_xattr_ibody_set+0x254/0x6a0 [ 92.705306][ T5322] ext4_destroy_inline_data_nolock+0x23a/0x5e0 [ 92.707910][ T5322] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 92.710666][ T5322] ? trace_kmalloc+0x2a/0xf0 [ 92.712551][ T5322] ? __asan_memcpy+0x40/0x70 [ 92.714426][ T5322] ? ext4_read_inline_data+0x103/0x2c0 [ 92.716732][ T5322] ext4_convert_inline_data_nolock+0x208/0x990 [ 92.719468][ T5322] ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10 [ 92.722492][ T5322] ? down_write+0x16d/0x200 [ 92.724586][ T5322] ext4_convert_inline_data+0x4ce/0x600 [ 92.727132][ T5322] ? __pfx_ext4_convert_inline_data+0x10/0x10 [ 92.729852][ T5322] ? down_write+0x16d/0x200 [ 92.731932][ T5322] ? vfs_fallocate+0x5f0/0x7e0 [ 92.734120][ T5322] ext4_fallocate+0x1e2/0x3d0 [ 92.736176][ T5322] vfs_fallocate+0x669/0x7e0 [ 92.738137][ T5322] ? __fget_files+0x2a/0x420 [ 92.740213][ T5322] ? __pfx_vfs_fallocate+0x10/0x10 [ 92.742496][ T5322] ? __fget_files+0x2a/0x420 [ 92.744353][ T5322] __x64_sys_fallocate+0xc0/0x110 [ 92.746677][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.749388][ T5322] do_syscall_64+0x15f/0xf80 [ 92.751463][ T5322] ? trace_irq_disable+0x3b/0x140 [ 92.753760][ T5322] ? clear_bhb_loop+0x40/0x90 [ 92.755577][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.757788][ T5322] RIP: 0033:0x7f56df19cdd9 [ 92.759527][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.767248][ T5322] RSP: 002b:00007f56e010ffe8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 92.770842][ T5322] RAX: ffffffffffffffda RBX: 00007f56df415fa0 RCX: 00007f56df19cdd9 [ 92.773995][ T5322] RDX: 0000000000000030 RSI: 0000000000000001 RDI: 0000000000000007 [ 92.776894][ T5322] RBP: 00007f56df232d69 R08: 0000000000000000 R09: 0000000000000000 [ 92.780179][ T5322] R10: 0000000000006a97 R11: 0000000000000246 R12: 0000000000000000 [ 92.783532][ T5322] R13: 00007f56df416038 R14: 00007f56df415fa0 R15: 00007fff35b29ab8 [ 92.786797][ T5322] [ 92.788388][ T5322] Kernel Offset: disabled [ 92.790318][ T5322] Rebooting in 86400 seconds..