program:
syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
sendfile(r0, r0, 0x0, 0x800000009)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x10)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r3, &(0x7f0000000000)={0x1f, @none}, 0x8)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @fixed}, 0xe)
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="04030b008000aaaaaaaaaa0001"], 0xe)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x5, 0xc9}}}, 0x6)
ftruncate(r2, 0x2007ffb)
sendfile(r1, r2, 0x0, 0x1000000201005)
syz_mount_image$bcachefs(&(0x7f00000002c0), &(0x7f0000000340)='./bus\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESOCT, @ANYBLOB="5a3f8fa4067a10650f26471a6ee9e9c641a62f221aacd71851d8ccee1e3265ad24d3b77aa6accfea0b3a7c6a61c75a8dac28cdad621664353a45d77ecba7895ff1351e13f469f44963edf9a76633362c9b8045bccf1a21e98a429bf90d005dc4590f9177e4efe2295c52c2c76c5837b1", @ANYRES16, @ANYRES32, @ANYRES32, @ANYRESDEC, @ANYBLOB="39287ca62b3bc2d352aea732da4208801a4fdd37620ca3929ea549314caf0a"], 0xfc, 0x5a13, &(0x7f00000088c0)="$eJzs3X+QHNV9IPDXM7Pa1a5+rAQOMpjVIqOEQGyt+FXYpOJNLrFTQCi5SDmIkw0LWhHZklDpRwBBgsiBDxXgwilSCU7+IC7gDqO4qIKLUSgTASdxNraKi4+6wtSZO+w/fEUIKgM6yuXzpnan3+xsz/T27OyskNDnU9L29Js33379+k1Pf9/M7gQAAABOCAfv3H7k8lN/77t/Pvrubb//j5tvD33lifKeWKE/Xd70frWQo6m7smximR0Xv3bLN34yeN3vfOfx3offO7D+jA0//N2Trnv6i5fse+Bvnn1n4ZO/fL0obhxPZ0+uJ28mIfR8+/BffvnAi6eMlyWLxn+WdoewJFn67JIkE2Lo5yGE9enKssydT7x73obx5e13d08pX5ypZ7yf2MaP8/jA2nXkxnPCj3577R3fX/7Nv+/a+8buySpJT914CmHRNfWP7wohzE//j4ujLY7HOGjXhBB66x53UUG7Ptpi+1flrJ+WLuely76COPH+FZn1UqZedj3qyix7C7Y3W3ntaLdekQWZ9ezJaLby2hnLl6TLb6XLs2cYv5zuQzkJpSRUas3flEyOkVB33JKQTBzLntp6qXZsQ7r/mfUks17KrJe7Mvs1sd10oJWTZGp5rJcpj6fjSlp+Rv25uokrcso/nC570ifqe3E9ZG9U9TXcqO3XhNiuw9O05Wgo1Z2DmpXXDnx6MPrSsr5kacNjxpqI9x1Ye8/K8rrnDvbntCN5PEnjJ23F3/W9JQu+8NiendnX9Vr8a0pp/FJb8V+79NBbV+35+tdy498X45fbin/uM71vXvr8nSty++dw7J9KW/FHXn/h3uUnX7s3t/0Pxvg9bcUf3neoe+GRZ/bntn8o9s/8tuK/evGnf/zoy0+9kRs/xPi9bcVft2/rV7oHjpyVG39/7J++9sbP23svfGVg4KeDefFfivEXthX/kd0PfPKhxXdfknt818T+6W8r/mVnPn3HgiNPnZ537kwe7NQrJ8CJ6aT0GuuudL3dPHO26vKFvx6sVK/5FqT/F3ZyQ5mLz/HtLOpkfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIXzonP/2mf/zuf43K+l6d3rj1VJ1GcvnhZDMDyFs3zGybcfGLdcPfvGGndu2jGwaHNkxOLplx7abB8//jcFto1s3jdw8fu/Qx86rPm5pSKrL5PSGbXePjY2V+qeWxe39uzP3/mjlRf/3X0IY+tAPBiq57V/1wOaHTm7yMyMZHvvU5p2X/+CCv0v3qz9tV3+Tdo2NjY2FnHb965W/eOgvDv/krBCGfmW6dr3w6m/905QGTRRMxkmVukO1Qd1Jb9N21Fqdtif2V2XDxk2jQ9P37/jjyzn78e9veePnG2766i+q/duTux8t9u/84bFNpb9ae9n//6tbqwVF7Xq/jntRf8e9iO2L/deT9veidL8W5exXJWe/7vz+/pe/feqed3aHocrbyxu3XbRfXekA6Eo+3NJ24xZ6kyVTynvS+vGIx8et2rF566rtN+/62MbNI9ePXj+65ROrz1994dAFF16wamLPV3V4/+P2f7XF/T8642nxn+z+VvzZ2nia2q55M+6P8XYV90d9i/Kef71XfPn+Tzzw/OXVgqJxHmvXzifpsnf8OK8OdeOtsa+a7VfR8QkhDDbrh7feuSSc8j833lF0Hqo/MvU/M5LhsRdX/OzvLvrbZb9ZLTgq5/n6BrV5nq+1erI9E/3Vkx6PsWO0f7tDOd2vvqbtWv3i8133HPyXP621b968cNPIjh3bVld/LkhbuiA5rWm7sqVxv5ZP/CyHtFtCbZg2Ga/jukK1fdnzZ6ye7dW+9L6+ZGnT/cqK9x1Ye8/K8rrnDub1dPJ4dYvzw8LqMvlITs1NmQeWaw1utv1j9flXND4GPvO3T37uyX84v2F8nFv9WbRfSc5+ffPlR+5/+Kv/8R86t1+f+a1D/T/7X3+8slpwzJ9XytWG1FqdtiepP6+cG0LR8295aL4fuc+/UvP9KXr+ZbczWb95vMHMel8ot/V8PfeZ3jcvff7OFbnP18PTPV/rd/bWKY8rFzxfj5Xxk31+JZWp7Zi759eUgZIMj33nrpN2P3vbmlOrBUWvl7Xazcb1eS3kHzn79U9XvTJww+B/+B+dO2984zeeuPqHI8N/Vi1o/7jHtnTmuPek/duT07+1Vse8s75/P37dDZvWV8uL+vn9u/5NlwX5TzyVbL9515dGNm0a3ba9tf1q9fU0bifby83Hz77bMtUaXk/j2W1pwX6VGvZr7m600l+tPt9i+9e31F/Fz7e+kLT1urDre0sWfOGxPTv7Gx6VbuiaUhq/1Fb81y499NZVe77+tdz498X4lbbij7z+wr3LT752b278B5M0fk9b8Yf3HepeeOSZ/bnxh2L757cV/9WLP/3jR19+6o3c+On565R/be86/bW39174ysDAT3Pjv5Sk2xm/RgrhiXfP21BdT0JX+nyL7eia0q6QXU8y66XMerl+vRRnEdINlJNkanmsl5afUdeWZv4opzxehfUsqy7fi+she2P68mNNqe7c36y86DoVAOCDLr7/H69B4/v/o+mFUv5MA0zqm8i028/DluXEjXnY5HzO1PdYl6Xx4+PjPODAx8PQ+PL2weqF/kzfR4jPh+w8Z9zOWR+dGqNwnnNsYvsN85xF8+8rMuuxXdX58kpdHppqzGsqoYX598btTD//ntn94vezBu9qaNZg3bxV9vh1pTNmzT7vkGlvZTxC3vjIzovFz3MMLAprJrbX4vjIfo4mHofs52jidk7NnDjb/RxN3vjob+yHKe2K4yPWm2Z8TDS5+P3IxuMXpunfyePXPFr2+M3gePeM15/r92c7MG/Y9JR29OYN5/b9MPOSOfHTJ9ixPm8Yy+N+VFqcT/xcTnmn5hPj6SK26/A0bTkazCcCH1Qx/4+vEeP5//gF+P/L1CvKU7JXjTFe7ueEys3bU5R3NH5Or7et1/F1+7Z+pXvgyFm51zn7W/2c3tYpa70Fn/sp6seVmfXCfsyZoCnK97LbKer37Ocy+sLCtvr9kd0PfPKhxXdfktvva6ovpMX9fv+UtYUF/X4c5AvN48sXToh8Ya7nz963fCT94NNc5SN/mFM+03ykt+FGbb8mHLv5yOQL6ZR8pOvotgsAOH7E/L/2/lma///vWCG9jijKW8/OrMd4uXlrzvVJXt76B+nypkz9vvQ3KmZ63XzZmU/fseDIU6fn5i0PtpqH/ucpa/2Feejs8ubcPGJNZz4vnptH1PKs2eWJue2v5Ymzy9Nz3qaty9Nnl0fn9k8tj546D3D/odbix3mA3Pi1eYAO5rm/nKx09PLcgvm6zMbiaqvzde9LHr1o6n7OSR6d/vrsXOXRV+SUzzSP7mu4UduvCcduHj21XB4NAHxQxfw/XsbF/P/5TL3Zvs+emxd06Lo9+/dAavFfmpO8cjJ+h97/Lc775jpvneu8fq7nJY7393/nel6of+IPeM7VPNn79v7ysZIXpxuVFwMAcCyL+f/8dD0//59dftKQv3VVLyEn85PjLz+vryc/z4n/gcnPj/f5r7n9nMwJn//H9XR17MTL/3N+cwgAgGNJzP/jrz3Gv//3X9P17N+tPx7z9OB9dHn6cZOnd3ieLcav/xyAeYCj+/n4+ZP1T4B5AAAAjkFdE5lS4+/Zfz5dZn/PPu/38q/Kqd+qSnp5fO2ObaOjV+/cun5kx+jVW25YP7r96hu3bdyxY3RLtd5s88bcvCXNG7tCJe2P5vWyedvi9O8hLM75ewjZ+jHsaRM3Gv8eQnaz8wv+jsDk8WutvXnHrzRN/WbjI+9458X/o5z6Ue34X/fH5169YfvVG7ds3LFxZNPGXaNT641nrb0z+N7MJP0/o+9LzfxoUJr593fGwzO7dpQa2tGV9kfe97MnmXYsSVuyJO/7D3La/d3//hd/cubYLx4NYehD5Y/Mqv+S4bH/cuXoH+w4+IOt4+0vTdv+Ws20XUXfV5qtH/ensumG7TvO2XDDzi3Zb5RsT5zPKNXW52g+I336l1ucn1iXUz7T398vN9w4NrU8PwEAwBTx/f94PRvfP/xqegEVy1vP09t//zgJz+zPzdOHWsvTs99LVpSnZ+vH/W01T++ZZZ6e3X5Rnt6sfrM8PS/vzov/hzn1Z6r1cdLG5zxi+vnYnp254+Sa1sZJ9vsMisZJtv5Mx0kyy3GS3X7ROGlWv9k4yTvuefE/m1M/T9F4qNTGw+w+l5M7Hu5rbTz8ema9aDxk6890PJRmOR6y2y8aD83qNxsPecc3L/7lOfVbNXV8jA+MiXExevWNN2z7Ul29uf7+i9D4kYxW2jdv8rFz+/0f7Xl44mdr/Tu3n/tq12T/hzA8UZLX/rn9XNns21/U/zP4XNmi0PC5stz2vzS7mbDW2z+33++SkVe98fFHa742PRMUff6saB53bU75TOdx5zXcODY1n8ftMo8LR0HM/+PbPTH/vztddvptoOP/e9J8j1nT+B36HrOi65gT7vU8+5b7cfl67n1ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKzuyrKJ5cE7tx+5/NTf++6fj7572+//4+bbf+2Wb/xk8Lrf+c7jvQ+/d2D9GRt++LsnXff0Fy/Z98DfPPvOwid/+Xph4P6Jn5Wz09WeEJI3kxB6vn34L7984MVTxsuSEEI56d8dwpJk6bNLkkyEoZ+HENbX2jn1zifePW/D+PL2u7unlC/OBMnuV+grx/bUtzOEmwr3iONQTzrOdh258Zzwo99ee8f3l3/z77v2vrF7skrSUzeeQlh0Tf3ju0II89P/4+JoWxYfnC7XhBB66x53UUG7Ptpi+1flrJ+WLuely76COPH+FZn1UqZedj3qyix7C7Y3W3ntqBlusV6LFmTWsyej2cprZyxfki6/lS7PnmH8cvyfhFISKrXmb0omx0ioO25JSCaOZU9tvVQ7tiHd/8x6klkvZdbLXU32a3c60MpJUiuvb08pUx5Px5W0/Iz6c3UTV+SUfzhd9qRP1PfiesjeqOpruFHbrwmxXYenaUvqPxVXaV+p7hzUrLx24NOD0ZeW9SVLGx4z1kS878Dae1aW1z13sD+nHcnjSRo/aSv+ru8tWfCFx/bsXJYX/5pSGr/UVvzXLj301lV7vv613Pj3xfjltuKf+0zvm5c+f+eK3P45HPun0lb8kddfuHf5ydfuzW3/gzF+T1vxh/cd6l545Jn9ue0fiv0zv634r1786R8/+vJTb+TGDzF+b1vx1+3b+pXugSNnVeM3niGS/bF/+tobP2/vvfCVgYGfDua1/6UYf2Fb8R/Z/cAnH1p89yW5x3dN7J/+tuJfdubTdyw48tTpeefO5MFOvXICnJhOSq+x7krX280zZ6suX/jrwUr1mm9B+n9hJzeUMb6dRXMYHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD6Z/vvX8z1/5qc+urSQhJDl1xpqI95XnDQ8PtrHdkddfuHf5ydfurS9b1kYcAAAAoFjMw0u1kp6wLNyYzA+nNa0f5whOi2vJ1PLsHEKMk50jaDdOqUmcUhtxyh1qT6VDcbo6FGdeh+J0dyhOT0GcntBanPnTxKmMj4AW29M7bXtaj9PXoTgLOhRnYYfiLOpQnMUditM/bZzWx+GSDsVZ2qE4J3UozskdivOhDsX5lQ7FOaVDcbJzyjMdhwvTmqfmxZm4US6MU0nKtTuazaefkm7n9Flup69gOwuLXo9b3M78Frfz0czjSjPcTk+L2/nVWW4naXE7vz7L7ZQKthPH7U3Z9sXtxLUWx//NHYqzq0NxbulQnFs7FOdPOxTnzzoU57ZZxgFoVcz/J/O9/tBd+c3Qm55xsrMAMd9dPvGz8fUu74QU430kUz6vKF42Uc/EWz7T9mUnEDLxVmTKu6bEq9TykWni9dTHW5m5c7r9vXi4edvq452dKe+eJt6UHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAo+Cfbz3/81d+6rNrQxLG/zU11kS8rzxveHiwje0eWHvPyvK65w7Wl3VX2ggEAAAAFIp5eFetpCd0V1aH7mTelHo96TxAT7pe7q8uBxaFNePLZLA0sd6bLJn2cZX0cat2bN66avvNuz62cfPI9aPXj275xOrzV184dMGFF6zasHHT6FD1ZwjdBfFCCBPTD9tv3vWlkU2bRrdtrxZm278sfdyydD1JHzfw8TA0vrw9bf/Sgu2VGrY3dzeKjx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBv7NpvqGR1+QDw58zMnRmv7s/54b9xcddhXWUrK7VraIn3QJDgn8WLEHOtmyy5knR1F90Vs0kXUlOKQFlYNnzRhkma9MY/KZF/WDDMErqbhEr5ol4UWoaKL0KZuHfmzJ2ZO+PcBtldt8/nxTlnnu/z/T7ne15ceM49AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwbXQmJqrT8/MTiYRyZCc5gDZWL6YprUx6n7lye0/KK1/d1N3rFQYYyEAAABgpKwPn+hEylEq5CMfJy/92hBdA7Hc9wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP97FhpTc/Xpmdmjk4hkSE5zgGwsX0zT2hh1X3v74c++vH7937pj1THWAQAAAEbL+vBcJ1KOapwWE8nJi51/J5q9G1jbN7+VtyxbZ90q8/rfHQzLO22VeWesMu9jI/I2t883BwAAAHz0Zf1/oROpRKmwZkU/nPX/o/r6LO/Uvrx8+7z6bwWKq84EAAAAPljW/5c6kWqUCtVOv77afn9DX142f9T/7bP5pw+ZP+r/+Ze1z/5PDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHQuNqbn69MxsPolIhuQ0B8jG8sU0rY1R95ynJv9xyf47NnTHSoUxFgIAAABGyvrw5da7HKXCZEzE0Ut9//qL7nv0S48+PhURrTa/WIybt+zYccM5rWOWd/YL+ye+/9wb316Rd3breMg2CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfGgWGlNz9emZ2aOSiGRITnOAbCxfTNPaGHVf/fwX//LgS0+83h2rjrEOAAAAMFrWhy/3/uWoRjGKceLSr+5ef1Gub/6wdwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAkePGb97yjS3z81tvcHFoLpr5iMPgNlwMvtgUEYfBbRyCi0P9lwkAAPiwnRpJNP9LJ11+qO8aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HCw0pubq0zOz5SQiGZLTHCAbyxfTtDZG3fTJF0tr3n3qme5YdYx1AAAAgNGyPny59y9HNSZiIk5Y+jXoncBS/185iDcJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHFYWGlNz9emZ2TVJRDIkpzlANpYvpmltjLoP7Nr7ufuP/d7F3bFSYYyFAAAAgJGyPrzYiZSjVPh4lOKU9u/53glJvn0e/F5ged72nmmTq57X6JmXX/W8u/p2VmjvpjWvnK1XaZ0782rL83LtebWuedXolK915i09rN091daMuM+VTx4AAAAOnqz/L3UilSgVSl39/0978ivj9bnbhn1bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcORYaU3P16ZnZJIlIhuQ0B8jG8sU0rY1R95bf/v8xX/3Z3Tu7Y9Ux1gEAAABGy/rw5d6/HNVYF/8X65b6/qj05md5/6y/d/+9//rrpoizTjywvtC/7I+yi1+/euHT/YeIXG92LuLYdr1kSL3f/P7emzY233sw4qwT8qesqBcfXK93ybT5WH3rZTueO7B9xMMBAACAI0TW/090IpUoFa4f2v9nnfeI/r9jqQE/9qZdvzi+fWx35H0zcpV2vdyQel/Y+PCfTz/v728s9v8r632yc/Xpvdfdf3xPwVakT5I2p6/bufnAufty2a5b9fN99bPn8uVvvf7va26+571W/XKU2/G1fbfSqrby2Fc+0uZ8bs/spe/vafTWLwzZ/x2/e+alX629+53F+m+fOtmpf0YMqt/aeWFo/TgqbU5ecefu8/fu39xbPyJqg+q/+c7FcdIfr729f/+TfQt3P/nuY/8DSJsvbHhr33n3VS/orZ/01c+e/89femD3T+757uNZ/exbkU2nrbZ+rq/+83cdt+vZ2y5f21s/N2T/T1/58vptte/8oX//V/esWhh6Fyv3/9CZj1z1ypb01v4hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAI8tCY2quPj0zm0sikiE5zQGysXwxTWtj1H3tkhffvPLuH/+wO1YdYx0AAABgtKwPX+79y1GNYhRjcqnvf6y+9bIdzx3YHpXWaNI+F+a33bjjE9ds23n91YfozgEAAIDVeu2SZKn/L3QilSgVNsZEu/+fvm7n5gPn7stl/X9u8ZxExDXXzm89Kzp5z9913K5nb7t8bec9QcTSZwHlxbzPLOdddOGLlbf+9PXTB+ads5z3woa39p13X/WCLC+6886OzvuJh8585KpXtqS3du6vO+9TX9s23349ka07ecWdu8/fu39zLnuP0T5PttfN8uZze2YvfX9PI1eJ0uJ4vp1Xbu8bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhpoTE1V5+emY18RDIkp9mtHcjG8sU0rY1R99KNv7z9mHefWNcdKxXGWAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhx/5CpCr7OIA/z8zuu7M7u7qrL7QVrasVhV0oBRF1U1ERGiF0ZUhYmhdREEQUdtEaGokV3QRZNxIVVFsIBrlJosUa/ZNuuqigwLoIRFqoXaSLipl5zjh7nNPorAXV5wPDM89zzvme3znPM2d2FgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/lL6e0Xp7ZMdDc7dfcPMnT9w7+/it7z2w7bLH3vhhfNONH+8dePXk9OblW76+aemmA/etmdr90uFfht757VjH4EcbzcrUrYQQT8QQKu/PPP/k9Kfn1cZiCKEchydCGIlLDo/EXMLqX0MIm5t1zt+4b/aqLbV2266+eeOLcyH56wrVclZPw/D8evl3qaR1tnXukSvCtzes3/75srff6p08PnFql1jbp5zWUwiLNrYe3xtC6E+vmmy1jWYHp3ZdCGGg5bhrOtR18RnWv6qgf2Fq/5faaoecbPuKXL+U2y/fz/Tm2oEO51uoojq63a+TwVw//zBaqGadq9qPj6T23dSuPMv8cvaKoRRDT7P8++OpNRJa5i2GWJ/LSrNfas5tSNef68dcv5Trl3tz11U/b1po5Rjnj2f75cazx3FPGl/e+qxu446C8fNTW0kf1JNZP+TfNFRPe9O8rrqsrpk/qeXvUGp5BrUbb058moxqGqvGJacd83sb2bbp9U9fWt7wwZHhgjri3pjyY1f5Wz8bGbzrzZ0Pjxblbyyl/FJX+d+tPfrTnTtffrEw/7ksv9xV/pUHB06s/XDHisL7M5Pdn54zyo+pn227+9hHzyz7/z2T7ea6nr8ny690Vf/1U0f7huYOHiqsf3V2f/q7yv/mulu+f/3L/ccL80OWP9BV/oapB5/tG5u7vDD/UOOjUK2v0C7Wz8+TV381NvbjeFH+F9n9H2qTHzvmvzax+9pXFu9aU7g+12X3Zzjl959V/bddcmD74Nz+i4qenXHPufrmBPiPafwbISxNf2M9lYY7/c7cN1tq+ztzoVp+L7ww3tP4BhpMr6FzeaKc2nkW/YX5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAf7MABCQAAAICg/6/bESgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//f+0pog==")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
set_mempolicy(0x4, 0x0, 0x6)
r5 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x800)
creat(&(0x7f00000002c0)='./file1\x00', 0x11)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001a00010000000000000000000a000000000000000000000008001f00ffffc3d282da125ec9905a08000000ff"], 0x24}}, 0x0)

[   75.258760][ T5321] Bluetooth: hci0: command tx timeout
[   75.376353][ T5341] loop0: detected capacity change from 0 to 2048
[   75.426558][ T5341] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   75.449113][ T5341] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[   75.460458][ T5341] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   75.483279][   T25] audit: type=1800 audit(1753317901.117:2): pid=5341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1346 res=0 errno=0
[   76.181674][ T5341] getblk(): invalid block size 512 requested
[   76.184925][ T5341] logical block size: 2048
[   76.186907][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[   76.186927][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.186936][ T5341] Call Trace:
[   76.186943][ T5341]  <TASK>
[   76.186949][ T5341]  dump_stack_lvl+0x189/0x250
[   76.187038][ T5341]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.187053][ T5341]  ? __pfx__printk+0x10/0x10
[   76.187077][ T5341]  ? fs_reclaim_acquire+0x7d/0x100
[   76.187126][ T5341]  bdev_getblk+0x5b0/0x690
[   76.187146][ T5341]  ? udf_get_pblock_spar15+0x2d0/0x420
[   76.187168][ T5341]  udf_setup_indirect_aext+0x190/0x800
[   76.187198][ T5341]  udf_free_blocks+0x13f2/0x17f0
[   76.187220][ T5341]  ? reacquire_held_locks+0x127/0x1d0
[   76.187233][ T5341]  ? __mark_inode_dirty+0x4a6/0xdf0
[   76.187256][ T5341]  ? __pfx_udf_free_blocks+0x10/0x10
[   76.187275][ T5341]  ? __mark_inode_dirty+0x3ab/0xdf0
[   76.187295][ T5341]  ? rcu_is_watching+0x15/0xb0
[   76.187309][ T5341]  ? __mark_inode_dirty+0x3ab/0xdf0
[   76.187331][ T5341]  extent_trunc+0x35c/0x450
[   76.187352][ T5341]  ? __pfx_extent_trunc+0x10/0x10
[   76.187363][ T5341]  ? udf_current_aext+0x51f/0xad0
[   76.187384][ T5341]  udf_truncate_extents+0x5b0/0xec0
[   76.187409][ T5341]  ? __pfx_udf_truncate_extents+0x10/0x10
[   76.187437][ T5341]  ? do_raw_spin_unlock+0x4d/0x240
[   76.187458][ T5341]  udf_setsize+0x972/0x1000
[   76.187479][ T5341]  ? __pfx_udf_setsize+0x10/0x10
[   76.187490][ T5341]  ? down_write+0x162/0x1f0
[   76.187553][ T5341]  ? __pfx_down_write+0x10/0x10
[   76.187570][ T5341]  ? __pfx_current_time+0x10/0x10
[   76.187587][ T5341]  udf_setattr+0x3a1/0x5a0
[   76.187601][ T5341]  ? __pfx_udf_setattr+0x10/0x10
[   76.187615][ T5341]  notify_change+0xb36/0xe40
[   76.187634][ T5341]  do_truncate+0x1a4/0x220
[   76.187649][ T5341]  ? __pfx_do_truncate+0x10/0x10
[   76.187660][ T5341]  ? apparmor_file_truncate+0x23e/0x2d0
[   76.187690][ T5341]  path_openat+0x306c/0x3830
[   76.187702][ T5341]  ? arch_stack_walk+0xfc/0x150
[   76.187750][ T5341]  ? __pfx_path_openat+0x10/0x10
[   76.187760][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.187786][ T5341]  do_filp_open+0x1fa/0x410
[   76.187797][ T5341]  ? __lock_acquire+0xab9/0xd20
[   76.187811][ T5341]  ? __pfx_do_filp_open+0x10/0x10
[   76.187840][ T5341]  ? _raw_spin_unlock+0x28/0x50
[   76.187855][ T5341]  ? alloc_fd+0x64c/0x6c0
[   76.187877][ T5341]  do_sys_openat2+0x121/0x1c0
[   76.187896][ T5341]  ? __pfx_do_sys_openat2+0x10/0x10
[   76.187918][ T5341]  ? rcu_is_watching+0x15/0xb0
[   76.187935][ T5341]  __x64_sys_creat+0x8f/0xc0
[   76.187949][ T5341]  do_syscall_64+0xfa/0x3b0
[   76.187961][ T5341]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.187973][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.187984][ T5341]  ? clear_bhb_loop+0x60/0xb0
[   76.187999][ T5341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.188011][ T5341] RIP: 0033:0x7f5c2b38e9a9
[   76.188023][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.188032][ T5341] RSP: 002b:00007f5c2c1a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   76.188046][ T5341] RAX: ffffffffffffffda RBX: 00007f5c2b5b5fa0 RCX: 00007f5c2b38e9a9
[   76.188054][ T5341] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[   76.188062][ T5341] RBP: 00007f5c2b410d69 R08: 0000000000000000 R09: 0000000000000000
[   76.188069][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.188075][ T5341] R13: 0000000000000000 R14: 00007f5c2b5b5fa0 R15: 00007ffe4158ccc8
[   76.188095][ T5341]  </TASK>
[   76.359399][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   76.362298][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   76.411468][ T5341] getblk(): invalid block size 512 requested
[   76.417686][ T5341] logical block size: 2048
[   76.421644][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[   76.421665][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.421672][ T5341] Call Trace:
[   76.421678][ T5341]  <TASK>
[   76.421685][ T5341]  dump_stack_lvl+0x189/0x250
[   76.421708][ T5341]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.421723][ T5341]  ? __pfx__printk+0x10/0x10
[   76.421753][ T5341]  ? fs_reclaim_acquire+0x7d/0x100
[   76.421776][ T5341]  bdev_getblk+0x5b0/0x690
[   76.421797][ T5341]  ? udf_get_pblock_spar15+0x2d0/0x420
[   76.421820][ T5341]  udf_setup_indirect_aext+0x190/0x800
[   76.421848][ T5341]  udf_free_blocks+0x13f2/0x17f0
[   76.421871][ T5341]  ? reacquire_held_locks+0x127/0x1d0
[   76.421884][ T5341]  ? __mark_inode_dirty+0x4a6/0xdf0
[   76.421906][ T5341]  ? __pfx_udf_free_blocks+0x10/0x10
[   76.421925][ T5341]  ? __mark_inode_dirty+0x3ab/0xdf0
[   76.421944][ T5341]  ? rcu_is_watching+0x15/0xb0
[   76.421959][ T5341]  ? __mark_inode_dirty+0x3ab/0xdf0
[   76.421979][ T5341]  extent_trunc+0x35c/0x450
[   76.421997][ T5341]  ? __pfx_extent_trunc+0x10/0x10
[   76.422010][ T5341]  ? udf_current_aext+0x51f/0xad0
[   76.422030][ T5341]  udf_truncate_extents+0x5b0/0xec0
[   76.422055][ T5341]  ? __pfx_udf_truncate_extents+0x10/0x10
[   76.422080][ T5341]  ? do_raw_spin_unlock+0x4d/0x240
[   76.422100][ T5341]  udf_setsize+0x972/0x1000
[   76.422123][ T5341]  ? __pfx_udf_setsize+0x10/0x10
[   76.422135][ T5341]  ? down_write+0x162/0x1f0
[   76.422150][ T5341]  ? __pfx_down_write+0x10/0x10
[   76.422165][ T5341]  ? __pfx_current_time+0x10/0x10
[   76.422186][ T5341]  udf_setattr+0x3a1/0x5a0
[   76.422200][ T5341]  ? __pfx_udf_setattr+0x10/0x10
[   76.422215][ T5341]  notify_change+0xb36/0xe40
[   76.422236][ T5341]  do_truncate+0x1a4/0x220
[   76.422251][ T5341]  ? __pfx_do_truncate+0x10/0x10
[   76.422263][ T5341]  ? apparmor_file_truncate+0x23e/0x2d0
[   76.422292][ T5341]  path_openat+0x306c/0x3830
[   76.422303][ T5341]  ? arch_stack_walk+0xfc/0x150
[   76.422341][ T5341]  ? __pfx_path_openat+0x10/0x10
[   76.422352][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.422374][ T5341]  do_filp_open+0x1fa/0x410
[   76.422385][ T5341]  ? __lock_acquire+0xab9/0xd20
[   76.422399][ T5341]  ? __pfx_do_filp_open+0x10/0x10
[   76.422427][ T5341]  ? _raw_spin_unlock+0x28/0x50
[   76.422442][ T5341]  ? alloc_fd+0x64c/0x6c0
[   76.422465][ T5341]  do_sys_openat2+0x121/0x1c0
[   76.422484][ T5341]  ? __pfx_do_sys_openat2+0x10/0x10
[   76.422506][ T5341]  ? rcu_is_watching+0x15/0xb0
[   76.422523][ T5341]  __x64_sys_creat+0x8f/0xc0
[   76.422537][ T5341]  do_syscall_64+0xfa/0x3b0
[   76.422549][ T5341]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.422648][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.422666][ T5341]  ? clear_bhb_loop+0x60/0xb0
[   76.422715][ T5341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.422728][ T5341] RIP: 0033:0x7f5c2b38e9a9
[   76.422744][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.422755][ T5341] RSP: 002b:00007f5c2c1a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   76.422769][ T5341] RAX: ffffffffffffffda RBX: 00007f5c2b5b5fa0 RCX: 00007f5c2b38e9a9
[   76.422779][ T5341] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[   76.422786][ T5341] RBP: 00007f5c2b410d69 R08: 0000000000000000 R09: 0000000000000000
[   76.422794][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.422800][ T5341] R13: 0000000000000000 R14: 00007f5c2b5b5fa0 R15: 00007ffe4158ccc8
[   76.422820][ T5341]  </TASK>
[   76.584200][ T5341] ==================================================================
[   76.587742][ T5341] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x69d/0x7b0
[   76.590993][ T5341] Write of size 4 at addr ffff888000353dd8 by task syz.0.0/5341
[   76.594108][ T5341] 
[   76.595140][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[   76.595157][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.595164][ T5341] Call Trace:
[   76.595171][ T5341]  <TASK>
[   76.595177][ T5341]  dump_stack_lvl+0x189/0x250
[   76.595193][ T5341]  ? __virt_addr_valid+0x1c8/0x5c0
[   76.595208][ T5341]  ? rcu_is_watching+0x15/0xb0
[   76.595221][ T5341]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.595234][ T5341]  ? rcu_is_watching+0x15/0xb0
[   76.595246][ T5341]  ? lock_release+0x4b/0x3e0
[   76.595256][ T5341]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[   76.595271][ T5341]  ? __virt_addr_valid+0x1c8/0x5c0
[   76.595284][ T5341]  ? __virt_addr_valid+0x4a5/0x5c0
[   76.595297][ T5341]  print_report+0xca/0x230
[   76.595308][ T5341]  ? udf_write_aext+0x69d/0x7b0
[   76.595321][ T5341]  kasan_report+0x118/0x150
[   76.595334][ T5341]  ? udf_write_aext+0x69d/0x7b0
[   76.595347][ T5341]  udf_write_aext+0x69d/0x7b0
[   76.595361][ T5341]  __udf_add_aext+0x2b9/0x6d0
[   76.595385][ T5341]  udf_free_blocks+0x1466/0x17f0
[   76.595400][ T5341]  ? reacquire_held_locks+0x127/0x1d0
[   76.595411][ T5341]  ? __mark_inode_dirty+0x4a6/0xdf0
[   76.595430][ T5341]  ? __pfx_udf_free_blocks+0x10/0x10
[   76.595442][ T5341]  ? __mark_inode_dirty+0x3ab/0xdf0
[   76.595457][ T5341]  ? rcu_is_watching+0x15/0xb0
[   76.595467][ T5341]  ? __mark_inode_dirty+0x3ab/0xdf0
[   76.595481][ T5341]  extent_trunc+0x35c/0x450
[   76.595492][ T5341]  ? __pfx_extent_trunc+0x10/0x10
[   76.595502][ T5341]  ? udf_current_aext+0x51f/0xad0
[   76.595515][ T5341]  udf_truncate_extents+0x5b0/0xec0
[   76.595528][ T5341]  ? __pfx_udf_truncate_extents+0x10/0x10
[   76.595542][ T5341]  ? do_raw_spin_unlock+0x4d/0x240
[   76.595555][ T5341]  udf_setsize+0x972/0x1000
[   76.595569][ T5341]  ? __pfx_udf_setsize+0x10/0x10
[   76.595580][ T5341]  ? down_write+0x162/0x1f0
[   76.595590][ T5341]  ? __pfx_down_write+0x10/0x10
[   76.595601][ T5341]  ? __pfx_current_time+0x10/0x10
[   76.595616][ T5341]  udf_setattr+0x3a1/0x5a0
[   76.595626][ T5341]  ? __pfx_udf_setattr+0x10/0x10
[   76.595637][ T5341]  notify_change+0xb36/0xe40
[   76.595648][ T5341]  do_truncate+0x1a4/0x220
[   76.595660][ T5341]  ? __pfx_do_truncate+0x10/0x10
[   76.595670][ T5341]  ? apparmor_file_truncate+0x23e/0x2d0
[   76.595688][ T5341]  path_openat+0x306c/0x3830
[   76.595698][ T5341]  ? arch_stack_walk+0xfc/0x150
[   76.595724][ T5341]  ? __pfx_path_openat+0x10/0x10
[   76.595734][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.595749][ T5341]  do_filp_open+0x1fa/0x410
[   76.595758][ T5341]  ? __lock_acquire+0xab9/0xd20
[   76.595769][ T5341]  ? __pfx_do_filp_open+0x10/0x10
[   76.595783][ T5341]  ? _raw_spin_unlock+0x28/0x50
[   76.595795][ T5341]  ? alloc_fd+0x64c/0x6c0
[   76.595808][ T5341]  do_sys_openat2+0x121/0x1c0
[   76.595823][ T5341]  ? __pfx_do_sys_openat2+0x10/0x10
[   76.595837][ T5341]  ? rcu_is_watching+0x15/0xb0
[   76.595848][ T5341]  __x64_sys_creat+0x8f/0xc0
[   76.595857][ T5341]  do_syscall_64+0xfa/0x3b0
[   76.595869][ T5341]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.595879][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.595888][ T5341]  ? clear_bhb_loop+0x60/0xb0
[   76.595900][ T5341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.595910][ T5341] RIP: 0033:0x7f5c2b38e9a9
[   76.595920][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.595928][ T5341] RSP: 002b:00007f5c2c1a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   76.595941][ T5341] RAX: ffffffffffffffda RBX: 00007f5c2b5b5fa0 RCX: 00007f5c2b38e9a9
[   76.595950][ T5341] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[   76.595957][ T5341] RBP: 00007f5c2b410d69 R08: 0000000000000000 R09: 0000000000000000
[   76.595963][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.595969][ T5341] R13: 0000000000000000 R14: 00007f5c2b5b5fa0 R15: 00007ffe4158ccc8
[   76.595978][ T5341]  </TASK>
[   76.595982][ T5341] 
[   76.759670][ T5341] Allocated by task 5341:
[   76.761507][ T5341]  kasan_save_track+0x3e/0x80
[   76.763450][ T5341]  __kasan_kmalloc+0x93/0xb0
[   76.765336][ T5341]  __kmalloc_noprof+0x27a/0x4f0
[   76.767446][ T5341]  __udf_iget+0xc66/0x3ae0
[   76.769421][ T5341]  udf_fill_partdesc_info+0x773/0x1310
[   76.771758][ T5341]  udf_process_sequence+0x1133/0x4840
[   76.774106][ T5341]  udf_check_anchor_block+0x28e/0x550
[   76.776263][ T5341]  udf_load_vrs+0x96d/0xf20
[   76.778366][ T5341]  udf_fill_super+0x5ad/0x17a0
[   76.780665][ T5341]  get_tree_bdev_flags+0x40b/0x4d0
[   76.783048][ T5341]  vfs_get_tree+0x92/0x2b0
[   76.784972][ T5341]  do_new_mount+0x24a/0xa40
[   76.786790][ T5341]  __se_sys_mount+0x317/0x410
[   76.788590][ T5341]  do_syscall_64+0xfa/0x3b0
[   76.790247][ T5341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.792734][ T5341] 
[   76.793808][ T5341] The buggy address belongs to the object at ffff888000353c00
[   76.793808][ T5341]  which belongs to the cache kmalloc-512 of size 512
[   76.799483][ T5341] The buggy address is located 0 bytes to the right of
[   76.799483][ T5341]  allocated 472-byte region [ffff888000353c00, ffff888000353dd8)
[   76.805433][ T5341] 
[   76.806459][ T5341] The buggy address belongs to the physical page:
[   76.809063][ T5341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x352
[   76.812942][ T5341] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   76.816355][ T5341] flags: 0x7ff00000000040(head|node=0|zone=0|lastcpupid=0x7ff)
[   76.819327][ T5341] page_type: f5(slab)
[   76.821027][ T5341] raw: 007ff00000000040 ffff88801a441c80 dead000000000122 0000000000000000
[   76.824618][ T5341] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[   76.828185][ T5341] head: 007ff00000000040 ffff88801a441c80 dead000000000122 0000000000000000
[   76.831837][ T5341] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[   76.835326][ T5341] head: 007ff00000000001 ffffea000000d481 00000000ffffffff 00000000ffffffff
[   76.838784][ T5341] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   76.842346][ T5341] page dumped because: kasan: bad access detected
[   76.845010][ T5341] page_owner tracks the page as allocated
[   76.847418][ T5341] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5341, tgid 5340 (syz.0.0), ts 75323459267, free_ts 26121397878
[   76.855600][ T5341]  post_alloc_hook+0x240/0x2a0
[   76.857499][ T5341]  get_page_from_freelist+0x21e4/0x22c0
[   76.859776][ T5341]  __alloc_pages_slowpath+0x2fe/0xce0
[   76.862097][ T5341]  __alloc_frozen_pages_noprof+0x319/0x370
[   76.864472][ T5341]  allocate_slab+0x65/0x3b0
[   76.866383][ T5341]  ___slab_alloc+0xbfc/0x1480
[   76.868444][ T5341]  __kmalloc_node_noprof+0x2fd/0x4e0
[   76.870679][ T5341]  alloc_slab_obj_exts+0x39/0xa0
[   76.873015][ T5341]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[   76.875675][ T5341]  kmem_cache_alloc_noprof+0x2bf/0x3c0
[   76.877988][ T5341]  __anon_vma_prepare+0xcb/0x4a0
[   76.880086][ T5341]  __handle_mm_fault+0x4d02/0x5620
[   76.882223][ T5341]  handle_mm_fault+0x40a/0x8e0
[   76.884375][ T5341]  do_user_addr_fault+0xa81/0x1390
[   76.886626][ T5341]  exc_page_fault+0x76/0xf0
[   76.888638][ T5341]  asm_exc_page_fault+0x26/0x30
[   76.890838][ T5341] page last free pid 4717 tgid 4717 stack trace:
[   76.893594][ T5341]  __free_frozen_pages+0xc71/0xe70
[   76.895964][ T5341]  __slab_free+0x326/0x400
[   76.897980][ T5341]  qlist_free_all+0x97/0x140
[   76.900024][ T5341]  kasan_quarantine_reduce+0x148/0x160
[   76.902268][ T5341]  __kasan_slab_alloc+0x22/0x80
[   76.904306][ T5341]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[   76.906420][ T5341]  getname_flags+0xb8/0x540
[   76.908281][ T5341]  vfs_fstatat+0x43/0x170
[   76.910007][ T5341]  __x64_sys_newfstatat+0x116/0x190
[   76.912052][ T5341]  do_syscall_64+0xfa/0x3b0
[   76.913929][ T5341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.916406][ T5341] 
[   76.917341][ T5341] Memory state around the buggy address:
[   76.919698][ T5341]  ffff888000353c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.923326][ T5341]  ffff888000353d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.926847][ T5341] >ffff888000353d80: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   76.930235][ T5341]                                                     ^
[   76.933039][ T5341]  ffff888000353e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.936496][ T5341]  ffff888000353e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.939802][ T5341] ==================================================================
[   77.010607][ T5341] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   77.013802][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[   77.018385][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.022888][ T5341] Call Trace:
[   77.024355][ T5341]  <TASK>
[   77.025628][ T5341]  dump_stack_lvl+0x99/0x250
[   77.027577][ T5341]  ? __asan_memcpy+0x40/0x70
[   77.029515][ T5341]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.031670][ T5341]  ? __pfx__printk+0x10/0x10
[   77.033646][ T5341]  panic+0x2db/0x790
[   77.035323][ T5341]  ? __pfx_preempt_schedule+0x10/0x10
[   77.037526][ T5341]  ? __pfx_panic+0x10/0x10
[   77.039316][ T5341]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   77.041763][ T5341]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   77.044359][ T5341]  ? udf_write_aext+0x69d/0x7b0
[   77.046458][ T5341]  check_panic_on_warn+0x89/0xb0
[   77.049017][ T5341]  ? udf_write_aext+0x69d/0x7b0
[   77.051385][ T5341]  end_report+0x78/0x160
[   77.053341][ T5341]  kasan_report+0x129/0x150
[   77.055239][ T5341]  ? udf_write_aext+0x69d/0x7b0
[   77.057230][ T5341]  udf_write_aext+0x69d/0x7b0
[   77.059144][ T5341]  __udf_add_aext+0x2b9/0x6d0
[   77.061074][ T5341]  udf_free_blocks+0x1466/0x17f0
[   77.063151][ T5341]  ? reacquire_held_locks+0x127/0x1d0
[   77.065374][ T5341]  ? __mark_inode_dirty+0x4a6/0xdf0
[   77.067777][ T5341]  ? __pfx_udf_free_blocks+0x10/0x10
[   77.070139][ T5341]  ? __mark_inode_dirty+0x3ab/0xdf0
[   77.072456][ T5341]  ? rcu_is_watching+0x15/0xb0
[   77.074620][ T5341]  ? __mark_inode_dirty+0x3ab/0xdf0
[   77.077191][ T5341]  extent_trunc+0x35c/0x450
[   77.079293][ T5341]  ? __pfx_extent_trunc+0x10/0x10
[   77.081291][ T5341]  ? udf_current_aext+0x51f/0xad0
[   77.083347][ T5341]  udf_truncate_extents+0x5b0/0xec0
[   77.085496][ T5341]  ? __pfx_udf_truncate_extents+0x10/0x10
[   77.087864][ T5341]  ? do_raw_spin_unlock+0x4d/0x240
[   77.090107][ T5341]  udf_setsize+0x972/0x1000
[   77.092197][ T5341]  ? __pfx_udf_setsize+0x10/0x10
[   77.094602][ T5341]  ? down_write+0x162/0x1f0
[   77.096776][ T5341]  ? __pfx_down_write+0x10/0x10
[   77.098814][ T5341]  ? __pfx_current_time+0x10/0x10
[   77.100943][ T5341]  udf_setattr+0x3a1/0x5a0
[   77.102699][ T5341]  ? __pfx_udf_setattr+0x10/0x10
[   77.105279][ T5341]  notify_change+0xb36/0xe40
[   77.107249][ T5341]  do_truncate+0x1a4/0x220
[   77.109220][ T5341]  ? __pfx_do_truncate+0x10/0x10
[   77.111475][ T5341]  ? apparmor_file_truncate+0x23e/0x2d0
[   77.114208][ T5341]  path_openat+0x306c/0x3830
[   77.116245][ T5341]  ? arch_stack_walk+0xfc/0x150
[   77.118286][ T5341]  ? __pfx_path_openat+0x10/0x10
[   77.120387][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.122837][ T5341]  do_filp_open+0x1fa/0x410
[   77.124897][ T5341]  ? __lock_acquire+0xab9/0xd20
[   77.127118][ T5341]  ? __pfx_do_filp_open+0x10/0x10
[   77.129336][ T5341]  ? _raw_spin_unlock+0x28/0x50
[   77.131542][ T5341]  ? alloc_fd+0x64c/0x6c0
[   77.133518][ T5341]  do_sys_openat2+0x121/0x1c0
[   77.135582][ T5341]  ? __pfx_do_sys_openat2+0x10/0x10
[   77.137934][ T5341]  ? rcu_is_watching+0x15/0xb0
[   77.140074][ T5341]  __x64_sys_creat+0x8f/0xc0
[   77.142276][ T5341]  do_syscall_64+0xfa/0x3b0
[   77.144426][ T5341]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.146691][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.149550][ T5341]  ? clear_bhb_loop+0x60/0xb0
[   77.151813][ T5341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.154655][ T5341] RIP: 0033:0x7f5c2b38e9a9
[   77.156890][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.165036][ T5341] RSP: 002b:00007f5c2c1a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   77.168620][ T5341] RAX: ffffffffffffffda RBX: 00007f5c2b5b5fa0 RCX: 00007f5c2b38e9a9
[   77.172186][ T5341] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[   77.175864][ T5341] RBP: 00007f5c2b410d69 R08: 0000000000000000 R09: 0000000000000000
[   77.179534][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.183145][ T5341] R13: 0000000000000000 R14: 00007f5c2b5b5fa0 R15: 00007ffe4158ccc8
[   77.186592][ T5341]  </TASK>
[   77.188338][ T5341] Kernel Offset: disabled
[   77.190303][ T5341] Rebooting in 86400 seconds..