program: r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x20800, 0x0, 0xffffffffffffffff}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x70000d50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x60}, 0x50) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xfffffffe}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x88}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_mount_image$udf(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x1000882, &(0x7f0000000180)=ANY=[@ANYRESDEC=r1, @ANYRES64=0x0, @ANYRESHEX=0x0, @ANYRESHEX=0x0, @ANYRES32, @ANYRES8=r2, @ANYRESHEX=0x0, @ANYRESDEC, @ANYRES32=r0], 0x0, 0xc36, &(0x7f0000001cc0)="$eJzs3U9sHNd9B/DfGy5F0m4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkN22YXnroIUBR9JATgdYokKKB0RRFj2zrAsnFh8KnnogWNoKiB7YIkFOwxcy+FVf/LMkkJcr+fGzqOzv73sx7M+MZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+8cvb48+lhtwIAeJDOT3/1+AnPfwD4RLng//8BAAAAAAAAAAAAAOCgS1HEE5Fi+fx2mq0+dw2fay9evTYzMXn7aiOpqjlQlS9/hp8/cfLUl14YP93LD6+/156K16YvnK2/vHRleaW1utqar88stueW5lv3vIXd1r/ZWHUA6ldevzp/6dJq/cRzJ2/4+troB0OPHxk9M/7Msad7ZWcmJien+8rUBj/y3m9xpxEeh6KIY5Hi2e//ODUjoojdH4u7XDv7baTqxFjViZmJyaojC+3m4lr55VTvQBQR9b5Kjd4xegDnYlcaEetl88sGj5Xdm15urjQvLrTqU82VtfZae2lxKnVbW/anHkWcThEbEbE1dOvmBqOIWqT47uHtdDEiBnrH4YvVwOA7t6PYxz7eg7Kd9cGIjeIROGcH2FAU8Wqk+Mk7RcyVxyz/xBciXi3zHyPeKvOliFReGKci3q+uo5GH3HL2Qi2K+LPy/J/ZTvPV/aB3Xzn3tfpXFi8t9ZXt3Vce+efDg3TA703DUUSzuuNvp4/+mx0AAAAAAAAAAAAAAAAA9tpIFPFUpHjl3/+gGlcc1bj0w2fGf3f05/vHjD95l+2UZZ+LiPXi3sbkHspDiKfSVEoPeSzxJ9lwFPFHefzftx92YwAAAAAAAAAAAAAAAAAAAD7RingvUrz47tG0Ef1zircXL9cvNC8udGeF7c3925szvdPpdOqpm42csznXc27k3My5lTOKXD9nI+dszvWcGzk3c27ljIFcP2cj52zO9ZwbOTdzbuWMWq6fs5FzNud6zo2cmzm3csYBmbsXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODjpIgifhYpvvON7RQpIhoRs9HNzaFeGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYRpKRfwgUtR/r3F9XS0iUvVv19Hyl1PROFTmp6MxXuZL0Tibs1llrfHth9B+dmcwFfGjSDE0/Pb1E57P/2D30/XLIN765s6nX6p1c6D35egHQ48fOXxmfPJXnrzTcrpdA8bOtRevXqvPTExOTvetruW9f7pv3Wjeb7E3XSciVt948/XmwkJrxcInY6HWXajFnm55JGJvN7h3C7XuQr5fxUNvzx0WGgejGTsLUd37b3vP5mOjfP6/Hyl+893/6D3we8//n+t+uv6Ej5/+8c7z/8WbN7RPz/8n+ta9mH83MliLGF67sjx4JGJ49Y03j7WvNC+3LrcWTx0//uXx8S+fPD54KGL4Unuh1be060MFAAAAAAAAAAAAAAAA8GClIn47UjR/tJ3qEXGtGq81emb8mWNPD8RANd7qhnFbr01fOFt/eenK8kprdbU1X59ZbM8tzbfudXfD1XCvmYnJfenMXY3sc/tHhl9eWn5jpX3599du+/1jw2cvrq6tNOdu/3WMRBHR6F8zVjV4ZmKyavRCu7lYVZ3ao4GZg6mI/4wUc6fq6fN5XR7/V8Z7g31l+8f/r/etr5b3afzfp27aT0pF/DRS/MafPxmfr9r5WNxyzHK5v44UY6c/l8vFobJcrw3d9wp0RwaWZf83Uvz9z24s2+v7Eztln7+/o3vwlef/cKT4wZ9+L341r7vx/Q874z/7z/9jN29on87/Z/rWPXbD+wp23XXy+T8WKV564u34tbzuw97/UUSn0/lWxNFc+Pr7Ofbp/H+2b91odPf763vXfQAAAAAAAAAAgEfWYCribyLF05O19EJedy9//2/+5g3t09//+sW+dfMPaL6iXR9UAAAAADggBlMR70WKy2tvXx9D3Tf++8bxn7+1M/f6RLrp2+rP+X6hem/AXv75X7/RvN/Z3XcbAAAAAAAAAAAAAAAAAAAADpSUinghz6c+e5f51DcjxSv//Wwul46U5XrzwI9Wvw6fX1o8dnZhYWmuuda8uNCqTy8351pl3c9Eiu2/+lyuW1Tzq/fmm+/O8T7c6c3FvhIpJv+2V7Y7F3tvbvLufODdudjLsp+KFP/1dzeW7c1j/dmdsifKsn8ZKb7+T7cve2Sn7Mmy7PcixQ+/Xu+Vfaws23s/avedpMO1WGg9N7e0cMurUAEAAAAAAAAAAAAAAAAAAOB+DaYi/iRS/M+VjVjPw/7z/P+9GfhrvbJvfbNvvv+bXKvm+R+t5v+/0/JHmf9/dM96CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj44URbwZKZbPb6fNofJz1/C59uLVazMTk7evNpKqmgNV+fJn+PkTJ0996YXx07388Pp77al4bfrC2frLS1eWV1qrq635+sxie25pvnXPW9ht/Z1D1zVWHYD6ldevzl+6tFo/8dzJG76+NvrB0ONHRs+MP3Ps6V7ZmYnJyem+MrXB+9j7fTVux6Eo4i8ixbPf/3H656GIInZ/LO5y7ey3kaoTY1UnZiYmq44stJuLa+WXU70DUUTU+yo1esfoAZyLXWlErJfNLxs8VnZverm50ry40KpPNVfW2mvtpcWp1G1t2Z96FHE6RWxExNbQrZsbjCJejxTfPbyd/mUoYqB3HL54fvqrx0/cuR3FXnWo85Fqle2sD0ZsFI/AOTvAhqKIf4gUP3nnaPzrUEQtuj/xhYhX+wu+FJHKC+NUxPu3uY54NNWiiP8rz/+Z7fTOUHk/6N1Xzn2t/pXFS0t9ZXv3lYP0fOjc/7U4sge7vXcH/N40HEX8sLrjb6d/8981AAAAAAAAAAAAAAAAwAFSxC9HihffPZqq8cHXxxS3Fy/XLzQvLnSH9fXG/tUj/rDMTqfTqaduNnLO5lzPuZFzM+dWzihy/ZyNnLM513Nu5NzMuZUzBnL9nI2csznXc27k3My5lTNqVXQ6nW9169dy/ZzrOTdqEUVZP3/eyhkHZOweAAAAAAAAAAAAAAAAAADw8VJU/6T4zje2UzWXaiNiNrq5aT7Qj73/DwAA///ofv/D") mkdirat(0xffffffffffffff9c, 0x0, 0x0) chdir(0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) socket$inet6_udp(0xa, 0x2, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) r5 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) r6 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) dup3(r6, r5, 0x0) io_setup(0x6, &(0x7f0000000240)=0x0) io_submit(r7, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x4, 0x0, 0x0, r5, &(0x7f0000000000), 0x200a00}]) syz_mount_image$jfs(&(0x7f0000005e00), &(0x7f0000005e40)='./file0\x00', 0x8000, &(0x7f0000005e80), 0x1, 0x5ea6, &(0x7f0000005ec0)="$eJzs3ctvHVcdB/DfffqRNrW6qEqEkJuWRynNs4RAgbYLWLBhgbJFiVy3ikgBJQGlVURcecOCPwKExBIhlqz4A7pgy449REqQQF0xaOxzkvHkOtep4zvXPp+P5Mz85sz4nsn3Pj0z9wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/4/o/O9iLi8i/TgpWIZ2IQ0Y9YquvViFhaXcnrDyPixdhqjhciYrQQUW+/9c9zEW9ExCfHI+7dv71WLz63x358709///2Pj/3wb38cnf7vn28O3txtvVu3fvOfv9zZ3z4DAABAaaqqqnrpY/6J9Pm+33WnAICZyK//VZKXq9VqtVqtPnp1UzXZnWYRERvNber3DA7HA8AhsxGfdt0FOiT/og0j4ljXnQDmWq/rDnAg7t2/vdZL+faarwer2+35XJAd+W/0Hlzfsdt0mvY5JrO6f23GIJ7fpT9LM+rDPMn599v5X95uH6f1Djr/Wdkt//H2pU/FyfkP2vm3HJ38+xPzL1XOf/hE+Q/kDwAAAAAAcyz//X+l4+O/C/vflT153PHf1Rn1AQAAAAAAAACetv2O//eA8f8AAABgbtWf1Wu/Pf5w2W7fxVYvv9SLeLa1PlCYdLHMctf9AAAAAAAAAAAAAICSDLfP4b3UixhFxLPLy1VV1T9N7fpJ7Xf7w670/YeSdf0kDwAA2z453rqWvxexGBGX0nf9jZaXl6tqcWm5Wq6WFvL72fHCYrXU+Fybp/WyhfEe3hAPx1X9yxYb2zVN+7w8rb39++rbGleDPXRsNjoMHAAiYvvV6J5XpCOmqp6Lrt/lcDh4/B89Hv/sRdf3UwAAAODgVVVV9dLXeZ9Ix/z7XXcKAJiJ/PrfPi6gVqvVB1SP8+I56Y9aXVTdVE12p1lExEZzm/o9g+H4AeCQ2YhPu+4CHZJ/0YYR8WLXnQDmWq/rDnAg7t2/vdZL+faarwdpfPd8LsiO/Dd6W9vl7SdNp2mfYzKr+9dmDOL5Xfrzwoz6ME9y/v12/pe32/Mf6A86/1nZLf96P1c66E/Xcv6Ddv4tRyf//sT8S5XzHz5R/gP5AwAAAADAHMt//19x/DfvMgAAAAAAAAAcOvfu317L173m4/+fn7Ce6z+Pppx/T/5Fyvn3W/l/pbXeoDF/952H+f/7/u21P9z81+fydK/5L+SZXrpn9dI9opduqTdM0/3s3aM2R4NxfUujXn8wTOf8VKP34mpci/U4s2Pdfvr/eNh+dkd73dPRjvZzO9qHj7Sf39E+St87UC3l9lOxFj+La/HuVnvdtjBl/xentFdT2nP+A4//IuX8h42fOv/l1N5rTWt3P+4/8rhvTifdzttXv/DrMwe/O1NtxuDBvjXV+3eyg/5s/Z8cG8cvbqxfP3Xrys2b189GmuxYei7S5CnL+Y/Sz4Pn/5e32/PzfvPxevfj8RPnPy82Y7hr/i835uv9fXXGfetCzn+cfnL+76b2yY//w5z/7o//1zroDwAAAAAAAAAAAAAAADxOVVVbl4i+HREX0vU/XV2bCQDMVn79r5K8XK1Wq9Vq9dGrm6rJ3moWEfHX5jb1e4ZfTfplAMA8+19E/KPrTtAZ+Rcsf99fPX2l684AM3Xjw49+cuXatfXrN7ruCQAAAAAAAADwWeXxP1cb4z+/EhErrfV2jP/6Tqzud/zPYZ55MMDoUx7oexeb/fGg3xhu/KV4/PjfJ+Px438Pp9zeaEr7eEr7wpT2xSntEy/0aMj5v9QY77zO/0Rr+PUSxn9tj3lfgpz/ycb9uc7/y631mvlXvzvM+fd35H/65gc/P33jw49ev/rBlffX31//6fmzZ8+cv3Dh4sWLp9+7em39zPa/Hfb4YOX889jXzgMtS84/Zy7/suT8v5hq+Zcl5/+lVMu/LDn//H5P/mXJ+efPPvIvS87/1VTLvyw5/6+mWv5lyfm/lmr5lyXn/7VUy78sOf/XUy3/suT8T6Va/mXJ+Z9OtfzLkvPPR7jkX5acfz6zQf5lyfmfS7X8y5LzP59q+Zcl5/9GquVflpz/11Mt/7Lk/C+kWv5lyfl/I9XyL0vO/2Kq5V+WnP83Uy3/suT8v5Vq+Zcl5/9mquVflpz/t1Mt/7Lk/L+TavmXJef/3VTLvyw5/7dSLf+yPPz+fzMHOvPPZyLmoBuHbWYp5qIbBc50/cwEAAAAAAAAAAAAALTN4nTirvcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/swMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7N1bjFz1fQfwM+tde21uTiDUUEPWxjHGLOz6gi9pXRxCCIWkKbc09ILtetdmE9/wrhugSHZE0iLFUaMqVXlpm0So5aWKVeUhrWjEQ9WqT6V9SF+qVJXygCoSQaRKbdWy0Zz5//87Mzs7Z43HZuacz0fCP+/MmTlnzvxndr9rvrsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAsw0fH81nLf6xNsuurv999dja/LKPvr/HBwAAAFy6/8//fPu6dMH+ZdyoaZt/uPWfvjs/Pz+ffW7FH418Y34+XTGWZSOrsiy/LrrwH0/WmrcJXsxGa0NNHw8V7H5FwfXDBdePFFy/suD6VQXXjxZcv+gELLK68f2Y/M425X9d2zil2Q3ZSH7dpg63erG2amgofi8nV8tvMz9yJJvJjmXT2WTL9o1ta/n2r22o7+vBLO5rqGlf6+sr5J0XDsdjqIVzvKllXwv3Gf34Y9nYT9954fCfz711U6dZeBpa7q9xnFs21o/zy+GSxrHWslXpnMTjHGo6zvUdnpMVLcdZy29X/3v7cb69zONcsXCYV1T7cz6aDeV/fyM/T8PN39ZL52l9uOy/b8uy7NzCYbdvs2hf2VC2puWSoYXnZ7SxIuv3UV9KH8yGL2qdbljGOq3PqU2t67T9NRGf/w3hdsNLHEPz0/TjL61c9Lxf7DqN6o96qddK+xrs9Wul6xp8p/hd571a/Hw21sUb+YN+qeMa3BQe/wubl16DHddOhzWYHnfTGtxYtAaHVq7Ijzk9CbX8NgtrcFvL9ivyPdXy+ebm7mtwYu74qYnZ556/a+b4oaPTR6dP7Ni2bXLHrl179uyZODJzbHqy8ed7PNv9b002lF4DG8O5i6+B29u2bV6q89/q3etwtMvrcG3btr1+HQ63P7jalfmksHhNN14bj9dP+uj5oWyJ11j+/Gy99NdhetxNr8Phptdhx88pHV6Hw8t4Hda3ObV1eV+zDDf91+kYLtfngrVNa7D965H2Ndjrr0f6ZQ2OhnXxb1uX/lywPhzvS+MX+/XIikVrMD3c8N5TvyR9vT+6Jx+d1uXN9SuuWpmdmZ0+ffezh+bmTm/Lwrgirm9aK+3rdU3TY8oWrdehi16v+2dufenmDpevDedq9K76H6NLPlf1bXbe3f25yj+7dT6fLZduz8LosSt9Pjt9Nq+fz5Qlu5zP+jZfnrj0r8VTLm16/x1Z4v035v53G/tLd/XiipHhxut3RTo7Iy3vx61P1XD+3lXL9/32xPLej0fCf1f6/fiGLu/H69q27fX78Uj7g4vvx7Wi73ZcmvbnczSsk2OT3d+P69us236xa3K46/vxbWHWwvm/IySFlIua1s5S6zbta3h4JDyu4biH1nW6o2X7kZDN6vt6dft7W6dbbmvc14r06BZcqXU61rZtr9dper9aap3Wir779t60P5+jYV3csKP7Oq1v8/rOS3/vXB3/2vTeubJoDY6sWFk/5pG0CBvv9/Or4xq8OzucncyOZVP5tSvz9VTL9zV+z/LW4Mrw35V+r1zXZQ1uadu212swfR5bau3Vhhc/+B5ofz5Hw7p4+Z7ua7C+zf27e/u165ZwSdqm6WvX9u+vLfU9r5vbTtPl/J5X/Tj/bnf3783Wtzm252JzZvfzdGe45KoO56n99bvUa2oquzLnaV04zrf2LH2e6sdT3+Ybe5e5nvZnWXb2mfvy7/eGf1/5qzM/+G7Lv7t0+jeds8/c95Nrjvz9xRw/AIPv3cZY0/hc1/QvU8v5938AAABgIMTcPxRmIv8DAABAacTcH/+v8ET+BwAAgNKIuX84zKQi+X/d/W/NvHs2S838+SBen07DQ43tYsd1Mnw8Nr+gfvl9r0z/19+cXd6+h7Is+7+Hfrfj9useisfVMBaO88InWi9ffMOzy9r/wScWtmvur38z3H98PMtdBp0quJNZlr123dfy/Yw9eT6frz90MJ+Pnnvpxfo2b+9tfBxv/+b1je3/JJR/9x851HL7N8N5+FGYkw93Ph/xdt85f8f63Z9d2F+8XW3jtfnDfvmpxv3Gn5Pz9Rcb28fzvNTx/+1XX/1OfftnP9L5+M8OdT7+V8P9vhLm/9zS2L75Oah/HG/3lXD8cX/xdnd/+/sdj//C7ze2P/VAY7uDYcb9bwkfb3rgrZnm8/Vs7VDL48o+2dgu7n/yB3+QXx/vL95/+/GPHjjfcj7a18fr/9K4n4m27ePlcT/RX7ftv34/zesz7v/V3zvYcp6L9n/h0Tdvqd9v+/7vbNvu1DNb8/0v3F/rT2z60698reP+4vHs/8tTLY9n/yPhdRz2//JTYT2G6//3QuP+2n+6wsFHWt9/4vbfXHu25fFED/60sf8L9x7N56rR1Wuuuvqaa899uH7usuyNxxr3V7T/o392suX4v3Vj43zE62NHv33/S4n7P/3F8RMnZ8/MTDWd1fxn53yqcTzxeK8L763tHx84Off09OmxybHJLBsr74/Qe8++HeZPGuPcxd5+6xPh+bz5j19bs/mfvxov/9fHG5eff7jxeev2sN3Xw+Vrw/N3qft/ecON+eu79nrj45Yeew+s3/Sfe5a1YXj87V8XxPV+6kNP5+ehfl3+eSO+ri/x+H841bif74XzOh9+MvPGGxf217x9/NkI5x9rvN4v+fyFt7n4vP5FeL4//aPG/cfjio/3h+HrmO+va32/i+vje2eH2u8//yke58L7SXaucX3cKp7v82/f2PHw4s8hyc7dlH/8h+l+brqoh7mU2edmJ47NnDjz7MTc9OzcxOxzzx84fvLMibkD+c/yPPD5otsvvD+tyd+fpqZ37czyd6uTjXGZvd/Hf+qJw1O7JzdPTR85dObI3BOnpk8fPTw7e3h6anbzoSNHpr9YdPuZqX3btu/dsXv7+NGZqX179u7dsXd85sTJ+mE0DqrArskvjJ84fSC/yey+nXu33XPPzsnx4yenpvftnpwcP1N0+/xz03j91r8zfnr62KG5mePT47Mzz0/v27Z3167thT8N8PipI7NjE6fPnJg4Mzt9eqLxWMbm8ovrn/uKbk85zf574+vZdrXGD+LLPnPnrvTzWete+dKSd9XYpO0HiL4VfhbNP37g1J7lfBxz/0iYSUXyPwAAAFRBzP0rw0zkfwAAACiNmPtXhZnI/wAAAFAaMfePhplUJP/r/1e3/39O/z/R/9f/77R//f/BpP/fnf5/Af1//X/9f/1/eqrf+v8x96/OskrmfwAAAKiCmPvXhJnI/wAAAFAaMfdfFWYi/wMAAEBpxNx/dZhJRfK//n91+/+Z/n+i/6//32n/+v+DSf+/O/3/Avr/+v/6//r/9FS/9f9j7r8mzKQi+R8AAAAGWPj2QfG33WPuvzbMRP4HAACA0oi5/7owE/kfAAAASiPm/rVhJhXJ//r/+v/6//r/+v+d96//P5j0/7vT/y+g/6//r/+v/09P9Vv/P+b+D4SZVCT/AwAAQBXE3P/BMBP5HwAAAEoj5v7rw0zkfwAAACiNmPtvCDOpSP7X/9f/1//X/9f/77x//f/BpP/fnf5/Af1//X/9f/1/eqrf+v8x938ozKQi+R8AAACqIOb+G8NM5H8AAAAojZj7fy7MRP4HAACA0oi5f12YSUXyv/6//r/+v/6//n/n/ev/Dyb9/+70/wvo/+v/6//r/9NT/db/j7n/pjCTiuR/AAAAqIKY+28OM5H/AQAAoDRi7v/5MBP5HwAAAEoj5v71YSYVyf/6//r/+v/6//r/nfev/z+Y9P+70/8voP+v/6//r/9PT/Vb/z/m/lvCTCqS/wEAAKAKYu6/NcxE/gcAAIDSiLn/w2Em8j8AAACURsz9Y2EmFcn/+v+Xpf+ft1b0//X/29eH/r/+v/7/5af/353+fwH9f/1//X/9f3qq3/r/MfdvCDOpSP4HAACAKoi5f2OYifwPAAAApRFz/21hJvI/AAAAlEbM/ZvCTCqS//X//f5//X/9f/3/zvvX/x9M+v/d6f8X0P/X/9f/1/+np/qt/x9z/0fCTCqS/wEAAKAKYu7fHGYi/wMAAEBpxNx/e5iJ/A8AAAClEXP/ljCTiuR//X/9f/1//X/9/8771/8fTPr/3en/F9D/1//X/9f/p6f6rf8fc/8dYSYVyf8AAABQBTH3bw0zkf8BAACgNGLuvzPMRP4HAACA0oi5fzzMpCL5X/9f/1//X/9f/7/z/vX/B5P+f3f6/wX0//X/9f/1/+mpfuv/x9x/V5hJRfI/AAAAVEHM/XeHmcj/AAAAUBox90+EmavJ/wAAAFAmMfdPhplUJP/r/+v/6//r/+v/d96//v9g0v/vTv+/gP6//r/+v/4/PdVv/f+Y+7eFmVQk/wMAAEAVxNy/PcxE/gcAAIDSiLl/R5iJ/A8AAAClEXP/zjCTiuR//X/9f/1//X/9/8771/8fTPr/3en/F9D/1//X/9f/p6f6rf8fc/89YSYVyf8AAABQBTH37wozkf8BAACgNGLu3x1mIv8DAABAacTcvyfMpCL5X/9f/1//X/9f/7/z/vX/B5P+f3f6/wX0//X/9f/1/+mpfuv/x9y/N8ykIvkfAAAAqiDm/o+Gmcj/AAAAUBox9/9CmIn8DwAAAKURc/8vhplUJP/r/+v/6//r/+v/d96//v9g0v/vTv+/gP6//r/+v/4/PdVv/f+Y+/eFmVQk/wMAAEAVxNz/S2Em8j8AAACURsz994aZyP8AAABQGjH37w8zqUj+1//X/9f/1//X/++8f/3/waT/353+fwH9f/1//X/9f3qq3/r/Mfd/LMykIvkfAAAAqiDm/vvCTOR/AAAAKI2Y+z8eZiL/AwAAQGnE3H9/mElF8r/+/6X3/4f0//X/w/3o/zfo/3em/39l6P93p/9fQP9f/1//X/+fnuq3/n/M/Z8IM6lI/gcAAIAqiLn/gTAT+R8AAABKI+b+T4aZyP8AAABQGjH3PxhmUpH8r//v9//r/+v/6/933r/+/2DS/+9O/7+A/r/+v/6//j891W/9/5j7fznMpCL5HwAAAKog5v6HwkzkfwAAACiNmPsfDjOR/wEAAKA0Yu7/VJhJRfL/8vr/9+r/F9D/bz1+/f/O60P/X/9f///y0//vTv+/gP7/xLGZE7X0of6//r/+P5eo3/r/Mfd/OsykIvkfAAAAqiDm/l8JM5H/AQAAoDRi7v9MmIn8DwAAAKURc/+vhplUJP/7/f/6//r/+v/6/533r/8/mPT/uxuI/v9K/X+//38wj1//X/+fxfqt/x9z/yNhJhXJ/wAAAFAFMfc/GmYi/wMAAEBpxNz/WJiJ/A8AAAClEXP/42EmZcj/7SXaDvT/9f/1//X/9f8771//fzDp/3c3EP1/v/9f/39Aj1//X/+fxfqt/x9z/xNhJmXI/wAAAEAu5v7PhpnI/wAAAFAaMff/WpiJ/A8AAAClEXP/58JMKpL/9f/1//X/9f/1/zvvX/9/MOn/d6f/X0D/X/9f/1//n57qt/5/zP1PhplUJP8DAABAFcTc/+thJvI/AAAAlEbM/b8RZiL/AwAAQGnE3P+bYSYVyf+l7/+PdN5M/1//v/l8xf5/Og79f/1//f+Bpf/fnf5/Af1//X/9f/1/eqrf+v8x9/9WmElF8j8AAABUQcz9T4WZyP8AAABQGjH3Hwgzkf8BAACgNGLuPxhmUpH8X/r+/xL6o/+/un4k+v991P/3+/9bt1vo/8d70P/X/+9/+v/d6f8X0P/X/9f/1/+np/qt/x9z/6Ewk4rkfwAAAKiCmPt/O8xE/gcAAIDSiLn/cJiJ/A8AAAClEXP/VJhJRfK//n97//96v/9f/1//3+//z+n/Dyb9/+70/wv0tP9f0//X/9f/1/+vvH7r/8fcPx1mUpH8DwAAAFUQc/+RMBP5HwAAAEoj5v6jYSbyPwAAAJRGzP1Ph5lUJP/r/7+fv/+/Uv3/lWET/X/9f/1//f/LSv+/O/3/An7/v/6//r/+Pz3Vb/3/mPtnwkwqkv8BAACgCmLu/3yYifwPAAAApRFz/xfCTOR/AAAAKI2Y+4+FmVQk/+v/6//7/f/6//r/nfev/z+Y9P+70/8voP+v/6//r/9PT/Vb/z/m/uNhJhXJ/wAAAFAFMfefCDOR/wEAAKA0Yu4/GWYi/wMAAEBpxNx/KsykIvlf/1//X/9f/1//v/P+9f8Hk/5/d/r/BfT/9f/1//X/6al+6//H3P9MmElF8j8AAABUQcz9p8NM5H8AAAAojZj7Z8NM5H8AAAAojZj758L8GXt3sbPJdcRxeLJK5qqSC8lthJmZmZmZORNmZqYJM5O9sOSpKsv+2t2y1dacc+p5NuXdaUvf5q/RT29psv/1//p//b/+X/+//b7+f076/336/wP6f/2//l//z6lG6/9z998nbmmy/wEAAKCD3P33jVvsfwAAAFhG7v77xS32PwAAACwjd//945Ym+1//r//v1P/f85L+X/+v/1+d/n+f/v+A/l//r//X/3Oq0fr/3P0PiFua7H8AAADoIHf/A+MW+x8AAACWkbv/QXGL/Q8AAADLyN3/4Lilyf7X/+v/O/X/fv9f/6//X5/+f5/+/4D+X/+v/9f/c6rR+v/c/Q+JW5rsfwAAAOggd/9D4xb7HwAAAJaRu/9hcYv9DwAAAMvI3f/wuKXJ/tf/6//1//p//f/2+/r/Oen/9+n/D+j/9f/6f/0/pxqt/8/d/4i4pcn+BwAAgA5y9z8ybrH/AQAAYBm5+x8Vt9j/AAAAsIzc/Y+OW5rsf/2//l//r//X/2+/r/+fk/5/39T9/731//r/sb9f/6//56LR+v/c/Y+JW5rsfwAAAOggd/9j497s6uXr+UkAAADAyXL3Py5u8e//AAAAsIzc/Y+PW5rsf/2//l//r//X/2+/r/+fk/5/39T9v9//1/8P/v36f/0/F43W/+fuf0Lc0mT/AwAAQAe5+58Yt9j/AAAAsIzc/U+KW+x/AAAAWEbu/ifHLU32v/5f/6//1//r/7ff1//PSf+/T/9/QP+v/9f/6/851Wj9f+7+p8QtTfY/AAAAdJC7/6lxi/0PAAAAy8jd/7S4xf4HAACAZeTuf3rc0mT/6//1//p//b/+f/t9/f+c9P/79P8H9P/6f/2//p9Tjdb/5+5/RtzSZP8DAABAB7n7nxm32P8AAACwjNz9z4pb7H8AAABYRu7+Z8ctTfa//l//r//X/+v/t9/X/89J/79P/39A/6//1//r/znVaP1/7v7nxC1N9j8AAAB0kLv/uXGL/Q8AAADLyN3/vLjF/gcAAIBl5O5/ftzSZP/r//X/+n/9v/5/+339/5z0//v0/wf0//p//b/+n1ON1v/n7n9B3NJk/wMAAEAHuftfGLfY/wAAALCM3P0vilvsfwAAAFhG7v4Xxy1N9r/+X/+v/9f/6/+339f/z0n/v0//f0D/r//X/+v/OdVo/X/u/pfELU32PwAAAHSQu/+lcYv9DwAAAMvI3f+yuMX+BwAAgGXk7n953NJk/+v/9f/6f/2//n/7ff3/nPT/+/T/B/T/+n/9v/6fU43W/+fuf0Xc0mT/AwAAQAe5+18Zt9j/AAAAsIzc/a+KW+x/AAAAWEbu/lfHLU32v/5f/6//1//r/7ff1//PSf+/T/9/QP+v/9f/6/851Wj9f+7+18QtTfY/AAAAdJC7/7Vxi/0PAAAAy8jd/7q4xf4HAACAZeTuf33c0mT/6//1//p//b/+f/t9/f+c9P/79P8H9P/6f/2//p9Tjdb/5+5/Q9zSZP8DAABAB7n73xi32P8AAACwjNz9b4pb7H8AAABYRu7+N8ctTfa//l//r//X/+v/t9/X/89J/79P/39A/6//1//r/znVaP1/7v63xC1N9j8AAAB0kLv/rXGL/Q8AAADLyN3/trjF/gcAAIBl5O5/e9zSZP/r//X/+n/9v/5/+339/xzudps/QP3/Pv3/Af2//l//r//nVKP1/7n73xG3NNn/AAAA0EHu/nfGLfY/AAAALCN3/7viFvsfAAAAlpG7/91xS5P9r//X/+v/9f/6/+339f9z0v/v0/8f0P/r//X/+n9ONVr/n7v/PXFLk/0PAAAAHeTuf2/cYv8DAADAMnL3vy9usf8BAABgGbn73x+3NNn/+n/9v/5f/6//335f/z8n/f8+/f8B/b/+X/+v/+dUo/X/ufs/ELc02f8AAADQQe7+D8Yt9j8AAAAsI3f/h+IW+x8AAACWkbv/w3FLk/2v/9f/6//1//r/7ff1/3PS/+/T/x/Q/+v/9f/6f041Wv+fu/8jcUuT/Q8AAAAd5O7/aNxi/wMAAMAycvdfiVvsfwAAAFhG7v6PxS1N9r/+X/+v/9f/6/+339f/z0n/v0//f0D/r//X/+v/OdVo/X/u/o/HLU32PwAAAHSQu/8TcYv9DwAAAMvI3f/JuMX+BwAAgGXk7v9U3NJk/+v/9f/6f/2//n/7ff3/nPT/+/T/B/T/+n/9v/6fU43W/+fu/3Tc0mT/AwAAQAe5+z8Tt9j/AAAAsIzc/Z+NW+x/AAAAWEbu/s/FLU32v/5f/6//1//r/7ff1//PSf+/T/9/QP+v/9f/6/851Wj9f+7+z8ctTfY/AAAAdJC7/wtxi/0PAAAAy8jd/8W4xf4HAACAZeTu/1Lc0mT/6//1//p//b/+f/t9/f+c9P/79P9bLt/yn/p//b/+X//PqUbr/3P3fzluabL/AQAAoIPc/V+JW+x/AAAAWEbu/q/GLfY/AAAALCN3/9filib7X/+v/9f/6//1/9vv6//npP/fp/8/oP/X/+v/9f+carT+P3f/1+OWJvsfAAAAOsjd/424xf4HAACAZeTu/2bcYv8DAADAMnL3fytuabL/9f/6f/2//l//v/2+/n9O+v99+v8D+n/9v/5f/8+pRuv/c/d/O25psv8BAACgg9z934lb7H8AAABYRu7+78Yt9j8AAAAsI3f/9+KWJvtf/6//1//r//X/2+/r/+ek/9+n/z+g/9f/6//1/5xqtP4/d//345Ym+x8AAAA6yN3/g7jF/gcAAIBl5O7/Ydxi/wMAAMAycvf/KG5psv/1//p//b/+X/+//b7+f076/336/wP6f/2//l//z6lG6/9z9/84bmmy/wEAAKCD3P0/iVvsfwAAAFhG7v6fxi32PwAAACwjd//P4pYm+//O9v/3unKtuNb/X6P/v/X36/+3/z70//p//f9dT/+/T/9/YNb+/x536P/ydl3vfn7279f/6/+5aLT+P3f/z+OWJvsfAAAAOsjd/4u4xf4HAACAZeTuvxq32P8AAACwjNz9v4xbmux/v/+v/9f/6//1/9vv6//npP/fp/8/MGv/7/f/h/h+/b/+n4tG6/9z9/8qbmmy/wEAAKCD3P2/jlvsfwAAAFhG7v7fxC32PwAAACwjd/9v45Ym+1//r//X/+v/9f/b7+v/56T/36f/P6D/1//r//X/nGq0/j93/+/ilib7HwAAADrI3f/7uMX+BwAAgGXk7v9D3GL/AwAAwDJy9/8xbmmy//X/+n/9v/5f/7/9vv5/Tvr/ffr/A/p//b/+X//PqUbr/3P3/yluabL/AQAAoIPc/X+OW+x/AAAAWEbu/r/ELfY/AAAALCN3/1/jlib7X/+v/9f/6//1/9vv6//npP/fp/8/oP/X/+v/9f+carT+P3f/3+KWJvsfAAAAOsjd//e4xf4HAACAZeTu/0fcYv8DAADAMnL3/zNuabL/t/r/y5f0//p//b/+X/+v/5+T/n+f/v+A/n+y/v/uQ32//l//z0Wj9f+5+/8VtzTZ/wAAANBB7v5/xy32PwAAACwjd/9/4hb7HwAAAJaRu/+/cUuT/e/3//X/+n/9v/5/+339/5z0//v0/wf0/5P1/2N9v/5f/89Fo/X/ufv/F7c02f8AAADQQe7+/8ct9j8AAAAsI3f/DXGL/Q8AAADLyN1/Y9zSZP/r//X/+n/9v/5/+339/5z0//v0/wf0//p//b/+n1ON1v/n7r8pAAD//yhXZ68=") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') creat(&(0x7f0000000000)='./bus\x00', 0x0) [ 69.051239][ T4664] Bluetooth: hci0: command tx timeout [ 69.164467][ T5319] loop0: detected capacity change from 0 to 2048 [ 69.181324][ T5319] udf: Unknown parameter '18446744073709551615' [ 69.233690][ T24] audit: type=1804 audit(1740357876.952:2): pid=5319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/bus/bus" dev="overlay" ino=26 res=1 errno=0 [ 69.488010][ T5319] loop0: detected capacity change from 0 to 32768 [ 69.521357][ T5319] *** Log Format Error ! *** [ 69.524062][ T1084] ================================================================== [ 69.527265][ T1084] BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 [ 69.530444][ T1084] Read of size 8 at addr ffff88801ee3c868 by task kworker/u4:9/1084 [ 69.534803][ T1084] [ 69.536263][ T1084] CPU: 0 UID: 0 PID: 1084 Comm: kworker/u4:9 Not tainted 6.14.0-rc4-syzkaller #0 [ 69.536277][ T1084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.536286][ T1084] Workqueue: loop0 loop_workfn [ 69.536354][ T1084] Call Trace: [ 69.536362][ T1084] [ 69.536368][ T1084] dump_stack_lvl+0x241/0x360 [ 69.536392][ T1084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.536404][ T1084] ? __pfx__printk+0x10/0x10 [ 69.536415][ T1084] ? _printk+0xd5/0x120 [ 69.536424][ T1084] ? __virt_addr_valid+0x183/0x530 [ 69.536443][ T1084] ? __virt_addr_valid+0x183/0x530 [ 69.536452][ T1084] print_report+0x16e/0x5b0 [ 69.536466][ T1084] ? __virt_addr_valid+0x183/0x530 [ 69.536476][ T1084] ? __virt_addr_valid+0x183/0x530 [ 69.536491][ T1084] ? __virt_addr_valid+0x45f/0x530 [ 69.536508][ T1084] ? __phys_addr+0xba/0x170 [ 69.536525][ T1084] ? __lock_acquire+0x78/0x2100 [ 69.536542][ T1084] kasan_report+0x143/0x180 [ 69.536556][ T1084] ? __lock_acquire+0x78/0x2100 [ 69.536573][ T1084] __lock_acquire+0x78/0x2100 [ 69.536590][ T1084] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.536610][ T1084] lock_acquire+0x1ed/0x550 [ 69.536627][ T1084] ? __wake_up_common_lock+0x25/0x1e0 [ 69.536646][ T1084] ? __pfx_lock_acquire+0x10/0x10 [ 69.536665][ T1084] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 69.536715][ T1084] _raw_spin_lock_irqsave+0xd5/0x120 [ 69.536727][ T1084] ? __wake_up_common_lock+0x25/0x1e0 [ 69.536743][ T1084] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 69.536756][ T1084] ? lbmIODone+0x2bf/0x1750 [ 69.536773][ T1084] ? blkg_put+0x23/0x250 [ 69.536786][ T1084] __wake_up_common_lock+0x25/0x1e0 [ 69.536804][ T1084] ? bio_endio+0x82a/0x890 [ 69.536819][ T1084] blk_update_request+0x5e5/0x1160 [ 69.536838][ T1084] blk_mq_end_request+0x3e/0x70 [ 69.536851][ T1084] loop_process_work+0x1bc8/0x21c0 [ 69.536876][ T1084] ? __pfx_loop_process_work+0x10/0x10 [ 69.536894][ T1084] ? register_lock_class+0x102/0x980 [ 69.536912][ T1084] ? __pfx_register_lock_class+0x10/0x10 [ 69.536930][ T1084] ? mark_lock+0x9a/0x360 [ 69.536940][ T1084] ? debug_object_deactivate+0x2d5/0x390 [ 69.536957][ T1084] ? __lock_acquire+0x1397/0x2100 [ 69.536975][ T1084] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.536995][ T1084] ? __pfx_lock_acquire+0x10/0x10 [ 69.537012][ T1084] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.537054][ T1084] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.537074][ T1084] ? process_scheduled_works+0x9c6/0x18e0 [ 69.537090][ T1084] process_scheduled_works+0xabe/0x18e0 [ 69.537111][ T1084] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.537128][ T1084] ? assign_work+0x364/0x3d0 [ 69.537143][ T1084] worker_thread+0x870/0xd30 [ 69.537160][ T1084] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 69.537174][ T1084] ? __kthread_parkme+0x169/0x1d0 [ 69.537190][ T1084] ? __pfx_worker_thread+0x10/0x10 [ 69.537203][ T1084] kthread+0x7a9/0x920 [ 69.537219][ T1084] ? __pfx_kthread+0x10/0x10 [ 69.537236][ T1084] ? __pfx_worker_thread+0x10/0x10 [ 69.537251][ T1084] ? __pfx_kthread+0x10/0x10 [ 69.537266][ T1084] ? __pfx_kthread+0x10/0x10 [ 69.537283][ T1084] ? __pfx_kthread+0x10/0x10 [ 69.537300][ T1084] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.537312][ T1084] ? lockdep_hardirqs_on+0x99/0x150 [ 69.537326][ T1084] ? __pfx_kthread+0x10/0x10 [ 69.537343][ T1084] ret_from_fork+0x4b/0x80 [ 69.537359][ T1084] ? __pfx_kthread+0x10/0x10 [ 69.537376][ T1084] ret_from_fork_asm+0x1a/0x30 [ 69.537394][ T1084] [ 69.537400][ T1084] [ 69.684578][ T1084] Allocated by task 5319: [ 69.686316][ T1084] kasan_save_track+0x3f/0x80 [ 69.688459][ T1084] __kasan_kmalloc+0x98/0xb0 [ 69.690618][ T1084] __kmalloc_cache_noprof+0x243/0x390 [ 69.693183][ T1084] lmLogInit+0x3b4/0x1c90 [ 69.695354][ T1084] lmLogOpen+0x55e/0x1040 [ 69.697221][ T1084] jfs_mount_rw+0xf1/0x6a0 [ 69.699000][ T1084] jfs_fill_super+0x775/0xd90 [ 69.700953][ T1084] get_tree_bdev_flags+0x48c/0x5c0 [ 69.703033][ T1084] vfs_get_tree+0x90/0x2b0 [ 69.704999][ T1084] do_new_mount+0x2be/0xb40 [ 69.706719][ T1084] __se_sys_mount+0x2d6/0x3c0 [ 69.708556][ T1084] do_syscall_64+0xf3/0x230 [ 69.710337][ T1084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.712880][ T1084] [ 69.714057][ T1084] Freed by task 5319: [ 69.715870][ T1084] kasan_save_track+0x3f/0x80 [ 69.717943][ T1084] kasan_save_free_info+0x40/0x50 [ 69.720105][ T1084] __kasan_slab_free+0x59/0x70 [ 69.722395][ T1084] kfree+0x196/0x430 [ 69.724214][ T1084] lmLogInit+0xd45/0x1c90 [ 69.726054][ T1084] lmLogOpen+0x55e/0x1040 [ 69.727793][ T1084] jfs_mount_rw+0xf1/0x6a0 [ 69.729588][ T1084] jfs_fill_super+0x775/0xd90 [ 69.731597][ T1084] get_tree_bdev_flags+0x48c/0x5c0 [ 69.733677][ T1084] vfs_get_tree+0x90/0x2b0 [ 69.735824][ T1084] do_new_mount+0x2be/0xb40 [ 69.737725][ T1084] __se_sys_mount+0x2d6/0x3c0 [ 69.739535][ T1084] do_syscall_64+0xf3/0x230 [ 69.741283][ T1084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.743865][ T1084] [ 69.745054][ T1084] The buggy address belongs to the object at ffff88801ee3c800 [ 69.745054][ T1084] which belongs to the cache kmalloc-192 of size 192 [ 69.751477][ T1084] The buggy address is located 104 bytes inside of [ 69.751477][ T1084] freed 192-byte region [ffff88801ee3c800, ffff88801ee3c8c0) [ 69.756949][ T1084] [ 69.757925][ T1084] The buggy address belongs to the physical page: [ 69.760348][ T1084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ee3c [ 69.763762][ T1084] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 69.766887][ T1084] page_type: f5(slab) [ 69.768764][ T1084] raw: 00fff00000000000 ffff88801b0413c0 ffffea0000747080 dead000000000003 [ 69.773015][ T1084] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 69.776836][ T1084] page dumped because: kasan: bad access detected [ 69.779178][ T1084] page_owner tracks the page as allocated [ 69.781470][ T1084] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 30, tgid 30 (kworker/u4:2), ts 8823731362, free_ts 0 [ 69.788991][ T1084] post_alloc_hook+0x1f4/0x240 [ 69.790909][ T1084] get_page_from_freelist+0x365c/0x37a0 [ 69.793204][ T1084] __alloc_frozen_pages_noprof+0x292/0x710 [ 69.795789][ T1084] alloc_pages_mpol+0x311/0x660 [ 69.799069][ T1084] allocate_slab+0x8f/0x3a0 [ 69.801791][ T1084] ___slab_alloc+0xc27/0x14a0 [ 69.804031][ T1084] __slab_alloc+0x58/0xa0 [ 69.805763][ T1084] __kmalloc_cache_noprof+0x27b/0x390 [ 69.807794][ T1084] call_usermodehelper_setup+0x8e/0x270 [ 69.809812][ T1084] kobject_uevent_env+0x680/0x8e0 [ 69.811788][ T1084] device_add+0x63b/0xbf0 [ 69.813578][ T1084] nd_async_device_register+0x16/0xa0 [ 69.816039][ T1084] async_run_entry_fn+0xa8/0x420 [ 69.818460][ T1084] process_scheduled_works+0xabe/0x18e0 [ 69.821009][ T1084] worker_thread+0x870/0xd30 [ 69.822879][ T1084] kthread+0x7a9/0x920 [ 69.824488][ T1084] page_owner free stack trace missing [ 69.826810][ T1084] [ 69.827782][ T1084] Memory state around the buggy address: [ 69.830226][ T1084] ffff88801ee3c700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.834087][ T1084] ffff88801ee3c780: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 69.837426][ T1084] >ffff88801ee3c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.840625][ T1084] ^ [ 69.843596][ T1084] ffff88801ee3c880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 69.847048][ T1084] ffff88801ee3c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.850659][ T1084] ================================================================== [ 69.853705][ T1084] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.856582][ T1084] CPU: 0 UID: 0 PID: 1084 Comm: kworker/u4:9 Not tainted 6.14.0-rc4-syzkaller #0 [ 69.860519][ T1084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.865847][ T1084] Workqueue: loop0 loop_workfn [ 69.867836][ T1084] Call Trace: [ 69.869233][ T1084] [ 69.870427][ T1084] dump_stack_lvl+0x241/0x360 [ 69.872507][ T1084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.874659][ T1084] ? __pfx__printk+0x10/0x10 [ 69.876568][ T1084] ? rcu_is_watching+0x15/0xb0 [ 69.878784][ T1084] ? lock_release+0xbf/0xa30 [ 69.881228][ T1084] ? vscnprintf+0x5d/0x90 [ 69.883301][ T1084] panic+0x349/0x880 [ 69.885027][ T1084] ? check_panic_on_warn+0x21/0xb0 [ 69.886972][ T1084] ? __pfx_panic+0x10/0x10 [ 69.888693][ T1084] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.890787][ T1084] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 69.893080][ T1084] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.895789][ T1084] ? print_report+0x519/0x5b0 [ 69.898176][ T1084] check_panic_on_warn+0x86/0xb0 [ 69.900648][ T1084] ? __lock_acquire+0x78/0x2100 [ 69.902703][ T1084] end_report+0x77/0x160 [ 69.904254][ T1084] kasan_report+0x154/0x180 [ 69.905955][ T1084] ? __lock_acquire+0x78/0x2100 [ 69.907834][ T1084] __lock_acquire+0x78/0x2100 [ 69.909701][ T1084] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.912308][ T1084] lock_acquire+0x1ed/0x550 [ 69.914372][ T1084] ? __wake_up_common_lock+0x25/0x1e0 [ 69.916671][ T1084] ? __pfx_lock_acquire+0x10/0x10 [ 69.918728][ T1084] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 69.921104][ T1084] _raw_spin_lock_irqsave+0xd5/0x120 [ 69.923170][ T1084] ? __wake_up_common_lock+0x25/0x1e0 [ 69.925679][ T1084] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 69.928548][ T1084] ? lbmIODone+0x2bf/0x1750 [ 69.930648][ T1084] ? blkg_put+0x23/0x250 [ 69.932469][ T1084] __wake_up_common_lock+0x25/0x1e0 [ 69.934432][ T1084] ? bio_endio+0x82a/0x890 [ 69.936402][ T1084] blk_update_request+0x5e5/0x1160 [ 69.938525][ T1084] blk_mq_end_request+0x3e/0x70 [ 69.940584][ T1084] loop_process_work+0x1bc8/0x21c0 [ 69.942573][ T1084] ? __pfx_loop_process_work+0x10/0x10 [ 69.944741][ T1084] ? register_lock_class+0x102/0x980 [ 69.947449][ T1084] ? __pfx_register_lock_class+0x10/0x10 [ 69.950417][ T1084] ? mark_lock+0x9a/0x360 [ 69.952109][ T1084] ? debug_object_deactivate+0x2d5/0x390 [ 69.954142][ T1084] ? __lock_acquire+0x1397/0x2100 [ 69.956018][ T1084] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.957905][ T1084] ? __pfx_lock_acquire+0x10/0x10 [ 69.959815][ T1084] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.962270][ T1084] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.965050][ T1084] ? process_scheduled_works+0x9c6/0x18e0 [ 69.967665][ T1084] process_scheduled_works+0xabe/0x18e0 [ 69.969977][ T1084] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.972476][ T1084] ? assign_work+0x364/0x3d0 [ 69.974312][ T1084] worker_thread+0x870/0xd30 [ 69.976302][ T1084] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 69.978767][ T1084] ? __kthread_parkme+0x169/0x1d0 [ 69.981206][ T1084] ? __pfx_worker_thread+0x10/0x10 [ 69.983733][ T1084] kthread+0x7a9/0x920 [ 69.985515][ T1084] ? __pfx_kthread+0x10/0x10 [ 69.987342][ T1084] ? __pfx_worker_thread+0x10/0x10 [ 69.989375][ T1084] ? __pfx_kthread+0x10/0x10 [ 69.991301][ T1084] ? __pfx_kthread+0x10/0x10 [ 69.993197][ T1084] ? __pfx_kthread+0x10/0x10 [ 69.995057][ T1084] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.997517][ T1084] ? lockdep_hardirqs_on+0x99/0x150 [ 70.000382][ T1084] ? __pfx_kthread+0x10/0x10 [ 70.002741][ T1084] ret_from_fork+0x4b/0x80 [ 70.004901][ T1084] ? __pfx_kthread+0x10/0x10 [ 70.006721][ T1084] ret_from_fork_asm+0x1a/0x30 [ 70.008663][ T1084] [ 70.010067][ T1084] Kernel Offset: disabled [ 70.011832][ T1084] Rebooting in 86400 seconds..