program: syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x4000, &(0x7f00000000c0)=ANY=[], 0xff, 0x5eeb, &(0x7f0000000280)="$eJzs3cuOHFf9B/BfX6bn4sSxor8i/y0WE4dLQojvNoRbHBYsYAESyhpbk0lkcADZBpHIwhN5gdgAjwCbbFjkFXiAPAPiAbBkZ5UFoVDNnGPXlHvcM3imq3vO5yONq351uqdP+Ts1VT1V1ScAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPjB939ythcRV36TFhyLeCYGEf2I5bpejXrmcn78MCKOx2ZzvBARg8WI+vmb/zwXcSEiPjkacf/B7bV68bld9uPimVs3Pv/h9/7x+z/dPf6zt3/6Ubv9x/93/uM/3Ik49qPXP/78zv6sOwAAAJSiqqqql97mn0jv7/tddwoAmIq8/6+SvFytVqvV+1r/sb+Xxz9zpOv+qg9p3VSNd6dZRMRG8zn1MYPT8QAwZzbis667QIfkX7RhRBzpuhPATOt13QEOxP0Ht9d6Kd9ec3+wutWe/065Lf+N3sP7O3aaTtK+xmRaP193YxDP79Cf5Sn1YZbk/Pvt/K9stY/S4w46/2nZKf/R1q1Pxcn5D9r5t2zL/88RMbf598fmX6qc/3Av+W8M5nj7lz8AAAAAAIdf/vv/sY7P/y4+/arsypPO/65OqQ8AAAAAAAAAsN+edvy/h4z/BwAAADOrfq9e+8vRR8t2+iy2evlbvYhnW48HCrPa+HBAAAAAAAAAAAAAAGA6hhEr6br+hYh4dmWlqqr6q6ld79XTPn/elb7+ULKuf8kDAMCWT4627uXvRSxFxFvps/4WVlZWqmppeaVaqZYX8/HsaHGpWm68r83TetniaBcHxMNRVX+zpcbzmia9X57U3v5+9WuNqsEuOjYdHQYOABGxtTe6b490yFTVc9H1UQ7zwfZ/+Nj+2Y2uf04BAACAg1dVVdVLH+d9Ip3z73fdKQBgKvL+v31eQK1Wq4upP91aODP9UasPsG6qxrvTLCJio/mc+pjBcPwAMGc24rOuu0CH5F+0YUQc77oTwEzrdd0BDsT9B7fXeinfXnN/sLrVnq8F2Zb/Rm/zefn546aTtK8xmdbP190YxPM79OeFKfVhluT8++38r2y15yH+Dzr/adkp/3o9j3XQn67l/Aft/FsOT/79sfmXKuc/3FP+A/kDAAAAAMAMy3//P+b8b15lAAAAAAAAAJg79x/cXsv3vebz/18Y87hec879n4dGzr+36/zd/3uY5Pz77fxbF+QMGvP33nyU/6cPbq99dOtf/5+nM5//wmBUv/ZCrz8Ypmt+qoV34lpcj/U489jjh9vazz7WvrCt/dyE9vOPtY/q9uXcfirW4pdxPd5+2L444cKopQnt1YT2nP/A9l+knP+w8VXnv5Lae61p7d6H/ce2++Z03Otc/tu/v/z41jUNw23V3Rg8XLemev1OTq1Pj2z+nxwZxa9vrt849durt27dOBtpsm3puUiTfZbzX0hfOf+XX9pqz7/3m9vrvQ9He85/VtyN4Y75v9SYr9f3lSn3rQs5/1H6yvnnPdD47X+e8995+3+1g/4AAAAAAAAAAAAAAADAk1RVtXmL6OWIuJTu/+nq3kwAYLry/r9K8nK1Wq1Wq9WHr26qxnujWUTE35vPqY8ZfjfumwEAs+w/EfHPrjtBZ+RfsPx5f/X0i113Bpiqm+9/8POr16+v37jZdU8AAAAAAAAAgP9VHv9ztTH+8+Z1QK1xo7eN//pmrM7t+J/90WBzrPO0Qi/Gk8f/PhlPHv97OOH1Fia0jya0L05oX5rQPvZGj4ac/4sp45z/ibRiJY3/+nIH/elazv9kGus55/+V1uOa+Vd/nef8+9vyP33rvV+dvvn+B69de+/qu+vvrv/i7JlLF85fvHD+4sXT71y7vn5m698Oe3ywcv557GvXgZYl558zl39Zcv5fSrX8y5Lyf3gYKv+y5O0/H+/Jvyw5//zeR/5lyfm/kmr5lyXn/9VUy78sOf9XUy3/suT8v5Zq+Zcl5/9aquVflpz/qVTLvyw5/9Opln9Zcv75DJf8y5Lzz1c2yL8sOf9zqZZ/WXL+51Mt/7Lk/C+kWv5lyflfTLX8y5Lzv5Rq+Zcl5//1VMu/LDn/b6Ra/mXJ+b+eavmXJef/zVTLvyw5/2+lWv5lyfl/O9XyL0vO/zupln9Zcv7fTbX8y5LzfyPV8i/Lo8//N7PnmZXZ6IYZM/s/0/VvJgAAAAAAAAAAAACgbRqXE3e9jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH/ZgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX27i1Grvq+A/jZm702BNxwJw7Y5mZgYXd9A4cYTBJSSnqhJKRNS2oce2028a3eXQIIlU2hLVGQitQ+0IemSZRGkdoKVEVqKtEIqZHat+apES9RK0WqH6ByUFIpVWCjM+f//3tmdnZmvfZ4Z875fJD9886cmfnPmTOz+130nQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDe5o9O/dlAlmX5n9pfG7Ls4vzf67K9+Zfzu1Z7hQAAAMC5erf2999fmk7Yu4wL1W3zb9f9x3cWFhYWss+9c+q9v1hYSGdsyrKhtVlWOy/695//bKF+m+D5bHRgsO7rwQ43P9Th/OEO5490OH9Nh/PXdjh/tMP5i3bAIuuK38fUruzG2j83FLs0uzwbqZ13Y4tLPT+wdnAw/i6nZqB2mYWRQ9l0diSbyiYWXWag9l+Wvb45v60Hs3hbg3W3tTHLstM/efZAXMNA2Mc3Zg03VlP/2L19f7bpnZ88e+Bbs29d02p23A2LVpplW7fk63why878uiobyNamfRLXOVi3zo0t1jnUsM6B2uXyfzev8/Qy1xnv92hY5w/arHNjOO2pG7Ism8+W3KbZ89lgtr7pVtP+Hi2OiPw68ofy/dnwWR0nm5dxnOSX+fENjcdJ8zEZ9//msE+Gl1hD/cPx9pfWLNrvKz1O8nvdC8dqft0P5zc6Olr/q9WGYzXf5tmblj4GWj52LY6BdCzXHQNbOh0Dg2uGasfA4Jk1b2k4BiYXXWYwG6jd1qmb2h8D47NHT4zPPP3MHdNH9x+eOjx1bHJi147tO3ds37lz/ND0kamJ4u+z26V9ZH02mI7BLeG1Jh6DtzRtW39ILnz9/D0PRnvkeZDf90/dnC/o4sFsiWM83+aFref+PEjf9+ueB8N1z4OWr6ktngfDy3ge5Nuc3rq875nDdX9araFbr4Ub6o6B1fx+mN/mY7cu/Vq4MazrxdvO9vvh0KJjIN6tgfDcy09JP++N3h32y+Lj4tr8jIvWZHMzUyfvfGr/7OzJySyMC+Kyuseq+XhZX3efskXHy+BZHy97/+4XN1/b4vQNYV+N3t7+scq32THW/rGqvbq33p8Np27LwjjPLvT+bPXdLN+fKUu02Z/5Ni/cce4/C6ZcUvf6N9Lp9W9oZLh4/RtKe2Ok4fVv8UMzVFtZlp2+Y3mvfyPhz4V+/bu8R17/8n312J3tj4F8mxfHz/YYGG77+ndDmANhPbeGxDBal/vfq50/XxymdY9lx+NmeHgkHDfD8RYbj5vtiy6TX1t+21snVnbcbL2h8bFq+LmlhMdNvq/+cqL9cZNv88bkub92rIv/rHvtWNPpGBgZWpOvdyQdBMXr3cK6eAzcmR3IjmdHsoPpMvmjnN/W2LblHQNrwp8L/dpxdY8cA/m+emVb+2Mg3+b728/vz05bwylpm7qfnZp/v7BU5r92+Mz1Ne+2853583V+bEf73w3l27y142xzRvv9dHs45aIW+6n5+bPUMX0wuzD76eqwziM72/9uKt/m8l3LPJ72Zln25uSbtd93hd/v/uPcf36n4fe+rX6n/Obkmw+NP/LDs1k/AAAr917t7/k1xc+adf/Hejn//x8AAADoCzH3D4aZyP8AAABQGjH3D4WZyP8AAABQGjH3D4eZVCT/P3H37lfffS5L7wa4EMTz4254+N5iu9jxng9fb1o4Iz/9I98cefXLzy3vtgezLPvFQx9ouf0T98Z1FU7EdX6o8fRFrr5+Wbf/+KNntqt//4TTu4vrj/dnuYdB7Cq/Pr6tdr2bnp6szTceymrzkfkXny+uv/g6bn9qe7H9X4c3Ldl7aKDh8lvDem4Mc1N4T5mH957ZD/mMl3t143X/etmnz9xevNzAlktqd/OVPyquN75H1MuXFdvH+73U+v/lK99+Nd/+qZtar/+5wdbrPxWu98dh/nxPsX39Pv9y3fr/JKw/3l683J3f+F7L9b92VbH9a+G4+FqYzeu//88/+G6rxyvezt57isvF25/4vx21y8Xri9ffvP7R5yYb9kfz9b/xTnE9e5786VD99vH0eDvR4/c0Ht8D4fFt6JFnWfbtP80a9nP24eJy/9y0/nh9J+5pvf7bm9Z5YuD62uXP3J8NDffrq3+7reX9jevZ+w8bGu7Pyw+E/ffO+Pfz6z31SDgew/n//4Pi+prfy/S1Bxpfb+L2X9tQPG/j9Y03rf/lpvXPX5/vu87rf/CdYv2v3be2Yf17Px6OpweL2Wn9h//m0obLf/1bxeNx8otjx47PzE0frNur9c/jtaPr1l908fsuuTS8ljZ/ve/47BNTJzdNbJrIsk19+JaB3V7/N8L832LMn/9bKPzwp8Vx99Iniu9bt/ys+PrlcPrj4fGM3x+/+lcjDcdr8+M+f18xz3X9t4V1LNdVX/nv61uc/D+L3vP31Gdfn/unP36r+eeCeH9OXDFau3+vbL6ydt7AG8X5za9XnfzXFY3P6x8NT9Tmd8N+XQjvzLzlyuL2mq8/vjfJS58snr/xJ7l4+azp/UQ2DDXej3Nd/4/CzzHfu7rx9S8eH999rundnDdkA/kS5sPrQzZfnB+3ivv7pdNXtry9+D482fw1Z7PMJc08PTN+ZPrY3FPjs1Mzs+MzTz+z7+jxuWOz+2rvXbrv850uf+b5vb72/D44tWtHVnu2Hy9Gl632+k88euDgXRM3H5w6tH/u0OyjJ6ZOHj4wM3Ng6uDMzfsPHZr6YqfLTx/cM7lt9/a7to0dnj645+7du7fvHps+djxfRrGoDnZNfGHs2Ml9tYvM7Nmxe3Lnzh0TY0ePH5zac9fExNhcp8vXvjeN5Zd+cuzk1JH9s9NHp8Zmpp+Z2jO5e9eubR3f/fHoiUMzm8ZPzh0bn5uZOjle3JdNs7WT8+99nS5PNcwcD693TQbCT+efuX1Xen/c3De/tORVFZs0/niavR3eCyp+f+v0dcz9I2EmFcn/AAAAUAUx94c3/j9zhvwPAAAApRFz/9owE/kfAAAASiPm/tEwk4rkf/1//X/9f/1//X/9/27S/++L/v9i+v/Lov+v/6//r/9Pe73W/4+5f12WVTL/AwAAQBXE3L8+zET+BwAAgNKIuf+iMBP5HwAAAEoj5v6Lw0yqkf9Hmv+p/6//r/9f3/+P2+r/Z/r/+v8rpP+v/9+O/r/+fz+vvwf7/+v0/+k1vdb/j7n/fWEm1cj/AAAAUAkx918SZiL/AwAAQGnE3H9pmIn8DwAAAKURc/+GMJOK5H+f/6//r//v8//1//X/u0n/X/+/Hf1//f9+Xn8P9v99/j89p9f6/zH3/0qYSUXyPwAAAFRBzP3vDzOR/wEAAKA0Yu6/LMxE/gcAAIDSiLn/8jCTiuR//X/9f/1//X/9f/3/btL/1/9vR/9f/7+f16//r/9PZ73W/4+5/4owk4rkfwAAAKiCmPuvDDOR/wEAAKA0Yu6/KsxE/gcAAIDSiLn/6jCTiuR//X/9f/1//X/9f/3/btL/1/9vR/9f/7+f16//r/9PZ73W/4+5/5owk4rkfwAAAKiCmPuvDTOR/wEAAKA0Yu7/QJiJ/A8AAAClEXP/xjCTiuR//X/9f/1//X/9f/3/buqv/v/gkufo/xf0/xvp/+v/6//r/9Ner/X/Y+7/YJhJRfI/AAAAVEHM/deFmcj/AAAAUBox918fZiL/AwAAQGnE3L8pzKQi+V//X/9f/1//X/9f/7+b+qv/vzT9/4L+fyP9f/1//X/9f9rrtf5/zP2bw0wqkv8BAACgCmLu3xJmIv8DAABAacTcf0OYifwPAAAApRFz/41hJhXJ//r/+v/6//r/+v/6/92k/6//347+v/5/P69f/395/f81na6IUuu1/n/M/TeFmVQk/wMAAEAVxNx/c5iJ/A8AAAClEXP/LWEm8j8AAACURsz9W8NMKpL/9f/1//X/9f/1//X/u0n/f9n9/3UrWZf+f0H/f2VWuz/f7+vX//f5/3TWa/3/mPtvDTOpSP4HAACAKoi5/7YwE/kfAAAASiPm/tvDTOR/AAAAKI2Y+8fCTCqS//X/9f/1//X/9f/1/7uprP3/9Drq8//1//X/9f/1//X/WVKv9f9j7r8jzKQi+R8AAACqIOb+O8NM5H8AAAAojZj7x8NM5H8AAAAojZj7J8JMKpL/9f/1//X/9f/1//X/u6ms/f8ufP7/itav/1/Q/1+Z1e7P9/v69f/1/+ms1/r/MfdPhplUJP8DAABAFcTcvy3MRP4HAACA0oi5f3uYifwPAAAApRFz/44wk4rkf/1//X/9f/1//X/9/27S/9f/b0f/X/+/n9ev/6//T6PBFqf1Wv8/5v6dYSYVyf8AAABQBTH37wozkf8BAACgNGLuvyvMRP4HAACA0oi5/+4wk4rkf/1//X/9f/3/3u3/N96+/r/+fyv6//r/mf7/iq12f77f16//r/9PZ+e3/3/pOff/Y+7fHWZSkfwPAAAAVRBz/4fCTOR/AAAAKI2Y++8JM5H/AQAAoK+0+hzCKOb+D4eZVCT/6/+Xvf+/sFb/X/+/f/v/jftT/1//vxX9f/3/TP9/xVa7P9/v69f/1/+ns/Pb/1/04+lZ9/9j7t8TZlKR/A8AAABVEHP/vWEm8j8AAACURsz994WZyP8AAABQGjH37w0zqUj+1/8ve/+/9z7/fyDT/9f/L+j/6/+fD/r/+v+Z/v+KrbQ/H35s0f/vof5/fgzp/9OLeq3/H3P//WEmFcn/AAAAUAUx938kzET+BwAAgNKIuf+jYSbyPwAAAJRGzP0fCzOpSP7X/9f/9/n/+v/6//r/3aT/r//fjv5/f/b/I/3/3un/+/x/elWv9f9j7n8gzKQi+R8AAACqIOb+j4eZyP8AAABQGjH3/2qYifwPAAAApRFz/4NhJhXJ//r/+v/6//r/+v/6/92k/6//347+v/5/P69f/1//n856rf8fc/+vhZlUJP8DAABAFcTc/1CYifwPAAAApRFz/yfCTOR/AAAAKI2Y+389zKQi+V///8L0/wfT9ev/6//r/+v/6/+fT/r/+v+Z/v+KrXZ/vt/Xr/+v/09nvdb/j7n/N8JMKpL/AQAAoApi7v/NMBP5HwAAAEoj5v7fCjOR/wEAAKA0Yu5/OMykIvlf/9/n/+v/6//3bP9/uHF/6v/r/7ei/6//n+n/r9hq9+f7ff36//r/dNZr/f+Y+387zKQi+R8AAACqIOb+R8JM5H8AAAAojZj7PxlmIv8DAABAacTc/6kwk4rkf/1//X/9f/3/nu3/N+1P/X/9/1b0//X/M/3/FVvt/ny/r1//X/+fznqt/x9z/6NhJhXJ/wAAAFAFMfd/OsxE/gcAAIDSiLn/d8JM5H8AAAAojZj7fzfMpCL5X/9f/1//X/9f/1//v5v0/xf3//PXsNXs/69Zzob6/8ui/6//r/+v/097vdb/j7n/M2EmFcn/AAAAUAUx9/9emIn8DwAAAKURc//vh5nI/wAAAFAaMfc/FmZSkfyv/6//r/+v/6//r//fTfr/Pv+/Hf1//f9+Xr/+v/4/nfVa/z/m/s+GmVQk/wMAAEAVxNz/B2Em8j8AAACURsz9+8JM5H8AAAAojZj7Hw8zqUj+1//X/9f/1//X/9f/7yb9f/3/dvT/9f/7ef36//r/dNZr/f+Y+/eHmVQk/wMAAEAVxNz/uTAT+R8AAABKI+b+A2Em8j8AAACURsz9B8NMKpL/9f/1//X/9f/1//X/u0n/X/+/Hf1//f9+Xr/+v/4/nfVa/z/m/qkwk4rkfwAAAKiCmPsPhZnI/wAAAFAaMfcfDjOR/wEAAKA0Yu5/IsykIvlf/1//X/9f/1//X/+/m/T/9f/b0f/X/+/n9ev/6//TWa/1/2Punw4zqUj+BwAAgCqIuf/zYSbyPwAAAJRGzP1fCDOR/wEAAKA0Yu4/EmZSkfyv/6//r/9fwv7/sP5/pv/fM/T/9f/b0f/X/+/n9ev/6//TWa/1/2PuPxpmUpH8DwAAAFUQc/+xMBP5HwAAAEoj5v7jYSbyPwAAAJRGzP0nwkwqkv/1//X/9f9L2P/3+f81+v+9Qf9f/78d/X/9/35ev/6//j+d9Vr/P+b+PwwzqUj+BwAAgCqIuf9kmIn8DwAAAKURc/9MmIn8DwAAAKURc/9smElF8r/+v/6//r/+v/6//n836f/r/7ej/6//38/r1//X/6ezXuv/x9w/F2ZSkfwPAAAAVRBz/5NhJvI/AAAAlMYv2buPHU+uKo7jPRhjI4R4FnbseAQ/Axu2iBU5R5NzzjnnnHPOOecMBpPBIBnZ/3OOGWamqqfpct+65/PZHDANvrgl0E/WV5W7/15xi/0PAAAA08jdf++4pcn+1//r//X/w/T/h85P/6//1/9fFv2//v9I/39iZ93P7/39+n/9P+tG6/9z998nbmmy/wEAAKCD3P33jVvsfwAAAJhG7v77xS32PwAAAEwjd//945Ym+1//r//X/w/T//v+f/5eZ+z/z93yp9X/ny79v/7/SP9/Ymfdz+/9/fp//T/rRuv/c/c/IG5psv8BAACgg9z9D4xb7H8AAACYRu7+B8Ut9j8AAABMI3f/g+OWJvtf/6//1//r//X/vv+/Jf2//n+J/l//v+f36//1/6wbrf/P3f+QuKXJ/gcAAIAOcvc/NG6x/wEAAGAaufsfFrfY/wAAADCN3P0Pj1ua7H/9v/5f/6//1//r/7ek/9f/L9H/6//3/H79v/6fdaP1/7n7HxG3NNn/AAAA0EHu/kfGLfY/AAAATCN3/6PiFvsfAAAAppG7/9FxS5P9r//X/+v/9f/6f/3/lvT/+v8l+n/9/57fr//X/7Nu8/7/mmtvvsft/3P3Xxu3NNn/AAAA0EHu/sfELfY/AAAATCN3/2PjFvsfAAAAppG7/3FxS5P9f5H+/4oj/X/T/v/Gc/p//f+Y/f8N8b8y+n/9/4X23f9frf/X/9/8h8fr/4/3V0L/r//X/7Nm8/5/pff/33+eu//xcUuT/Q8AAAAd5O5/Qtxi/wMAAMA0cvc/MW6x/wEAAGAaufufFLc02f++/6//P83v/+d/rv7/QP/v+//6f/2/7/8v27D/v3v+xdT/X9pZ9/N7f/9S/3/XY7xf/08Ho/X/ufufHLc02f8AAADQQe7+p8Qt9j8AAABMI3f/U+MW+x8AAACmkbv/aXFLk/2v/9f/n2b/3+b7/7c//Pv1/+e/R/+v/78Y/b/+f4nv/+v/9/x+3//X/7NutP4/d//T45Ym+x8AAAA6yN3/jLjF/gcAAIBp5O5/Ztxi/wMAAMA0cvc/K25psv/1//p//b/v//9f/f8V+n/9/zL9v/5/if5f/7/n9+v/9f+sG63/z93/7Lilht9tT/DfEgAAABhJ7v7nxC1N/v4/AAAAdJC7/7lxi/0PAAAA08jd/7y4pcn+1//r//X/+n/f/9f/b0n/P13/f07/fwv9v/5f/6//Z9lo/X/u/ufHLU32PwAAAHSQu/8FcYv9DwAAANPI3f/CuMX+BwAAgGnk7n9R3NJk/+v/9f/6f/2//l//vyX9/3T9v+///xf9v/5f/6//Z9lo/X/u/hfHLU32PwAAAHSQu/8lcYv9DwAAANPI3f/SuMX+BwAAgGnk7n9Z3NJk/+v/9f/6f/2//l//v6Xx+/8rj/VT+v8D/f/5tur/r77En0//P9b7T6f/z9++/p85jdb/5+5/edzSZP8DAABAB7n7XxG32P8AAAAwjdz9r4xb7H8AAACYRu7+V8UtTfb/pfr/6+9w+Nf1/8ej/7/4+/X/+n/9v/5//P7/ePT/B/r/8/n+v/7f9//1/ywbrf/P3f/quKXJ/gcAAIAOcve/Jm6x/wEAAGAauftfG7fY/wAAADCN3P2vi1ua7H/f/9f/6//1//p//f+W9P/6/yU76v+vutgf1P/r//X/+n+Wjdb/5+5/fdzSZP8DAABAB7n73xC32P8AAAAwjdz9b4xb7H8AAACYRu7+N8UtTfa//l//f+b9/230/0n/H79X/b/+/zLo//X/R77/f2Jn3c/v/f36f/0/60br/3P3vzluabL/AQAAoIPc/W+JW+x/AAAAmEbu/rfGLfY/AAAATCN3/9vilib7X/+v/z/z/t/3/4v+P36v+n/9/2XQ/+v/j/T/J3bW/fze36//1/+zbrT+P3f/2+OWJvsfAAAAOsjd/464xf4HAACAaeTuf2fcYv8DAADANHL3vytuabL/9f/6f/2//l//r//fkv5f/79E/6//3/P79f/6f9aN1v/n7n933NJk/wMAAEAHufvfE7fY/wAAADCN3P3vjVvsfwAAAJhG7v73xS1N9r/+f+/9/92uixeM1v/nj+j/9f/6f/2//l//f0n6f/3/nt+v/9f/s+5W6//vcc0973LTP1jp/3P3vz9uabL/AQAAoIPc/R+IW+x/AAAAmEbu/g/GLfY/AAAATCN3/4filib7v0f/f+UFPzZP/+/7//p//b/+f2z6f/3/Ev2//n/P79f/6/9ZN9r3/3P3fzhuabL/AQAAoIPc/R+JW+x/AAAAmEbu/o/GLfY/AAAATCN3/8filib7v0f/fyH9/8Gp9/833kn/r/8v+n/9/5H+X/+/Qv+v/9/z+6fu/88d6f85FaP1/7n7Px63NNn/AAAA0EHu/k/ELfY/AAAATCN3/yfjFvsfAAAAppG7/1Nxw53veHZPulXp//X/vv+v/9f/6/+3pP/X/y/R/+v/9/z+qft/3//nlIzW/+fu/3Tc4u//AwAAwDRy938mbrH/AQAAYBq5+z8bt9j/AAAAMIFD7567/3NxS5P9r//X/+v/9f/6f/3/lvT/+v8l+n/9/57fr//X/7NutP4/d//n45Ym+x8AAAA6yN3/hbjF/gcAAIBp5O7/Ytxi/wMAAMA0cvd/KW5psv/1//p//b/+X/+v/9+S/l//v0T/r//f8/v1//p/1o3W/+fu/3Lc0mT/AwAAQAe5+78St9j/AAAAMI3c/V+NW+x/AAAAmEbu/q/FLU32v/5f/6//1//r//X/W9L/6/+X6P/1/3t+v/5f/8+60fr/3P1fj1ua7H8AAADoIHf/N+IW+x8AAACmkbv/m3GL/Q8AAADTyN3/rbilyf6fuf9f+jH9/4H+X/9/pP/X/29M/6//X6L/1//v+f36f/0/60br/3P3fztuabL/AQAAoIPc/d+JW+x/AAAAmEbu/u/GLfY/AAAATCN3//filib7f+b+f4n+/0D/r/8/0v/r/zem/9f/L9H/6//3/H79v/6fdaP1/7n7vx+3NNn/AAAA0EHu/h/ELfY/AAAATCN3/w/jFvsfAAAAppG7/0dxS5P9r//X/+v/9f/6f/3/lvT/+v8l+n/9/57fr//X/7NutP4/d/+P45Ym+x8AAAA6yN3/k7jF/gcAAIBp5O7/adxi/wMAAMA0cvf/LG5psv/1//p//b/+X/+v/9+S/l//v0T/r//f8/v1//p/1o3W/+fu/3nc0mT/AwAAQAe5+38Rt9j/AAAAMI3c/b+MW+x/AAAAmEbu/l/FLU32v/5f/6//1//r//X/W2rb/9/0f6v6/1X6f/3/nt+v/9f/s260/j93/6/jlib7HwAAADrI3f+buMX+BwAAgGnk7v9t3GL/AwAAwDRy9/8ubmmy//X/+n/9v/5f/6//31Lb/t/3/49F/6//3/P79f/6f9aN1v/n7r8ubmmy/wEAAKCD3P2/j1vsfwAAAJhG7v4/xC32PwAAAEwjd//1cUuT/a//1/9P2f9fpf/X/+v/R6H/1/8v0f/r//f8fv2//p91o/X/ufv/GLc02f8AAADQQe7+P8Ut9j8AAABMI3f/n+MW+x8AAACmkbv/L3FLk/2v/9f/T9n/+/6//l//Pwz9v/5/if5f/7/n9+v/9f+sG63/z93/17ilyf4HAACADnL3/y1usf8BAABgGrn7/x632P8AAAAwjdz9/4hbmux//b/+X/+v/9f/6/+3pP/fb/9/uyP9/xr9v/5f/6//Z9lo/X/u/n/GLU32PwAAAHSQu/+GuMX+BwAAgGnk7v9X3GL/AwAAwDRy9/87bmmy//X/+n/9v/5f/6//35L+f7/9v+//r9P/6//1//p/lo3W/+fu/08AAAD//6z6Ih8=") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x80044940, &(0x7f0000001480)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$msdos(&(0x7f00000003c0), &(0x7f0000000340)='.\x00', 0x126a4b5, &(0x7f000000b6c0)=ANY=[@ANYRES16=r7, @ANYRES64=r5, @ANYRES16=r4, @ANYRES16=r4, @ANYRESDEC=r6, @ANYRES16=r3, @ANYRES16, @ANYBLOB="9a7f40ad4c7145903a868b9020e1e8899ed5747db23004fc9d248900abcaa6b065cf0800930a71dcd8b8955d93c78b9d4e5e06d8d5c9ac9b75d177754d6eba23e6d2be546c0dfecdf61baf732950a5729c01fbdc11e36cb411be200a9135657acd97d21ee46aac313ebdddd9265af16558dd3e5ba4836659a6abfe08aad84276acf949bdaa34bdf7f7b2dfb2fe8b9d6d225dcecebeb6e15f649994728842bd99fc94897d24315ac2d17bf6c2acfbfa8464d80f36304f88b906b78ab359be3479db5b0e7555f04416807c2202d6551f2425440be741dbe053e0bfeb845623e722a9293843f1cf0a71119dcadf7e353af4da52aed3086d6e5a095774248be9a1b1418dec1c03a2cb0ece0840ebeaaf7b67867da45943b700e2d6dad775ae6f33e55aa86ca84c336c91e3b7d7224f7a9a10d5b45a6ce0769d875415bea136b5508e5e0a88290792da3b11b2284a3d757c301cec78b55d3fcfa073615ccb089f66c5b9a5c84f6c1bb78c3370c4687eab260711fa05525687c7709e15cddea061f70798cbf940ad929eb80f33ad8bb4fcd322dd0558f111d7d01351147976b425a27e573402490055054cf3d80bebde6a89f3086170633740f08780aac3a73f17eaeda8deb642c2887962596b4d78c0ffffb28d0e64073b0641f89cf83a69afaaea03ba6070838fdbdaccb81630a6fdaa77fc10146013b9fd79e965a320daf81c1a51f032a3f462f2740e579eb116cad80b4e233326bf94fea52184517accf608b1fbfb395942869841b9ca0f314beff6b2dc0a74d7599012274b24775f0382e72907c1f0c571b994f048c0266feb775d893fec84e5733cd66a96cd45b60f63743b17b05d99c427a2d00a27fef17cadf128059a2e227b80701755b0bc706f32255c8cd619fa995cc7649f28337361a62cff46669fa4cf095a2d148987a9fafa6e1fb9f59b5ac5ff10a4c62e0187a3c75a983f7f5211142c6c09170a13e29c2044e5568bda8055cee4722e445e83ea01307c42cbe63a5bc529e1200e5874f7500275abacd6cc0e3bf8fd38ab7bab39f54d180d60892e2e3a713a3e654c89b8e9ba4474909991844514c04b655c66ccd6f2a17e29ff69d343ebac7ac5e1510ad4ff52e6a932a97bb0d814259da6545022152dd63f06219a1d66ec2278b694876ed6195b0543b8c9289b8438e8ee57dd38bcdb045a6fc4cede28effaa0354afbd4190fcbccd9a0e91508e4399e0e30a0bfdedcc19454b6dd7c2785a6e4fe74a0ece1d683ad07d76eafec02fb0d88debfeacd3531413185da0ffa4fb9b5e6d5a916f7bb5d51efc8ab61e4953fc6b2d1e670769f3ca56d51b804ceb118278acc90422e1f51e448a27d2fe4f93c88cf7c6148474bf650902dd6dd96541044113d244cf938150ec426e7ed63e1f153bbe328f4232552b104c8dee60b0c4e4c25f2605e97cc6f4263d32e8340be2d167137682373ae4cd501fdc9c5359b40f52803a5e4c0e04a5de0412c5cbd4d05e6135a1209d4b2dff50d39e481f1d1b01ed71004fb0c18e736af8ab176f833a439a85c9132e6d2296f665771c6a284eadc08c94ffa520dcc37fd6426c152364699514b15d4df6732fff39834e8ba29688b19db27a970d9d7fbee973c76bee04fb6164963969ebde0f785606781d63726736d8b60a713d5f72207a23f6f00420fdf24d14c069f36a7e236620481cc7a63857cc1355bac8d4f9a3f32785ad4d9d81719077a816b33b98006c322ee473aa9f8f83fae86a4d421104b298a9e42357c44b773e3504b3f9eb5b29330411b776b78fdb6dd9713dd1aee0cc9c7ee8bd23a50d4c8babaf6d74bc25377009a8c57c941f80e58ac08c93a275656cbad3864df9e791305d66103ab30983b07553ede5b5d5b0aab157f805eb6c11c75dd7f297c2cc9110551131a797164dec422b13799f1c261464c765a62c201eb9c8686eee94642d59f429cd137cba0d1a8126dcdfc28ea5c201526c61164a86f480dfde0c60fdf6afd3cd64719de1d89b5a362e058054a9db73aaffac324b04e8903060e1f14ca4ac31c82183066e6d581685efbe3452a20a665166b03808220770d66051971b61d8114376e22a4511cae9fdf7bbed68bb9f45b57eee1c15775730ef1434731d7b82a7cbcd6155396263984edfcea62196189da0ba9908d7d5ef514d75a3e1d4ae42654365083873fc4ce969fa4fac51d640be8d948bb9464d1a7e494c8df98bd5a569ff7fe1aca542c34610148a8f1dc9d60ff0f761270577f286a362f32164184ffce3ad132637e9f0381e9ce76a11f296f9d1e835cdc44926104e1df4d0a282a84b9fbc23064bfcab0d221c6e3124ae8ba6022e62f170dcc2d655f73b40f83fd65f5c705bc1f9e8df13adeadff9e1fe4660a55be7dc969cfffaed607190162dcd09d0cd86a297b22142b88f0eb28dd1a45152a4f4f2dca0d96d39fa594349040f486cd486af619b7083236cf90324cddc6f1ed0f6a103c8d936d7f2f31d420ef50931838e66721bff7494617b6b4bc385f3e51b3f81cf5d6953ac7fddc0f3466682911b38bc7f082e0c18e3ae0badf7f3fd3e186ebc2bab71fa26f77bb14cd97e6761c93c8c25887c0ef1f3dc1d8d86ce0fb73190f66f4deca77977e8d6064bfeeac3fad2bc50488c144e2a1a82fcc1e1c12ac54bf3e2d468e8f53241e4a6ad9e466746a45b053452ded5caa20461881d78d8235e986ba8b77e83601655d2650bf1b64ce17c75314216b43bbd1101a2e12e57525bb7d3b136a70635bdac8af24367a24ce2fe2a72ef2b0e56ff8dc62a82946f86f9b6b1418a89b1971372dfe7d5ce2e6611befff721f04a19bce7f90b1551a4cdead136662c50513fdde6f9d4a199c3907ed8799f231f54dd8347c71d829ff8ddc5d96b5aac2fe58652c81ff7f54e2568119dff2763ef435aa420630dacc7e9414340ee8688f46c7a8ab96d860937641042b3cdf6857ff1d2d4e47cec1f23e65fe541f38cb96b132666f999002e89cd1896ca58c2e63b87382e1a6c1ee9afa56cf3ba923fa9c989e20bff313f37252632fdcff03fbdd2d334ee93baf75c1bdae30feaa81fb2ac1b63c42dda06f20ce8c9d003eb3efed7931def342fb874fce92763f6f477c7f589b75d2129419fc4cb7a8893a1d3f94533ed9fdf9f21fc254fd80aa74750833d390327a2107e761240928d35a36c5eaca61fd848116b8dd7ec8157928bc2dd87f7756aa517cf6a61d2009fd4ba0579ca3b3129cfd5403546f5ab6d0575799a008fc67da9658427636d8f806d9b8cad64aee438d0a9b45957f31a5afe3ed894add9acadfd347246099c6ff0b4ec6f19ac61557daf8739e528185ab1468ca72d6d72e4f026e371e540b774b6576df3014dcc9e91b2cd1f0403a4fcaa6627b22682bb54f92150c2917acaee1972b2b03bc2bd37fdb9e7352c654d94ef196b7229e4da5ee62b7d395ecdd5177f2563242ea49ff78151a4a816a94e89b03f41c7e6684f8be3e5802e9338e7cbd3b43f708c062f944a59f31b02ca9a177e6b681accee8785d2467d2d78636be4330febaa3f6907db07992a2de74e459f3ae8ee6adae20cbc75aabd2d5d3424de0ddcc3ddd981c3a4966c57f8fdb1c42db87395f0bc800ff8ddb4c228a7d793d8a997885494a8578f5433d3f82886ea573641bf16065efbc25718c88f7277ce04c94af560d8deb7968496f849d3fad78741272b08bf7aec3f3c777428d3b8b897333ae5afb6823af63cb7347601ee2e8d4e21b21a12e6d42f66a1aac26d296bc68a998d8ba179ed5f756c2efd8a7acc0e3f08093bb4a83d37f15b4fe07c90858058ad1ff0e21bb7bf4363079c5d452dba5972b21c8f41daf6f11a51d321d3c1d544190238036d907d965ff469ce4895eb7675f3e94a15f83b837b892a40390d87d76e9b15eda02366299d3dd93943466bceeb2f9e465adccc08e1a02c3ac01815931627ed327e0ffbe09563221a365b88c4f2449bd3634920d5bfbde7cdc92c4cb16a579f35f07dafc87ce6ce4de7bf9e8ff0e80b81cdab8f2164a25a0a6929679ce9ae0dc2ac7ed41a787446676f091597551dc2e8c054224bac6652bba5fb675c0b2c94d2faac160f11b7b96fc96415aca8a47fa03658b8afa24b6bd97f7dbeead9ae5f7ec1cb0d000055f41a5043c6c4c97212398b168b5cb9ee650726eabcc31b6712e815fdaae77885350884fb36d6d5444d5e5500a7d636d4eced14b9d411c765b36a4be06ca9be2965d6d6c06c3b6bcb38babeb2999ee71295d48926bf6e39363fabf74de5e57aa0b59f9dddeca142d0c50ab7ff198196c69c971e6ab591220f4e42d6525e2dbd99b6c57949c854e4ee0e4581f9e3e160b3f66b01f23f4d0472c0a1f307837ac8dac0a257d09ab82975148dcd764fe6359a5f21b9cbe2ae7b9b277489a8b3285b8289a84ff854508b4488ffcf68f47ec7a5c18a8c3d06e26b32f754ac74ea8e93a554147fd3b3daf1fbe924e2e389cac13a5f80f3a21dbd250d3917f7b5acfc739a63f2b3d6b3f099efb4be7a842215c89fc87bd8550d11ba2a4af0f111ab124503b26feeae3be3ee24168dd4553a226b9168edb11c3e61bc850adf995b4d6f1aace6db0b91f805c3d1789a3e6b470e5470968f429d5b05c8f76ca2981e37f5bde4ad00a09755c76774ead7d93f3f41255b1d56152e3699b133b2e0b277427c992323d1b4d8c438434e9e901ddd43788f80cb9a975e9dd1671ce16be5ff8033d5da824f00fd78b540edbcd69a2e9aff03e31af9afefb809434f52b4a1239fdd241ed3a268258addde19d1724155a1a4c877bd59b0659b7a786886f6ffcb5999d1f9c007d615020926f7165a9ddd4aaa3c7b631d30cc951e328131d99282ac06a18f88373092320ea5308f06c376e711aecda4cd1c2b639d9ea7a2613d4e9eaa9a0ef72774fdec622f7d131b45135d577897bf686b460a371083070139ea544bda15012251d6c8e7163c25412841faefba76765648ca7cd1b423403a654b6b5754588ae6c309621477db20f7c9236af1e422ebd3fb6d6a712e7a6d00d58416b7d65a53a2514bf51bedfe9207f16a4d79418600389b98ea8b9e06b8da708a86f191e567925af39a09ac9fd7902e8f8e77567baf1b75c05ba1eb7089b424801405afc982a8d79c80fada184a1ab3bab526a3b0a5e20d2dc6bcdd2c5cb7c49f735f3e8f4d36a388ca805876ae08f0e3acca5dd864c1fa1552068bf799095221480374fd2dcaeddb74be93470eff4fe278e190f0a131f32340ada9cca518af769f42943875f4c5707beee2179771da21cd66405b9973648bd047a516d1cf902fa1f0fcdcbc3f4c1f20fc22f9a7e9f4c3a52576399604c46f83ede44f542d06d54e6e8a1e693a2cfcbb16c178d1bace976133e72cc4533bd02b1c4ec2cc22097435aff5a682ca7227414895450831560fa682493f4814ce8fbdb190f8ce2b533ed9582638511bda93aeae5d0690f745b788db622864ba3fb60952f119427fbe66754c5c038c5fb2cb87c326d65862e353c14950bd1fa7c70e36323e9cf90c81f6275e59c7926acac1560a0b6bbc7a850817f2effa19d485315a219d49e293f871278294d02765cf72caa2f438de3337ed205bf68ff6ddaaa5e4b80de5fba022dfcf9cf074a319678df11eb77b3ef66e512b67ba5182265a60eaf457691e973d23cbaf6000537f886695074ebb616f9cdad9de7c6fe9ecfbd13d537d64c34a7c90ca56b50e60d6a7067e391e63561793edf6ed3c2eeb8555909a59ce73da1f096d41fb42de44494128324a9", @ANYRES8=r2, @ANYRESOCT=0x0], 0x5, 0x0, &(0x7f0000000000)) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r1, 0x0, 0x4080) lseek(r0, 0x1000001, 0x0) getdents64(r0, 0x0, 0x0) [ 72.595346][ T5307] Bluetooth: hci0: command tx timeout [ 72.862038][ T5322] loop0: detected capacity change from 0 to 32768 [ 72.943390][ T5322] ================================================================== [ 72.946303][ T5322] BUG: KASAN: slab-use-after-free in jfs_readdir+0x1361/0x3c50 [ 72.949077][ T5322] Read of size 8 at addr ffff88803ebcfcc8 by task syz.0.0/5322 [ 72.951774][ T5322] [ 72.952638][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-02526-gc4b9570cfb63 #0 [ 72.952652][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.952659][ T5322] Call Trace: [ 72.952666][ T5322] [ 72.952673][ T5322] dump_stack_lvl+0x241/0x360 [ 72.952694][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.952710][ T5322] ? __pfx__printk+0x10/0x10 [ 72.952725][ T5322] ? _printk+0xd5/0x120 [ 72.952739][ T5322] ? __virt_addr_valid+0x183/0x530 [ 72.952754][ T5322] ? __virt_addr_valid+0x183/0x530 [ 72.952767][ T5322] print_report+0x169/0x550 [ 72.952781][ T5322] ? __virt_addr_valid+0x183/0x530 [ 72.952794][ T5322] ? __virt_addr_valid+0x183/0x530 [ 72.952807][ T5322] ? __virt_addr_valid+0x45f/0x530 [ 72.952820][ T5322] ? __phys_addr+0xba/0x170 [ 72.952832][ T5322] ? jfs_readdir+0x1361/0x3c50 [ 72.952843][ T5322] kasan_report+0x143/0x180 [ 72.952855][ T5322] ? jfs_readdir+0x1361/0x3c50 [ 72.952868][ T5322] jfs_readdir+0x1361/0x3c50 [ 72.952886][ T5322] ? __pfx_jfs_readdir+0x10/0x10 [ 72.952897][ T5322] ? __pfx_lock_acquire+0x10/0x10 [ 72.952914][ T5322] ? down_write+0x18c/0x220 [ 72.952970][ T5322] ? __pfx_down_write+0x10/0x10 [ 72.952985][ T5322] ? __might_fault+0xaa/0x120 [ 72.952998][ T5322] ? __pfx_jfs_readdir+0x10/0x10 [ 72.953009][ T5322] wrap_directory_iterator+0x91/0xd0 [ 72.953023][ T5322] iterate_dir+0x571/0x800 [ 72.953034][ T5322] __se_sys_getdents64+0x1e2/0x4b0 [ 72.953046][ T5322] ? __pfx___se_sys_getdents64+0x10/0x10 [ 72.953057][ T5322] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 72.953068][ T5322] ? __pfx_filldir64+0x10/0x10 [ 72.953080][ T5322] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 72.953093][ T5322] ? do_syscall_64+0x100/0x230 [ 72.953107][ T5322] ? do_syscall_64+0xb6/0x230 [ 72.953120][ T5322] do_syscall_64+0xf3/0x230 [ 72.953133][ T5322] ? clear_bhb_loop+0x35/0x90 [ 72.953149][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.953164][ T5322] RIP: 0033:0x7f303ef85d29 [ 72.953175][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.953184][ T5322] RSP: 002b:00007f303fd86038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 72.953196][ T5322] RAX: ffffffffffffffda RBX: 00007f303f175fa0 RCX: 00007f303ef85d29 [ 72.953205][ T5322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 72.953211][ T5322] RBP: 00007f303f001b08 R08: 0000000000000000 R09: 0000000000000000 [ 72.953218][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 72.953224][ T5322] R13: 0000000000000000 R14: 00007f303f175fa0 R15: 00007fff8f6c6378 [ 72.953235][ T5322] [ 72.953239][ T5322] [ 73.049381][ T5322] Allocated by task 5322: [ 73.050949][ T5322] kasan_save_track+0x3f/0x80 [ 73.052580][ T5322] __kasan_slab_alloc+0x66/0x80 [ 73.054370][ T5322] kmem_cache_alloc_noprof+0x1d9/0x380 [ 73.056311][ T5322] mempool_alloc_noprof+0x197/0x5a0 [ 73.058219][ T5322] __get_metapage+0x5f4/0xdc0 [ 73.060018][ T5322] dtSplitRoot+0x2af/0x1930 [ 73.061778][ T5322] dtInsert+0x12cd/0x6c10 [ 73.063454][ T5322] jfs_create+0x7ba/0xbb0 [ 73.065564][ T5322] vfs_create+0x23c/0x3d0 [ 73.067338][ T5322] do_mknodat+0x447/0x5b0 [ 73.068959][ T5322] __x64_sys_mknod+0x8c/0xa0 [ 73.070704][ T5322] do_syscall_64+0xf3/0x230 [ 73.072383][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.074555][ T5322] [ 73.075458][ T5322] Freed by task 5322: [ 73.076925][ T5322] kasan_save_track+0x3f/0x80 [ 73.078714][ T5322] kasan_save_free_info+0x40/0x50 [ 73.080696][ T5322] __kasan_slab_free+0x59/0x70 [ 73.082524][ T5322] kmem_cache_free+0x195/0x410 [ 73.084359][ T5322] release_metapage+0x831/0xa90 [ 73.086194][ T5322] jfs_readdir+0x102d/0x3c50 [ 73.087944][ T5322] wrap_directory_iterator+0x91/0xd0 [ 73.089983][ T5322] iterate_dir+0x571/0x800 [ 73.091684][ T5322] __se_sys_getdents64+0x1e2/0x4b0 [ 73.093431][ T5322] do_syscall_64+0xf3/0x230 [ 73.095222][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.097409][ T5322] [ 73.098335][ T5322] The buggy address belongs to the object at ffff88803ebcfc98 [ 73.098335][ T5322] which belongs to the cache jfs_mp of size 184 [ 73.103215][ T5322] The buggy address is located 48 bytes inside of [ 73.103215][ T5322] freed 184-byte region [ffff88803ebcfc98, ffff88803ebcfd50) [ 73.107718][ T5322] [ 73.108557][ T5322] The buggy address belongs to the physical page: [ 73.110852][ T5322] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3ebcf [ 73.114293][ T5322] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 73.116769][ T5322] page_type: f5(slab) [ 73.118320][ T5322] raw: 04fff00000000000 ffff8880335cd640 dead000000000122 0000000000000000 [ 73.121506][ T5322] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 73.124860][ T5322] page dumped because: kasan: bad access detected [ 73.127356][ T5322] page_owner tracks the page as allocated [ 73.129603][ T5322] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5322, tgid 5321 (syz.0.0), ts 72879948764, free_ts 72870021386 [ 73.136916][ T5322] post_alloc_hook+0x1f3/0x230 [ 73.138794][ T5322] get_page_from_freelist+0x365c/0x37a0 [ 73.141233][ T5322] __alloc_pages_noprof+0x292/0x710 [ 73.143342][ T5322] alloc_pages_mpol_noprof+0x3e1/0x780 [ 73.145557][ T5322] alloc_slab_page+0x6a/0x110 [ 73.147524][ T5322] allocate_slab+0x5a/0x2b0 [ 73.149394][ T5322] ___slab_alloc+0xc27/0x14a0 [ 73.151261][ T5322] __slab_alloc+0x58/0xa0 [ 73.153012][ T5322] kmem_cache_alloc_noprof+0x268/0x380 [ 73.155292][ T5322] mempool_alloc_noprof+0x197/0x5a0 [ 73.157386][ T5322] __get_metapage+0x5f4/0xdc0 [ 73.159295][ T5322] diReadSpecial+0x25d/0x680 [ 73.161145][ T5322] jfs_mount+0x75/0x830 [ 73.163200][ T5322] jfs_fill_super+0x6b9/0xd90 [ 73.165448][ T5322] get_tree_bdev_flags+0x48c/0x5c0 [ 73.167840][ T5322] vfs_get_tree+0x90/0x2b0 [ 73.169645][ T5322] page last free pid 4729 tgid 4729 stack trace: [ 73.171896][ T5322] free_unref_page+0xd3f/0x1010 [ 73.173749][ T5322] __slab_free+0x2c2/0x380 [ 73.175453][ T5322] qlist_free_all+0x9a/0x140 [ 73.177219][ T5322] kasan_quarantine_reduce+0x14f/0x170 [ 73.179437][ T5322] __kasan_slab_alloc+0x23/0x80 [ 73.181133][ T5322] __kmalloc_noprof+0x236/0x4c0 [ 73.182853][ T5322] tomoyo_realpath_from_path+0xcf/0x5e0 [ 73.184799][ T5322] tomoyo_path_perm+0x2b7/0x740 [ 73.186523][ T5322] security_inode_getattr+0x130/0x330 [ 73.188474][ T5322] vfs_getattr+0x2a/0x3a0 [ 73.190045][ T5322] vfs_fstatat+0xa8/0x130 [ 73.191521][ T5322] __x64_sys_newfstatat+0x117/0x190 [ 73.193296][ T5322] do_syscall_64+0xf3/0x230 [ 73.194942][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.197121][ T5322] [ 73.198033][ T5322] Memory state around the buggy address: [ 73.200042][ T5322] ffff88803ebcfb80: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.202980][ T5322] ffff88803ebcfc00: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 73.205964][ T5322] >ffff88803ebcfc80: fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb [ 73.209000][ T5322] ^ [ 73.211393][ T5322] ffff88803ebcfd00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 73.214436][ T5322] ffff88803ebcfd80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.217480][ T5322] ================================================================== [ 73.237278][ T5322] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 73.240153][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-02526-gc4b9570cfb63 #0 [ 73.243914][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.247970][ T5322] Call Trace: [ 73.249356][ T5322] [ 73.250512][ T5322] dump_stack_lvl+0x241/0x360 [ 73.252282][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.254314][ T5322] ? __pfx__printk+0x10/0x10 [ 73.256103][ T5322] ? preempt_schedule+0xe1/0xf0 [ 73.257997][ T5322] ? vscnprintf+0x5d/0x90 [ 73.259672][ T5322] panic+0x349/0x880 [ 73.261173][ T5322] ? check_panic_on_warn+0x21/0xb0 [ 73.263125][ T5322] ? __pfx_panic+0x10/0x10 [ 73.264828][ T5322] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 73.267175][ T5322] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 73.269578][ T5322] ? print_report+0x502/0x550 [ 73.271355][ T5322] check_panic_on_warn+0x86/0xb0 [ 73.273298][ T5322] ? jfs_readdir+0x1361/0x3c50 [ 73.275062][ T5322] end_report+0x77/0x160 [ 73.276618][ T5322] kasan_report+0x154/0x180 [ 73.278311][ T5322] ? jfs_readdir+0x1361/0x3c50 [ 73.280100][ T5322] jfs_readdir+0x1361/0x3c50 [ 73.281784][ T5322] ? __pfx_jfs_readdir+0x10/0x10 [ 73.283586][ T5322] ? __pfx_lock_acquire+0x10/0x10 [ 73.285424][ T5322] ? down_write+0x18c/0x220 [ 73.287105][ T5322] ? __pfx_down_write+0x10/0x10 [ 73.288923][ T5322] ? __might_fault+0xaa/0x120 [ 73.290798][ T5322] ? __pfx_jfs_readdir+0x10/0x10 [ 73.292709][ T5322] wrap_directory_iterator+0x91/0xd0 [ 73.294698][ T5322] iterate_dir+0x571/0x800 [ 73.296414][ T5322] __se_sys_getdents64+0x1e2/0x4b0 [ 73.298399][ T5322] ? __pfx___se_sys_getdents64+0x10/0x10 [ 73.300503][ T5322] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 73.302698][ T5322] ? __pfx_filldir64+0x10/0x10 [ 73.304547][ T5322] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 73.306991][ T5322] ? do_syscall_64+0x100/0x230 [ 73.308723][ T5322] ? do_syscall_64+0xb6/0x230 [ 73.310548][ T5322] do_syscall_64+0xf3/0x230 [ 73.312260][ T5322] ? clear_bhb_loop+0x35/0x90 [ 73.314013][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.316255][ T5322] RIP: 0033:0x7f303ef85d29 [ 73.317912][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.325077][ T5322] RSP: 002b:00007f303fd86038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 73.328307][ T5322] RAX: ffffffffffffffda RBX: 00007f303f175fa0 RCX: 00007f303ef85d29 [ 73.331363][ T5322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 73.334394][ T5322] RBP: 00007f303f001b08 R08: 0000000000000000 R09: 0000000000000000 [ 73.337436][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.340416][ T5322] R13: 0000000000000000 R14: 00007f303f175fa0 R15: 00007fff8f6c6378 [ 73.343412][ T5322] [ 73.344846][ T5322] Kernel Offset: disabled [ 73.346486][ T5322] Rebooting in 86400 seconds..