program: syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000000000010da091a0000000000000109022d00010000200009040000010300030009210000000f220705090581030004005000090502031004090804"], 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$jfs(&(0x7f0000000100), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[], 0xfd, 0x609c, &(0x7f0000006700)="$eJzs3UuPHFfZB/CnL9NzyRvbil5ZxmLhOBASQny3IdzisGABSCAhr7E1mUQGB5BtEIksPJEXiAWXjwCbbFjki4Qda8QHwJLNKhKEQjVzjl3d0zM9jme6uuf8flK76ulT1X3K/6np7qmqPgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxHe+/cOznYi4+st0x5GI/4teRDdiua5PRD1zOS/fj4hjG0tFHI2I3mJEvf7GP4cjLkTER4ciHjy8s1rffW6X/bh45vbNT777rb//5g/3jv34zR99MNr+g/8//+Fv70Yc+f5rH35yd082HQAAAIpRVVXVSR/zj6fP9922OwUATEV+/a+SfL9arVar97T+fXe2+qMutG6qxrvbLCJivblO/Z7B4XgAmDPr8XHbXaBF8i9aPyKeabsTwEzrtN0B9sWDh3dWOynfTvP14MRme/475VD+651H13dsN51k9ByTaf183YtePLdNf5an1IdZkvPvjuZ/dbN9kJbb7/ynZbv8B5EuaipMzr83mv+Iofz/GBFzm393bP6lyvn3nyT/9d4c7//yBwAAAADg4Mt//z/S8vHfxafflF3Z6fjviSn1AQAAAAAAAAD22qcc/2/jePnR5gMZ/w8AAABmVv1ZvfanQ4/v60T87fCYZeuP+Fc6Ec+OLA8UJl0ss9J2PwAAAAAAAAAAAACgJP3Nc3ivdCIWIuLZlZWqqupb02j9pJ52/XlX+vZDydr+JQ8AAJs+OpSu5b+/tHlHJ6Keu5K+629hZWWlqpaWV6qVankxv58dLC5Vy43PtXla37c42MUb4v6gqh9sqbFe06TPy5PaRx+vfq5B1dtFx6aj7dQBKN3mq9EDr0gHTFUdjrbf5TAf7P8Hj/2f3Wj75xQAAADYf1VVVZ30dd7H0zH/btudAgCmYSm//o8eF1Cr1Wq1Wn3w6qZqvLvNIiLWm+vU7xkMxw8Ac2Y9Pm67C7RI/kXrR8SxtjsBzLRO2x1gXzx4eGe1k/LtNF8P0vju+VyQofzXOxvr5fXHTScZPcdkWj9f96IXz23Tn6NT6sMsyfl3R/O/utk+SMvtd/7Tsl3+9XYeaaE/bcv590bzH3Fw8u+Ozb9UOf/+E+Xfkz8AAAAAAMyw/Pf/I47/5k0GAAAAAAAAgLnz4OGd1Xzdaz7+/9kxy3Wac67/PDBy/p1d5+/634Mk598dzX/khJxeY/7+G4/z/9fDO6sf3P7nZ/J05vNf6A3q517odHv9dM5PtfBWXI8bsRZntizfH2o/u6V9Yaj93IT281vaB3X7cm4/Favxs7gRbz5qX5xwYtTShPZqQnvOv2f/L1LOv9+41fmvpPbOyLR2//3ulv2+OR33PJf/8p8Xt+5de20wcYl70Xu0bU319p3clz7tbOP/5JlB/OLW2s1Tv7p2+/bNs5EmQ/eeizTZYzn/hXTL+b/0wmZ7/r3f3F/vvz944vxnxb3ob5v/C435entfnnLf2pDzH6Rbzj+/Ao3f/+c5/+33/1da6A8AAAAAAAAAAAAAAADspKqqjUtEL0fEpXT9T1vXZgIAU/W776WZKgm1Wq1Wq9V7VfdnrD9DqvFebxaxNLzOpYj49bgHAwBm2X8j4h9td4LWyL9g+fv+6unn2u4MMFW33n3vJ9du3Fi7eavtngAAAAAAAAAAn1Ye//NEY/znjfOARsaNHhr/9Y04Mbfjf3YHvY2xztMGPR87j/99MnYe/7s/4fkWJrRPGrF4cUL70oT2sRd6NOT8n08Z5/yPpw0rafzXl1roT9ty/ifTWM85/y+MLNfMv/rzPOffHcr/9O13fn761rvvvXr9nWtvr7299tOzZy5dOH/xwvmLF0+/df3G2pnNf1vs8f7K+eexr50HWpacf85c/mXJ+X8+1fIvS87/xVTLvyw5//x+T/5lyfnnzz7yL0vO/+VUy78sOf8vplr+Zcn5v5Jq+Zcl5/+lVMu/LDn/V1Mt/7Lk/E+lWv5lyfmfTrX8y5Lzz0e45F+WnH8+s0H+Zcn5n0u1/MuS8z+favmXJed/IdXyL0vO/2Kq5V+WnP+lVMu/LDn/L6da/mXJ+X8l1fIvS87/tVTLvyw5/6+mWv5lyfl/LdXyL0vO/+upln9Zcv7fSLX8y5Lz/2aq5V+WnP/rqZZ/WR5//7+ZKc/8+68RM9CN/ZipqqqagW6YeYqZtn8zAQAAAAAAAAAAAACjpnE6cdvbCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9iBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuN0aOs74D+Nw/++wE4pIQQjDk7DjBkIvvzv8SE0wcIDQNLU0DodCGOsY+Owb/q8+GJIqaS5O2QURqpPZF+qIUEEVIbZUIIZVKKYpUpPZd8woUVUKtlBeWmlQmgla0JFfNzvM8t7u3t3u27+zZmc8nin++29nd52Zn9+571ncHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaLbhI9N/MpBlWf5/4491WXZ5/vc12Z78w9mdl3qFAAAAwIV6o/Hn316RPrFnCVdq2uaf3/Ov35ubm5vLPv/6mTf/bG4uXTCWZUOrs6xxWfQvv/j5XPM2wRPZ6MBg08eDPe5+qMflwz0uH+lx+aoel6/ucfloj8sX7IAF1hS/j2nc2KbGX9cVuzS7KhtpXLapw7WeGFg9OBh/l9Mw0LjO3MjB7HB2JJvOJhdcZ6DxX5a9sCG/r7uyeF+DTfe1Psuysz99dH9cw0DYx5uyljtraH7sXrsjG3v9p4/u//apV9/ZafbcDQtWmmWbN+brfDLL5n9dlQ1kq9M+iescbFrn+g7rHGpZ50Djevnf29d5donrjF/3aFjnS13WuT587qHrsyybzRbdpt0T2WC2tu1e0/4eLY6I/Dbyh/Jt2fA5HScblnCc5Nd55frW46T9mIz7f0PYJ8OLrKH54Xjt8VUL9vv5Hif5V12GYzW/7XvyOx0dbf7Vasuxmm/z6A2LHwMdH7sOx0A6lpuOgY29joHBVUONY2Bwfs0bW46BqQXXGcwGGvd15obux8DEqaMnJmYefuTmw0f3HZo+NH1sanLn9m07tm/bsWPi4OEj05PFn+e2S/vI2mwwHYMbw2tNPAbf27Zt8yE5943lex6MluR5kH/tn7oxX9Dlg9kix3i+zZObL/x5kL7vNz0PhpueBx1fUzs8D4aX8DzItzm7eWnfM4eb/u+0hpV6LVzXdAxcyu+H+X3e/77FXwvXh3U99f5z/X44tOAYiF/WQHju5Z9JP++N3hr2y8Lj4tr8gstWZadnpk9ueWjfqVMnp7IwLoormx6r9uNlbdPXlC04XgbP+XjZ8ze/vPHaDp9fF/bV6E3dH6t8m+3j3R+rxqt76/5clRX7s+WzW7MwltnF3p+dvpvl+zNliS77M9/myZsv/GfBlEuaXv9Ger3+DY0MF69/Q2lvjLS8/i18aIYaK8uyszcv7fVvJPx/sV//rirJ61++r+7f0v0YyLd5auJcj4Hhrq9/14c5ENbzvpAYRpty/5uNy2eLw7Tpsex53AwPj4TjZjjeY+txs23BdfJby+978+T5HTebr299rFp+bqngcZPvqz+f7H7c5Nu8OHXhrx1r4l+bXjtW9ToGRoZW5esdSQdB8Xo3tyYeA1uy/dnx7Eh2IF0nf5Tz+xrfurRjYFX4/2K/dlxTkmMg31fPbu1+DOTb/HDb8v7stDl8Jm3T9LNT++8XFsv81w7P3177blvuzJ+v86M/+kT6XKcMkW/z6vZzzRnd99NN4TOXddhP7c+fxY7pA9nF2U/XhHUe2dH9d1P5NlftXOLxtCfLspenXm78viv8fve7p3/0vZbf+3b6nfLLUy/fPXHvj89l/QAAnL83G3/Orip+1mz6F+ul/Ps/AAAA0Bdi7h8MM5H/AQAAoDJi7h8KM5H/AQAAoDJi7h8OM6lJ/n/w1l3PvfFYlt4NcC6Il8fdcM+Hiu1ix3s2fDw2Ny///Ie/NfLcVx5b2n0PZln2y7vf1XH7Bz8U11U4Edf5gdbPL3DNdUu6/wfum9+u+f0Tzu4qbj9+PUs9DGJX+YWJrY3bHXt4qjFfvDtrzHtnn3qiuP3i47j9mW3F9n8Z3rRkz8GBlutvDuvZFOZYeE+Ze/bM74d8xus9t/49/3Tlp+fvL15vYONbG1/ms39Q3G58j6hnriy2j1/3Yuv/x69+57l8+4du6Lz+xwY7r/9MuN1XwvzF7mL75n3+lab1/1FYf7y/eL0t3/xBx/U//45i++fDcfH1MNvXf8efvvuNTo9XvJ89txXXi/c/+d/bG9eLtxdvv339o49NteyP9tt/8fXidnZ/6WdDzdvHz8f7iR64rfX4HgiPb0uPPMuy7/xx1rKfsw8W1/uHtvXH2ztxW+f139S2zhMD1zWuP//1rGv5ur7211s7fr1xPXv+bl3L1/PMnWH/vT7xw/x2z9wbjsdw+f++VNxe+3uZPn9n6+tN3P7r64rnbby9ibb1P9O2/tnr8n3Xe/13vV6s//nbV7esf8/HwvF0VzF7rf/QX13Rcv1vfLt4PE5+efzY8ZnThw807dXm5/Hq0TVrL7v8LW+9IryWtn+89/ipB6dPjk2OTWbZWB++ZeBKr/+bYf5XMWaX/x4KP/5Zcdw9/fHi+9Z7f158/Ez4/APh8YzfH7/2FyMtx2v74z57ezEvdP3vD+tYqnd89T+uW9KGZz73wum//8NX238uiF/PibePNr6+Zzdc3bhs4MXi8vbXq17+/e2tz+ufDE825vfDfp0L78y88eri/tpvP743ydOfLJ6/8Se5eP2s7f1E1g21fh0Xuv6fhJ9jfnBN6+tfPD6+/1jbuzmvywbyJcyG14dstrg8bhX399Nnr+54f/F9eLLZd57LMhc18/DMxJHDx04/NHFqeubUxMzDj+w9evz0sVN7G+9duvcLva4///xe23h+H5jeuT1rPNuPF2OFXer1n7hv/4FbJm88MH1w3+mDp+47MX3y0P6Zmf3TB2Zu3Hfw4PSXe13/8IHdU1t3bbtl6/ihwwd237pr17Zd44ePHc+XUSyqh52TXxw/dnJv4yozu7fvmtqxY/vk+NHjB6Z33zI5OX661/Ub35vG82t/afzk9JF9pw4fnR6fOfzI9O6pXTt3bu357o9HTxycGZs4efrYxOmZ6ZMTxdcydqrx6fx7X6/rUw8zx8PrXZuB8NP5Z2/amd4fN/etxxe9qWKT1h9Ps9fCe0HF72+9Po65fyTMpCb5HwAAAOog5v7wxv/zF8j/AAAAUBkx968OM5H/AQAAoDJi7i+S/2g6/Xtd8v9y9f8f1/9v0P/X/8/0/xP9f/3/TP9f/78H/X/9/35ev/6//j+9la3/H3J/tibL/Ps/AAAAVFTM/WvDTOR/AAAAqIyY+y8LM5H/AQAAoDJi7r88zKQm+d/5//X/9f+79f/jtvr/mf5/Gfr/m/5T/38B/X/9/0z//7xd6v58v6+/hP3/Nfr/lE3Z+v8x978lzKQm+R8AAADqIOb+t4aZyP8AAABQGTH3XxFmIv8DAABAZcTcvy7MpCb5X/9f/1//3/n/9f/7pv/v/P8d6P/r/2f6/+dtkf58/kOh/n9/9v+d/5/SKVv/P+b+XwkzqUn+BwAAgDqIuf9tYSbyPwAAAFRGzP1XhpnI/wAAAFAZMfdfFWZSk/xfz/7/K1mW6f9n+v/6/23r1P/X/18J+v/6/93o/5ey/+/8//r/+v8sm7L1/2Puf3uYSU3yPwAAANRBzP1Xh5nI/wAAAFAZMfe/I8xE/gcAAIDKiLn/mjCTmuT/evb/nf9f/7+g/9+6Tv1//f+VoP+v/9+N/r/+fz+vX/9f/5/eytb/j7n/nWEmNcn/AAAAUAcx918bZiL/AwAAQGXE3P+uMBP5HwAAACoj5v71YSY1yf/6//r/+v/6//r/+v8rqb/6/4OLXqL/X9D/b7V8/f/Z+QXo//fN+vX/9f/prWz9/5j73x1mUpP8DwAAAHUQc/97wkzkfwAAAKiMmPuvCzOR/wEAAKAyYu4fCzOpSf7X/9f/1//X/9f/1/9fSf3V/1+c/n9B/7/V0vr/A8PzC3D+/+V0qdev/6//T29l6//H3L8hzKQm+R8AAADqIOb+jWEm8j8AAABURsz914eZyP8AAABQGTH3bwozqUn+1//X/9f/1//X/9f/X0n6//r/3dSj/9+8AP3/5XSp16//r/9Pb2Xr/8fcf0OYSU3yPwAAANRBzP03hpnI/wAAAFAZMfe/N8xE/gcAAIDKiLl/c5hJTfK//r/+v/5/H/f/h/T/M/3/0tP/1//vRv+/XP3/Yf1//X/9f5ZZ2fr/Mfe/L8ykJvkfAAAA6iDm/veHmcj/AAAAUBkx998UZiL/AwAAQGXE3D8eZlKT/K//r/+v/9/H/X/n/29Z/zL0/0eaP6//vzz0//X/u9H/L1f/3/n/9f/1/1luZev/x9x/c5hJTfI/AAAA1EHM/VvCTOR/AAAAqIyY+yfCTOR/AAAAqIyY+yfDTKqQ///tbM9N9P8vZv+/sY/1//X/9f/D5SXs/zv//wrQ/9f/70b/X/+/n9ev/6//T29l6//H3D8VZlKF/A8AAAA0xNy/NcxE/gcAAIDKiLl/W5iJ/A8AAACVEXP/9jCTmuT/Pun/b0kFqL7u/zv/v/6//n8t+v//E14U9f8b9P/1/7vR/9f/7+f1X4L+/3DzB/r/lM1gh8+Vrf8fc/+OMJOa5H8AAACog5j7d4aZyP8AAABQGTH33xJmIv8DAABAZcTcf2uYSU3yf5/0/yty/n/9f/1//f9a9P8D5/8v6P/r/3ej/6//38/rP7f+/2fav905/z+1ULb+f8z9u8JMapL/AQAAoA5i7v9AmIn8DwAAAJURc/9tYSbyPwAAAPSVTuchjGLu/2CYSU3yv/5/1fv/c6v1//X/9f+7r1//f2Xp/+v/d6P/r//fz+u/BOf/b6H/Tz8oW/8/5v7dYSY1yf8AAABQBzH3fyjMRP4HAACAyoi5//YwE/kfAAAAKiPm/j1hJjXJ//r/Ve//1+b8/43L9f/1//X/y0f/X/+/G/3//uz/hx9b9P9L1P/PjyH9f8qobP3/mPvvCDOpSf4HAACAOoi5/8NhJvI/AAAAVEbM/R8JM5H/AQAAoDJi7v9omElN8r/+v/5/Rfr/zv+v/6//X1L6/yvW/2+8FOr/Fxbt/6/R/+9mvj9/hfP/93n/3/n/Kauy9f9j7r8zzKQm+R8AAADqIOb+j4WZyP8AAABQGTH3/2qYifwPAAAAlRFz/11hJjXJ//r/+v/6//r/+v/6/ytJ/9/5/7tx/v+y9P8vTX++39ev/6//T29l6//H3P9rYSY1yf8AAABQBzH33x1mIv8DAABAZcTc//EwE/kfAAAA+syqRS+Juf/Xw0xqkv/7r/8/1pf9/8F0+/r/+v/6//r/+v/LSf9f/z/T/z9vl7o/3+/r1//X/6e3svX/Y+7/jTCTmuR/AAAAqIOY+z8RZiL/AwAAQGXE3P+bYSbyPwAAAFRGzP33hJnUJP8vd/+//frdOP+//n+m/6//r/+v/3+B+qn/P6L/v4D+v/5/P69f/1//n97K1v+Puf+3wkxqkv8BAACgDmLuvzfMRP4HAACAknrwnK8Rc/8nw0zkfwAAAKiMmPs/FWZSk/zff+f/77/+f377+v/6/5n+v/5/017V/18+/dT/d/7/hfT/9f/7ef36//r/9Fa2/n/M/feFmdQk/wMAAEAdxNz/6TAT+R8AAAAqI+b+3w4zkf8BAACgMmLu/0yYSU3yv/6/8//r/+v/6//r/68k/f+F/f/8NUz/v6D/r//fz+vX/9f/p7ey9f9j7v9smElN8j8AAADUQcz9vxNmIv8DAABAZcTc/7thJvI/AAAAVEbM/feHmdQk/+v/6//r/+v/6//r/68k/X/n/+9G/1//v5/Xr/+v/09vZev/x9z/uTCTmuR/AAAAqIOY+38vzET+BwAAgMqIuX9vmIn8DwAAAJURc/8DYSY1yf/6//r/+v/17f+vblun/r/+/0rQ/9f/70b/X/+/n9ev/6//T29l6//H3L8vzGRP690AAAAA/Svm/s+HmdTk3/8BAACgDmLu3x9mIv8DAABAZcTcfyDMpCb5X/9f/1//v779f+f/L+j/ryz9f/3/bvT/9f/7ef36//r/9Hax+//x+8Bi/f+Y+6ezrJb5HwAAAOog5v6DYSbyPwAAAFRGzP2HwkzkfwAAAKiMmPsfDDOpSf7X/9f/1/+vbf//pe+2rVP/X/9/Jej/6/93o/+v/9/P69f/1/+nt7Kd/z/m/sNhJjXJ/wAAAFAHMfd/IcxE/gcAAIDKiLn/i2Em8j8AAABURsz9R8JMapL/9f/1//X/z6v//39z/d//X9r5/9fM36/+v/7/+dD/1//vRv9f/7+f16//r/9Pb2Xr/8fcfzTMpCb5HwAAAOog5v5jYSbyPwAAAFRGzP3Hw0zkfwAAAKiMmPtPhJnUJP/r/59b/39gkW6g/n/n9Ve4/99Qi/5/E/1//f/zof+v/9/NRej/v9l8Ff3/Vpe6P9/v69f/1/+nt1L0/0fmP465//fDTGqS/wEAAKAOYu4/GWYi/wMAAPD/7N1Xs6V1lcfxPYduGmqKmrfA1VzPXHnpS/A1WMU7MGcwY1bMWRFzQswYMOecE+aIKCoG1Cqs7rPWavp0n2fv7t67z/P81+dz4Rqa9DDTTM2v4Dt/hpG7/0Fxi/0PAAAAw8jd/+C4pcn+P7P/P6b/9/6//l//r/8P+v/t0P/r/6d4/1//v+Tv1//r/1lvFv3/fX45d/9D4pYm+x8AAAA6yN3/0LjF/gcAAIBh5O5/WNxi/wMAAMAwcvc/PG5psv+9/6//1//r//X/+v9d0v/r/w+T/7tI/6//X+r36//1/6w3t/4/d/8j4pYm+x8AAAA6yN3/yLjF/gcAAIBh5O5/VNxi/wMAAMAwcvc/Om5psv/1//p//b/+X/9/zv7/bv3/duj/9f9TvP+v/1/y9+v/z7//P7buD8pw5tb/5+5/TNzSZP8DAABAB7n7Hxu32P8AAAAwjNz9j4tb7H8AAAAYRu7+a+OWFvv/mP5f/6//X2L/f0z/7/3/5dD/6/+n6P/1/0f3/VetViv9v/f/2bW59f+5+6+LW1rsfwAAAOghd//j4xb7HwAAABZgb6PfKnf/E+IW+x8AAACGkbv/iXFLk/2v/9f/6/8X2P97/1//vyD6//H7///R/+v/F9n/e/9f/8+lMLf+P3f/k+KWJvsfAAAAOsjd/+S4xf4HAACAYeTuf0rcYv8DAADAMHL3PzVuabL/9f/6f/2//l//r//fJf3/+P3/6lz9/InNvkf/r/9f8vfr//X/rLfz/v8B15+6m/b/ufuvj1ua7H8AAADoIHf/0+IW+x8AAACGkbv/6XGL/Q8AAADDyN3/jLilyf7X/+v/T/f/9/6X/l//r/8//eP6/+3Q/zft/zek/9f/L/n79f/6f9bbef+/pvc/+Mu5+58ZtzTZ/wAAANBB7v5nxS32PwAAAAwjd/+z4xb7HwAAAIaRu/85cUuT/a//1/97/1//r//X/++S/n+2/f/Bv/XOpP/fiP5f/39Y/3//Db5f/08Hc+v/c/c/N25psv8BAACgg9z9z4tb7H8AAAAYRu7+G+IW+x8AAACGkbv/+XFLk/3fpv8/kPPp//fp//X/q7P6/72W/f/JH9P/74b+f7b9/zT9/0b0//p/7//r/5k2t/4/d/8L4pYm+x8AAAA6yN3/wrjF/gcAAIBh5O5/Udxi/wMAAMAwcve/OG5psv/b9P8H6P/3XXT/f0L/P17/f57v/182Rv/v/f/d0f/r/6fo//X/S/5+/b/+n/Xm1v/n7n9J3NJk/wMAAMDw9la1+18at9j/AAAAMIzc/S+LW+x/AAAAGEbu/pfHLU32v/5f/+/9f/3/RfX/g7z/r//fHf2//n/Kpv3/Sv9ffy36//l8v/5f/896c+v/c/e/Im5psv8BAACgg9z9r4xb7H8AAAAYRu7+V8Ut9j8AAAAMI3f/q+OWJvtf/6//1//r//X/+v9d0v/r/6d4/1//v+Tv1//r/1lvbv1/7v7XxC1N9j8AAAB0kLv/tXGL/Q8AAADDyN1/Y9xi/wMAAMAwcve/Lm45uP/3LuVXXTr6f/2//l//r//X/++S/l//P2Xk/v/eExfe/19xyJ9P/7/h999yXP+/w/4//57S/7OJufX/uftvilv8838AAAAYRu7+18ct9j8AAAAMI3f/G+IW+x8AAACGkbv/jXFLk/1/WP9/13/v/3r9/2b0/+f+fv2//n/T/v+e20//fvp//f/50P/r/1cz7f+9/+/9/3W//1L7/6T/ZxNz6/9z978pbmmy/wEAAKCD3P1vjlvsfwAAABhG7v63xC32PwAAAAwjd/9b45Ym+3/77/9frf/X/+v/4+r/vf+v/9f/6/+n6f/1/0v+fv2//p/1ttP/X7baVv+fu/9tcUuT/Q8AAAAd5O5/e9xi/wMAAMAwcve/I26x/wEAAGAYufvfGbc02f/b7/+9/6//P8/+f69Z/3/jbfr/+PX6f/3/Nuj/9f8r/f8FO+p+funfr//X/7Pe3N7/z91/86mp12//AwAAQAc3n/rPK1bvilvsfwAAABhG7v5b4hb7HwAAAIaRu//dcUuT/a//1/8fef/v/f+i/4//uer/9f/nQf+v/1/p/y/YUffzS/9+/b/+n/Xm1v/n7n9P3NJk/wMAAEAHufvfG7fY/wAAADCM2P37//K7/Q8AAABDet+p/7xi9f64pcn+b9z/X32x/f+V9/mv9f/n/n79/1b6/5sP/tzT/+v/l0T/r/+fov/X/y/5++fT/8cPXKv/Z37m1v/n7v9A3NJk/wMAAEAHufs/GLfY/wAAADCM3P23xi32PwAAAAwjd/+H4pYm+79x/z/I+/8PvDO+QP8/bv/v/f+4i+r/79L/J/2//n+K/l//v+Tvn0//7/1/5mtu/X/u/g/HLU32PwAAAHSQu/8jcYv9DwAAAMPI3f/RuMX+BwAAgGHk7r8tbmmy//X/S+//vf+v/9f/z7L/9/5/0f/r/6fo//dO/V8i+v9lfr/+X//PenPr/3P3fyxuabL/AQAAoIPc/R+PW+x/AAAAGEbu/k/ELfY/AAAADCN3/yfjlib7X/+v/99V/3/yT6L/b9L/X6f/X+n/D6X/1/9P0f97/3/J36//1/+z3tz6/9z9n4pbmux/AAAA6CB3/6fjFvsfAAAAhpG7/zNxi/0PAAAAw8jd/9m44f+vOrpP2q7jh/x49Ob6/9Vq7z7xsf7f+//6f+//J/3/duj/9f9T9P/6/yV/v/5f/896c+v/c/d/Lm7xz/8BAABgGLn7Px+32P8AAAAwjNz9X4hb7H8AAAAYRu7+L8YtTfa//t/7//r/xfb/V+r/z/x+/f886f/1/1P0//r/JX+//l//z3pz6/9z938pbmmy/wEAAKCD3P1fjlvsfwAAABhG7v6vxC32PwAAAAwjd/9X45Ym+1//r//X/y+2//f+/4Hv1//Pk/5f/z9F/6//X/L36//1/6w3t/4/d//X4pYm+x8AAAA6yN3/9bjF/gcAAIBh5O7/Rtxi/wMAAMAwcvd/M25psv/1//p//b/+X/+v/98l/f94/f/Jvwf0//v0/7Po//Onif5f/88Mza3/z93/rbilyf4HAACADnL3fztusf8BAABg7g7+652Hyt3/nbjF/gcAAIBh5O7/btzSZP+P3P9P/Wb6/336f/3/Sv+v/98x/f94/b/3/0/bpP8/4/8DgP5/q476+/X/+n/Wm1v/n7v/e3FLk/0PAAAAHeTu/37cYv8DAADAMHL3/yBusf8BAABgGLn7fxi3NNn/I/f/U/T/+/T/+v+V/l//v2P6f/3/lA79/xn0/1t11N+v/9f/s94R9f/HV4f0/7n7fxS3NNn/AAAA0EHu/tvjFvsfAAAAhpG7/8dxi/0PAAAAw8jd/5O4ZZz9f82tE79S/7/1/v/UTyL9v/5/pf/X/+v/T9H/6/+n6P/1/0v+fv2//p/15vb+f+7+n8Yt4+x/AAAAaC93/8/iFvsfAAAAhpG7/+dxi/0PAAAAw8jd/4u4pcn+n2v/f/C//Qvq/y/o/f/8Bv2//n/H/f9lK/2//v8S0//r/6csp/8/ds4f1f/r//X/+n+mza3/z93/y7ilyf4HAACADnL3/ypusf8BAABgGLn7fx232P8AAAAwjNz9v4lbmuz/ufb/C37//4L6/4t7//90Pa3/P8r+f++sP/4M+3/v/+v/Lzn9v/5/ynL6/3PT/+v/7/d//3tN/rzT/+v/Odvc+v/c/b+NW5rsfwAAAOggd//v4hb7HwAAAIaRu/+OuMX+BwAAgGHk7v993NJk/+v/R+j/vf8/j/7/7D++/n93/f/JH9P/L4P+X/8/Rf+v/1/y93v/X//PenPr/3P33xm3NNn/AAAA0EHu/j/ELfY/AAAADCN3/x/jltj/lx/JVwEAAADblLv/rrilyT//1//r/4fs/0/07f/vaNL/e/9/OfT/+v8p+n/9/5K/X/+v/2e9ufX/ufv/FLc02f8AAADQQe7+P8ct9j8AAAAMI3f/X+IW+x8AAACGkbv/7rilyf7X/+v/z7//P15/3bPt/73/r//X/8/GuP3/5fp//f9F9/833LT/w/r/ZX6//l//z3pz6/9z9/81bmmy/wEAAKCD3P1/i1vsfwAAABhG7v6/xy32PwAAAAwjd/8/4pYm+1//r/8f8v1//b/+X/8/G+P2/97/1/97///i+vm9hX+//l//zybm1v/n7r8nbmmy/wEAAKCD3P3/jFvsfwAAABhG7v5/xS32PwAAAAwjd/+/45Ym+1//r//X/+v/9f/6/13S/+v/p+j/O/f/y/9+/b/+n/Xm1v/n7v9PAAAA//9AODfC") link(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') setxattr$trusted_overlay_upper(&(0x7f0000006600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000001c0), &(0x7f00000004c0)=ANY=[], 0x835, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000), 0x0, 0x0, 0x2) setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080), &(0x7f0000000440)={0x0, 0xfb, 0x37, 0x4, 0x7, "96bcc8f992c6b5485ebdb7a4f09184fc", "48c6375108c9d8f080439852eb647bcc764d63bb3e772f2ff1dbd1ccd7196f2ebe78"}, 0x37, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='huge=always,size=0']) chdir(&(0x7f0000000140)='./file0\x00') r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r8, &(0x7f0000000140)='2', 0xfdef, 0xfecc) r9 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1db) writev(r9, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1) sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x2, 0x0, 0x0, {{0x100, 0x9, 0x6}}}]}]}]}}]}, 0x50}}, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f00000000c0)={@remote, r3}, 0x14) sendmmsg$inet6(r1, &(0x7f0000000500)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000001f40)=[@pktinfo={{0x24, 0x29, 0x32, {@remote, r3}}}, @dstopts={{0x18, 0x29, 0x37, {0x3c}}}], 0x40}}], 0x1, 0x4000005) mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) [ 68.882613][ T4704] Bluetooth: hci0: command tx timeout [ 69.149467][ T50] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 69.300158][ T50] usb 5-1: Using ep0 maxpacket: 16 [ 69.306153][ T50] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.310925][ T50] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 69.316333][ T50] usb 5-1: New USB device found, idVendor=09da, idProduct=001a, bcdDevice= 0.00 [ 69.321133][ T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.333757][ T50] usb 5-1: config 0 descriptor?? [ 69.337837][ T5355] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 69.346080][ T50] usbhid 5-1:0.0: can't add hid device: -22 [ 69.348784][ T50] usbhid 5-1:0.0: probe with driver usbhid failed with error -22 [ 69.731284][ T5355] loop0: detected capacity change from 0 to 32768 [ 69.764391][ T103] blkno = 8ed2c, nblocks = 1 [ 69.766468][ T103] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 69.766468][ T103] [ 69.774475][ T5355] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'. [ 69.783443][ T103] ERROR: (device loop0): remounting filesystem as read-only [ 69.786549][ T103] JFS: metapage_get_blocks failed [ 69.790232][ T5355] MetaData crosses page boundary!! [ 69.799544][ T5355] lblock = 60b00, size = 528384 [ 69.801835][ T103] ================================================================== [ 69.805169][ T103] BUG: KASAN: slab-use-after-free in release_metapage+0x5ff/0xac0 [ 69.808586][ T103] Read of size 8 at addr ffff8880441c0b40 by task jfsCommit/103 [ 69.811820][ T103] [ 69.812859][ T103] CPU: 0 UID: 0 PID: 103 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) [ 69.812873][ T103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.812880][ T103] Call Trace: [ 69.812886][ T103] [ 69.812892][ T103] dump_stack_lvl+0x189/0x250 [ 69.812909][ T103] ? __virt_addr_valid+0x1c8/0x5c0 [ 69.812923][ T103] ? rcu_is_watching+0x15/0xb0 [ 69.812934][ T103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.812945][ T103] ? rcu_is_watching+0x15/0xb0 [ 69.812955][ T103] ? lock_release+0x4b/0x3e0 [ 69.812970][ T103] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 69.813025][ T103] ? __virt_addr_valid+0x1c8/0x5c0 [ 69.813037][ T103] ? __virt_addr_valid+0x4a5/0x5c0 [ 69.813049][ T103] print_report+0xca/0x240 [ 69.813060][ T103] ? release_metapage+0x5ff/0xac0 [ 69.813073][ T103] kasan_report+0x118/0x150 [ 69.813086][ T103] ? rcu_is_watching+0x15/0xb0 [ 69.813095][ T103] ? release_metapage+0x5ff/0xac0 [ 69.813110][ T103] release_metapage+0x5ff/0xac0 [ 69.813123][ T103] ? folio_unlock+0x101/0x160 [ 69.813136][ T103] ? put_metapage+0x188/0x200 [ 69.813149][ T103] txUnlock+0x524/0xdf0 [ 69.813161][ T103] jfs_lazycommit+0x584/0xa90 [ 69.813173][ T103] ? __pfx_jfs_lazycommit+0x10/0x10 [ 69.813182][ T103] ? __pfx_default_wake_function+0x10/0x10 [ 69.813197][ T103] ? __kthread_parkme+0x7b/0x200 [ 69.813208][ T103] ? __kthread_parkme+0x1a1/0x200 [ 69.813219][ T103] kthread+0x70e/0x8a0 [ 69.813232][ T103] ? __pfx_jfs_lazycommit+0x10/0x10 [ 69.813241][ T103] ? __pfx_kthread+0x10/0x10 [ 69.813253][ T103] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.813266][ T103] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.813280][ T103] ? __pfx_kthread+0x10/0x10 [ 69.813292][ T103] ret_from_fork+0x3fc/0x770 [ 69.813302][ T103] ? __pfx_ret_from_fork+0x10/0x10 [ 69.813313][ T103] ? __pfx_kthread+0x10/0x10 [ 69.813325][ T103] ret_from_fork_asm+0x1a/0x30 [ 69.813341][ T103] [ 69.813345][ T103] [ 69.889722][ T103] Allocated by task 5355: [ 69.891533][ T103] kasan_save_track+0x3e/0x80 [ 69.893666][ T103] __kasan_slab_alloc+0x6c/0x80 [ 69.895832][ T103] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 69.898179][ T103] mempool_alloc_noprof+0x1a4/0x510 [ 69.900419][ T103] __get_metapage+0x509/0xde0 [ 69.902353][ T103] dtSplitRoot+0x202/0x16c0 [ 69.904246][ T103] dtInsert+0xef8/0x5f40 [ 69.906298][ T103] jfs_link+0x312/0x550 [ 69.908022][ T103] vfs_link+0x4ea/0x6e0 [ 69.909911][ T103] do_linkat+0x272/0x560 [ 69.911542][ T103] __x64_sys_link+0x82/0x90 [ 69.913300][ T103] do_syscall_64+0xfa/0x3b0 [ 69.914865][ T103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.917206][ T103] [ 69.918149][ T103] Freed by task 5355: [ 69.919620][ T103] kasan_save_track+0x3e/0x80 [ 69.921513][ T103] kasan_save_free_info+0x46/0x50 [ 69.923731][ T103] __kasan_slab_free+0x5b/0x80 [ 69.925804][ T103] kmem_cache_free+0x18f/0x400 [ 69.927834][ T103] release_metapage+0x859/0xac0 [ 69.929811][ T103] dtSearch+0x557/0x21b0 [ 69.931412][ T103] jfs_lookup+0x155/0x380 [ 69.933528][ T103] lookup_one_qstr_excl+0x131/0x360 [ 69.935448][ T103] filename_create+0x224/0x3c0 [ 69.937253][ T103] do_mkdirat+0xa0/0x590 [ 69.938819][ T103] __x64_sys_mkdirat+0x87/0xa0 [ 69.940608][ T103] do_syscall_64+0xfa/0x3b0 [ 69.942363][ T103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.944634][ T103] [ 69.945669][ T103] The buggy address belongs to the object at ffff8880441c0aa8 [ 69.945669][ T103] which belongs to the cache jfs_mp of size 184 [ 69.950617][ T103] The buggy address is located 152 bytes inside of [ 69.950617][ T103] freed 184-byte region [ffff8880441c0aa8, ffff8880441c0b60) [ 69.956034][ T103] [ 69.957018][ T103] The buggy address belongs to the physical page: [ 69.959274][ T103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x441c0 [ 69.962439][ T103] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 69.965277][ T103] page_type: f5(slab) [ 69.967036][ T103] raw: 04fff00000000000 ffff88803245eb40 dead000000000122 0000000000000000 [ 69.970527][ T103] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 69.974012][ T103] page dumped because: kasan: bad access detected [ 69.976617][ T103] page_owner tracks the page as allocated [ 69.979006][ T103] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5355, tgid 5354 (syz.0.0), ts 69743659147, free_ts 69369337669 [ 69.986489][ T103] post_alloc_hook+0x240/0x2a0 [ 69.988380][ T103] get_page_from_freelist+0x21e4/0x22c0 [ 69.990577][ T103] __alloc_frozen_pages_noprof+0x181/0x370 [ 69.992858][ T103] alloc_pages_mpol+0x232/0x4a0 [ 69.994716][ T103] allocate_slab+0x8a/0x370 [ 69.996699][ T103] ___slab_alloc+0xbeb/0x1420 [ 69.998556][ T103] kmem_cache_alloc_noprof+0x283/0x3c0 [ 70.000635][ T103] mempool_alloc_noprof+0x1a4/0x510 [ 70.002607][ T103] __get_metapage+0x509/0xde0 [ 70.004455][ T103] diReadSpecial+0x25b/0x710 [ 70.006415][ T103] jfs_mount+0x73/0x870 [ 70.008094][ T103] jfs_fill_super+0x6bc/0xd80 [ 70.009973][ T103] get_tree_bdev_flags+0x40e/0x4d0 [ 70.012066][ T103] vfs_get_tree+0x8f/0x2b0 [ 70.013916][ T103] do_new_mount+0x2a2/0x9e0 [ 70.015822][ T103] __se_sys_mount+0x317/0x410 [ 70.017977][ T103] page last free pid 4754 tgid 4754 stack trace: [ 70.020664][ T103] __free_frozen_pages+0xbc4/0xd30 [ 70.022801][ T103] rcu_core+0xcab/0x1770 [ 70.024567][ T103] handle_softirqs+0x283/0x870 [ 70.026529][ T103] __irq_exit_rcu+0xca/0x1f0 [ 70.028424][ T103] irq_exit_rcu+0x9/0x30 [ 70.030222][ T103] sysvec_apic_timer_interrupt+0x57/0xc0 [ 70.032578][ T103] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 70.035155][ T103] [ 70.036244][ T103] Memory state around the buggy address: [ 70.038384][ T103] ffff8880441c0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 70.041701][ T103] ffff8880441c0a80: fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb [ 70.045066][ T103] >ffff8880441c0b00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 70.049147][ T103] ^ [ 70.052318][ T103] ffff8880441c0b80: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 70.056312][ T103] ffff8880441c0c00: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 70.060088][ T103] ================================================================== [ 70.064312][ T5355] CPU: 0 UID: 0 PID: 5355 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 70.064329][ T5355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.064338][ T5355] Call Trace: [ 70.064343][ T5355] [ 70.064348][ T5355] dump_stack_lvl+0x189/0x250 [ 70.064368][ T5355] ? kasan_quarantine_put+0xdd/0x220 [ 70.064384][ T5355] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.064398][ T5355] ? __pfx__printk+0x10/0x10 [ 70.064415][ T5355] ? folio_unlock+0x101/0x160 [ 70.064434][ T5355] __get_metapage+0x9ea/0xde0 [ 70.064454][ T5355] dtSearch+0x591/0x21b0 [ 70.064489][ T5355] jfs_lookup+0x155/0x380 [ 70.064505][ T5355] ? __pfx_jfs_lookup+0x10/0x10 [ 70.064527][ T5355] ? do_raw_spin_unlock+0x4d/0x240 [ 70.064537][ T5355] ? _raw_spin_unlock+0x28/0x50 [ 70.064547][ T5355] ? d_alloc+0x144/0x190 [ 70.064558][ T5355] lookup_one_qstr_excl+0x131/0x360 [ 70.064570][ T5355] filename_create+0x224/0x3c0 [ 70.064580][ T5355] ? __pfx_filename_create+0x10/0x10 [ 70.064590][ T5355] do_mkdirat+0xa0/0x590 [ 70.064602][ T5355] ? __pfx_do_mkdirat+0x10/0x10 [ 70.064623][ T5355] ? getname_flags+0x1e5/0x540 [ 70.064641][ T5355] __x64_sys_mkdirat+0x87/0xa0 [ 70.064655][ T5355] do_syscall_64+0xfa/0x3b0 [ 70.064667][ T5355] ? lockdep_hardirqs_on+0x9c/0x150 [ 70.064684][ T5355] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.064693][ T5355] ? clear_bhb_loop+0x60/0xb0 [ 70.064703][ T5355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.064710][ T5355] RIP: 0033:0x7f533ad8d457 [ 70.064718][ T5355] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.064725][ T5355] RSP: 002b:00007f533bcd2e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 70.064737][ T5355] RAX: ffffffffffffffda RBX: 00007f533bcd2ef0 RCX: 00007f533ad8d457 [ 70.064746][ T5355] RDX: 00000000000001ff RSI: 0000200000000100 RDI: 00000000ffffff9c [ 70.064753][ T5355] RBP: 0000200000000040 R08: 0000200000000000 R09: 0000000000000000 [ 70.064760][ T5355] R10: 0000200000000040 R11: 0000000000000246 R12: 0000200000000100 [ 70.064768][ T5355] R13: 00007f533bcd2eb0 R14: 0000000000000000 R15: 0000000000000000 [ 70.064786][ T5355] [ 70.064791][ T5355] bread failed! [ 70.178545][ T5355] jfs_lookup: dtSearch returned -5 [ 70.182608][ T5355] MetaData crosses page boundary!! [ 70.184755][ T5355] lblock = 60b00, size = 528384 [ 70.186798][ T5355] CPU: 0 UID: 0 PID: 5355 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 70.186812][ T5355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.186819][ T5355] Call Trace: [ 70.186826][ T5355] [ 70.186831][ T5355] dump_stack_lvl+0x189/0x250 [ 70.186850][ T5355] ? kasan_quarantine_put+0xdd/0x220 [ 70.186865][ T5355] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.186879][ T5355] ? __pfx__printk+0x10/0x10 [ 70.186897][ T5355] ? folio_unlock+0x101/0x160 [ 70.186917][ T5355] __get_metapage+0x9ea/0xde0 [ 70.186938][ T5355] dtSearch+0x591/0x21b0 [ 70.186972][ T5355] jfs_lookup+0x155/0x380 [ 70.186987][ T5355] ? __pfx_jfs_lookup+0x10/0x10 [ 70.186999][ T5355] ? d_alloc_parallel+0x14ae/0x15e0 [ 70.187022][ T5355] ? __lock_acquire+0xab9/0xd20 [ 70.187038][ T5355] ? __pfx_d_alloc_parallel+0x10/0x10 [ 70.187051][ T5355] ? __raw_spin_lock_init+0x45/0x100 [ 70.187064][ T5355] ? __init_waitqueue_head+0xa9/0x150 [ 70.187080][ T5355] __lookup_slow+0x297/0x3d0 [ 70.187092][ T5355] ? __pfx___lookup_slow+0x10/0x10 [ 70.187112][ T5355] ? down_read+0x1ad/0x2e0 [ 70.187126][ T5355] lookup_slow+0x53/0x70 [ 70.187136][ T5355] walk_component+0x2d2/0x400 [ 70.187151][ T5355] ? path_lookupat+0x156/0x430 [ 70.187164][ T5355] path_lookupat+0x163/0x430 [ 70.187181][ T5355] filename_lookup+0x212/0x570 [ 70.187200][ T5355] ? __pfx_filename_lookup+0x10/0x10 [ 70.187232][ T5355] ? strncpy_from_user+0x150/0x290 [ 70.187248][ T5355] ? getname_flags+0x1e5/0x540 [ 70.187266][ T5355] user_path_at+0x3a/0x60 [ 70.187277][ T5355] __se_sys_mount+0x2d3/0x410 [ 70.187297][ T5355] ? __pfx___se_sys_mount+0x10/0x10 [ 70.187307][ T5355] ? rcu_is_watching+0x15/0xb0 [ 70.187317][ T5355] ? do_syscall_64+0xbe/0x3b0 [ 70.187324][ T5355] ? __x64_sys_mount+0x20/0xc0 [ 70.187338][ T5355] do_syscall_64+0xfa/0x3b0 [ 70.187347][ T5355] ? lockdep_hardirqs_on+0x9c/0x150 [ 70.187363][ T5355] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.187373][ T5355] ? clear_bhb_loop+0x60/0xb0 [ 70.187386][ T5355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.187395][ T5355] RIP: 0033:0x7f533ad8ebe9 [ 70.187406][ T5355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.187414][ T5355] RSP: 002b:00007f533bcd3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 70.187426][ T5355] RAX: ffffffffffffffda RBX: 00007f533afc5fa0 RCX: 00007f533ad8ebe9 [ 70.187433][ T5355] RDX: 0000200000000080 RSI: 00002000000003c0 RDI: 0000000000000000 [ 70.187440][ T5355] RBP: 00007f533ae11e19 R08: 0000200000000000 R09: 0000000000000000 [ 70.187446][ T5355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.187453][ T5355] R13: 00007f533afc6038 R14: 00007f533afc5fa0 R15: 00007ffdc260fde8 [ 70.187470][ T5355] [ 70.187475][ T5355] bread failed! [ 70.326098][ T5355] jfs_lookup: dtSearch returned -5 [ 70.329762][ T5356] MetaData crosses page boundary!! [ 70.331841][ T5356] lblock = 60b00, size = 528384 [ 70.333854][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 70.333866][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.333871][ T5356] Call Trace: [ 70.333874][ T5356] [ 70.333878][ T5356] dump_stack_lvl+0x189/0x250 [ 70.333892][ T5356] ? kasan_quarantine_put+0xdd/0x220 [ 70.333903][ T5356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.333912][ T5356] ? __pfx__printk+0x10/0x10 [ 70.333928][ T5356] ? folio_unlock+0x101/0x160 [ 70.333947][ T5356] __get_metapage+0x9ea/0xde0 [ 70.333965][ T5356] dtSearch+0x591/0x21b0 [ 70.333988][ T5356] jfs_lookup+0x155/0x380 [ 70.333998][ T5356] ? __pfx_jfs_lookup+0x10/0x10 [ 70.334005][ T5356] ? d_alloc_parallel+0x14ae/0x15e0 [ 70.334019][ T5356] ? __pfx_d_alloc_parallel+0x10/0x10 [ 70.334027][ T5356] ? __raw_spin_lock_init+0x45/0x100 [ 70.334037][ T5356] ? __init_waitqueue_head+0xa9/0x150 [ 70.334046][ T5356] __lookup_slow+0x297/0x3d0 [ 70.334054][ T5356] ? __pfx___lookup_slow+0x10/0x10 [ 70.334066][ T5356] ? down_read+0x1ad/0x2e0 [ 70.334075][ T5356] lookup_slow+0x53/0x70 [ 70.334081][ T5356] walk_component+0x2d2/0x400 [ 70.334090][ T5356] ? path_lookupat+0x156/0x430 [ 70.334101][ T5356] path_lookupat+0x163/0x430 [ 70.334112][ T5356] filename_lookup+0x212/0x570 [ 70.334124][ T5356] ? __pfx_filename_lookup+0x10/0x10 [ 70.334142][ T5356] ? strncpy_from_user+0x150/0x290 [ 70.334153][ T5356] ? getname_flags+0x1e5/0x540 [ 70.334164][ T5356] user_path_at+0x3a/0x60 [ 70.334171][ T5356] __se_sys_chdir+0x91/0x280 [ 70.334181][ T5356] ? __pfx___se_sys_chdir+0x10/0x10 [ 70.334192][ T5356] ? do_syscall_64+0xbe/0x3b0 [ 70.334200][ T5356] do_syscall_64+0xfa/0x3b0 [ 70.334206][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 70.334215][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.334222][ T5356] ? clear_bhb_loop+0x60/0xb0 [ 70.334230][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.334239][ T5356] RIP: 0033:0x7f533ad8ebe9 [ 70.334249][ T5356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.334257][ T5356] RSP: 002b:00007f533bcb2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000050 [ 70.334269][ T5356] RAX: ffffffffffffffda RBX: 00007f533afc6090 RCX: 00007f533ad8ebe9 [ 70.334277][ T5356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140 [ 70.334282][ T5356] RBP: 00007f533ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 70.334287][ T5356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.334291][ T5356] R13: 00007f533afc6128 R14: 00007f533afc6090 R15: 00007ffdc260fde8 [ 70.334302][ T5356] [ 70.334306][ T5356] bread failed! [ 70.445929][ T103] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.448996][ T103] CPU: 0 UID: 0 PID: 103 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) [ 70.452664][ T103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.457087][ T103] Call Trace: [ 70.458342][ T103] [ 70.459622][ T103] dump_stack_lvl+0x99/0x250 [ 70.461249][ T103] ? __asan_memcpy+0x40/0x70 [ 70.463097][ T103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.465014][ T103] ? __pfx__printk+0x10/0x10 [ 70.466802][ T103] vpanic+0x281/0x750 [ 70.468370][ T103] ? preempt_schedule+0xae/0xc0 [ 70.470411][ T103] ? __pfx_vpanic+0x10/0x10 [ 70.472248][ T103] ? preempt_schedule_common+0x83/0xd0 [ 70.474395][ T103] ? preempt_schedule+0xae/0xc0 [ 70.476229][ T103] ? __pfx_preempt_schedule+0x10/0x10 [ 70.478488][ T103] panic+0xb9/0xc0 [ 70.479873][ T103] ? __pfx_panic+0x10/0x10 [ 70.481497][ T103] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 70.483820][ T103] ? is_module_address+0x17/0xf0 [ 70.485620][ T103] ? release_metapage+0x5ff/0xac0 [ 70.487475][ T103] check_panic_on_warn+0x89/0xb0 [ 70.489316][ T103] ? release_metapage+0x5ff/0xac0 [ 70.491464][ T103] end_report+0x78/0x160 [ 70.493318][ T103] kasan_report+0x129/0x150 [ 70.495403][ T103] ? rcu_is_watching+0x15/0xb0 [ 70.497521][ T103] ? release_metapage+0x5ff/0xac0 [ 70.499744][ T103] release_metapage+0x5ff/0xac0 [ 70.501873][ T103] ? folio_unlock+0x101/0x160 [ 70.503756][ T103] ? put_metapage+0x188/0x200 [ 70.505543][ T103] txUnlock+0x524/0xdf0 [ 70.507203][ T103] jfs_lazycommit+0x584/0xa90 [ 70.509087][ T103] ? __pfx_jfs_lazycommit+0x10/0x10 [ 70.511094][ T103] ? __pfx_default_wake_function+0x10/0x10 [ 70.513584][ T103] ? __kthread_parkme+0x7b/0x200 [ 70.515619][ T103] ? __kthread_parkme+0x1a1/0x200 [ 70.517825][ T103] kthread+0x70e/0x8a0 [ 70.519540][ T103] ? __pfx_jfs_lazycommit+0x10/0x10 [ 70.521624][ T103] ? __pfx_kthread+0x10/0x10 [ 70.523574][ T103] ? _raw_spin_unlock_irq+0x23/0x50 [ 70.525846][ T103] ? lockdep_hardirqs_on+0x9c/0x150 [ 70.527930][ T103] ? __pfx_kthread+0x10/0x10 [ 70.529730][ T103] ret_from_fork+0x3fc/0x770 [ 70.531575][ T103] ? __pfx_ret_from_fork+0x10/0x10 [ 70.533640][ T103] ? __pfx_kthread+0x10/0x10 [ 70.535604][ T103] ret_from_fork_asm+0x1a/0x30 [ 70.537506][ T103] [ 70.539045][ T103] Kernel Offset: disabled [ 70.540745][ T103] Rebooting in 86400 seconds..