program:
syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
sendfile(r0, r0, 0x0, 0x800000009)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000040400001ffffffff9500000000000000d93846d5ec7d015fb5735c1608a711a476ac5703b67318"], &(0x7f0000000000)='syzkaller\x00', 0x4}, 0x90)
ftruncate(r2, 0x2007ffb)
sendfile(r1, r2, 0x0, 0x1000000201005)
syz_mount_image$bcachefs(&(0x7f00000002c0), &(0x7f0000000340)='./bus\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESOCT, @ANYBLOB="5a3f8fa4067a10650f26471a6ee9e9c641a62f221aacd71851d8ccee1e3265ad24d3b77aa6accfea0b3a7c6a61c75a8dac28cdad621664353a45d77ecba7895ff1351e13f469f44963edf9a76633362c9b8045bccf1a21e98a429bf90d005dc4590f9177e4efe2295c52c2c76c5837b1", @ANYRES16, @ANYRES32, @ANYRES32, @ANYRESDEC, @ANYBLOB="39287ca62b3bc2d352aea732da4208801a4fdd37620ca3929ea549314caf0a"], 0xfc, 0x5a13, &(0x7f00000088c0)="$eJzs3X+QHNV9IPDXM7Pa1a5+rAQOMpjVIqOEQGyt+FXYpOJNLrFTQCi5SDmIkw0LWhHZklDpRwBBgsiBDxXgwilSCU7+IC7gDqO4qIKLUSgTASdxNraKi4+6wtSZO+w/fEUIKgM6yuXzpnan3+xsz/T27OyskNDnU9L29Js33379+k1Pf9/M7gQAAABOCAfv3H7k8lN/77t/Pvrubb//j5tvD33lifKeWKE/Xd70frWQo6m7smximR0Xv3bLN34yeN3vfOfx3offO7D+jA0//N2Trnv6i5fse+Bvnn1n4ZO/fL0obhxPZ0+uJ28mIfR8+/BffvnAi6eMlyWLxn+WdoewJFn67JIkE2Lo5yGE9enKssydT7x73obx5e13d08pX5ypZ7yf2MaP8/jA2nXkxnPCj3577R3fX/7Nv+/a+8buySpJT914CmHRNfWP7wohzE//j4ujLY7HOGjXhBB66x53UUG7Ptpi+1flrJ+WLuely76COPH+FZn1UqZedj3qyix7C7Y3W3ntaLdekQWZ9ezJaLby2hnLl6TLb6XLs2cYv5zuQzkJpSRUas3flEyOkVB33JKQTBzLntp6qXZsQ7r/mfUks17KrJe7Mvs1sd10oJWTZGp5rJcpj6fjSlp+Rv25uokrcso/nC570ifqe3E9ZG9U9TXcqO3XhNiuw9O05Wgo1Z2DmpXXDnx6MPrSsr5kacNjxpqI9x1Ye8/K8rrnDvbntCN5PEnjJ23F3/W9JQu+8NiendnX9Vr8a0pp/FJb8V+79NBbV+35+tdy498X45fbin/uM71vXvr8nSty++dw7J9KW/FHXn/h3uUnX7s3t/0Pxvg9bcUf3neoe+GRZ/bntn8o9s/8tuK/evGnf/zoy0+9kRs/xPi9bcVft2/rV7oHjpyVG39/7J++9sbP23svfGVg4KeDefFfivEXthX/kd0PfPKhxXdfknt818T+6W8r/mVnPn3HgiNPnZ537kwe7NQrJ8CJ6aT0GuuudL3dPHO26vKFvx6sVK/5FqT/F3ZyQ5mLz/HtLOpkfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIXzonP/2mf/zuf43K+l6d3rj1VJ1GcvnhZDMDyFs3zGybcfGLdcPfvGGndu2jGwaHNkxOLplx7abB8//jcFto1s3jdw8fu/Qx86rPm5pSKrL5PSGbXePjY2V+qeWxe39uzP3/mjlRf/3X0IY+tAPBiq57V/1wOaHTm7yMyMZHvvU5p2X/+CCv0v3qz9tV3+Tdo2NjY2FnHb965W/eOgvDv/krBCGfmW6dr3w6m/905QGTRRMxkmVukO1Qd1Jb9N21Fqdtif2V2XDxk2jQ9P37/jjyzn78e9veePnG2766i+q/duTux8t9u/84bFNpb9ae9n//6tbqwVF7Xq/jntRf8e9iO2L/deT9veidL8W5exXJWe/7vz+/pe/feqed3aHocrbyxu3XbRfXekA6Eo+3NJ24xZ6kyVTynvS+vGIx8et2rF566rtN+/62MbNI9ePXj+65ROrz1994dAFF16wamLPV3V4/+P2f7XF/T8642nxn+z+VvzZ2nia2q55M+6P8XYV90d9i/Kef71XfPn+Tzzw/OXVgqJxHmvXzifpsnf8OK8OdeOtsa+a7VfR8QkhDDbrh7feuSSc8j833lF0Hqo/MvU/M5LhsRdX/OzvLvrbZb9ZLTgq5/n6BrV5nq+1erI9E/3Vkx6PsWO0f7tDOd2vvqbtWv3i8133HPyXP621b968cNPIjh3bVld/LkhbuiA5rWm7sqVxv5ZP/CyHtFtCbZg2Ga/jukK1fdnzZ6ye7dW+9L6+ZGnT/cqK9x1Ye8/K8rrnDub1dPJ4dYvzw8LqMvlITs1NmQeWaw1utv1j9flXND4GPvO3T37uyX84v2F8nFv9WbRfSc5+ffPlR+5/+Kv/8R86t1+f+a1D/T/7X3+8slpwzJ9XytWG1FqdtiepP6+cG0LR8295aL4fuc+/UvP9KXr+ZbczWb95vMHMel8ot/V8PfeZ3jcvff7OFbnP18PTPV/rd/bWKY8rFzxfj5Xxk31+JZWp7Zi759eUgZIMj33nrpN2P3vbmlOrBUWvl7Xazcb1eS3kHzn79U9XvTJww+B/+B+dO2984zeeuPqHI8N/Vi1o/7jHtnTmuPek/duT07+1Vse8s75/P37dDZvWV8uL+vn9u/5NlwX5TzyVbL9515dGNm0a3ba9tf1q9fU0bifby83Hz77bMtUaXk/j2W1pwX6VGvZr7m600l+tPt9i+9e31F/Fz7e+kLT1urDre0sWfOGxPTv7Gx6VbuiaUhq/1Fb81y499NZVe77+tdz498X4lbbij7z+wr3LT752b278B5M0fk9b8Yf3HepeeOSZ/bnxh2L757cV/9WLP/3jR19+6o3c+On565R/be86/bW39174ysDAT3Pjv5Sk2xm/RgrhiXfP21BdT0JX+nyL7eia0q6QXU8y66XMerl+vRRnEdINlJNkanmsl5afUdeWZv4opzxehfUsqy7fi+she2P68mNNqe7c36y86DoVAOCDLr7/H69B4/v/o+mFUv5MA0zqm8i028/DluXEjXnY5HzO1PdYl6Xx4+PjPODAx8PQ+PL2weqF/kzfR4jPh+w8Z9zOWR+dGqNwnnNsYvsN85xF8+8rMuuxXdX58kpdHppqzGsqoYX598btTD//ntn94vezBu9qaNZg3bxV9vh1pTNmzT7vkGlvZTxC3vjIzovFz3MMLAprJrbX4vjIfo4mHofs52jidk7NnDjb/RxN3vjob+yHKe2K4yPWm2Z8TDS5+P3IxuMXpunfyePXPFr2+M3gePeM15/r92c7MG/Y9JR29OYN5/b9MPOSOfHTJ9ixPm8Yy+N+VFqcT/xcTnmn5hPj6SK26/A0bTkazCcCH1Qx/4+vEeP5//gF+P/L1CvKU7JXjTFe7ueEys3bU5R3NH5Or7et1/F1+7Z+pXvgyFm51zn7W/2c3tYpa70Fn/sp6seVmfXCfsyZoCnK97LbKer37Ocy+sLCtvr9kd0PfPKhxXdfktvva6ovpMX9fv+UtYUF/X4c5AvN48sXToh8Ya7nz963fCT94NNc5SN/mFM+03ykt+FGbb8mHLv5yOQL6ZR8pOvotgsAOH7E/L/2/lma///vWCG9jijKW8/OrMd4uXlrzvVJXt76B+nypkz9vvQ3KmZ63XzZmU/fseDIU6fn5i0PtpqH/ucpa/2Feejs8ubcPGJNZz4vnptH1PKs2eWJue2v5Ymzy9Nz3qaty9Nnl0fn9k8tj546D3D/odbix3mA3Pi1eYAO5rm/nKx09PLcgvm6zMbiaqvzde9LHr1o6n7OSR6d/vrsXOXRV+SUzzSP7mu4UduvCcduHj21XB4NAHxQxfw/XsbF/P/5TL3Zvs+emxd06Lo9+/dAavFfmpO8cjJ+h97/Lc775jpvneu8fq7nJY7393/nel6of+IPeM7VPNn79v7ysZIXpxuVFwMAcCyL+f/8dD0//59dftKQv3VVLyEn85PjLz+vryc/z4n/gcnPj/f5r7n9nMwJn//H9XR17MTL/3N+cwgAgGNJzP/jrz3Gv//3X9P17N+tPx7z9OB9dHn6cZOnd3ieLcav/xyAeYCj+/n4+ZP1T4B5AAAAjkFdE5lS4+/Zfz5dZn/PPu/38q/Kqd+qSnp5fO2ObaOjV+/cun5kx+jVW25YP7r96hu3bdyxY3RLtd5s88bcvCXNG7tCJe2P5vWyedvi9O8hLM75ewjZ+jHsaRM3Gv8eQnaz8wv+jsDk8WutvXnHrzRN/WbjI+9458X/o5z6Ue34X/fH5169YfvVG7ds3LFxZNPGXaNT641nrb0z+N7MJP0/o+9LzfxoUJr593fGwzO7dpQa2tGV9kfe97MnmXYsSVuyJO/7D3La/d3//hd/cubYLx4NYehD5Y/Mqv+S4bH/cuXoH+w4+IOt4+0vTdv+Ws20XUXfV5qtH/ensumG7TvO2XDDzi3Zb5RsT5zPKNXW52g+I336l1ucn1iXUz7T398vN9w4NrU8PwEAwBTx/f94PRvfP/xqegEVy1vP09t//zgJz+zPzdOHWsvTs99LVpSnZ+vH/W01T++ZZZ6e3X5Rnt6sfrM8PS/vzov/hzn1Z6r1cdLG5zxi+vnYnp254+Sa1sZJ9vsMisZJtv5Mx0kyy3GS3X7ROGlWv9k4yTvuefE/m1M/T9F4qNTGw+w+l5M7Hu5rbTz8ema9aDxk6890PJRmOR6y2y8aD83qNxsPecc3L/7lOfVbNXV8jA+MiXExevWNN2z7Ul29uf7+i9D4kYxW2jdv8rFz+/0f7Xl44mdr/Tu3n/tq12T/hzA8UZLX/rn9XNns21/U/zP4XNmi0PC5stz2vzS7mbDW2z+33++SkVe98fFHa742PRMUff6saB53bU75TOdx5zXcODY1n8ftMo8LR0HM/+PbPTH/vztddvptoOP/e9J8j1nT+B36HrOi65gT7vU8+5b7cfl67n1ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKzuyrKJ5cE7tx+5/NTf++6fj7572+//4+bbf+2Wb/xk8Lrf+c7jvQ+/d2D9GRt++LsnXff0Fy/Z98DfPPvOwid/+Xph4P6Jn5Wz09WeEJI3kxB6vn34L7984MVTxsuSEEI56d8dwpJk6bNLkkyEoZ+HENbX2jn1zifePW/D+PL2u7unlC/OBMnuV+grx/bUtzOEmwr3iONQTzrOdh258Zzwo99ee8f3l3/z77v2vrF7skrSUzeeQlh0Tf3ju0II89P/4+JoWxYfnC7XhBB66x53UUG7Ptpi+1flrJ+WLuely76COPH+FZn1UqZedj3qyix7C7Y3W3ntqBlusV6LFmTWsyej2cprZyxfki6/lS7PnmH8cvyfhFISKrXmb0omx0ioO25JSCaOZU9tvVQ7tiHd/8x6klkvZdbLXU32a3c60MpJUiuvb08pUx5Px5W0/Iz6c3UTV+SUfzhd9qRP1PfiesjeqOpruFHbrwmxXYenaUvqPxVXaV+p7hzUrLx24NOD0ZeW9SVLGx4z1kS878Dae1aW1z13sD+nHcnjSRo/aSv+ru8tWfCFx/bsXJYX/5pSGr/UVvzXLj301lV7vv613Pj3xfjltuKf+0zvm5c+f+eK3P45HPun0lb8kddfuHf5ydfuzW3/gzF+T1vxh/cd6l545Jn9ue0fiv0zv634r1786R8/+vJTb+TGDzF+b1vx1+3b+pXugSNnVeM3niGS/bF/+tobP2/vvfCVgYGfDua1/6UYf2Fb8R/Z/cAnH1p89yW5x3dN7J/+tuJfdubTdyw48tTpeefO5MFOvXICnJhOSq+x7krX280zZ6suX/jrwUr1mm9B+n9hJzeUMb6dRXMYHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD6Z/vvX8z1/5qc+urSQhJDl1xpqI95XnDQ8PtrHdkddfuHf5ydfurS9b1kYcAAAAoFjMw0u1kp6wLNyYzA+nNa0f5whOi2vJ1PLsHEKMk50jaDdOqUmcUhtxyh1qT6VDcbo6FGdeh+J0dyhOT0GcntBanPnTxKmMj4AW29M7bXtaj9PXoTgLOhRnYYfiLOpQnMUditM/bZzWx+GSDsVZ2qE4J3UozskdivOhDsX5lQ7FOaVDcbJzyjMdhwvTmqfmxZm4US6MU0nKtTuazaefkm7n9Flup69gOwuLXo9b3M78Frfz0czjSjPcTk+L2/nVWW4naXE7vz7L7ZQKthPH7U3Z9sXtxLUWx//NHYqzq0NxbulQnFs7FOdPOxTnzzoU57ZZxgFoVcz/J/O9/tBd+c3Qm55xsrMAMd9dPvGz8fUu74QU430kUz6vKF42Uc/EWz7T9mUnEDLxVmTKu6bEq9TykWni9dTHW5m5c7r9vXi4edvq452dKe+eJt6UHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAo+Cfbz3/81d+6rNrQxLG/zU11kS8rzxveHiwje0eWHvPyvK65w7Wl3VX2ggEAAAAFIp5eFetpCd0V1aH7mTelHo96TxAT7pe7q8uBxaFNePLZLA0sd6bLJn2cZX0cat2bN66avvNuz62cfPI9aPXj275xOrzV184dMGFF6zasHHT6FD1ZwjdBfFCCBPTD9tv3vWlkU2bRrdtrxZm278sfdyydD1JHzfw8TA0vrw9bf/Sgu2VGrY3dzeKjx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBv7NpvqGR1+QDw58zMnRmv7s/54b9xcddhXWUrK7VraIn3QJDgn8WLEHOtmyy5knR1F90Vs0kXUlOKQFlYNnzRhkma9MY/KZF/WDDMErqbhEr5ol4UWoaKL0KZuHfmzJ2ZO+PcBtldt8/nxTlnnu/z/T7ne15ceM49AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwbXQmJqrT8/MTiYRyZCc5gDZWL6YprUx6n7lye0/KK1/d1N3rFQYYyEAAABgpKwPn+hEylEq5CMfJy/92hBdA7Hc9wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP97FhpTc/Xpmdmjk4hkSE5zgGwsX0zT2hh1X3v74c++vH7937pj1THWAQAAAEbL+vBcJ1KOapwWE8nJi51/J5q9G1jbN7+VtyxbZ90q8/rfHQzLO22VeWesMu9jI/I2t883BwAAAHz0Zf1/oROpRKmwZkU/nPX/o/r6LO/Uvrx8+7z6bwWKq84EAAAAPljW/5c6kWqUCtVOv77afn9DX142f9T/7bP5pw+ZP+r/+Ze1z/5PDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHQuNqbn69MxsPolIhuQ0B8jG8sU0rY1R95ynJv9xyf47NnTHSoUxFgIAAABGyvrw5da7HKXCZEzE0Ut9//qL7nv0S48+PhURrTa/WIybt+zYccM5rWOWd/YL+ye+/9wb316Rd3breMg2CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfGgWGlNz9emZ2aOSiGRITnOAbCxfTNPaGHVf/fwX//LgS0+83h2rjrEOAAAAMFrWhy/3/uWoRjGKceLSr+5ef1Gub/6wdwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAkePGb97yjS3z81tvcHFoLpr5iMPgNlwMvtgUEYfBbRyCi0P9lwkAAPiwnRpJNP9LJ11+qO8aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HCw0pubq0zOz5SQiGZLTHCAbyxfTtDZG3fTJF0tr3n3qme5YdYx1AAAAgNGyPny59y9HNSZiIk5Y+jXoncBS/185iDcJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHFYWGlNz9emZ2TVJRDIkpzlANpYvpmltjLoP7Nr7ufuP/d7F3bFSYYyFAAAAgJGyPrzYiZSjVPh4lOKU9u/53glJvn0e/F5ged72nmmTq57X6JmXX/W8u/p2VmjvpjWvnK1XaZ0782rL83LtebWuedXolK915i09rN091daMuM+VTx4AAAAOnqz/L3UilSgVSl39/0978ivj9bnbhn1bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcORYaU3P16ZnZJIlIhuQ0B8jG8sU0rY1R95bf/v8xX/3Z3Tu7Y9Ux1gEAAABGy/rw5d6/HNVYF/8X65b6/qj05md5/6y/d/+9//rrpoizTjywvtC/7I+yi1+/euHT/YeIXG92LuLYdr1kSL3f/P7emzY233sw4qwT8qesqBcfXK93ybT5WH3rZTueO7B9xMMBAACAI0TW/090IpUoFa4f2v9nnfeI/r9jqQE/9qZdvzi+fWx35H0zcpV2vdyQel/Y+PCfTz/v728s9v8r632yc/Xpvdfdf3xPwVakT5I2p6/bufnAufty2a5b9fN99bPn8uVvvf7va26+571W/XKU2/G1fbfSqrby2Fc+0uZ8bs/spe/vafTWLwzZ/x2/e+alX629+53F+m+fOtmpf0YMqt/aeWFo/TgqbU5ecefu8/fu39xbPyJqg+q/+c7FcdIfr729f/+TfQt3P/nuY/8DSJsvbHhr33n3VS/orZ/01c+e/89femD3T+757uNZ/exbkU2nrbZ+rq/+83cdt+vZ2y5f21s/N2T/T1/58vptte/8oX//V/esWhh6Fyv3/9CZj1z1ypb01v4hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAI8tCY2quPj0zm0sikiE5zQGysXwxTWtj1H3tkhffvPLuH/+wO1YdYx0AAABgtKwPX+79y1GNYhRjcqnvf6y+9bIdzx3YHpXWaNI+F+a33bjjE9ds23n91YfozgEAAIDVeu2SZKn/L3QilSgVNsZEu/+fvm7n5gPn7stl/X9u8ZxExDXXzm89Kzp5z9913K5nb7t8bec9QcTSZwHlxbzPLOdddOGLlbf+9PXTB+ads5z3woa39p13X/WCLC+6886OzvuJh8585KpXtqS3du6vO+9TX9s23349ka07ecWdu8/fu39zLnuP0T5PttfN8uZze2YvfX9PI1eJ0uJ4vp1Xbu8bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhpoTE1V5+emY18RDIkp9mtHcjG8sU0rY1R99KNv7z9mHefWNcdKxXGWAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhx/5CpCr7OIA/z8zuu7M7u7qrL7QVrasVhV0oBRF1U1ERGiF0ZUhYmhdREEQUdtEaGokV3QRZNxIVVFsIBrlJosUa/ZNuuqigwLoIRFqoXaSLipl5zjh7nNPorAXV5wPDM89zzvme3znPM2d2FgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/lL6e0Xp7ZMdDc7dfcPMnT9w7+/it7z2w7bLH3vhhfNONH+8dePXk9OblW76+aemmA/etmdr90uFfht757VjH4EcbzcrUrYQQT8QQKu/PPP/k9Kfn1cZiCKEchydCGIlLDo/EXMLqX0MIm5t1zt+4b/aqLbV2266+eeOLcyH56wrVclZPw/D8evl3qaR1tnXukSvCtzes3/75srff6p08PnFql1jbp5zWUwiLNrYe3xtC6E+vmmy1jWYHp3ZdCGGg5bhrOtR18RnWv6qgf2Fq/5faaoecbPuKXL+U2y/fz/Tm2oEO51uoojq63a+TwVw//zBaqGadq9qPj6T23dSuPMv8cvaKoRRDT7P8++OpNRJa5i2GWJ/LSrNfas5tSNef68dcv5Trl3tz11U/b1po5Rjnj2f75cazx3FPGl/e+qxu446C8fNTW0kf1JNZP+TfNFRPe9O8rrqsrpk/qeXvUGp5BrUbb058moxqGqvGJacd83sb2bbp9U9fWt7wwZHhgjri3pjyY1f5Wz8bGbzrzZ0Pjxblbyyl/FJX+d+tPfrTnTtffrEw/7ksv9xV/pUHB06s/XDHisL7M5Pdn54zyo+pn227+9hHzyz7/z2T7ea6nr8ny690Vf/1U0f7huYOHiqsf3V2f/q7yv/mulu+f/3L/ccL80OWP9BV/oapB5/tG5u7vDD/UOOjUK2v0C7Wz8+TV381NvbjeFH+F9n9H2qTHzvmvzax+9pXFu9aU7g+12X3Zzjl959V/bddcmD74Nz+i4qenXHPufrmBPiPafwbISxNf2M9lYY7/c7cN1tq+ztzoVp+L7ww3tP4BhpMr6FzeaKc2nkW/YX5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAf7MABCQAAAICg/6/bESgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//f+0pog==")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x800)
creat(&(0x7f00000002c0)='./file1\x00', 0x11)
[ 84.754094][ T5320] Bluetooth: hci0: command tx timeout
[ 84.853376][ T5344] loop0: detected capacity change from 0 to 2048
[ 84.895437][ T5344] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[ 84.906287][ T5344] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[ 84.921369][ T5344] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 84.944379][ T25] audit: type=1800 audit(1752258213.973:2): pid=5344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1346 res=0 errno=0
[ 85.581141][ T5344] getblk(): invalid block size 512 requested
[ 85.584047][ T5344] logical block size: 2048
[ 85.586314][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full)
[ 85.586327][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.586333][ T5344] Call Trace:
[ 85.586338][ T5344]
[ 85.586342][ T5344] dump_stack_lvl+0x189/0x250
[ 85.586422][ T5344] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.586432][ T5344] ? __pfx__printk+0x10/0x10
[ 85.586446][ T5344] ? fs_reclaim_acquire+0x7d/0x100
[ 85.586483][ T5344] bdev_getblk+0x5b0/0x690
[ 85.586497][ T5344] ? udf_get_pblock_spar15+0x2d0/0x420
[ 85.586512][ T5344] udf_setup_indirect_aext+0x190/0x800
[ 85.586530][ T5344] udf_free_blocks+0x13f2/0x17f0
[ 85.586546][ T5344] ? do_raw_spin_lock+0x121/0x290
[ 85.586558][ T5344] ? __mark_inode_dirty+0x3d6/0xdf0
[ 85.586570][ T5344] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 85.586580][ T5344] ? __pfx_udf_free_blocks+0x10/0x10
[ 85.586592][ T5344] ? __mark_inode_dirty+0x3ab/0xdf0
[ 85.586604][ T5344] ? rcu_is_watching+0x15/0xb0
[ 85.586613][ T5344] ? __mark_inode_dirty+0x3ab/0xdf0
[ 85.586631][ T5344] extent_trunc+0x35c/0x450
[ 85.586647][ T5344] ? __pfx_extent_trunc+0x10/0x10
[ 85.586658][ T5344] ? udf_current_aext+0x51f/0xad0
[ 85.586672][ T5344] udf_truncate_extents+0x5b0/0xec0
[ 85.586686][ T5344] ? __pfx_udf_truncate_extents+0x10/0x10
[ 85.586701][ T5344] ? do_raw_spin_unlock+0x4d/0x240
[ 85.586713][ T5344] udf_setsize+0x972/0x1000
[ 85.586727][ T5344] ? __pfx_udf_setsize+0x10/0x10
[ 85.586735][ T5344] ? down_write+0x162/0x1f0
[ 85.586777][ T5344] ? __pfx_down_write+0x10/0x10
[ 85.586792][ T5344] ? __pfx_current_time+0x10/0x10
[ 85.586813][ T5344] udf_setattr+0x3a1/0x5a0
[ 85.586823][ T5344] ? __pfx_udf_setattr+0x10/0x10
[ 85.586832][ T5344] notify_change+0xb36/0xe40
[ 85.586845][ T5344] do_truncate+0x1a4/0x220
[ 85.586855][ T5344] ? __pfx_do_truncate+0x10/0x10
[ 85.586864][ T5344] ? apparmor_file_truncate+0x23e/0x2d0
[ 85.586881][ T5344] path_openat+0x306c/0x3830
[ 85.586891][ T5344] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 85.586919][ T5344] ? __pfx_path_openat+0x10/0x10
[ 85.586929][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.586956][ T5344] do_filp_open+0x1fa/0x410
[ 85.586967][ T5344] ? __lock_acquire+0xab9/0xd20
[ 85.586979][ T5344] ? __pfx_do_filp_open+0x10/0x10
[ 85.587005][ T5344] ? _raw_spin_unlock+0x28/0x50
[ 85.587019][ T5344] ? alloc_fd+0x64c/0x6c0
[ 85.587042][ T5344] do_sys_openat2+0x121/0x1c0
[ 85.587060][ T5344] ? __pfx_do_sys_openat2+0x10/0x10
[ 85.587082][ T5344] ? rcu_is_watching+0x15/0xb0
[ 85.587099][ T5344] __x64_sys_creat+0x8f/0xc0
[ 85.587112][ T5344] do_syscall_64+0xfa/0x3b0
[ 85.587123][ T5344] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.587139][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.587150][ T5344] ? clear_bhb_loop+0x60/0xb0
[ 85.587166][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.587178][ T5344] RIP: 0033:0x7fe566d8e929
[ 85.587189][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.587198][ T5344] RSP: 002b:00007fe567cac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 85.587212][ T5344] RAX: ffffffffffffffda RBX: 00007fe566fb5fa0 RCX: 00007fe566d8e929
[ 85.587221][ T5344] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 85.587229][ T5344] RBP: 00007fe566e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 85.587237][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 85.587244][ T5344] R13: 0000000000000000 R14: 00007fe566fb5fa0 R15: 00007fff2f8fbd98
[ 85.587264][ T5344]
[ 85.587308][ T5344] getblk(): invalid block size 512 requested
[ 85.754471][ T5344] logical block size: 2048
[ 85.756650][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full)
[ 85.756668][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.756676][ T5344] Call Trace:
[ 85.756683][ T5344]
[ 85.756689][ T5344] dump_stack_lvl+0x189/0x250
[ 85.756712][ T5344] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.756728][ T5344] ? __pfx__printk+0x10/0x10
[ 85.756749][ T5344] ? fs_reclaim_acquire+0x7d/0x100
[ 85.756768][ T5344] bdev_getblk+0x5b0/0x690
[ 85.756789][ T5344] ? udf_get_pblock_spar15+0x2d0/0x420
[ 85.756809][ T5344] udf_setup_indirect_aext+0x190/0x800
[ 85.756837][ T5344] udf_free_blocks+0x13f2/0x17f0
[ 85.756858][ T5344] ? do_raw_spin_lock+0x121/0x290
[ 85.756874][ T5344] ? __mark_inode_dirty+0x3d6/0xdf0
[ 85.756892][ T5344] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 85.756908][ T5344] ? __pfx_udf_free_blocks+0x10/0x10
[ 85.756925][ T5344] ? __mark_inode_dirty+0x3ab/0xdf0
[ 85.756945][ T5344] ? rcu_is_watching+0x15/0xb0
[ 85.756959][ T5344] ? __mark_inode_dirty+0x3ab/0xdf0
[ 85.756977][ T5344] extent_trunc+0x35c/0x450
[ 85.756996][ T5344] ? __pfx_extent_trunc+0x10/0x10
[ 85.757008][ T5344] ? udf_current_aext+0x51f/0xad0
[ 85.757027][ T5344] udf_truncate_extents+0x5b0/0xec0
[ 85.757050][ T5344] ? __pfx_udf_truncate_extents+0x10/0x10
[ 85.757075][ T5344] ? do_raw_spin_unlock+0x4d/0x240
[ 85.757095][ T5344] udf_setsize+0x972/0x1000
[ 85.757118][ T5344] ? __pfx_udf_setsize+0x10/0x10
[ 85.757130][ T5344] ? down_write+0x162/0x1f0
[ 85.757143][ T5344] ? __pfx_down_write+0x10/0x10
[ 85.757158][ T5344] ? __pfx_current_time+0x10/0x10
[ 85.757180][ T5344] udf_setattr+0x3a1/0x5a0
[ 85.757195][ T5344] ? __pfx_udf_setattr+0x10/0x10
[ 85.757209][ T5344] notify_change+0xb36/0xe40
[ 85.757229][ T5344] do_truncate+0x1a4/0x220
[ 85.757245][ T5344] ? __pfx_do_truncate+0x10/0x10
[ 85.757256][ T5344] ? apparmor_file_truncate+0x23e/0x2d0
[ 85.757284][ T5344] path_openat+0x306c/0x3830
[ 85.757300][ T5344] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 85.757339][ T5344] ? __pfx_path_openat+0x10/0x10
[ 85.757350][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.757375][ T5344] do_filp_open+0x1fa/0x410
[ 85.757386][ T5344] ? __lock_acquire+0xab9/0xd20
[ 85.757401][ T5344] ? __pfx_do_filp_open+0x10/0x10
[ 85.757429][ T5344] ? _raw_spin_unlock+0x28/0x50
[ 85.757443][ T5344] ? alloc_fd+0x64c/0x6c0
[ 85.757465][ T5344] do_sys_openat2+0x121/0x1c0
[ 85.757485][ T5344] ? __pfx_do_sys_openat2+0x10/0x10
[ 85.757508][ T5344] ? rcu_is_watching+0x15/0xb0
[ 85.757525][ T5344] __x64_sys_creat+0x8f/0xc0
[ 85.757550][ T5344] do_syscall_64+0xfa/0x3b0
[ 85.757563][ T5344] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.757584][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.757597][ T5344] ? clear_bhb_loop+0x60/0xb0
[ 85.757613][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.757623][ T5344] RIP: 0033:0x7fe566d8e929
[ 85.757634][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.757644][ T5344] RSP: 002b:00007fe567cac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 85.757656][ T5344] RAX: ffffffffffffffda RBX: 00007fe566fb5fa0 RCX: 00007fe566d8e929
[ 85.757663][ T5344] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 85.757672][ T5344] RBP: 00007fe566e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 85.757704][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 85.757712][ T5344] R13: 0000000000000000 R14: 00007fe566fb5fa0 R15: 00007fff2f8fbd98
[ 85.757731][ T5344]
[ 85.757816][ T5344] ==================================================================
[ 85.907998][ T5344] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x69d/0x7b0
[ 85.910616][ T5344] Write of size 4 at addr ffff888011c219d8 by task syz.0.0/5344
[ 85.913840][ T5344]
[ 85.914911][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full)
[ 85.914928][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.914935][ T5344] Call Trace:
[ 85.914944][ T5344]
[ 85.914951][ T5344] dump_stack_lvl+0x189/0x250
[ 85.914969][ T5344] ? rcu_is_watching+0x15/0xb0
[ 85.914986][ T5344] ? __kasan_check_byte+0x12/0x40
[ 85.915003][ T5344] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.915015][ T5344] ? rcu_is_watching+0x15/0xb0
[ 85.915028][ T5344] ? lock_release+0x4b/0x3e0
[ 85.915041][ T5344] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 85.915060][ T5344] ? __virt_addr_valid+0x1c8/0x5c0
[ 85.915075][ T5344] ? __virt_addr_valid+0x4a5/0x5c0
[ 85.915092][ T5344] print_report+0xd2/0x2b0
[ 85.915103][ T5344] ? udf_write_aext+0x69d/0x7b0
[ 85.915118][ T5344] kasan_report+0x118/0x150
[ 85.915133][ T5344] ? udf_write_aext+0x69d/0x7b0
[ 85.915151][ T5344] udf_write_aext+0x69d/0x7b0
[ 85.915166][ T5344] __udf_add_aext+0x2b9/0x6d0
[ 85.915182][ T5344] udf_free_blocks+0x1466/0x17f0
[ 85.915198][ T5344] ? do_raw_spin_lock+0x121/0x290
[ 85.915213][ T5344] ? __mark_inode_dirty+0x3d6/0xdf0
[ 85.915232][ T5344] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 85.915248][ T5344] ? __pfx_udf_free_blocks+0x10/0x10
[ 85.915262][ T5344] ? __mark_inode_dirty+0x3ab/0xdf0
[ 85.915278][ T5344] ? rcu_is_watching+0x15/0xb0
[ 85.915290][ T5344] ? __mark_inode_dirty+0x3ab/0xdf0
[ 85.915308][ T5344] extent_trunc+0x35c/0x450
[ 85.915330][ T5344] ? __pfx_extent_trunc+0x10/0x10
[ 85.915342][ T5344] ? udf_current_aext+0x51f/0xad0
[ 85.915359][ T5344] udf_truncate_extents+0x5b0/0xec0
[ 85.915376][ T5344] ? __pfx_udf_truncate_extents+0x10/0x10
[ 85.915393][ T5344] ? do_raw_spin_unlock+0x4d/0x240
[ 85.915409][ T5344] udf_setsize+0x972/0x1000
[ 85.915424][ T5344] ? __pfx_udf_setsize+0x10/0x10
[ 85.915436][ T5344] ? down_write+0x162/0x1f0
[ 85.915447][ T5344] ? __pfx_down_write+0x10/0x10
[ 85.915458][ T5344] ? __pfx_current_time+0x10/0x10
[ 85.915477][ T5344] udf_setattr+0x3a1/0x5a0
[ 85.915490][ T5344] ? __pfx_udf_setattr+0x10/0x10
[ 85.915503][ T5344] notify_change+0xb36/0xe40
[ 85.915517][ T5344] do_truncate+0x1a4/0x220
[ 85.915531][ T5344] ? __pfx_do_truncate+0x10/0x10
[ 85.915543][ T5344] ? apparmor_file_truncate+0x23e/0x2d0
[ 85.915562][ T5344] path_openat+0x306c/0x3830
[ 85.915573][ T5344] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 85.915599][ T5344] ? __pfx_path_openat+0x10/0x10
[ 85.915609][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.915625][ T5344] do_filp_open+0x1fa/0x410
[ 85.915635][ T5344] ? __lock_acquire+0xab9/0xd20
[ 85.915645][ T5344] ? __pfx_do_filp_open+0x10/0x10
[ 85.915659][ T5344] ? _raw_spin_unlock+0x28/0x50
[ 85.915672][ T5344] ? alloc_fd+0x64c/0x6c0
[ 85.915688][ T5344] do_sys_openat2+0x121/0x1c0
[ 85.915705][ T5344] ? __pfx_do_sys_openat2+0x10/0x10
[ 85.915720][ T5344] ? rcu_is_watching+0x15/0xb0
[ 85.915729][ T5344] __x64_sys_creat+0x8f/0xc0
[ 85.915736][ T5344] do_syscall_64+0xfa/0x3b0
[ 85.915744][ T5344] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.915754][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.915761][ T5344] ? clear_bhb_loop+0x60/0xb0
[ 85.915768][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.915776][ T5344] RIP: 0033:0x7fe566d8e929
[ 85.915785][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.915791][ T5344] RSP: 002b:00007fe567cac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 85.915801][ T5344] RAX: ffffffffffffffda RBX: 00007fe566fb5fa0 RCX: 00007fe566d8e929
[ 85.915806][ T5344] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 85.915811][ T5344] RBP: 00007fe566e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 85.915815][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 85.915820][ T5344] R13: 0000000000000000 R14: 00007fe566fb5fa0 R15: 00007fff2f8fbd98
[ 85.915827][ T5344]
[ 85.915829][ T5344]
[ 86.088018][ T5344] Allocated by task 5344:
[ 86.089976][ T5344] kasan_save_track+0x3e/0x80
[ 86.092231][ T5344] __kasan_kmalloc+0x93/0xb0
[ 86.094349][ T5344] __kmalloc_noprof+0x27a/0x4f0
[ 86.096560][ T5344] __udf_iget+0xc66/0x3ae0
[ 86.098586][ T5344] udf_fill_partdesc_info+0x773/0x1310
[ 86.100982][ T5344] udf_process_sequence+0x1133/0x4840
[ 86.103359][ T5344] udf_check_anchor_block+0x28e/0x550
[ 86.105810][ T5344] udf_load_vrs+0x96d/0xf20
[ 86.107585][ T5344] udf_fill_super+0x5ad/0x17a0
[ 86.109588][ T5344] get_tree_bdev_flags+0x40e/0x4d0
[ 86.111644][ T5344] vfs_get_tree+0x92/0x2b0
[ 86.113567][ T5344] do_new_mount+0x24a/0xa40
[ 86.115507][ T5344] __se_sys_mount+0x317/0x410
[ 86.117638][ T5344] do_syscall_64+0xfa/0x3b0
[ 86.119699][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.122476][ T5344]
[ 86.123665][ T5344] The buggy address belongs to the object at ffff888011c21800
[ 86.123665][ T5344] which belongs to the cache kmalloc-512 of size 512
[ 86.129941][ T5344] The buggy address is located 0 bytes to the right of
[ 86.129941][ T5344] allocated 472-byte region [ffff888011c21800, ffff888011c219d8)
[ 86.136355][ T5344]
[ 86.137290][ T5344] The buggy address belongs to the physical page:
[ 86.139346][ T5344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c20
[ 86.142481][ T5344] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 86.145316][ T5344] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 86.147712][ T5344] page_type: f5(slab)
[ 86.149362][ T5344] raw: 00fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122
[ 86.153057][ T5344] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 86.157019][ T5344] head: 00fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122
[ 86.161635][ T5344] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 86.166380][ T5344] head: 00fff00000000001 ffffea0000470801 00000000ffffffff 00000000ffffffff
[ 86.171075][ T5344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 86.175786][ T5344] page dumped because: kasan: bad access detected
[ 86.179288][ T5344] page_owner tracks the page as allocated
[ 86.182366][ T5344] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5318, tgid 5318 (syz-executor), ts 82982143489, free_ts 28279767528
[ 86.190276][ T5344] post_alloc_hook+0x240/0x2a0
[ 86.192234][ T5344] get_page_from_freelist+0x21e4/0x22c0
[ 86.194456][ T5344] __alloc_pages_slowpath+0x2fe/0xce0
[ 86.196397][ T5344] __alloc_frozen_pages_noprof+0x319/0x370
[ 86.198867][ T5344] allocate_slab+0x65/0x3b0
[ 86.200822][ T5344] ___slab_alloc+0xbfc/0x1480
[ 86.202771][ T5344] __kmalloc_node_noprof+0x2fd/0x4e0
[ 86.204918][ T5344] alloc_slab_obj_exts+0x39/0xa0
[ 86.206924][ T5344] __memcg_slab_post_alloc_hook+0x31e/0x7f0
[ 86.209321][ T5344] __kmalloc_noprof+0x341/0x4f0
[ 86.211377][ T5344] security_prepare_creds+0x52/0x390
[ 86.213510][ T5344] prepare_creds+0x497/0x6c0
[ 86.215554][ T5344] copy_creds+0x106/0xa10
[ 86.217499][ T5344] copy_process+0x95d/0x3b80
[ 86.219561][ T5344] kernel_clone+0x21e/0x870
[ 86.221594][ T5344] __x64_sys_clone+0x18b/0x1e0
[ 86.223679][ T5344] page last free pid 15 tgid 15 stack trace:
[ 86.226230][ T5344] __free_frozen_pages+0xc71/0xe70
[ 86.228487][ T5344] rcu_core+0xca8/0x1710
[ 86.230366][ T5344] handle_softirqs+0x286/0x870
[ 86.232490][ T5344] run_ksoftirqd+0x9b/0x100
[ 86.234510][ T5344] smpboot_thread_fn+0x53f/0xa60
[ 86.236623][ T5344] kthread+0x70e/0x8a0
[ 86.238384][ T5344] ret_from_fork+0x3fc/0x770
[ 86.240552][ T5344] ret_from_fork_asm+0x1a/0x30
[ 86.242651][ T5344]
[ 86.243704][ T5344] Memory state around the buggy address:
[ 86.246181][ T5344] ffff888011c21880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 86.249619][ T5344] ffff888011c21900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 86.253029][ T5344] >ffff888011c21980: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[ 86.256414][ T5344] ^
[ 86.259511][ T5344] ffff888011c21a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 86.262856][ T5344] ffff888011c21a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 86.266227][ T5344] ==================================================================
[ 86.313250][ T5344] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 86.316344][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full)
[ 86.321154][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 86.325632][ T5344] Call Trace:
[ 86.327000][ T5344]
[ 86.328258][ T5344] dump_stack_lvl+0x99/0x250
[ 86.330187][ T5344] ? __asan_memcpy+0x40/0x70
[ 86.332098][ T5344] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.334174][ T5344] ? __pfx__printk+0x10/0x10
[ 86.336005][ T5344] panic+0x2db/0x790
[ 86.337593][ T5344] ? __pfx_preempt_schedule+0x10/0x10
[ 86.339757][ T5344] ? __pfx_panic+0x10/0x10
[ 86.341635][ T5344] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 86.344243][ T5344] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 86.346994][ T5344] ? udf_write_aext+0x69d/0x7b0
[ 86.349063][ T5344] check_panic_on_warn+0x89/0xb0
[ 86.351257][ T5344] ? udf_write_aext+0x69d/0x7b0
[ 86.353459][ T5344] end_report+0x78/0x160
[ 86.355282][ T5344] kasan_report+0x129/0x150
[ 86.357280][ T5344] ? udf_write_aext+0x69d/0x7b0
[ 86.359434][ T5344] udf_write_aext+0x69d/0x7b0
[ 86.361530][ T5344] __udf_add_aext+0x2b9/0x6d0
[ 86.363777][ T5344] udf_free_blocks+0x1466/0x17f0
[ 86.366053][ T5344] ? do_raw_spin_lock+0x121/0x290
[ 86.368418][ T5344] ? __mark_inode_dirty+0x3d6/0xdf0
[ 86.370704][ T5344] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 86.373057][ T5344] ? __pfx_udf_free_blocks+0x10/0x10
[ 86.375420][ T5344] ? __mark_inode_dirty+0x3ab/0xdf0
[ 86.377760][ T5344] ? rcu_is_watching+0x15/0xb0
[ 86.379978][ T5344] ? __mark_inode_dirty+0x3ab/0xdf0
[ 86.382394][ T5344] extent_trunc+0x35c/0x450
[ 86.384612][ T5344] ? __pfx_extent_trunc+0x10/0x10
[ 86.386982][ T5344] ? udf_current_aext+0x51f/0xad0
[ 86.389261][ T5344] udf_truncate_extents+0x5b0/0xec0
[ 86.391570][ T5344] ? __pfx_udf_truncate_extents+0x10/0x10
[ 86.394144][ T5344] ? do_raw_spin_unlock+0x4d/0x240
[ 86.396466][ T5344] udf_setsize+0x972/0x1000
[ 86.398458][ T5344] ? __pfx_udf_setsize+0x10/0x10
[ 86.400533][ T5344] ? down_write+0x162/0x1f0
[ 86.402467][ T5344] ? __pfx_down_write+0x10/0x10
[ 86.405452][ T5344] ? __pfx_current_time+0x10/0x10
[ 86.407578][ T5344] udf_setattr+0x3a1/0x5a0
[ 86.409593][ T5344] ? __pfx_udf_setattr+0x10/0x10
[ 86.411737][ T5344] notify_change+0xb36/0xe40
[ 86.413887][ T5344] do_truncate+0x1a4/0x220
[ 86.415900][ T5344] ? __pfx_do_truncate+0x10/0x10
[ 86.418027][ T5344] ? apparmor_file_truncate+0x23e/0x2d0
[ 86.420362][ T5344] path_openat+0x306c/0x3830
[ 86.422437][ T5344] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 86.425230][ T5344] ? __pfx_path_openat+0x10/0x10
[ 86.427353][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.429953][ T5344] do_filp_open+0x1fa/0x410
[ 86.431921][ T5344] ? __lock_acquire+0xab9/0xd20
[ 86.434081][ T5344] ? __pfx_do_filp_open+0x10/0x10
[ 86.436200][ T5344] ? _raw_spin_unlock+0x28/0x50
[ 86.438309][ T5344] ? alloc_fd+0x64c/0x6c0
[ 86.440204][ T5344] do_sys_openat2+0x121/0x1c0
[ 86.442240][ T5344] ? __pfx_do_sys_openat2+0x10/0x10
[ 86.444513][ T5344] ? rcu_is_watching+0x15/0xb0
[ 86.446414][ T5344] __x64_sys_creat+0x8f/0xc0
[ 86.448280][ T5344] do_syscall_64+0xfa/0x3b0
[ 86.450295][ T5344] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.452607][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.455162][ T5344] ? clear_bhb_loop+0x60/0xb0
[ 86.457223][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.459698][ T5344] RIP: 0033:0x7fe566d8e929
[ 86.461656][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 86.469762][ T5344] RSP: 002b:00007fe567cac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 86.473490][ T5344] RAX: ffffffffffffffda RBX: 00007fe566fb5fa0 RCX: 00007fe566d8e929
[ 86.477003][ T5344] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0
[ 86.480573][ T5344] RBP: 00007fe566e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 86.484040][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 86.487552][ T5344] R13: 0000000000000000 R14: 00007fe566fb5fa0 R15: 00007fff2f8fbd98
[ 86.490957][ T5344]
[ 86.492686][ T5344] Kernel Offset: disabled
[ 86.494603][ T5344] Rebooting in 86400 seconds..