program: socket$inet_tcp(0x2, 0x1, 0x0) unshare(0x42000000) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x20}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x2200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20}}}}, 0x36) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB="009917593d44d685cf8176521846a9e90205b4b89c0ed49b3e1201fa4a79b0b9651316a89d7e4038e94e54fdffa25c529d1cb4e43bf7e12bd2a555681300b85d6621470c304d6ba5731161f3f1da1193a85525e8c9a5a95798070ca48fa7edcf62e37626480f673141bee1ea2522f8b61aac12f984c1216683ae80e6146169cfb7aa7c50dd4c52259faaee2fedc1077bda4c3e65d7005d0ab71db65617abeb3c51b056d955f1285ed9d26d7c910bf3291f6b349ce7eee33a31a484c31993effe39fcfa55e722a20bf90b2f43ffbfd19afaeb1d6e9683ce09f4c8eb9591f0772a12"], 0x1, 0xc3c, &(0x7f0000000d00)="$eJzs3V1sXGdaB/DnnWMndsqyU9qmXbpIsxSxaZoE56OtUVrkbIy1K0VtVMcLNyCP40kY1V+1nVVawSpIwA0Igoq0Ai7IDRIXXOQGCa0QirhZJECKQJUWgUSgabQSAmYFCysqYXRm3rHHbtK4+bLT/H5t/J8585w575n2OT4TzXsmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIL/30saGDaatHAQA8SK+NvzF02O9/AHiknPL+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA20tRxFuR4r2xVpps3+8YONGcO3d+YnTs5qsNpkhRiaJdX/4ZOHjo8JEXX3p5uJsfv/699rl4ffzUsdrx+dmFxcbSUmO6NjHXPD0/3dj0M9zt+hvtbb8Atdk3z02fObNUO3Tg8LqHz1dv7Hxsd/Xo8LP7nu/WToyOjY331PT13/HWPyLdu6fiU2RHFPHlSPGt/d9J9YioxN33wm2OHffbYPSV/dfeiYnRsfaOzDTrc8vlg6mSq/oiqj0rjXR75AH04l0ZibhQ/ncqB7y33L3xhfpifWqmUTtZX1xuLjfn51KlM9pyf6pRieEUsRARrWKrB8920x9FvBopbnzYSlMRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTx25Hi3cmhOJ37qt021yO+WOYrEW+VeSXFxXw/lQeI4Yjv+n0CD7W+KOJvIsV8aqXpbu+3zytPfLX2lbkz8z213fPKh/79wYPk3IRtbCCKmGqf8bfSnf9lFwAAAAAAAAAAAADwYBTxzUhxeXZPWojeOaXNubO1U/Wpmc6ngruf/a/ltVZWVlaqqZO1nEM5R3KezDmZcyHnhZwXc17KeTnnlZxXc17L2coZlbz9nLWcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhnmPQEAAAAAAAAAAAAAAAAAAHCPDUYRvxEp/v33v9b+Xulofy/9Z48OHz/xmd7vjH/mNs9T1h6IiG/G5r6Td0f+rvFUKf+59/sF3N5AFPH1/P1/v7zVgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALaFShTxK5HiG99rpUgRMRIxGZ28Vmz16AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0s5UxKuR4md/d2R1WV9EpPa/HXvKH0dipMj5RJmvxMjBdlZGjpU5EHFgC8YP3Lmlt995sz4z01h0ww033Fi9sdVHJgAAAAAAAAAAAAAAAAB4hKUi/j5S/OTvtVI1Is5Xb+x8bHf16PCz+54vomhfBCD11r8+fupY7fj87MJiY2mpMV2bmGuenp9ubHZzAyeac+fOT4yO3Zedua3B+zz+wYHj8wtvLzbP/sLyTR/fNXBsaml5sX765g/HYPRFDPUu2dse8MToWHvQM836XHvVVLnFAPsiapvdGR55u1IR/xsp3tv/7Xg8L8vX/+jv3Fvr/j/8xbV7P9y3Plf/d2wfPz57dPj4ruc2czttdqB7241XNsLYeM/ivjzKH+pZVs3j2vRzwyOq7P8XIsXP/1GRuj2U+/8HOveK1dr/+fpaTx3dkKu2qP+f6Fl2NB+1+vsiBpZnF/qfjhhYevud/c3Z+tnG2cbckUMvvzR85OUXj7zUvyNi4ExzpjG0dmvTrx0AAAAAAAAAAAAAAAAA3C/9qYgvRYpf+ru/XJ03nuf/faZzb23+X+/83z0bnqf3ugG3un3TuX63mdfXq9xmSkU8FSme/bNn2uNNscucd7hDu1IR3y/7afrL6Qt5We7/PLP/5v1/YUOu2qL5v4/3LLuQjxP/ESke/4Nn4gs9x4mNs3vLur+IFFM/8vlcFzvKuu7zdeZEdyYGl7VfixTvn1xf2503/cRa7cHN7hZspbL/ZyPFP/zW38aP5mXrr/9x8/7ftSFXbVH/P9m7TxGx9PY7b9ZnZhqLS5t+KeCRU/b/r0eKv/6Tb8dzednHXf+ne52fPc+tz8Fu0Rb1/1M9y6p5XD/2CV8LAAAAAAAAAAAAeFjsSkX8U6T48z/dl/bnZZv5/O/0hly1RZ//e7pn2fS6z//evxubfpEBAGCb6E9F/ESk+OPp66k7N/aW839fWZv/M7rxxL19Tv+D7Xn+n+hc/xPM/y+3mVIR/5fn9Q7dZl7vj0eKX/upfbku7S7rRrrDbf8ceG1+bv+xmZn50/Xl+tRMoza+UD/dKNfdGyn+9d8+n9ettOf5dudHd+YGr80J/p1I8XMfdGs7c4K7cymfXKs9WNbujxTff399bXfe1VNrtYfK2t+MFGP/ffPa3Wu1h8vaf4wU//lurVu7q6ztvp97eq32wOn5mY+8ZQMAAAAAAAAAAAAAAAAAAGDr9aciUqS48jOXVufGr7/+V/c6AOuv/7XR/fr+/+q92U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeCikKOK/IsV7Y610rSjvdwycaM6dOz8xOnbz1QZTpKhE0a4v/wwcPHT4yIsvvTzczY9f/177XLw+fupY7fj87MJiY2mpMV2bmGuenp9ubPoZ7nb9jfa2X4Da7Jvnps+cWaodOnB43cPnqzd2Pra7enT42X3Pd2snRsfGxntq+vrveOsfke7dU/EpsiOK+KtI8a3930n/XERU4u574TbHjvttMPrK/mvvxMToWHtHZpr1ueXywVTJVX0R1Z6VRro98gB68a6MRFyIiEo54L3l7o0v1BfrUzON2sn64nJzuTk/lyqd0Zb7U41KDKeIhYhoFVs9eLab/ijiSqS48WEr/UsRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTxZKR4d3Io3i86fdVum+sRXyzzlYi3yryS4mK+n8oDxHDEd/0+gYdaXxRxMlLMp1a6XuTeb59Xnvhq7StzZ+Z7arvnlQ/9+4MHybkJ29hAFPFB+4y/lT7w+xwAAAAAAAAAAAAAtrkiXo0Ul2f3pPb80NU5pc25s7VT9amZzsf6u5/9r+W1VlZWVqqpk7WcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhmVvP2ctZxDOUdynsw5mXMh54WcF3Neynk555WcV3Ney9nKGT4nDQAAAAAAAAAAAAAAAADAfVKJIn41Unzje620UnS+X3YyOnnNPFf4VPv/AAAA//84/iOE") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f0000000140)='2', 0x1, 0x8000c61) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) pwritev2(r3, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0xf4240}], 0x1, 0x800001, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendto$packet(r5, &(0x7f0000000080)="a99c383d33c9c607b1b9d49688a883", 0xf, 0x0, &(0x7f0000000000)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local}, 0x14) recvmmsg(r4, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10022, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='utf8=0,nonumtail=0,iocharset=iso8859-14,check=strict,uni_xlate=1,shortname=lower,shoru~ame=winnt,flush,\x00'], 0x1, 0x216, &(0x7f0000000e00)="$eJzs3bFqU1EYB/CvttVSkHQQiiJ4xcUpNBX3FKkgBhQlg04Wm6IksWAg0A6tTr6EvoKOroKDuPoCIkgVXOzWQYjUGxtb0jZS01vM77fkg3v+95zvEnLIkJN7Z+vV+cXGwvr6WoyNDcVIMYqxMRQTcSyGI/UkAID/yUarFd9bqazXAgAcDvs/AAyeHvf/m4e4JACgz3z/B4DBc/vO3eszpdLsrSQZi6g/a5ab5fQ1vT6zEA+jFpWYilz8iGhtSeur10qzU8mmLxNRrq+286vN8vD2fCFyMdE9X0hS2/OjMd7OfxyPSkxHLk51z093zR+Pixf+mD8fufhwPxajFvOxme3kVwpJcuVGaUf+xK9xAAAAAAAAAAAAAAAAAAAAAADQD/lkS9fze/L53a6n+d7PB9p5Ps9InBnJtncAAAAAAAAAAAAAAAAAAAA4KhpLy9W5Wq3yeK/i0fuXb/cb02Mx1J73oPc5eHHy/Ofnu495+jfP598Wb85l+Vh6LN6tPTh9qTF5+aisZ2m5OrrXW+tbLqJPs7/KtPffXe87ePJFce71yqevvd45gw8jAAAAAAAAAAAAAAAAAAAYcJ0f/Wa9EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADITuf///tXZN0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8DAAA///UmKDH") syz_mount_image$jfs(&(0x7f0000000000), &(0x7f00000002c0)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYRES64=0x0], 0x5, 0x61fd, &(0x7f000000c700)="$eJzs3UuPHFfZB/Cn+jaXvEmsLKK8EUKTC5cQ4mswhgCJF7BgwwJ5i2w5k8jCAWQb5EQWnmg2LPgQICSWCLFkxQfIgi07PgCWbCRQVilUM+eMayo97nEm09Uz5/eTxlVPn6rpU/539WWqqk8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPHDH/z4TBURl3+VbjgR8X8xjBhErDT1WkSsrJ3Iy48i4rnYao5nI2K8FNGsv/XP0xGvR8RHT6XbIjbO7rMf3//zP/7wkyd+9Pc/jU/99y+3hm/stdzt27/9z1/vHmSLAQAAoDx1XddV+pj/fPp8P+i7UwDAXOTX/zrJt6vVarVarT5+dVs93d12EREb7XWa9wwOxwPAEbMRH/fdBXok/6KNIuKJvjsBLLSq7w5wKO4/uHO1SvlW7deDte32fC7Irvw3qq318vrTprN0zzGZ1+NrM4bxzB79WZlTHxZJzn/Qzf/ydvskLXfY+c/LXvlPti99Kk7Of9jNv+P45D+Ymn+pcv6jx8p/KH8AAAAAAFhg+e//J3o+/rt08E3Zl0cd/12bUx8AAAAAAAAA4PN20PH/dnTG/8vnARj/DwAAAPrXfFZv/O6ph7ft9V1sze2XqognO8sDZanSxTKrfXcEAAAAAAAAAAAAAEoy2j6H91IVMY6IJ1dX67puftq69eM66PpHXenbDyXr+0keAAC2ffRU51r+KmI5Ii6l7/obr66u1vXyymq9Wq8s5fezk6XleqX1uTZPm9uWJvt4Qzya1M0vW26t1zbr8/Ks9u7va+5rUg/30bH56DFwAIiI7Vej+16Rjpm6fjr6fpfD0WD/P37s/+xH349TAAAA4PDVdV1XaZi/59Mx/0HfnQIA5iK//nePC6jVarVarT5+dVs93d12EREb7XWa9wyG4weAI2YjPu67C/RI/kUbRcRzfXcCWGhV3x3gUNx/cOdqlfKt2q8HaXz3fC7Irvw3qq318vrTprN0zzGZ1+NrM4bxzB79eXZOfVgkOf9BN//L2+2TtNxh5z8ve+XfbOeJHvrTt/sPLo6abIfd/DuOT/6DqfmXKu//o8fKfyh/AAAAAABYYPnv/ycW6vjv5LNuzkyPOv67to/1fTcCAAAAAAAAAIvo/oM7V/N1r/n4/xemLOf6z+Mp51/Jv0g5/0En/692lhu25u9dfJj/vx/cufrHW//6/zzdb/5LeaZKj6wqPSKqdE/VKE0PsnWftjkeTpp7GleD4Sid81OP34lrcT3W4/SuZQfp/+Nh+5ld7U1Px1vt9XC7/eyu9tFOe17/3K72cTrTqV7J7Sfjavw8rsfbW+1N29KM7V+e0V7PaM/5D+3/Rcr5j1o/Tf6rqb3qTBv3Phx8ar9vT6fdz1vXvvib04e/OTNtxnBn29qa7Xuxh/5s/Z88MYlf3ly/cfL2lVu3bpyJNNl169lIk89Zzn+cfnae/1/abs/P++399d6Hk8fOf1FsxmjP/F9qzTfb+8qc+9aHnP8k/eT8307t0/f/o5z/3vv/qz30BwAAAAAAAAAAAAAAAB6lruutS0Tfiojz6fof33EPAGXIr/91km+fVz2c8/2p1Ue8rhasP3OtP6kXqz9q9VGs2+rp3mwXEfG39jrNe4ZfT/tlAMAi+yQi/tl3J+iN/AuWv++vmb7cd2eAubr5/gc/vXL9+vqNm333BAAAAAAAAAD4rPL4n2ut8Z9fruv6bme5XeO/Xoy1g47/OcozOwOM7jFQ9fDxt+lRNgeT4aA13PgLsdf43+OduUeN/z2acX/jGe2TGe1LM9qXZ7RPvdCjJef/Qmu885cj4vnO8OsljP/aHfO+BDn/F1uP5yb/r3SWa+df//4o5z/Ylf+pW+/94tTN9z947dp7V95df3f9Z+fOnDl97vz5CxcunHrn2vX109v/9tjjw5Xzz2NfOw+0LDn/nLn8y5Lz/1Kq5V+WnP+XUy3/suT88/s9+Zcl558/+8i/LDn/V1It/7Lk/L+WavmXJef/aqrlX5ac/9dTLf+y5PxfS7X8y5LzP5lq+Zcl538q1fvMf+Ww+8V85PzzES77f1ly/vnMBvmXJed/NtXyL0vO/1yq5V+WnP/rqZZ/WXL+30i1/MuS8z+favmXJef/zVTLvyw5/wupln9Zcv7fSrX8y5Lz/3aq5V+WnP8bqZZ/WXL+30m1/MuS8/9uquVflpz/91It/7Lk/N9MtfzL8vD7/82YOYozKxGxAN04djN9PzMBAAAAAAAAAAAAAF3zOJ24720EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sQMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7N1bjFx3fQfws1evHZIYCKmTGrJxTAiJk13biS+0KSZcG24lEAq9YLvetVnwDa9dAo1ko0CJhFFRRdvw0BYQavNSEVU80ApQHlCrSpWgfaAviKoSqqIqoICERCvIVnPO///fmdkzM7vr8WbmnM9Hin/e2TNzzpz5z+x+1/nuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLNbXz//6ZEsyxr/5X9szbIXNf6+eXprftlrXugjBAAAAK7UL/M/n7s+XXBoFVdq2uafX/Gdry0tLS1l7xv7s4nPLy2lT0xn2cSmLMs/Fz31X+8fad4meCybGhlt+ni0x+7Henx+vMfnJ3p8frLH5zf1+PxUj8+vOAErbC5+HpPf2M78r1uLU5rdkE3kn9tZcq3HRjaNjsaf5eRG8ussTRzPFrKT2Xw227J9se1Ivv03bm3s6y1Z3Ndo0762N1bITx49Fo9hJJzjnS37Wr7N6Eevy6Z/+pNHj/3N+WdvKps9T0PL7RXHeceOxnF+MlxSHOtItimdk3ico03Hub3kMRlrOc6R/HqNv7cf53OrPM6x5cPcUO2P+VQ2mv/9u/l5Gm/+sV46T9vDZT+/LcuyS8uH3b7Nin1lo9mWlktGlx+fqWJFNm6jsZReko2vaZ3euop12phzO1vXaftzIj7+t4brjXc4huaH6UefmGx63H+xtJ51GjXudafnSvsa7PdzZVDWYFwX383v9OOla3BnuP+P3t55DZaunZI1mO530xrc0WsNjk6O5cecHoSR/DrLa3B3y/Zj+Z5G8vnM7d3X4Mz5U2dnFj/28bsXTh09MX9i/vTe3btn9+7bd+DAgZnjCyfnZ4s/13m2B9+WbDQ9B3aEcxefA69q27Z5qS59aXLF6+96n4dTXZ6HW9u27ffzcLz9zo1szBNy5ZounhvvaZz0qcujWYfnWP743Hnlz8N0v5ueh+NNz8PSryklz8PxVTwPG9ucvXN137OMN/1XdgydvxZc2Rrc2rQG278faV+D/f5+ZFDW4FRYF9+/s/PXgu3heB/ftdbvR8ZWrMF0d8NrT+OS9P3+1IF8lK3LmxufuGYyu7A4f+6eR46eP39udxbGhnhp01ppX69bmu5TtmK9jq55vR5aeMXjN5dcvjWcq6m7G39MdXysGtvce0/3xyr/6lZ+Plsu3ZOF0WcbfT7Lvpo3zudkln3h25946JuPfuH1Hc9nI29+cubKvxdPubTp9Xeiw+tvzP3PF/tLN/XY2MR48fwdS2dnouX1uPWhGs9fu0byfT83s7rX44nw30a/Ht/Q5fV4W9u2/X49nmi/c/H1eKTXTzuuTPvjORXWycnZ7q/HjW227Vnrmhzv+np8W5gj4fy/OiSFlIua1k6ndZv2NT4+Ee7XeNxD6zrd27L9RMhmjX09uWd96/SO24rbGkv3btlGrdPptm37vU7Tz746rdORXj99W5/2x3MqrIsb9nZfp41tnr73yl87N8e/Nr12TvZagxNjk41jnkiLMH+9z5Y2xzV4T3YsO5OdzObyz07m62kk39eu+1a3BifDfxv9Wrmtyxq8o23bfq/B9HWs09obGV955/ug/fGcCuviifu6r8HGNm/Y39/vXe8Il6Rtmr53bf/5Wqefed3cdpqu1loZD8f57f3dfzbb2ObkgbXmzO7n6a5wyTUl56n9+dvpOTWXrfY8jVzxc6pxnM8e6HyeGsfT2ObzB1e5ng5lWXbxIw/kP+8N/77y9xe+97WWf3cp+zedix954MfXHv+ntRw/AMPv+WJsKb7WNf3L1Gr+/R8AAAAYCjH3j4aZyP8AAABQGTH3x/8rPJH/AQAAoDJi7h8PM6lJ/t/2hmcXnr+YpWb+UhA/n07Dg8V2seM6Gz6eXlrWuPyBr8z/7B8vrm7fo1mW/eLBPyrdftuD8bgK0+E4n3pj6+UrfO3uVe37yMMX036b++tfDLcf789ql0FZBXc2y7JvXP/ZfD/T77+cz6cfPJLPhy49/lhjm+cOFh/H6z/z0mL7vwzl30PHj7Zc/5lwHn4Y5uxby89HvN5XL796+/73Lu8vXm9kx3X53X7iA8XthorspuyxYvt4njsd/zc/8+RXG1d45JXlx39xtPz4nwy3+5Uw//flxfbNj0Hj43i9T4Xjj/uL17vny98qO/7sqU8X2599U7HdkTDj/u8IH+9807MLzefrkZGjLfcre3OxXdz/7Pf+JP98vL14++3HP3X4csv5aF8fT/97cTszbdvHy+N+on9o23/jdprXZ9z/k398pOU899r/Uw898/LG7bbv/6627c5+5M58/8u31/obm/7qU58t3V88nkN/d7bl/hx6V3geh/0/8YGwHsPn/++p4vbaf7vCkXe1vv7E7b+49WLL/Yne8tNi/0+99kQ+N01t3nLNi6697tItjXOXZd/dVNxet/3H3wHRfPxfurE4H/E4Yke/ff+dxP2f++iu02cWLyzMpbP66PX57855W3E88XivD6+t7R8fPnP+g/PnpmenZ7Nsurq/Qm/dvhzmj4txaa3Xv/Ph8Hje/Bff2HL7v30mXv4f7ykuv/zW4uvWq8J2nwuXbw2P35Xu/4lbb8yf3yNPFx+39Nj7YPvO/zmwqg3D/W//viCu97Mv+2B+Hhqfy79uxOf1FR7/D+aK2/l6OK9L4Tcz77hxeX/N28ffjXD53cXz/YrPX3iZi4/r34bH++0/LG4/Hle8vz8I38d8a1vr611cH1+/ONp++/lv8bgUXk+yS8Xn41bxfF9+7sbSw4u/hyS7dFP+8Z+m27lpTXezk8WPLc6cXDh94ZGZ8/OL52cWP/bxw6fOXDh9/nD+uzwPf6jX9Zdfn7bkr09z8/vuzfJXqzPFuMpe6OM/+/Cxuf2zt8/NHz964fj5h8/OnztxbHHx2Pzc4u1Hjx+f/2iv6y/M3b97z8G9+/fsOrEwd/+Bgwf3Hty1cPpM4zCKg+ph3+yHd50+dzi/yuL99x7cfd99987uOnVmbv7+/bOzuy70un7+tWlX49p/uOvc/Mmj5xdOze9aXPj4/P27D+7bt6fnbwM8dfb44vTMuQunx7LF+XMzxX2ZPp9f3Pja1+v6VNPifxbfz7YbKX4RX/bOu/al38/a8JVPdLypYpO2XyD6bPhdNP/y4rMHVvNxzP0TYSY1yf8AAABQBzH3T4aZyP8AAABQGTH3bwozkf8BAACgMmLunwozqUn+r1z/f9vFVe1f/7+0/599Tv9f/78O/f939+7/N5z46zM/25j+f/F6of/fH/3p/z8YPtL/1//X/9f/1/9fc/9/5oL+P8mg9f9j7t+cZbXM/wAAAFAHMfdvCTOR/wEAAKAyYu6/JsxE/gcAAIDKiLn/RWEmNcn/+v/6/4PR///va+Ox6/8vX0//v6D/r/+/Ft7/vzv9/x70/2eyevX/L/Xz+PX/9f9ZadD6/zH3XxtmUpP8DwAAAHUQc/91YSbyPwAAAFRGzP3Xh5nI/wAAAFAZMfdvDTOpSf7X/9f/H4z+/zL9/+Xr6f8X9P/1/9dC/787/f8e9P+9/7/+v/4/fTVo/f+Y+18cZlKT/A8AAAB1EHP/S8JM5H8AAAAYPOPru1rM/S8NM1mR/9e5AwAAAOAFF3P/DVlbEbwm//6v/6//r/+v/6//X77/1ff/xzL9/8Gh/9+d/n8P+v9V6/+PZ/r/+v+8oAat/5/n/mwqe1mYSU3yPwAAANRBzP03hpnI/wAAAFAZMff/SpiJ/A8AAACVEXP/tjCTmuR//f+r3f/frP+v/6//H9dlZfv/3v9/kAxL/3+yw+X6//r/+v/De/xD0v9/zUMdrq//z9UwaP3/mPtvCjOpSf4HAACAOoi5/+YwE/kfAAAAKiPm/l8NM5H/AQAAoDJi7t8eZlKT/K//7/3/9f/1//X/y/ev/z+chqX/34n+v/6//v/wHv+Q9P870v/nahi0/n/M/S8PM6lJ/gcAAIA6iLn/FWEm8j8AAABURsz9t4SZyP8AAABQGTH3T4eZ1CT/6//r/+v/6//r/5fvX/9/OOn/d6f/34P+v/6//r/+P301aP3/mPtvDTOpSf4HAACAOoi5f0eYifwPAAAAlRFz/21hJvI/AAAAVEbM/TvDTGqS//X/9f/1//X/9f/L96//P5z0/7vT/+9B/1//X/9f/5++GrT+f8z9rwwzqUn+BwAAgDqIuf/2MBP5HwAAACoj5v5XhZnI/wAAAFAZMfffEWZSk/yv/6//Pxj9/1vSsev/L19P/7+g/6//vxaV6/9n+v+Z/n+i/z/Yx6//r//PSoPW/4+5/9VhJjXJ/wAAAFAHMfffGWYi/wMAAEBlxNx/V5iJ/A8AAACVEXP/rjCTmuR//X/9/8Ho/y/T/1++3tXv/990X/Plg9L/b6996f/r/69F5fr/3v8/p/9fGJT+f9n3PZn+v/6//j8lBq3/H3P/3WEmNcn/AAAAUAcx998TZiL/AwAAQGXE3D8TZiL/AwAAQGXE3D8bZlK5/D9deqn+v/6//n+d+//reP//W5Zv1/v/50czrv8/WPT/u9P/70H/3/v/v+D9/wn9fypl0Pr/MffvDjOpXP4HAACA+oq5f0+YifwPAAAAlRFz/94wE/kfAAAAKiPm/nvDTGqS//X/9f/1//X/B+39/4er/+/9/weN/n93/e//x7uo/6//r//v/f/1/1lp0Pr/MfffF2ZSk/wPAAAAdRBz/74wE/kfAAAAKiPm/v1hJvI/AAAAVEbM/QfCTGqS//X/9f/1//X/9f/L96//P5z0/7vz/v896P/r/+v/6//TV4PW/4+5/2CYSU3yPwAAANRBzP2vCTOR/wEAAKAyYu7/tTAT+R8AAAAqI+b+Xw8zqUn+1//X/9f/1//X/y/fv/7/cNL/707/vwf9f/1//X/9f/pq0Pr/MfffH2ZSk/wPAAAAdRBz/2+Emcj/AAAAUBkx9782zET+BwAAgMqIuf9QmElN8r/+v/6//r/+v/5/+f7X1f+fyDrS/98Y+v/dNff/N3fbUP9f/1//X/9f/58+GLT+f8z9rwszqUn+BwAAgDqIuf+BMBP5HwAAACoj5v7Xh5nI/wAAAFAZMfe/IcykJvlf/1//X/9f/1//v3z/3v9/OOn/d+f9/3vQ/9f/1//X/6evBq3/H3P/G8NMapL/AQAAoA5i7n9TmIn8DwAAAJURc/+bw0zkfwAAAKiMmPvfEmZSk/yv/6//r/+v/6//X75//f/hpP/fnf5/D/r/+v/6//r/rN/UyosGrf8fc/9vth9wTfI/AAAA1EHM/Q+Gmcj/AAAAUBkx9781zET+BwAAgMqIuf9tYSY1yf/6//r/+v/6//r/5fvX/x9O+v/dDVn//5fXhcv1/wv6/4N9/MPV/1/a1H59/X+uhkHr/8fc//Ywk5rkfwAAAKiDmPvfEWYi/wMAAEBlxNz/zjAT+R8AAAAqI+b+3wozqUn+1/9vHMdye1n/X/8/v0D/X/9f/39o6f93N2T9f+//30b/f7CPf7j6/yvp/3M1DFr/P+b+d4WZ1CT/AwAAQB3E3P9QmIn8DwAAAJURc/+7w0zkfwAAAKiMmPvfE2ZSk/yv/+/9//X/9f/1/8v3r/8/nPT/u9P/L5feCV3/X/9f/1//n74atP5/zP0Ph5nUJP8DAABAHcTc/94wE/kfAAAAKiPm/t8OM5H/AQAAoDJi7n9fmElN8r/+/7D0/6f1//X/9f/b7o/+v/5/Gf3/7vT/e9D/1/9f7/Fv0v/X/6fMoPX/Y+5/f5hJTfI/AAAA1EHM/b8TZiL/AwAAQGXE3P+7YSbyPwAAAFRGzP2/F2ZSk/yv/z8s/X/v/5/p/+v/t90f/X/9/zIb1/+Przz6//r/+v9Rrfv/nd7//+fhQdX/1/+vqUHr/8fc//thJjXJ/wAAAFAHMfd/IMxE/gcAAIChUPb/ZLeLuf9wmIn8DwAAAJURc/+RMJOa5H/9f/1//f8B7f//+Y5//f533nFkt/6//r/+/5ps6Pv/N578637//82ll+r/6//r/w/v8Xv/f/1/Vhq0/n/M/UfDTGqS/wEAAKAOYu7/gzAT+R8AAAAqI+b+Y2Em8j8AAABURsz9c2EmNcn/+v/6//r/A9r/H+L3/4/nQ/+/Vd/6//FFV/+/1Ib2/9+73BP3/v9r7f9Pll6q/6//P8zHr/+v/89Kg9b/j7l/PsykJvkfAAAA6iDk/tHjxVz+hPwPAAAAlRFz/4kwE/kfAAAAKiPm/g+GmdQk/+v/6//r/+v/e///8v0PbP/f+/93pf+/wubmDwan/19O/1//f5iPX/9f/5+VBq3/H3P/QphJTfI/AAAA1EHM/R8KM5H/AQAAoDJi7v9wmIn8DwAAAJURc//JMOtG//+F7P8vlfb/m1eh/r/+v/6//r/+/9ro/3en/9+D/r/+v/6//j99NWj9/5j7T4WZ+Pd/AAD4f/buo1nS+rrj+B08hFu8AC+8wWu/BBaw8sJeu7ywq+yFXeXyAmxjnG3AOeKcA7aVAwogIZRQTqCEhLJQzlkoI1VdFZpzzk09T9++0z336f/5fDbHHmnUDZ4C/8R86w8wjNz9N8Ut9j8AAAAMI3f/zXGL/Q8AAADDyN3/K3FLk/2v//f+/4r9/61Xb0v/f4P+/2Kfr//X/49M/z9N/7+E/l//r//X/7NWc+v/c/f/atzSZP8DAABAB7n7fy1usf8BAABgGLn7b4lb7H8AAAAYRu7+X49bmuz/I/3/uZ2e/X9mvPp/7//r//X/+v8td3n7/zue+Cuf/l//r/8P+n/9v/6fo+bW/+fuvzVuabL/AQAAoIPc/b8Rt9j/AAAAMIzc/b8Zt9j/AAAAMIzc/b8VtzTZ/97/9/7/Rfr/n9pw/7+7o//X/+v/68+q/n99vP8/rVP/f8sj19702H0/cv8qn7+p/v/8/n++/n+Dzvr76//1/xw3t/4/d/9vxy1N9j8AAAB0kLv/d+IW+x8AAACGkbv/d+MW+x8AAACGkbv/9+KWJvtf/6//9/6//l//v/jz9f/bSf8/rVP/f5rP9/6//l//r/9nvebW/+fu//24pcn+BwAAgA5y9/9B3GL/AwAAwDBy998Wt9j/AAAAMIzc/bfHLU32v/5f/6//1//r/xd/vv5/O+n/p+n/l9D/6//1//p/1mpu/X/u/jvilib7HwAAADrI3f+HcYv9DwAAAMPI3f9HcYv9DwAAAMPI3f/HcUuT/a//1//r//X/+v/Fn6//3076/2n6/yX0/5faz1+p/9f/6/85aMX+//GJv2yvpf/P3f8ncUuT/Q8AAAAd5O7/07jF/gcAAIBh5O7/s7jF/gcAAIBh5O7/87ilyf7X/+v/9f/6f/3/4s/X/28n/f+0g/3/FVP/xk33/+fOL/xh/f/W9//e/9f/6/85ZG7v/+fu/4u4pcn+BwAAgA5y9/9l3GL/AwAAwDBy9/9V3GL/AwAAwDBy9/913NJk/2+y/z/a8B6l/9f/7/fzV9d31//v/7zt6f+vOvTjHfr/+w98P/3/vOj/p3n/fwn9v/5f/6//Z63m1v/n7v+buKXJ/gcAAIAOcvffGbfY/wAAADCM3P1/G7fY/wAAADCM3P1/F7c02f+L+//9f937/yej/z/8/b3/v/jXx7r6//xP3HT//4Qtfv//Ru//96T/n6b/X0L/r/8/w/5/b+9y9/+H/76+pP/fXfb5+n8WWVP/v7eu/j93/9/HLU32PwAAAHSQu/8f4hb7HwAAAIaRu/8f4xb7HwAAAIaRu/+f4pYm+3+T7/8vo//X/+v/R3n//7CZ9P8bff9/57L3/+f1/yek/5+m/19C/6//9/6/9/9ZqzX1/zvr6v9z9/9z3NJk/wMAAEAHufv/JW6x/wEAAGA7HPy9A0d/Q2nI3f+vcYv9DwAAAMPI3f9vcUuT/a//1//r//X/+v/Fnz+v/t/7/yel/5+m/19C/7+Jfv78YP3/XRf7+XPo/2/T/zMzh/r/B/Z//Kz6/9z9/x63NNn/AAAA0EHu/v+IW+x/AAAAGEbu/v+MW+x/AAAAGEbu/v+KW5rs/433/7sX/2z9v/5f/6//1//r/9dN/z+tZf+/yv8Vxun/f3SFP+py1u/nX6qz/v5z6P+9/8/cHOr/Dzir/j93/3/HLU32PwAAAHSQu/9/4hb7HwAAAIaRu/+uuMX+BwAAgGHk7v/fuKXJ/vf+v/5f/6//1/8v/nz9/3bS/09r2f+vYpz+/1TOup/f9u+v/9f/c9zc+v/c/f8XtzTZ/wAAANBB7v7/j1vsfwAAABhG7v4nxS32PwAAAAwjd/+T45Ym+1//v9n+P39c/6//39H/n6T/v1H/r/+/VG37/3OL/k503EX6/4d+6fafPPwjffr/w3/i9P/6f/2//p+1mkX/v7f//13m7n9K3NJk/wMAAEAHufufGrfY/wAAADCM3P1Pi1vsfwAAABhG7v6nxy1N9r/+3/v/+n/9/4z6f+//1/c9p/8/pbb9/wl5/38J/b/+X/+v/2etZtH/H/jfc/c/I25psv8BAACgg9z9z4xb7H8AAAAYRu7+Z8Ut9j8AAAAMI3f/s+OWJvtf/7+0/7/iJH8s+v/D31//v/jXh/5f/+/9/83T/0/T/y+h/9f/6//1/6zV3Pr/3P13xy1N9j8AAAB0kLv/OXGL/Q8AAADDyN3/3LjF/gcAAIBh5O5/XtzSZP/r/73/r//X/+v/F3++/n876f+nten/f3zi8++Z+AKL+v+9q/X/+n/9v/6fU5pb/5+7//lxS5P9DwAAAB3k7r8nbrH/AQAAYBi5+++NW+x/AAAAGEbu/hfELU32v/5f/6//1//r/xd/vv5/O+n/p7Xp/73/fypn3c9v+/fX/+v/OW5u/X/u/hfGLU32PwAAAHSQu/++uMX+BwAAgGHk7n9R3GL/AwAAwDBy998ftzTZ//p//b/+X/+v/1/8+fr/7bS5/n9H/6//35r+f3elP+h9Z93PX6oTfv8bNvX99f/6f46bW/+fu//FcUuT/Q8AAAAd5O5/Sdxi/wMAAMAwcve/NG6x/wEAAGAYuftfFrc02f/6f/2//l//r/9f/Pn6/+3k/f9p+v8lBun/T6tJ/7+x76//1/9z3Nz6/9z9L49bmux/AAAA6CB3/wNxi/0PAAAAw8jd/4q4xf4HAACAYeTuf2Xc0mT/L+n/9/+E6P8n6f8Pf3/9/+JfH/p//f+R/v+aHf3/2un/p+n/l9D/j9n/X7EzUP+/e9Gfr/9njubW/+fuf1Xc0mT/AwAAQAe5+18dt9j/AAAAMIzc/a+JW+x/AAAAGEbu/tfGLU32v/f/9f/6f/2//n/x53v/fzvp/6fp/5fQ/4/Z/3v/X//PmZlb/5+7/3VxS5P9DwAAAB3k7n993GL/AwAAwJZY/tvucve/IW6x/wEAAGAYufvfGLc02f/6f/2//l//r/9f/Pn6/+2k/5+m/19C/6//1//r/1mrufX/ufvfFLc02f8AAADQQe7+B+MW+x8AAACGkbv/objF/gcAAIBh5O5/c9zSZP/r//X/+v/t7P+v0f/r//X/C82l/7/++p94WP+v/9f/6//1//r/7jbW/8dPWLX/z93/lrilyf4HAACADnL3vzVusf8BAABgGLn73xa32P8AAAAwjNz9b49bmuz/4/3/lTsXCtULFvX/0ajp/w/Q/x/+/vr/xb8+vP+v/9f/b95c+n/v/5/u++v/9f/b/P1X6v+vO/7zf9D/7+7o/xnK3N7/z93/cNzSZP8DAABAB7n73xG32P8AAAAwjNz974xb7H8AAAAYRu7+R+KWJvvf+//6f/2//l//v/jz9f/bSf8/Tf+/hP5f/+/9/5t/4YcuS/+/d/Tv94xpbv1/7v53xS1N9j8AAAB0kLv/3XHL4v2/6B/zAgAAADOXu/89cYt//g8AAADDyN3/3rilyf7X/+v/59r/7+7o//X/F+j/9f+r0P9P0/8vof/fRD9/1Vq+3Ano/73/z/zMrf/P3f++uKXJ/gcAAIAOcve/P26x/wEAAGAYufs/ELfY/wAAADCM3P0fjFua7H/9v/5/rv3/hff/f271/v+6o/3/z+v/j3y+/l//PzL9f/4dfTH9/xL6f+//6//1/6zV3Pr/3P2Pxi1N9j8AAAB0kLv/Q3GL/Q8AAADDyN3/4bjF/gcAAIBh5O7/SNzSZP/r/3v1/+d2tq3/9/6//l//r/9fjf5/mv5/Cf2//l//r/9nrebW/+fu/2jc0mT/AwAAwLb66R/75UdP+u/N3f+xuMX+BwAAgGHk7v943GL/AwAAwDBy938ibmmy//X/vfr/7Xv/X/+v/9f/6/9Xo/+fdor+/1DArv/X/0/R/+v/9f8cNbf+P3f/J+OWA8Pv/Mp/lAAAAMCc5O7/VNzS5J//AwAAQAe5+z8dtxzb/3sn/F3tAAAAwNzk7v9M3NLkn//r/2fe/+/o//X/+n/9v/5/Ffr/aZf4/v/eOf2//n+C/l//r//nqLn1/7n7Pxu3NNn/AAAAMKhD/41C7v7PxS32PwAAAAwjd//n4xb7HwAAAIaRu/8LcUuT/a//n3n/f6r3/3frf9L/N+//77xm4efr//X/I9P/T7vE/t/7//r/Sfr/5f3/z048LK7/Z0Rz6/9z938xbmmy/wEAAKCD3P1filvsfwAAABhG7v4vxy32PwAAAAwjd/9X4pYm+1//P2L/7/1//f/054/T///wtbc/+DO/eO/d+n/2Xc7+P38t6P/1//r/C/T/3v/X/3PU3Pr/3P1fjVua7H8AAADoIHf/Y3GL/Q8AAADDyN3/tbjF/gcAAIBh5O7/etzSZP/r//X/+v9t7P+zKe7e/3v/X/9/nPf/p+n/l9D/6//1//p/1mpu/X/u/m/ELU32PwAAAHSQu/+bcYv9DwAAAMPI3f+tuMX+BwAAgO1xfvpfzt3/7bilyf7X/+v/9f9z7f/Pef8/6P/1/6vQ/0/T/y+h/9f/6//1/6zV3Pr/3P3fiVua7H8AAADoIHf/43GL/Q8AAADDyN3/3bjF/gcAAIBh5O7/XtzSZP/r//X/+v+59v9T7//r/3f0//r/i9D/T9P/L6H/1//r//X/rNXc+v/c/d8PAAD//xI4Zx0=") r8 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) ioctl$LOOP_SET_STATUS(r8, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x3, 0x9, 0x10, 0x1d, "9e959f16b6787b08aa26e66c4056a51695284854c282ec6bcfeef4fb0efcc1d8a6078ed98e033fd5f0643902dd8f6fac274de9d940bba5e592bbd4ce85450d00", "f625c10e6e4c36c800dee96015e0fb7e904dc8df62a3a893ec00347f41be5a08", [0x2, 0x9]}) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FITRIM(r9, 0xc0185879, &(0x7f0000000080)={0x0, 0xd000000}) sendmsg$nl_route(r2, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=@ipv6_getnetconf={0x1c, 0x52, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@NETCONFA_RP_FILTER={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200088d5}, 0x4040) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000001900)='./bus\x00', 0x0, 0x21002, 0x0) open(&(0x7f0000000280)='./bus\x00', 0x20000, 0x74) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) [ 70.800391][ T4671] Bluetooth: hci0: command tx timeout [ 70.918274][ T5323] syzkaller1: entered promiscuous mode [ 70.920047][ T5323] syzkaller1: entered allmulticast mode [ 70.935292][ T5323] loop0: detected capacity change from 0 to 2048 [ 70.978486][ T5323] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 70.982629][ T5323] UDF-fs: Scanning with blocksize 512 failed [ 70.989084][ T5323] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 71.440207][ T5324] loop0: detected capacity change from 2048 to 2047 [ 71.711835][ T5322] ================================================================== [ 71.714878][ T5322] BUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 [ 71.717365][ T5322] Read of size 1 at addr ffff88804c718000 by task syz.0.0/5322 [ 71.720247][ T5322] [ 71.721160][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00110-gff7afaeca1a1 #0 [ 71.724960][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.728763][ T5322] Call Trace: [ 71.730078][ T5322] [ 71.731090][ T5322] dump_stack_lvl+0x241/0x360 [ 71.732847][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.734896][ T5322] ? __pfx__printk+0x10/0x10 [ 71.736694][ T5322] ? _printk+0xd5/0x120 [ 71.738325][ T5322] ? __virt_addr_valid+0x183/0x530 [ 71.740375][ T5322] ? __virt_addr_valid+0x183/0x530 [ 71.742394][ T5322] print_report+0x169/0x550 [ 71.744153][ T5322] ? __virt_addr_valid+0x183/0x530 [ 71.746057][ T5322] ? __virt_addr_valid+0x183/0x530 [ 71.747997][ T5322] ? __virt_addr_valid+0x45f/0x530 [ 71.749905][ T5322] ? __phys_addr+0xba/0x170 [ 71.751554][ T5322] ? crc_itu_t+0x1d5/0x2b0 [ 71.753396][ T5322] kasan_report+0x143/0x180 [ 71.755195][ T5322] ? crc_itu_t+0x1d5/0x2b0 [ 71.756952][ T5322] crc_itu_t+0x1d5/0x2b0 [ 71.758898][ T5322] udf_update_tag+0x70/0x6a0 [ 71.760774][ T5322] udf_write_aext+0x4d8/0x7b0 [ 71.762573][ T5322] extent_trunc+0x2f7/0x4a0 [ 71.764431][ T5322] ? __pfx_extent_trunc+0x10/0x10 [ 71.766836][ T5322] ? udf_current_aext+0x519/0xad0 [ 71.769204][ T5322] udf_truncate_extents+0x6ed/0x1310 [ 71.771488][ T5322] ? __pfx_udf_truncate_extents+0x10/0x10 [ 71.773492][ T5322] ? __pfx_lock_release+0x10/0x10 [ 71.775457][ T5322] ? do_raw_spin_lock+0x14f/0x370 [ 71.777319][ T5322] ? do_raw_spin_unlock+0x58/0x8b0 [ 71.779084][ T5322] udf_setsize+0xabb/0x1450 [ 71.780686][ T5322] ? __pfx_udf_setsize+0x10/0x10 [ 71.782354][ T5322] ? evict+0x4b8/0x9b0 [ 71.783985][ T5322] ? inode_wait_for_writeback+0x111/0x2a0 [ 71.786208][ T5322] ? __pfx_lock_release+0x10/0x10 [ 71.788370][ T5322] udf_evict_inode+0x7d/0x3e0 [ 71.790208][ T5322] ? evict+0x4df/0x9b0 [ 71.791521][ T5322] ? __pfx_udf_evict_inode+0x10/0x10 [ 71.793199][ T5322] evict+0x4e8/0x9b0 [ 71.794529][ T5322] ? __pfx_evict+0x10/0x10 [ 71.795901][ T5322] ? iput+0x713/0xa50 [ 71.797195][ T5322] __dentry_kill+0x20d/0x630 [ 71.798721][ T5322] ? dput+0x37/0x2b0 [ 71.800145][ T5322] dput+0x19f/0x2b0 [ 71.801637][ T5322] __fput+0x5d2/0x880 [ 71.803130][ T5322] task_work_run+0x24f/0x310 [ 71.804814][ T5322] ? __pfx_task_work_run+0x10/0x10 [ 71.806791][ T5322] ? syscall_exit_to_user_mode+0xa3/0x370 [ 71.808857][ T5322] syscall_exit_to_user_mode+0x168/0x370 [ 71.810885][ T5322] do_syscall_64+0x100/0x230 [ 71.812599][ T5322] ? clear_bhb_loop+0x35/0x90 [ 71.814352][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.816428][ T5322] RIP: 0033:0x7fca82b7e719 [ 71.818099][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.824635][ T5322] RSP: 002b:00007ffca2d53c58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 71.827049][ T5322] RAX: 0000000000000000 RBX: 00007fca82d37a80 RCX: 00007fca82b7e719 [ 71.829369][ T5322] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 71.831673][ T5322] RBP: 00007fca82d37a80 R08: 0000000000000006 R09: 00007ffca2d53f4f [ 71.834202][ T5322] R10: 0000000000dce2e4 R11: 0000000000000246 R12: 0000000000011793 [ 71.836997][ T5322] R13: 00007ffca2d53d60 R14: 0000000000000032 R15: ffffffffffffffff [ 71.839620][ T5322] [ 71.840803][ T5322] [ 71.841627][ T5322] The buggy address belongs to the physical page: [ 71.843729][ T5322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xd0 pfn:0x4c718 [ 71.846909][ T5322] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 71.849242][ T5322] raw: 04fff00000000000 ffffea000131c648 ffffea000131fb08 0000000000000000 [ 71.852417][ T5322] raw: 00000000000000d0 0000000000000000 00000000ffffffff 0000000000000000 [ 71.855612][ T5322] page dumped because: kasan: bad access detected [ 71.858053][ T5322] page_owner tracks the page as freed [ 71.860163][ T5322] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5323, tgid 5322 (syz.0.0), ts 70996697408, free_ts 71419244157 [ 71.867537][ T5322] post_alloc_hook+0x1f3/0x230 [ 71.869264][ T5322] get_page_from_freelist+0x303f/0x3190 [ 71.871290][ T5322] __alloc_pages_noprof+0x292/0x710 [ 71.873258][ T5322] alloc_pages_mpol_noprof+0x3e8/0x680 [ 71.875105][ T5322] folio_alloc_noprof+0x128/0x180 [ 71.876829][ T5322] filemap_alloc_folio_noprof+0xdf/0x500 [ 71.878948][ T5322] __filemap_get_folio+0x446/0xbd0 [ 71.880841][ T5322] bdev_getblk+0x1d8/0x550 [ 71.882335][ T5322] __bread_gfp+0x86/0x400 [ 71.883876][ T5322] udf_read_tagged+0xa6/0xe00 [ 71.885636][ T5322] __udf_iget+0x3f3/0x3cd0 [ 71.887402][ T5322] udf_fill_super+0x12d1/0x1ed0 [ 71.889300][ T5322] get_tree_bdev_flags+0x48c/0x5c0 [ 71.891297][ T5322] vfs_get_tree+0x90/0x2b0 [ 71.892914][ T5322] do_new_mount+0x2be/0xb40 [ 71.894566][ T5322] __se_sys_mount+0x2d6/0x3c0 [ 71.896355][ T5322] page last free pid 5324 tgid 5322 stack trace: [ 71.898776][ T5322] free_unref_folios+0xf12/0x18d0 [ 71.900609][ T5322] folios_put_refs+0x76c/0x860 [ 71.902498][ T5322] mapping_try_invalidate+0x3b1/0x4f0 [ 71.904595][ T5322] loop_set_status+0x1ab/0x8f0 [ 71.906377][ T5322] lo_ioctl+0xcbc/0x1f50 [ 71.907870][ T5322] blkdev_ioctl+0x57d/0x6a0 [ 71.909378][ T5322] __se_sys_ioctl+0xf9/0x170 [ 71.910964][ T5322] do_syscall_64+0xf3/0x230 [ 71.912612][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.914802][ T5322] [ 71.915772][ T5322] Memory state around the buggy address: [ 71.917941][ T5322] ffff88804c717f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 71.921173][ T5322] ffff88804c717f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 71.924166][ T5322] >ffff88804c718000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.927086][ T5322] ^ [ 71.928473][ T5322] ffff88804c718080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.931201][ T5322] ffff88804c718100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.934255][ T5322] ================================================================== [ 71.967780][ T5322] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.970592][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00110-gff7afaeca1a1 #0 [ 71.974429][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.978193][ T5322] Call Trace: [ 71.979358][ T5322] [ 71.980498][ T5322] dump_stack_lvl+0x241/0x360 [ 71.982246][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.984090][ T5322] ? __pfx__printk+0x10/0x10 [ 71.985758][ T5322] ? preempt_schedule+0xe1/0xf0 [ 71.987588][ T5322] ? vscnprintf+0x5d/0x90 [ 71.989067][ T5322] panic+0x349/0x880 [ 71.990609][ T5322] ? check_panic_on_warn+0x21/0xb0 [ 71.992507][ T5322] ? __pfx_panic+0x10/0x10 [ 71.994116][ T5322] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 71.996262][ T5322] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 71.998477][ T5322] ? print_report+0x502/0x550 [ 72.000126][ T5322] check_panic_on_warn+0x86/0xb0 [ 72.001956][ T5322] ? crc_itu_t+0x1d5/0x2b0 [ 72.003610][ T5322] end_report+0x77/0x160 [ 72.005157][ T5322] kasan_report+0x154/0x180 [ 72.006848][ T5322] ? crc_itu_t+0x1d5/0x2b0 [ 72.008603][ T5322] crc_itu_t+0x1d5/0x2b0 [ 72.010283][ T5322] udf_update_tag+0x70/0x6a0 [ 72.012094][ T5322] udf_write_aext+0x4d8/0x7b0 [ 72.013900][ T5322] extent_trunc+0x2f7/0x4a0 [ 72.015613][ T5322] ? __pfx_extent_trunc+0x10/0x10 [ 72.017396][ T5322] ? udf_current_aext+0x519/0xad0 [ 72.019213][ T5322] udf_truncate_extents+0x6ed/0x1310 [ 72.020974][ T5322] ? __pfx_udf_truncate_extents+0x10/0x10 [ 72.023109][ T5322] ? __pfx_lock_release+0x10/0x10 [ 72.025017][ T5322] ? do_raw_spin_lock+0x14f/0x370 [ 72.026802][ T5322] ? do_raw_spin_unlock+0x58/0x8b0 [ 72.028594][ T5322] udf_setsize+0xabb/0x1450 [ 72.030186][ T5322] ? __pfx_udf_setsize+0x10/0x10 [ 72.031992][ T5322] ? evict+0x4b8/0x9b0 [ 72.033476][ T5322] ? inode_wait_for_writeback+0x111/0x2a0 [ 72.035548][ T5322] ? __pfx_lock_release+0x10/0x10 [ 72.037366][ T5322] udf_evict_inode+0x7d/0x3e0 [ 72.039054][ T5322] ? evict+0x4df/0x9b0 [ 72.040548][ T5322] ? __pfx_udf_evict_inode+0x10/0x10 [ 72.042438][ T5322] evict+0x4e8/0x9b0 [ 72.043899][ T5322] ? __pfx_evict+0x10/0x10 [ 72.045597][ T5322] ? iput+0x713/0xa50 [ 72.047101][ T5322] __dentry_kill+0x20d/0x630 [ 72.049053][ T5322] ? dput+0x37/0x2b0 [ 72.050709][ T5322] dput+0x19f/0x2b0 [ 72.052452][ T5322] __fput+0x5d2/0x880 [ 72.054243][ T5322] task_work_run+0x24f/0x310 [ 72.056077][ T5322] ? __pfx_task_work_run+0x10/0x10 [ 72.057911][ T5322] ? syscall_exit_to_user_mode+0xa3/0x370 [ 72.060057][ T5322] syscall_exit_to_user_mode+0x168/0x370 [ 72.062221][ T5322] do_syscall_64+0x100/0x230 [ 72.064026][ T5322] ? clear_bhb_loop+0x35/0x90 [ 72.065757][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.067937][ T5322] RIP: 0033:0x7fca82b7e719 [ 72.069567][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.076284][ T5322] RSP: 002b:00007ffca2d53c58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 72.079185][ T5322] RAX: 0000000000000000 RBX: 00007fca82d37a80 RCX: 00007fca82b7e719 [ 72.081970][ T5322] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 72.084910][ T5322] RBP: 00007fca82d37a80 R08: 0000000000000006 R09: 00007ffca2d53f4f [ 72.087906][ T5322] R10: 0000000000dce2e4 R11: 0000000000000246 R12: 0000000000011793 [ 72.090923][ T5322] R13: 00007ffca2d53d60 R14: 0000000000000032 R15: ffffffffffffffff [ 72.093759][ T5322] [ 72.095210][ T5322] Kernel Offset: disabled [ 72.096842][ T5322] Rebooting in 86400 seconds..