program: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x0, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @can={{0x1, 0x1, 0x1, 0x1}, 0x4, 0x0, 0x0, 0x0, "5df9eea6b5372430"}}, 0x48}}, 0xc0) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "ce2a4fa77baa108b"}}, 0x48}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5c00000002060500000000000000000000000000050005000a0000000c000780080013400000000005000900020073797a3100000000150000000000000003ddd22c706f72742c6e657400000000"], 0x5c}}, 0x0) syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk") r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r4, 0x2007ffc) sendfile(r4, r4, 0x0, 0x800000009) r5 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x10) ftruncate(r6, 0x2007ffb) sendfile(r5, r6, 0x0, 0x1000000201005) syz_mount_image$bcachefs(&(0x7f00000002c0), &(0x7f0000000340)='./bus\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESOCT, @ANYBLOB="5a3f8fa4067a10650f26471a6ee9e9c641a62f221aacd71851d8ccee1e3265ad24d3b77aa6accfea0b3a7c6a61c75a8dac28cdad621664353a45d77ecba7895ff1351e13f469f44963edf9a76633362c9b8045bccf1a21e98a429bf90d005dc4590f9177e4efe2295c52c2c76c5837b1", @ANYRES16, @ANYRES32, @ANYRES32, @ANYRESDEC, @ANYBLOB="39287ca62b3bc2d352aea732da4208801a4fdd37620ca3929ea549314caf0a"], 0xfc, 0x5a3d, &(0x7f00000020c0)="$eJzs3X+QHNV9IPDXM7Pa0a5+rAQOMpjVIqOE4Nha8av8IxVvcomdAoeTyynH4mTDglZEtiRU+hFAJkHkwIcK7LJTTiU4+YO4sO9sKy6q7ItRKBNhTuL8S8XFR13Z1Nl32H/4ihBUBnSUy+e92p1+szM909uzs7NihT6fkrbnvXnz7dfdb3r6+2Z2JwAAAHBWOH7P3lPXnv973/rziZfv/P1/3HlXGCxP11djg6F0edur1UNOp/7Kmulldlz82ke/+JORm37nmw8PfO6VY1sv2vaD3z3npkc/fPWRB/7m8ZeWf/WXzxbFjePp0ply8nwSQvXrJ//yY8e+fd5UXbJi6mfpYAirktWPr0oyIUZ/HkLYmhbWZO78ysuXb5ta3nVff1P9ykw74/3sNnWcpwbWgVO3vin88Lc33/3dtV/++77Dzx2caZJUG8ZTCCtuaHx8Xwhhafp/ShxtcTzGQbsphDDQ8Li3FvTrjR32f0NO+YJ0uSRdDhbEifevy5RLmXbZctSXWQ4UrG++8vrRbbsiyzLl7MlovvL6GetXpcuvpctL5xi/nG5DOQmlJFTq3d+RzIyR0HDckpBMH8tqvVyqH9uQbn+mnGTKpUy53JfZrun1pgOtnCTN9bFdpj6ejitp/UWN5+o23pdT//p0WU2fqK/EcsjeqBlsuVHfrmmxXydn6cvpUGo4B7Wrrx/49GAMpnWDyeqWx0y2Ee87tvn+9eUt3zg+lNOP5OEkjZ90Ff/Ad1Yt+9CXDu3Pvq7X499QSuOXuor/o2tOvHDdoc9+Jjf+J2P8clfxL3ts4PlrnrhnXe7+ORn3T6Wr+OPPPvnxtefeeDi3/w/G+NWu4o8dOdG//NRjR3P7Pxr3z9Ku4j/zjnf9+AtPP/JcbvwQ4w90FX/Lkd2f6B8+dUlu/KNx/wx2N35ePHzV94eHfzqSF/+pGH95V/E/f/CBtz+08r6rc4/vprh/hrqK/56LH7172alHLsw7dyYP9uqVE+DsdE56jXVvWu42z5yvhnzhr0cqtWu+Zen/5b1cUebic2o9K3oZHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCCK9703999/9+/9DzlbTcn954plRbxvolISRLQwh7943v2bd9180jH75l/55d4ztGxveNTOzat+f2kSt+Y2TPxO4d47dP3Tv65strj1sdktoyubBl3f2Tk5Oloea6uL5/c/HhH65/6//5lxBGX/e94Upu/zc8sPOhc9v8zEjGJt+5c/+137vy79LtGkr7NdSmX5OTk5Mhp1//+oFfPPQXJ39ySQijvzJbv5585rf+qalD0xUzcVKl/lDrUH8y0LYf9V6n/Yn7q7Jt+46J0dn379Tjyznb8e8++tzPt932qV/U9m81dzs63L9LxyZ3lP5q83v+31/dUaso6terddyL9nfciti/uP+q6f5ekW7XipztquRs1z3fPfr0188/9NLBMFp5cW3ruou2qy8dAH3J6ztab1zDQLKqqb6ato9HPD5uw76duzfsvf3Am7fvHL954uaJXW/beMXGq0avvOrKDdNbvmGO299XsP1x/b/a4fafnvG08k8Ofi3+7Gw8NfdrSe7+yPYr7o+pfhXvj8Ye5T3/Bt73sU+/7YEnrq1VFI3z2Lp+PkmXA1PHeWNoGG+t+6rddhUdnxDCSLv98MJLV4fz/sf2u4vOQ41HpvFnRjI2+e11P/u7t/7tmt+sVZyW83xjh7o8z9d7PdOf6f1VTY/H5CLdv/2hnG7XYNt+bfz2E333H/+XP633b8mScNv4vn17NtZ+Lkt7uiy5oG2/srVxu9ZO/yyHdLeE+jBtM17D9Pmo1r/s+TM2z+7VwfS+wWR12+3Kivcd23z/+vKWbxzP29PJw7U1Lg3La8vkDTktd2QeWK53uN36F+vzr2h8DL/7b7/6/q/+wxUt4+Oy2s+i7UpytuvLT3/+05/71H/4h95t17t/68TQz/7nH6+vVSz680q51pF6r9P+JI3nlctCKHr+rQ3ttyP3+Vdqvz1Fz7/sembat483kikPhnJXz9fLHht4/pon7lmX+3w9OdvztXFj72h6XLng+bpYxk/2+ZVUmvuxcM+vpoGSjE1+895zDj5+56bzaxVFr5f11u3G9eUd5B852/VP131/+JaRf//fe3fe+OJvfOX6H4yP/VmtovvjHvvSm+NeTfdvNWf/1nsd887G/fuWm27ZsbVWX7SfX73r33RZkP/EU8ne2w98ZHzHjok9ezvbrk5fT+N6snu5/fg5cmemWcvraTy7rS7YrlLLdi3cjU72V6fPt9j/rR3tr+Ln22BIunpdOPCdVcs+9KVD+4daHpWu6IZSGr/UVfwfXXPihesOffYzufE/GeNXuoo//uyTH1977o2Hc+M/mKTxq13FHztyon/5qceO5sYfjf1f2lX8Z97xrh9/4elHnsuNn56/zvvX7q7Tf/Ti4au+Pzz809z4TyXpeqaukUL4ysuXb6uVk+m5jWpDP/qa+hWy5SRTLmXK5cZyKc4ipCsoJ0lzfWyX1l/U0Jd2/iinPl6FVdfUlq/EcsjemL1+sSk1nPvb1RddpwIAvNbF9//jNWh8/38ivVDKn2mAGYPTmXb3edianLgxD5uZz2l+j3VNGj8+Ps4DDr8ljE4t7xqpXejP9X2E+HzIznPG9VzyxuYYhfOck9Prb5nnLJp/X5cpx37V5ssrDXloqjWvqYQO5t9b1zP7/Htm84vfzxq5t6VbIw3zVtnj15fOmLX7vEOmv5WpCHnjIzsvFj/PMbwibJpeX4fjI/s5mngcsp+jies5P3Pi7PZzNHnjY6h1PzT1K46P2G6W8THd5eL3I1uPX5hl/84cv/bRssdvDse7OtV+od+f7cG8YdtT2umbN1zY98PMS+bET59gi33eMNbH7ah0OJ/4/pz6Xs0nxtNF7NfJWfpyOphPBF6rYv4fXyOm8v+pC/D/m2lXlKdkrxpjvNzPCZXb92eWvGNFu/aDYaCr1/EtR3Z/on/41CW51zlHO/2c3u6m0kDB536K9uP6TLlwP+ZM0BTle9n1FOV72c9lDIblXe33zx984O0Prbzv6tz9vqn2Qlq83z/dVFpesN/PgHyhfXz5wlmRLyz0/Nmrlo+kH3xaqHzkD3Pq55qPDLTcqG/XtMWbj8y8kDblI32nt18AwJkj5v/198/S/P9/xQbpdURR3nppphzj5eatOdcneXnrH6TL2zLtB9PfqJjrdfN7Ln707mWnHrkwN295sNM89D81lYYK89D55c25ecSm3nxePDePqOdZ88sTc/tfzxPnl6fnvE3bkKfPL4/O3T/1PLp5HuDTJzqLH+cBcuPX5wF6mOf+cqbR6ctzC+brMiuLxU7n616VPHpF83bOMY9+50BzuX0enf767ELl0e/LqZ9rHj3YcqO+XdMWbx7dXC+PBgBeq2L+Hy/jYv7/RKbdfN9nz80LenTdnv17IPX4Ty1IXjkTv0fv/xbnfQudty50Xr/Q8xJn+vu/Cz0vNDT9BzwXap7sVXt/ebHkxelK5cUAACxmMf9fmpbz8//55Sct+Vtf7RJyJj858/Lzxnby85z4r5n8/Eyf/1rYz8mc9fl/LKfFybMv/8/5zSEAABaTmP/Hz6DGv//3X9Jy9u/Wn4l5evA+ujz9jMnTezzPFuM3fg7APMDp/Xz80pn2Z8E8AAAAi1DfdKbU+nv2H0yX2d+zz/u9/Oty2neqkl4e37hvz8TE9ft3bx3fN3H9rlu2Tuy9/tY92/ftm9hVazffvDE3b0nzxr5QSfdH+3bZvG1l+vcQVub8PYRs+xj2gukbrX8PIbvapQV/R2Dm+HXW37zjV5qlfbvxkXe88+L/UU77qH78b/rjy67ftvf67bu279s+vmP7gYnmdlNZ68AcvjczSf/P6ftSMz9alOb+/Z3x8MyvH6WWfvSl+yPv+9mTTD9WpT1Zlff9Bzn9/tZ/+4s/uXjyF18IYfR15TfMa/8lY5P/+QMTf7Dv+Pd2T/W/NGv/6y3TfhV9X2m2fdyeyo5b9u5707Zb9u/KfqNkd+J8RqleXqD5jPTpX+5wfmJLTv1cf3+/3HJjcep4fgIAgCbx/f94PRvfP/xUegEV6zvP07t//zgJjx3NzdNHO8vTs99LVpSnZ9vH7e00T6/OM0/Prr8oT2/Xvl2enpd358X/w5z2c9X5OOnicx4x/fzSof254+SGzsZJ9vsMisZJtv1cx0kyz3GSXX/ROGnXvt04yTvuefHfm9M+T9F4qNTHw/w+l5M7Hj7Z2Xj49Uy5aDxk2891PJTmOR6y6y8aD+3atxsPecc3L/61Oe071Tw+pgbG9LiYuP7WW/Z8pKHdQn//RWj9SEYn/Vsy89iF/f6Ppg517HPTPzvbvwv3ua+lc+lyxsz+D2Fsuiav/wv7ubL5979o/8/hc2UrQsvnynL7/9T8ZsI67//Cfr9LRl7z1sefrvna9ExQ9PmzonnczTn1c53HXdJyY3FqP4/bZx4XToOY/8e3e2L+f1+67PXbQGf+96Qtgu8x+7f31ivifYvn8/fz+3x80XXMWfd6nr3ePyNfz70vCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJDVX1kzvTx+z95T157/e9/684mX7/z9f9x516999Is/Gbnpd7758MDnXjm29aJtP/jdc2569MNXH3ngbx5/aflXf/lsYeCh6Z+VS9NiNYTk+SSE6tdP/uXHjn37vKm6JIRQToYOhrAqWf34qiQTYfTnIYSt9X423/mVly/fNrW8677+pvqVmSDZ7QqD5difxn6GcFvhFnEGqqbj7MCpW98Ufvjbm+/+7tov/33f4ecOzjRJqg3jKYQVNzQ+vi+EsDT9PyWOtjXxwelyUwhhoOFxby3o1xs77P+GnPIF6XJJuhwsiBPvX5cplzLtsuWoL7McKFjffOX1o26sw3YdWpYpZ09G85XXz1i/Kl1+LV1eOsf45fg/CaUkVOrd35HMjJHQcNySkEwfy2q9XKof25Buf6acZMqlTLnc12a7DqYDrZwk9frG/pQy9fF0XEnrL2o8V7fxvpz616fLavpEfSWWQ/ZGzWDLjfp2TYv9OjlLX1L/sbhJ90oN56B29fUDnx6MwbRuMFnd8pjJNuJ9xzbfv7685RvHh3L6kTycpPGTruIf+M6qZR/60qH9a/Li31BK45e6iv+ja068cN2hz34mN/4nY/xyV/Eve2zg+WueuGdd7v45GfdPpav4488++fG15954OLf/D8b41a7ijx050b/81GNHc/s/GvfP0q7iP/OOd/34C08/8lxu/BDjD3QVf8uR3Z/oHz51SS1+6xkiORr3z2B34+fFw1d9f3j4pyN5/X8qxl/eVfzPH3zg7Q+tvO/q3OO7Ke6foa7iv+fiR+9eduqRC/POncmDvXrlBDg7nZNeY92blrvNM+erIV/465FK7ZpvWfp/eS9XlDG1nhULGB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNemf77jig9+4J3v3VxJQkhy2ky2Ee8rLxkbG+livePPPvnxtefeeLixbk0XcQAAAIBiMQ8v1WuqYU24NVkaLmjbPs4RXBBLSXN9dg4hxsnOEXQbp9QmTqmLOOUe9afSozh9PYqzpEdx+nsUp1oQpxo6i7N0ljiVqRHQYX8GZu1P53EGexRnWY/iLO9RnBU9irOyR3GGZo3T+Thc1aM4q3sU55wexTm3R3Fe16M4v9KjOOf1KE52Tnmu43B52vL8vDjTN8qFcSpJuX5Hu/n089L1XDjP9QwWrGd50etxh+tZ2uF63ph5XGmO66l2uJ5fned6kg7X8+vzXE+pYD1x3N6W7V9cTyx1OP5v71GcAz2K89GWOH1dxbmjR/350x7F+bMexblznnEAOhXz/5l8byj0V34zDKRnnOwsQMx3107/bH29yzshxXhvyNQvKYqXTdQz8dbOtX/ZCYRMvHWZ+r6meJV6PjJLvGpjvPWZO2fb3neMte9bY7xLM/X9s8Rr2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA3++Y4rPviBd753c0jC1L+2JtuI95WXjI2NdLHeY5vvX1/e8o3jjXX9lS4CAQAAAIViHt5XK/aFUA39lY2hP1nS1K6azgNU03J5qLYcXhE2TS2TkdJ0eSBZNevjKunjNuzbuXvD3tsPvHn7zvGbJ26e2PW2jVdsvGr0yquu3LBt+46J0drPEPoL4oUQpqcf9t5+4CPjO3ZM7Nlbq8z2f036uDVpOUkfN/yWMDq1vCvt/+qC9ZVa1rdwNzo6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2bW7UEnrMgDgzzszZ2Y8ujnh17i467CuspWV2jG0xPNCkODH4kGIOdZJllxJOrqL7orZpAupKUWgLCwbXrRhkibd+JES+cGCYZbQ2SRUyou6KLQMFS9CmThn5p0zM2fGOQyyu26/38X78fyf//95/+/Fgec9AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwEC00pubq0zOzk0lEMiSnOUA2li+maW2Mul97cvuPSuvf3dQdKxXGWAgAAAAYKevDJzqRcpQK+cjHyUt3G6JrIJb7fgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/PQmNqrj49M3t0EpEMyWkOkI3li2laG6Pua28//PmX16//R3esOsY6AAAAwGhZH57rRMpRjdNiIjl5sfPvRLNvA2v75rfylmXrrFtlXv+3g2F5p60y74xV5n1iRN7m9vnmAAAAgI++rP8vdCKVKBXWrOiHs/5/VF+f5Z3al5dvn1f/W4HiqjMBAACAD5b1/6VOpBqlQrXTr6+239/Ql5fNH/V/+2z+6UPmj/p//mXts//TAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBHx0Jjaq4+PTObTyKSITnNAbKxfDFNa2PUPeepyX9dsv+ODd2xUmGMhQAAAICRsj58ufUuR6kwGRNx9FLfv/6i+x79yqOPT0VEq80vFuPmLTt23HBO65jlnf3C/okfPvfGd1fknd06HrINAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5qFxtRcfXpm9qgkIhmS0xwgG8sX07Q2Rt1Xv/jlvz340hOvd8eqY6wDAAAAjJb14cu9fzmqUYxinLh0193rL8r1zR/2zQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ctz47Vu+tWV+fusNLg7NRTMfcRg8hovBF5si4jB4jENwcaj/MgEAAB+2UyOJZpdKz91gJ11+qJ8aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HCw0pubq0zOz5SQiGZLTHCAbyxfTtDZG3fTJF0tr3n3qme5YdYx1AAAAgNGyPny59y9HNSZiIk5Yuhv0TWCp/68cxIcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADisLjam5+vTM7JokIhmS0xwgG8sX07Q2Rt0Hdu39wv3H/uDi7lipMMZCAAAAwEhZH17sRMpRKnwySnFK+36+d0KSb58HfxdYnre9Z9rkquc1eublVz3vrr6dFdq7ac0rZ+tVWufOvNryvFx7Xq1rXjU65WudeUsva3dPtTUjnnPlmwcAAICDJ+v/S51IJUqFUlf///Oe/Mp4fe62Yb8tAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOHAuNqbn69MxskkQkQ3KaA2Rj+WKa1saoe8vvP37M139x987uWHWMdQAAAIDRsj58ufcvRzXWxcdi3VLfH5Xe/Czv3/X37r/3P3/fFHHWiQfWF/qX/Ul28dtXL3y6/xCR683ORRzbrpcMqfe7P95708bmew9GnHVC/pQV9eKD6/UumTYfq2+9bMdzB7aPeDkAAABwhMj6/4lOpBKlwvVD+/+s8x7R/3csNeDH3rTrV8e3j+2OvG9GrtKulxtS70sbH/7r6ef9843F/n9lvU93rj6797r7j+8p2Ir0SdLm9HU7Nx84d18u23Wrfr6vfvZevvqd1/97zc33vNeqX45yO76271Fa1VYe+8pH2pzP7Zm99P09jd76hSH7v+MPz7z0m7V3v7NY/+1TJzv1z4hB9Vs7LwytH0elzckr7tx9/t79m3vrR0RtUP0337k4Tvrztbf373+yb+HuN9997H8BafOFDW/tO+++6gW99ZO++tn7/+VLD+z+2T3ffzyrn/1WZNNpq62f66v//F3H7Xr2tsvX9tbPDdn/01e+vH5b7Xt/6t//1T2rFoY+xcr9P3TmI1e9siW9tX8IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgyLLQmJqrT8/M5pKIZEhOc4BsLF9M09oYdV+75MU3r7z7pz/ujlXHWAcAAAAYLevDl3v/clSjGMWYXOr7H6tvvWzHcwe2R6U1mrTPhfltN+741DXbdl5/9SF6cgAAAGC1XrskWer/C51IJUqFjTHR7v+nr9u5+cC5+3JZ/59bPCcRcc2181vPik7e83cdt+vZ2y5f2/lOELH0s4DyYt7nlvMuuvDFylt/+ebpA/POWc57YcNb+867r3pBlhfdeWdH5/vEQ2c+ctUrW9JbO8/XnfeZb2ybb3+eyNadvOLO3efv3b85l33HaJ8n2+tmefO5PbOXvr+nkatEaXE8384rt/cNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKy00Jiaq0/PzEY+IhmS0+zWDmRj+WKa1saoe+nGX99+zLtPrOuOlQpjLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwY38hUpV9HMCfZ2b33dmdXd3VF9qK1tWKwi6Ugoi6qagIjRC6MiQszYsoCCIKu2gNjcSKboKsG4kKqi0Eg9wk0WKN/kk3XVRQYF0EIi3ULtJFxcw8Z5w9zml01oLq84Hhmec553zP75znmTM7CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA/Sl/PaL09suOhudsvuPmTJ+6dffzW9x7Ydtljb/wwvunGj/cOvHpyevPyLV/ftHTTgfvWTO1+6fAvQ+/8dqxj8KONZmXqVkKIJ2IIlfdnnn9y+tPzamMxhFCOwxMhjMQlh0diLmH1ryGEzc0652/cN3vVllq7bVffvPHFuZD8dYVqOaunYXh+vfy7VNI62zr3yBXh2xvWb/982dtv9U4enzi1S6ztU07rKYRFG1uP7w0h9KdXTbbaRrODU7suhDDQctw1Heq6+AzrX1XQvzC1/0tttUNOtn1Frl/K7ZfvZ3pz7UCH8y1UUR3d7tfJYK6ffxgtVLPOVe3HR1L7bmpXnmV+OXvFUIqhp1n+/fHUGgkt8xZDrM9lpdkvNec2pOvP9WOuX8r1y72566qfNy20cozzx7P9cuPZ47gnjS9vfVa3cUfB+PmpraQP6smsH/JvGqqnvWleV11W18yf1PJ3KLU8g9qNNyc+TUY1jVXjktOO+b2NbNv0+qcvLW/44MhwQR1xb0z5sav8rZ+NDN715s6HR4vyN5ZSfqmr/O/WHv3pzp0vv1iY/1yWX+4q/8qDAyfWfrhjReH9mcnuT88Z5cfUz7bdfeyjZ5b9/57JdnNdz9+T5Ve6qv/6qaN9Q3MHDxXWvzq7P/1d5X9z3S3fv/7l/uOF+SHLH+gqf8PUg8/2jc1dXph/qPFRqNZXaBfr5+fJq78aG/txvCj/i+z+D7XJjx3zX5vYfe0ri3etKVyf67L7M5zy+8+q/tsuObB9cG7/RUXPzrjnXH1zAvzHNP6NEJamv7GeSsOdfmfumy21/Z25UC2/F14Y72l8Aw2m19C5PFFO7TyL/sJ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAPduCABAAAAEDQ/9ftCBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngoAAP//tdgg4g==") creat(&(0x7f0000000040)='./bus\x00', 0x0) r7 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r7, 0x4c09, 0x800) creat(&(0x7f00000002c0)='./file1\x00', 0x11) recvmmsg(r4, &(0x7f00000009c0)=[{{&(0x7f0000000380)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/70, 0x46}], 0x1, &(0x7f0000000580)=""/103, 0x67}, 0x2}, {{&(0x7f0000000600)=@ieee802154, 0x80, &(0x7f0000000900)=[{&(0x7f0000007b00)=""/4096, 0x1000}, {&(0x7f0000000680)=""/253, 0xfd}, {&(0x7f0000000780)=""/53, 0x35}, {&(0x7f00000007c0)=""/109, 0x6d}, {&(0x7f0000000840)=""/116, 0x74}, {&(0x7f00000008c0)=""/10, 0xa}], 0x6, &(0x7f0000000980)=""/57, 0x39}, 0x7}], 0x2, 0x2000, 0x0) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="50000000020601040000007641e1b82ce006e6000500040000000000050001000600000015000300686173683a69702c706f72742c6e657400000000050005000a0000000900020073797a3100000000"], 0x50}}, 0x0) [ 76.206245][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.209191][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 74.660840][ T5314] Bluetooth: hci0: command tx timeout [ 74.735327][ T5335] netlink: 44 bytes leftover after parsing attributes in process `syz.0.0'. [ 74.772192][ T5335] loop0: detected capacity change from 0 to 2048 [ 74.798618][ T5335] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 74.809147][ T5335] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 74.823070][ T5335] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 74.845442][ T25] audit: type=1800 audit(1752181842.735:2): pid=5335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1346 res=0 errno=0 [ 75.413047][ T5335] getblk(): invalid block size 512 requested [ 75.416696][ T5335] logical block size: 2048 [ 75.420046][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 75.420066][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.420076][ T5335] Call Trace: [ 75.420081][ T5335] [ 75.420087][ T5335] dump_stack_lvl+0x189/0x250 [ 75.421069][ T5335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.421085][ T5335] ? __pfx__printk+0x10/0x10 [ 75.421109][ T5335] ? fs_reclaim_acquire+0x7d/0x100 [ 75.421161][ T5335] bdev_getblk+0x5b0/0x690 [ 75.421183][ T5335] ? udf_get_pblock_spar15+0x2d0/0x420 [ 75.421205][ T5335] udf_setup_indirect_aext+0x190/0x800 [ 75.421235][ T5335] udf_free_blocks+0x13f2/0x17f0 [ 75.421259][ T5335] ? do_raw_spin_lock+0x121/0x290 [ 75.421275][ T5335] ? __mark_inode_dirty+0x3d6/0xdf0 [ 75.421297][ T5335] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 75.421315][ T5335] ? __pfx_udf_free_blocks+0x10/0x10 [ 75.421334][ T5335] ? __mark_inode_dirty+0x3ab/0xdf0 [ 75.421356][ T5335] ? rcu_is_watching+0x15/0xb0 [ 75.421371][ T5335] ? __mark_inode_dirty+0x3ab/0xdf0 [ 75.421400][ T5335] extent_trunc+0x35c/0x450 [ 75.421420][ T5335] ? __pfx_extent_trunc+0x10/0x10 [ 75.421435][ T5335] ? udf_current_aext+0x51f/0xad0 [ 75.421457][ T5335] udf_truncate_extents+0x5b0/0xec0 [ 75.421482][ T5335] ? __pfx_udf_truncate_extents+0x10/0x10 [ 75.421507][ T5335] ? do_raw_spin_unlock+0x4d/0x240 [ 75.421528][ T5335] udf_setsize+0x972/0x1000 [ 75.421551][ T5335] ? __pfx_udf_setsize+0x10/0x10 [ 75.421563][ T5335] ? down_write+0x162/0x1f0 [ 75.421614][ T5335] ? __pfx_down_write+0x10/0x10 [ 75.421632][ T5335] ? __pfx_current_time+0x10/0x10 [ 75.421654][ T5335] udf_setattr+0x3a1/0x5a0 [ 75.421670][ T5335] ? __pfx_udf_setattr+0x10/0x10 [ 75.421686][ T5335] notify_change+0xb36/0xe40 [ 75.421708][ T5335] do_truncate+0x1a4/0x220 [ 75.421725][ T5335] ? __pfx_do_truncate+0x10/0x10 [ 75.421737][ T5335] ? apparmor_file_truncate+0x23e/0x2d0 [ 75.421765][ T5335] path_openat+0x306c/0x3830 [ 75.421778][ T5335] ? arch_stack_walk+0xfc/0x150 [ 75.421819][ T5335] ? __pfx_path_openat+0x10/0x10 [ 75.421832][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.421858][ T5335] do_filp_open+0x1fa/0x410 [ 75.421869][ T5335] ? __lock_acquire+0xab9/0xd20 [ 75.421883][ T5335] ? __pfx_do_filp_open+0x10/0x10 [ 75.421913][ T5335] ? _raw_spin_unlock+0x28/0x50 [ 75.421929][ T5335] ? alloc_fd+0x64c/0x6c0 [ 75.421953][ T5335] do_sys_openat2+0x121/0x1c0 [ 75.421973][ T5335] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.421997][ T5335] ? rcu_is_watching+0x15/0xb0 [ 75.422015][ T5335] __x64_sys_creat+0x8f/0xc0 [ 75.422029][ T5335] do_syscall_64+0xfa/0x3b0 [ 75.422041][ T5335] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.422061][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.422073][ T5335] ? clear_bhb_loop+0x60/0xb0 [ 75.422089][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.422100][ T5335] RIP: 0033:0x7f085998e929 [ 75.422113][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.422123][ T5335] RSP: 002b:00007f085a841038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 75.422138][ T5335] RAX: ffffffffffffffda RBX: 00007f0859bb5fa0 RCX: 00007f085998e929 [ 75.422147][ T5335] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0 [ 75.422155][ T5335] RBP: 00007f0859a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 75.422162][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.422169][ T5335] R13: 0000000000000000 R14: 00007f0859bb5fa0 R15: 00007ffc98538128 [ 75.422188][ T5335] [ 75.584858][ T5335] getblk(): invalid block size 512 requested [ 75.587569][ T5335] logical block size: 2048 [ 75.589637][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 75.589653][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.589661][ T5335] Call Trace: [ 75.589670][ T5335] [ 75.589678][ T5335] dump_stack_lvl+0x189/0x250 [ 75.589701][ T5335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.589714][ T5335] ? __pfx__printk+0x10/0x10 [ 75.589734][ T5335] ? fs_reclaim_acquire+0x7d/0x100 [ 75.589756][ T5335] bdev_getblk+0x5b0/0x690 [ 75.589776][ T5335] ? udf_get_pblock_spar15+0x2d0/0x420 [ 75.589797][ T5335] udf_setup_indirect_aext+0x190/0x800 [ 75.589827][ T5335] udf_free_blocks+0x13f2/0x17f0 [ 75.589852][ T5335] ? do_raw_spin_lock+0x121/0x290 [ 75.589867][ T5335] ? __mark_inode_dirty+0x3d6/0xdf0 [ 75.589883][ T5335] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 75.589899][ T5335] ? __pfx_udf_free_blocks+0x10/0x10 [ 75.589918][ T5335] ? __mark_inode_dirty+0x3ab/0xdf0 [ 75.589936][ T5335] ? rcu_is_watching+0x15/0xb0 [ 75.589951][ T5335] ? __mark_inode_dirty+0x3ab/0xdf0 [ 75.589970][ T5335] extent_trunc+0x35c/0x450 [ 75.589989][ T5335] ? __pfx_extent_trunc+0x10/0x10 [ 75.590000][ T5335] ? udf_current_aext+0x51f/0xad0 [ 75.590019][ T5335] udf_truncate_extents+0x5b0/0xec0 [ 75.590043][ T5335] ? __pfx_udf_truncate_extents+0x10/0x10 [ 75.590066][ T5335] ? do_raw_spin_unlock+0x4d/0x240 [ 75.590085][ T5335] udf_setsize+0x972/0x1000 [ 75.590108][ T5335] ? __pfx_udf_setsize+0x10/0x10 [ 75.590128][ T5335] ? down_write+0x162/0x1f0 [ 75.590140][ T5335] ? __pfx_down_write+0x10/0x10 [ 75.590150][ T5335] ? __pfx_current_time+0x10/0x10 [ 75.590164][ T5335] udf_setattr+0x3a1/0x5a0 [ 75.590173][ T5335] ? __pfx_udf_setattr+0x10/0x10 [ 75.590183][ T5335] notify_change+0xb36/0xe40 [ 75.590196][ T5335] do_truncate+0x1a4/0x220 [ 75.590206][ T5335] ? __pfx_do_truncate+0x10/0x10 [ 75.590215][ T5335] ? apparmor_file_truncate+0x23e/0x2d0 [ 75.590244][ T5335] path_openat+0x306c/0x3830 [ 75.590256][ T5335] ? arch_stack_walk+0xfc/0x150 [ 75.590294][ T5335] ? __pfx_path_openat+0x10/0x10 [ 75.590305][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.590332][ T5335] do_filp_open+0x1fa/0x410 [ 75.590342][ T5335] ? __lock_acquire+0xab9/0xd20 [ 75.590378][ T5335] ? __pfx_do_filp_open+0x10/0x10 [ 75.590402][ T5335] ? _raw_spin_unlock+0x28/0x50 [ 75.590416][ T5335] ? alloc_fd+0x64c/0x6c0 [ 75.590439][ T5335] do_sys_openat2+0x121/0x1c0 [ 75.590458][ T5335] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.590480][ T5335] ? rcu_is_watching+0x15/0xb0 [ 75.590492][ T5335] __x64_sys_creat+0x8f/0xc0 [ 75.590501][ T5335] do_syscall_64+0xfa/0x3b0 [ 75.590509][ T5335] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.590519][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.590526][ T5335] ? clear_bhb_loop+0x60/0xb0 [ 75.590537][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.590547][ T5335] RIP: 0033:0x7f085998e929 [ 75.590558][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.590567][ T5335] RSP: 002b:00007f085a841038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 75.590580][ T5335] RAX: ffffffffffffffda RBX: 00007f0859bb5fa0 RCX: 00007f085998e929 [ 75.590588][ T5335] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0 [ 75.590595][ T5335] RBP: 00007f0859a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 75.590602][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.590608][ T5335] R13: 0000000000000000 R14: 00007f0859bb5fa0 R15: 00007ffc98538128 [ 75.590626][ T5335] [ 75.762348][ T5335] ================================================================== [ 75.766442][ T5335] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x69d/0x7b0 [ 75.770480][ T5335] Write of size 4 at addr ffff8880407509d8 by task syz.0.0/5335 [ 75.774269][ T5335] [ 75.775352][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 75.775369][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.775377][ T5335] Call Trace: [ 75.775386][ T5335] [ 75.775391][ T5335] dump_stack_lvl+0x189/0x250 [ 75.775416][ T5335] ? rcu_is_watching+0x15/0xb0 [ 75.775432][ T5335] ? __kasan_check_byte+0x12/0x40 [ 75.775449][ T5335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.775462][ T5335] ? rcu_is_watching+0x15/0xb0 [ 75.775474][ T5335] ? lock_release+0x4b/0x3e0 [ 75.775485][ T5335] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 75.775502][ T5335] ? __virt_addr_valid+0x1c8/0x5c0 [ 75.775516][ T5335] ? __virt_addr_valid+0x4a5/0x5c0 [ 75.775528][ T5335] print_report+0xd2/0x2b0 [ 75.775536][ T5335] ? udf_write_aext+0x69d/0x7b0 [ 75.775545][ T5335] kasan_report+0x118/0x150 [ 75.775554][ T5335] ? udf_write_aext+0x69d/0x7b0 [ 75.775564][ T5335] udf_write_aext+0x69d/0x7b0 [ 75.775573][ T5335] __udf_add_aext+0x2b9/0x6d0 [ 75.775584][ T5335] udf_free_blocks+0x1466/0x17f0 [ 75.775594][ T5335] ? do_raw_spin_lock+0x121/0x290 [ 75.775603][ T5335] ? __mark_inode_dirty+0x3d6/0xdf0 [ 75.775615][ T5335] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 75.775627][ T5335] ? __pfx_udf_free_blocks+0x10/0x10 [ 75.775640][ T5335] ? __mark_inode_dirty+0x3ab/0xdf0 [ 75.775656][ T5335] ? rcu_is_watching+0x15/0xb0 [ 75.775668][ T5335] ? __mark_inode_dirty+0x3ab/0xdf0 [ 75.775686][ T5335] extent_trunc+0x35c/0x450 [ 75.775698][ T5335] ? __pfx_extent_trunc+0x10/0x10 [ 75.775709][ T5335] ? udf_current_aext+0x51f/0xad0 [ 75.775725][ T5335] udf_truncate_extents+0x5b0/0xec0 [ 75.775768][ T5335] ? __pfx_udf_truncate_extents+0x10/0x10 [ 75.775786][ T5335] ? do_raw_spin_unlock+0x4d/0x240 [ 75.775804][ T5335] udf_setsize+0x972/0x1000 [ 75.775820][ T5335] ? __pfx_udf_setsize+0x10/0x10 [ 75.775832][ T5335] ? down_write+0x162/0x1f0 [ 75.775844][ T5335] ? __pfx_down_write+0x10/0x10 [ 75.775858][ T5335] ? __pfx_current_time+0x10/0x10 [ 75.775878][ T5335] udf_setattr+0x3a1/0x5a0 [ 75.775891][ T5335] ? __pfx_udf_setattr+0x10/0x10 [ 75.775903][ T5335] notify_change+0xb36/0xe40 [ 75.775917][ T5335] do_truncate+0x1a4/0x220 [ 75.775931][ T5335] ? __pfx_do_truncate+0x10/0x10 [ 75.775942][ T5335] ? apparmor_file_truncate+0x23e/0x2d0 [ 75.775961][ T5335] path_openat+0x306c/0x3830 [ 75.775971][ T5335] ? arch_stack_walk+0xfc/0x150 [ 75.775995][ T5335] ? __pfx_path_openat+0x10/0x10 [ 75.776006][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.776022][ T5335] do_filp_open+0x1fa/0x410 [ 75.776032][ T5335] ? __lock_acquire+0xab9/0xd20 [ 75.776041][ T5335] ? __pfx_do_filp_open+0x10/0x10 [ 75.776055][ T5335] ? _raw_spin_unlock+0x28/0x50 [ 75.776070][ T5335] ? alloc_fd+0x64c/0x6c0 [ 75.776085][ T5335] do_sys_openat2+0x121/0x1c0 [ 75.776102][ T5335] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.776118][ T5335] ? rcu_is_watching+0x15/0xb0 [ 75.776127][ T5335] __x64_sys_creat+0x8f/0xc0 [ 75.776137][ T5335] do_syscall_64+0xfa/0x3b0 [ 75.776148][ T5335] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.776168][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.776180][ T5335] ? clear_bhb_loop+0x60/0xb0 [ 75.776192][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.776204][ T5335] RIP: 0033:0x7f085998e929 [ 75.776216][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.776226][ T5335] RSP: 002b:00007f085a841038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 75.776238][ T5335] RAX: ffffffffffffffda RBX: 00007f0859bb5fa0 RCX: 00007f085998e929 [ 75.776247][ T5335] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0 [ 75.776254][ T5335] RBP: 00007f0859a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 75.776262][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.776270][ T5335] R13: 0000000000000000 R14: 00007f0859bb5fa0 R15: 00007ffc98538128 [ 75.776282][ T5335] [ 75.776286][ T5335] [ 75.950980][ T5335] Allocated by task 5335: [ 75.952880][ T5335] kasan_save_track+0x3e/0x80 [ 75.955198][ T5335] __kasan_kmalloc+0x93/0xb0 [ 75.957217][ T5335] __kmalloc_noprof+0x27a/0x4f0 [ 75.959440][ T5335] __udf_iget+0xc66/0x3ae0 [ 75.961627][ T5335] udf_fill_partdesc_info+0x773/0x1310 [ 75.963989][ T5335] udf_process_sequence+0x1133/0x4840 [ 75.966522][ T5335] udf_check_anchor_block+0x28e/0x550 [ 75.968897][ T5335] udf_load_vrs+0x96d/0xf20 [ 75.970971][ T5335] udf_fill_super+0x5ad/0x17a0 [ 75.973120][ T5335] get_tree_bdev_flags+0x40e/0x4d0 [ 75.975473][ T5335] vfs_get_tree+0x92/0x2b0 [ 75.977922][ T5335] do_new_mount+0x24a/0xa40 [ 75.980074][ T5335] __se_sys_mount+0x317/0x410 [ 75.982283][ T5335] do_syscall_64+0xfa/0x3b0 [ 75.984311][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.986912][ T5335] [ 75.987961][ T5335] The buggy address belongs to the object at ffff888040750800 [ 75.987961][ T5335] which belongs to the cache kmalloc-512 of size 512 [ 75.993920][ T5335] The buggy address is located 0 bytes to the right of [ 75.993920][ T5335] allocated 472-byte region [ffff888040750800, ffff8880407509d8) [ 76.000094][ T5335] [ 76.001184][ T5335] The buggy address belongs to the physical page: [ 76.004293][ T5335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40750 [ 76.008526][ T5335] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 76.012140][ T5335] ksm flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 76.015494][ T5335] page_type: f5(slab) [ 76.017346][ T5335] raw: 04fff00000000040 ffff88801a441c80 ffffea000101d380 0000000000000003 [ 76.022106][ T5335] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 76.026219][ T5335] head: 04fff00000000040 ffff88801a441c80 ffffea000101d380 0000000000000003 [ 76.030243][ T5335] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 76.033962][ T5335] head: 04fff00000000001 ffffea000101d401 00000000ffffffff 00000000ffffffff [ 76.037849][ T5335] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 76.041532][ T5335] page dumped because: kasan: bad access detected [ 76.044231][ T5335] page_owner tracks the page as allocated [ 76.046565][ T5335] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5300, tgid 5300 (syz-executor), ts 71042381179, free_ts 58633697973 [ 76.056115][ T5335] post_alloc_hook+0x240/0x2a0 [ 76.058346][ T5335] get_page_from_freelist+0x21e4/0x22c0 [ 76.060905][ T5335] __alloc_frozen_pages_noprof+0x181/0x370 [ 76.063394][ T5335] alloc_pages_mpol+0x232/0x4a0 [ 76.065516][ T5335] allocate_slab+0x8a/0x3b0 [ 76.067439][ T5335] ___slab_alloc+0xbfc/0x1480 [ 76.069514][ T5335] __kmalloc_noprof+0x305/0x4f0 [ 76.071690][ T5335] tomoyo_init_log+0x1a6e/0x1f70 [ 76.073950][ T5335] tomoyo_supervisor+0x340/0x1480 [ 76.076079][ T5335] tomoyo_path_permission+0x25a/0x380 [ 76.078350][ T5335] tomoyo_check_open_permission+0x2b6/0x3b0 [ 76.080850][ T5335] security_file_open+0xb1/0x270 [ 76.083053][ T5335] do_dentry_open+0x35e/0x1970 [ 76.085160][ T5335] vfs_open+0x3b/0x340 [ 76.086980][ T5335] path_openat+0x2ee5/0x3830 [ 76.089100][ T5335] do_filp_open+0x1fa/0x410 [ 76.091056][ T5335] page last free pid 5251 tgid 5251 stack trace: [ 76.093747][ T5335] __free_frozen_pages+0xc71/0xe70 [ 76.095989][ T5335] __put_partials+0x161/0x1c0 [ 76.098079][ T5335] put_cpu_partial+0x17c/0x250 [ 76.100254][ T5335] __slab_free+0x2f7/0x400 [ 76.102267][ T5335] qlist_free_all+0x97/0x140 [ 76.104276][ T5335] kasan_quarantine_reduce+0x148/0x160 [ 76.106751][ T5335] __kasan_slab_alloc+0x22/0x80 [ 76.108779][ T5335] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 76.111144][ T5335] proc_reg_open+0x20d/0x560 [ 76.113289][ T5335] do_dentry_open+0xdf0/0x1970 [ 76.115328][ T5335] vfs_open+0x3b/0x340 [ 76.117012][ T5335] path_openat+0x2ee5/0x3830 [ 76.118945][ T5335] do_filp_open+0x1fa/0x410 [ 76.120868][ T5335] do_sys_openat2+0x121/0x1c0 [ 76.123126][ T5335] __x64_sys_openat+0x138/0x170 [ 76.125491][ T5335] do_syscall_64+0xfa/0x3b0 [ 76.127615][ T5335] [ 76.128728][ T5335] Memory state around the buggy address: [ 76.131120][ T5335] ffff888040750880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.134429][ T5335] ffff888040750900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.137835][ T5335] >ffff888040750980: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 76.141319][ T5335] ^ [ 76.144337][ T5335] ffff888040750a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.147692][ T5335] ffff888040750a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.151247][ T5335] ================================================================== [ 76.198085][ T5335] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 76.201439][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 76.206501][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.211207][ T5335] Call Trace: [ 76.212868][ T5335] [ 76.214258][ T5335] dump_stack_lvl+0x99/0x250 [ 76.216368][ T5335] ? __asan_memcpy+0x40/0x70 [ 76.218453][ T5335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.220761][ T5335] ? __pfx__printk+0x10/0x10 [ 76.222810][ T5335] panic+0x2db/0x790 [ 76.224575][ T5335] ? __pfx_preempt_schedule+0x10/0x10 [ 76.227040][ T5335] ? __pfx_panic+0x10/0x10 [ 76.229089][ T5335] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 76.231691][ T5335] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.234458][ T5335] ? udf_write_aext+0x69d/0x7b0 [ 76.236605][ T5335] check_panic_on_warn+0x89/0xb0 [ 76.238851][ T5335] ? udf_write_aext+0x69d/0x7b0 [ 76.241000][ T5335] end_report+0x78/0x160 [ 76.242911][ T5335] kasan_report+0x129/0x150 [ 76.245059][ T5335] ? udf_write_aext+0x69d/0x7b0 [ 76.247335][ T5335] udf_write_aext+0x69d/0x7b0 [ 76.249538][ T5335] __udf_add_aext+0x2b9/0x6d0 [ 76.251719][ T5335] udf_free_blocks+0x1466/0x17f0 [ 76.254042][ T5335] ? do_raw_spin_lock+0x121/0x290 [ 76.256278][ T5335] ? __mark_inode_dirty+0x3d6/0xdf0 [ 76.258538][ T5335] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 76.260893][ T5335] ? __pfx_udf_free_blocks+0x10/0x10 [ 76.263221][ T5335] ? __mark_inode_dirty+0x3ab/0xdf0 [ 76.265480][ T5335] ? rcu_is_watching+0x15/0xb0 [ 76.267624][ T5335] ? __mark_inode_dirty+0x3ab/0xdf0 [ 76.269846][ T5335] extent_trunc+0x35c/0x450 [ 76.271856][ T5335] ? __pfx_extent_trunc+0x10/0x10 [ 76.274004][ T5335] ? udf_current_aext+0x51f/0xad0 [ 76.276215][ T5335] udf_truncate_extents+0x5b0/0xec0 [ 76.278604][ T5335] ? __pfx_udf_truncate_extents+0x10/0x10 [ 76.281371][ T5335] ? do_raw_spin_unlock+0x4d/0x240 [ 76.283959][ T5335] udf_setsize+0x972/0x1000 [ 76.285956][ T5335] ? __pfx_udf_setsize+0x10/0x10 [ 76.288239][ T5335] ? down_write+0x162/0x1f0 [ 76.290191][ T5335] ? __pfx_down_write+0x10/0x10 [ 76.292299][ T5335] ? __pfx_current_time+0x10/0x10 [ 76.294391][ T5335] udf_setattr+0x3a1/0x5a0 [ 76.296425][ T5335] ? __pfx_udf_setattr+0x10/0x10 [ 76.298805][ T5335] notify_change+0xb36/0xe40 [ 76.300866][ T5335] do_truncate+0x1a4/0x220 [ 76.302836][ T5335] ? __pfx_do_truncate+0x10/0x10 [ 76.304977][ T5335] ? apparmor_file_truncate+0x23e/0x2d0 [ 76.307312][ T5335] path_openat+0x306c/0x3830 [ 76.309099][ T5335] ? arch_stack_walk+0xfc/0x150 [ 76.311122][ T5335] ? __pfx_path_openat+0x10/0x10 [ 76.313233][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.315818][ T5335] do_filp_open+0x1fa/0x410 [ 76.317777][ T5335] ? __lock_acquire+0xab9/0xd20 [ 76.320018][ T5335] ? __pfx_do_filp_open+0x10/0x10 [ 76.322231][ T5335] ? _raw_spin_unlock+0x28/0x50 [ 76.324310][ T5335] ? alloc_fd+0x64c/0x6c0 [ 76.326065][ T5335] do_sys_openat2+0x121/0x1c0 [ 76.328053][ T5335] ? __pfx_do_sys_openat2+0x10/0x10 [ 76.330295][ T5335] ? rcu_is_watching+0x15/0xb0 [ 76.332381][ T5335] __x64_sys_creat+0x8f/0xc0 [ 76.334502][ T5335] do_syscall_64+0xfa/0x3b0 [ 76.336658][ T5335] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.339146][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.341816][ T5335] ? clear_bhb_loop+0x60/0xb0 [ 76.343889][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.346414][ T5335] RIP: 0033:0x7f085998e929 [ 76.348359][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.356639][ T5335] RSP: 002b:00007f085a841038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 76.360332][ T5335] RAX: ffffffffffffffda RBX: 00007f0859bb5fa0 RCX: 00007f085998e929 [ 76.363719][ T5335] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00002000000002c0 [ 76.367073][ T5335] RBP: 00007f0859a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 76.370475][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.374135][ T5335] R13: 0000000000000000 R14: 00007f0859bb5fa0 R15: 00007ffc98538128 [ 76.377993][ T5335] [ 76.379836][ T5335] Kernel Offset: disabled [ 76.381736][ T5335] Rebooting in 86400 seconds..