program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x5}]}}}]}]}], {0x14}}, 0xe8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x109040, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$COMEDI_CMD(r2, 0x80506409, &(0x7f0000000180)={0x1, 0x80, 0x80, 0xd, 0x10, 0x3e8, 0x2, 0x0, 0x20, 0x1, 0x20, 0xffffffff, &(0x7f0000000600)=[0x7], 0x1, 0x0})
pselect6(0x40, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0xffffffffffbffff9, 0x80000000000, 0x0, 0xfffffffffffff30a, 0x5}, &(0x7f0000000000)={0x1c, 0x26d7, 0x2, 0x0, 0xfffffffffffffffc, 0x0, 0x6, 0x9}, 0x0, 0x0, 0x0)
sendmsg$key(r1, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x2, 0x400000000000003, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfbffffff}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x50}}, 0x0)
syz_mount_image$jfs(&(0x7f0000000400), &(0x7f00000000c0)='./bus\x00', 0x1c802, &(0x7f0000002740)=ANY=[], 0x1, 0x5f52, &(0x7f000000ef80)="$eJzs3V1vHFcZB/BnX7x+KU2jClUh4iJNobSU5j2B8taUCy4ACSSUaxK5bhVIASUB0SoirnKBuODlI8BNb7joFylfAfEBiBRzVQnKoLHPScbjddZp4p1dn99PcmaePTveM/l7PDuemT0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMT3vvvj072IuPzr9MDhiM/EIKIfsVzXx6KeuZifP4yII7HZHM9FxGAxol5+859nIs5FxEeHIu5t3FqtHz6zx36cP3Xz+iff/84/fvenO0d++uZPPmi3/+izZz/8/e2Iwz987cNPbj+ZdQcAAIBSVFVV9dJh/tF0fN/vulMAwFTk/X+V5MfVarVa/UTrP/Znqz/qQuumarzbzSIi1pvL1O8ZnI4HgDmzHh933QU6JP+iDSPiqa47Acy0XtcdYF/c27i12kv59pr7g2Nb7fnvlNvyX+/dv79jt+kk7WtMpvXzdScG8ewu/VmeUh9mSc6/387/8lb7KD1vv/Oflt3yH23d+lScnP+gnX/Ltvz/HBFzm39/bP6lyvkPHyX/9cEcb//yBwAAAADg4Mt//z/c8fnfxcdflT152PnfY1PqAwAAAAAAAAA8aY87/t99xv8DAACAmVUfq9f+cujBY7t9Hmh9iH+pF/F06/lAYdLNMitd9wMAAAAAAAAAAAAASjLcuob3Ui9iISKeXlmpqqr+amrXj+pxl593pa8/lKzrX/IAALDlo0Ote/l7EUsRcSl91t/CyspKVS0tr1Qr1fJifj87WlyqlhvHtXlaP7Y42sMb4uGoqr/ZUmO5pknHy5Pa29+vfq1RNdhDx6ajw8ABICK29kb37JEOmKp6Jrp+l8N8sP0fPLZ/9qLrn1MAAABg/1VVVfXSx3kfTef8+113CgCYhqW8/2+fF1Cr1Wq1Wn3w6qZqvNvNIiLWm8vU7xkMxw8Ac2Y9Pu66C3RI/kUbRsSRrjsBzLRe1x1gX9zbuLXaS/n2mvuDNL57vhZkW/7rvc3l8vLjppO0rzGZ1s/XnRjEs7v057kp9WGW5Pz77fwvb7WP0vP2O/9p2S3/ej0Pd9CfruX8B+38Ww5O/v2x+Zcq5z98pPwH8gcAAAAAgBmW//5/2PnfvMoAAAAAAAAAMHfubdxazfe95vP/nx/zvF5zzv2fB0bOv7fn/N3/e5Dk/Pvt/FsX5Awa83ffeJD/vzdurX5w81+fy9OZz39hMKpfe6HXHwzTNT/VwltxNa7FWpza8fzhtvbTO9oXtrWfmdB+dkf7qG5fzu0nYjV+EdfizfvtixMujFqa0F5NaM/5D2z/Rcr5Dxtfdf4rqb3Xmtbuvt/fsd03p+Ne5+Lf/vvizq1r+u7E4P66NdXrd7yD/mz+nzw1il/dWLt+4jdXbt68fjrSZNujZyJNnrCc/0L6yvm/9MJWe/6939xe774/euT8Z8WdGO6a/wuN+Xp9X55y37qQ8x+lr5x/3gON3/7nOf/dt/9XOugPAAAAAAAAAAAAAAAAPExVVZu3iF6MiAvp/p+u7s0EAKbqDz9IM1USarVarVarD2zdVI33erOIpe3LXIiI3477ZgDALPtfRPyz607QGfkXLH/eXz39QtedAabqxrvv/ezKtWtr12903RMAAAAAAAAA4NPK438ea4z/vHkdUGvc6G3jv74Rx+Z2/M/+aLA51nlaoefj4eN/H4+Hj/89nPB6CxPaRxPaFye0L01oH3ujR0PO//mUcc7/aFqxksZ/famD/nQt5388jfWc8/9S63nN/Ku/znP+/W35n7z5zi9P3nj3vVevvnPl7bW3135++tSFc2fPnzt7/vzJt65eWzu19W+HPd5fOf889rXrQMuS88+Zy78sOf8vplr+Zcn5v5hq+Zcl55/f78m/LDn/fOwj/7Lk/F9OtfzLkvP/cqrlX5ac/yupln9Zcv5fSbX8y5LzfzXV8i9Lzv9EquVflpz/yVTLvyw5/3yGS/5lyfnnKxvkX5ac/5lUy78sOf+zqZZ/WXL+51It/7Lk/M+nWv5lyflfSLX8y5Lz/2qq5V+WnP/XUi3/suT8X0u1/MuS8/96quVflpz/N1It/7Lk/L+ZavmXJef/rVTLvyw5/2+nWv5lyfm/nmr5l+XB5/+bmfLMf/4eMQPdMGNm3EzXv5kAAAAAAAAAAAAAgLZpXE7c9ToCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2Lu7GLnK+wzgZ7/stSHBDYSvOLA2Bgws3l1/gUMMJgkpJW1KSUibltQ49tps4q961wkgVJZCW6IgFam9oBfNl9IoUluBokhNJRohNVJzV64ScRO1EheWCpWDkkqpAludOe/77szs7Mx6vYtnzvn9EP57Z87MvHPmzOw+az0zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1Nv00cm/7MuyLP+/9seGLLs4//u6bF/+5ezuC71CAAAA4Hy9XfvzHy9JJ+xbwoXqtvn3a/7j+3Nzc3PZ5986885fz82lM0aybGBtltXOi378q1/O1W8TPJ0N9/XXfd3f4eYHOpw/2OH8oQ7nr+lw/toO5w93OH/BDlhgXfH7mNqVban9dUOxS7PLsqHaeVtaXOrpvrX9/fF3OTV9tcvMDR3OprKj2WQ2vuAyfbX/suzlTflt3ZvF2+qvu62NWZad/fkTB+Ma+sI+3pI13FhN/WP35t3ZyFs/f+Lgd2beuKrV7LgbFqw0y7Zuztf5TJbN/7oq68vWpn0S19lft86NLdY50LDOvtrl8r83r/PsEtcZ7/dwWOerbda5MZz26HVZls1mi27T7OmsP1vfdKtpfw8XR0R+HflD+b5s8JyOk01LOE7yy7x+XeNx0nxMxv2/KeyTwUXWUP9wvPnUmgX7fbnHSX6vu+FYza/7/vxGh4frf7XacKzm2zxx/eLHQMvHrsUxkI7lumNgc6djoH/NQO0Y6J9f8+aGY2BiwWX6s77abZ25vv0xMDZz7OTY9GOP3zp17MCRySOTxyfGd+/csWvnjl27xg5PHZ0cL/48t13aQ9Zn/ekY3Bxea+IxeGPTtvWH5Nw3V+55MNwlz4P8vn/6hnxBF/dnixzj+TbPbD3/50H6vl/3PBisex60fE1t8TwYXMLzIN/m7Nalfc8crPu/1RpW67VwQ90xcCG/H+a3+dBNi78Wbgzrevbmc/1+OLDgGIh3qy889/JT0s97w7eH/bLwuLg6P+OiNdnp6clT2x49MDNzaiIL411xad1j1Xy8rK+7T9mC46X/nI+Xff/w6xuubnH6hrCvhm9p/1jl2+wcbf9Y1V7dG/fnmqzYnw2nbs/CWGHv9v5s9d0s358pS7TZn/k2z9x6/j8LplxS9/o31On1b2BosHj9G0h7Y6jh9W/hQzNQW1mWnb11aa9/Q+H/d/v177Iuef3L99VD29ofA/k2z46d6zEw2Pb177ow+8J6bgqJYbgu979TO3+2OEzrHsuOx83g4FA4bgbjLTYeNzsWXCa/tvy2t44v77jZel3jY9Xwc0sJj5t8X/3NePvjJt/mlYnzf+1YF/9a99qxptMxMDSwJl/vUDoIite7uXXxGNiWHcxOZEezQ+ky+aOc39bo9qUdA2vC/+/2a8eVXXIM5Pvqhe3tj4F8mx/tWNmfnbaGU9I2dT87Nf9+YbHMf/Xg/PU177aVzvz5Oj/2k0+m01pliHybN3aea85ov59uCadc1GI/NT9/FjumD2Xvzn66Mqzz6K72v5vKt7ls9xKPp31Zlr028Vrt913h97vfO/2T7zf83rfV75Rfm3jtvrEHfnou6wcAYPneqf05u6b4WbPuX6yX8u//AAAAQE+Iub8/zET+BwAAgNKIuX8gzET+BwAAgNKIuX8wzKQi+f+R2/e8+PaTWXo3wLkgnh93w/13FtvFjvds+Hpkbl5++ke+PfTiV55c2m33Z1n26/s+0HL7R+6M6yqcjOv8UOPpC1x57ZJu/+EH57erf/+Es3uK64/3Z6mHQewqvzy2vXa9I49N1OYr92W1+cDss08X1198Hbc/s6PY/u/Cm5bsO9zXcPmtYT1bwhwJ7ylz/775/ZDPeLkXN17zb5d+Zv724uX6Nr+3djdf+NPieuN7RD1/abF9vN+Lrf9fv/rdF/PtH72+9fqf7G+9/jPhel8P81d7i+3r9/lX6tb/52H98fbi5bZ964ct1//SFcX2L4Xj4hthNq//7r/64NutHq94O/vuKC4Xb3/8f3fWLhevL15/8/qHn5xo2B/N1//KW8X17P3SLwbqt4+nx9uJHr6j8fjuC49vQ488y7Lv/kXWsJ+zDxeX+5em9cfrO3lH6/Xf0rTOk33X1i4/f382NNyvr/399pb3N65n3z9taLg/z98T9t9bYz/Kr/fMA+F4DOf/36vF9TW/l+lL9zS+3sTtv7GheN7G6xtrWv/zTeufvTbfd53Xf+9bxfpfumttw/r3fTwcT/cWs9P6j3z9kobLf/M7xeNx6sujx09Mn546VLdX65/Ha4fXrb/o4ve895LwWtr89f4TM49MnhoZHxnPspEefMvA1V7/t8L8n2LMrvwtFH76i+K4e+4TxfetG39ZfP18OP3h8HjG749f+9uhhuO1+XGfvauY57v+m8M6luqKr/7XtUva8MznXj79z3/2RvPPBfH+nHz/cO3+vbDp8tp5fa8U5ze/XnXyn+9vfF7/bHC8Nn8Q9utceGfmzZcXt9d8/fG9SZ77VPH8jT/JxctnTe8nsmGg8X6c7/p/Fn6O+eGVja9/8fj4wZNN7+a8IevLlzAbXh+y2eL8uFXc38+dvbzl7cX34clmrzqXZS5q+rHpsaNTx08/OjYzOT0zNv3Y4/uPnTh9fGZ/7b1L93+h0+Xnn9/ra8/vQ5O7d2a1Z/uJYqyyC73+kw8ePHTb+A2HJg8fOH145sGTk6eOHJyePjh5aPqGA4cPT3650+WnDu2d2L5nx23bR49MHdp7+549O/aMTh0/kS+jWFQHu8e/OHr81P7aRab37twzsWvXzvHRYycOTe69bXx89HSny9e+N43ml/7S6KnJowdmpo5Njk5PPT65d2LP7t3bO77747GTh6dHxk6dPj52enry1FhxX0Zmaifn3/s6XZ5qmD4RXu+a9IWfzj97y+70/ri5bz+16FUVmzT+eJq9Gd4LKn5/6/R1zP1DYSYVyf8AAABQBTH3hzf+nz9D/gcAAIDSiLl/bZiJ/A8AAAClEXN/kfyH08e/VyX/r1T//yn9/xr9f/3/bAX6//1116P/r/+v/9+e/r/+f6b/v2wXuj/f6+vX/9f/p7Nu6/+H3J+tyzL//g8AAAAlFXP/+jAT+R8AAABKI+b+i8JM5H8AAAAojZj7Lw4zqUj+9/n/+v/6/+36/3Fbn/+f6f93Q/9/y3/r/y+g/6//n+n/L9uF7s/3+vq7sP+/Tv+fbtNt/f+Y+98TZlKR/A8AAABVEHP/e8NM5H8AAAAojZj7Lwkzkf8BAACgNGLu3xBmUpH8r/+v/6//332f/19/Pfr/+v8+/789/X/9/0z/f9kudH++19ffhf1/n/9P1+m2/n/M/b8RZlKR/A8AAABVEHP/+8JM5H8AAAAojZj7Lw0zkf8BAACgNGLuvyzMpCL5v5r9/9ezLNP/z/T/9f+b1qn/r/+/GvT/9f/b0f/X/+/l9ev/6//TWbf1/2Puf3+YSUXyPwAAAFRBzP2Xh5nI/wAAAFAaMfdfEWYi/wMAAEBpxNx/ZZhJRfJ/Nfv/Pv9f/7+g/9+4Tv1//f/VoP+v/9+O/r/+fy+vX/9f/5/Ouq3/H3P/VWEmFcn/AAAAUAUx918dZiL/AwAAQGnE3P+BMBP5HwAAAEoj5v6NYSYVyf9N/f+39f/1//X/9f/1/wv6/yujt/r//Yueo/9f0P9vtHL9/9n5Bej/98z69f/1/+ms2/r/Mfd/MMykIvkfAAAAqiDm/mvCTOR/AAAAKI2Y+68NM5H/AQAAoDRi7h8JM6lI/vf5//r/+v/6//r/+v+rqbf6/4vT/y/o/zfy+f/6//r/+v+01239/5j7N4WZVCT/AwAAQBXE3L85zET+BwAAgNKIuf+6MBP5HwAAAEoj5v4tYSYVyf/6//r/bfv/Px7IMv1//f9A/1//fzn0//X/29H/1//v5fXr/+v/01m39f9j7r8+zKQi+R8AAACqIOb+G8JM5H8AAAAojZj7bwwzkf8BAACgNGLu3xpmUpH8r/+v/+/z/3u4/z+g/5/p/3c9/X/9/3b0//X/e3n9+v/6/3TWbf3/mPtvCjOpSP4HAACAKoi5/+YwE/kfAAAASiPm/lvCTOR/AAAAKI2Y+0fDTCqS//X/9f/1/3u4/+/z/xvWr//fnfT/9f/b0f/X/+/l9ev/6//TWbf1/2PuvzXMpCL5HwAAAKog5v5tYSbyPwAAAJRGzP1jYSbyPwAAAJRGzP3jYSYVyf/6//r/+v/6//r/+v+rSf9f/78d/X/9/15ev/6//j+ddVv/P+b+iTCTiuR/AAAAqIKY+7eHmcj/AAAAUBox9+8IM5H/AQAAoDRi7t8ZZlKR/N8j/f9tqQCl/6//r/+v/6//31P0//X/29H/1//v5fXr/+v/06i/xWnd1v+PuX9XmElF8j8AAABUQcz9u8NM5H8AAAAojZj7bwszkf8BAACgNGLuvz3MpCL5v0f6/z7/X/9f/7+O/r/+fy/R/9f/b2cF+v+1H970/5fnQvfne339+v/6/3TWbf3/mPv3hJlUJP8DAABAFcTc/6EwE/kfAAAASiPm/jvCTOR/AAAA6CmtPocwirn/w2EmFcn/+v9l7//PrdX/1//X/2+/fv3/1aX/r//fjs//1//v5fXr/+v/01m39f9j7t8bZlKR/A8AAABVEHP/nWEm8j8AAACURsz9d4WZyP8AAABQGjH37wszqUj+1/8ve//f5//r/+v/d1q//v/q0v/X/29H/783+//hxxb9/y7q/+fHkP4/3ajb+v8x998dZlKR/A8AAABVEHP/R8JM5H8AAAAojZj7PxpmIv8DAABAacTc/7Ewk4rkf/1//X/9f/1//X/9/9Wk/79q/f/aS6H+f0H/f3kudH++19ffTf1/n/9Pt+q2/n/M/feEmVQk/wMAAEAVxNz/8TAT+R8AAABKI+b+3wwzkf8BAACgNGLuvzfMpCL5X/9f/1//X/9f/1//fzXp//v8/3b0//X/e3n9+v/6/3TWbf3/mPt/K8ykIvkfAAAAqiDm/vvCTOR/AAAAKI2Y+z8RZiL/AwAAQI9Zs+g5Mff/dphJRfJ/7/X/R3qy/9+frl//X/9f/1//X/9/Jen/6/9n+v/LdqH7872+fv1//X8667b+f8z9vxNmUpH8DwAAAFUQc/8nw0zkfwAAACiNmPt/N8xE/gcAAIDSiLn//jCTiuT/le7/N1++HZ//r/+f6f/r/+v/6/+fJ/1//f9M/3/ZLnR/vtfXr/+v/09n3db/j7n/98JMKpL/AQAAoApi7n8gzET+BwAAgC71yDlfIub+T4WZyP8AAABQGjH3fzrMpCL5v/c+/1//X/9f/1//X/+/l+j/6/+3o/+v/9/L69f/1/+ns27r/8fc/2CYSUXyPwAAAFRBzP2fCTOR/wEAAKA0Yu7//TAT+R8AAABKI+b+PwgzqUj+1//X/9f/1//X/9f/X036/wv7//lrmP5/Qf9f/7+X16//r/9PZ93W/4+5/7NhJhXJ/wAAAFAFMff/YZiJ/A8AAAClEXP/H4WZyP8AAABQGjH3PxRmUpH8r/+v/6//r/+v/6//v5r0/33+fzv6//r/vbx+/X/9fzrrtv5/zP2fCzOpSP4HAACAKoi5/4/DTOR/AAAAKI2Y+/eHmcj/AAAAUBox9z8cZlKR/K//v7T+f3NfuJn+f+v16//r/+v/6//r/+v/t6P/r//fy+vX/9f/p7Nu6//H3H8gzGRf480AAAAAvSvm/s+HmVTk3/8BAACgCmLuPxhmIv8DAABAacTcfyjMpCL5X//f5//r/+v/6//r/68m/X/9/3b0//X/e3n9+v/6/3TWbf3/mPsnw0wqkv8BAACgCmLuPxxmIv8DAABAacTcfyTMRP4HAACA0oi5/5Ewk4rkf/1//X/9/8r2/1/9XtM69f/1/1eD/r/+fzv6//r/vbx+/X/9fzrrtv5/zP1TYSYVyf8AAABQBTH3fyHMRP4HAACA0oi5/4thJvI/AAAAlEbM/UfDTCqS//X/9f/1/yvb/1/a5/+vm79d/X/9/+XQ/9f/b0f/X/+/l9ev/6//T2fd1v+Puf9YmElF8j8AAABUQcz9x8NM5H8AAAAojZj7T4SZyP8AAABQGjH3nwwzqUj+1/8/t/5/3yLdwKX0/78+pP+v/9+D/f86+v/6/8uh/6//347+v/5/L69f/1//n866rf8fc/+fhJlUJP8DAABAFcTcfyrMRP4HAACA0oi5fzrMRP4HAACA0oi5fybMpCL5X//f5//r/+v/6//r/68m/X/9/3b0//X/e3n9+v/6/3T2/+zd545eVxXH4RcHQyLEPeQWuAIugWtA4hboLaGHDqH3FnoLHULvvffeeyD0KoEyXmsFD55zxva8nn32ep4PWTBGyo5iPvyV/HRG6/9z9983bmmy/wEAAKCD3P33i1vsfwAAAJhG7v77xy32PwAAAEwjd/8D4pYm+1//r//X/+v/9f/6/33S/+v/l+j/9f9bfr/+X//PutH6/9z9D4xbmux/AAAA6CB3/4PiFvsfAAAAppG7/8Fxi/0PAAAA08jd/5C4pcn+1//r//X/+n/9v/5/n/T/+v8l+n/9/5bfr//X/7NutP4/d/9D45Ym+x8AAAA6yN3/sLjF/gcAAIBp5O5/eNxi/wMAAMA0cvdfF7c02f/6f/2//n+D/f+d9f/6/+3Q/+v/l+j/9f9bfr/+X//PutH6/9z918ctTfY/AAAAdJC7/xFxi/0PAAAA08jd/8i4xf4HAACAaeTuf1Tc0mT/6//1//r/Dfb/vv+v/98Q/b/+f4n+X/+/5ffr//X/rBut/8/d/+i4pcn+BwAAgA5y9z8mbrH/AQAAYBq5+x8bt9j/AAAAMI3c/Y+LW5rsf/2//l//r//X/+v/90n/r/9fov/X/2/5/fp//T/r9t7/3+uGg3vc/j93/w1xS5P9DwAAAB3k7n983GL/AwAAwDRy9z8hbrH/AQAAYBq5+58YtzTZ//p//f8d/f9/7qT/1//r/+/4uf7/ZOj/9f9L9P/6/y2/X/+v/2fd3vv/ld7/8H/P3f+kuKXJ/gcAAIAOcvc/OW6x/wEAAGAaufufErfY/wAAADCN3P1PjVua7H/9v/7f9//1//p//f8+6f+H7f8P/1/vfPr/Y9H/6/+P6v/veYz36//pYLT+P3f/0+KWJvsfAAAAOsjd//S4xf4HAACAaeTuvzFusf8BAABgGrn7nxG3NNn/+n/9v/5f/39+/3+mZf9/+8/0//uh/x+2/1+m/z8W/b/+3/f/9f8sG63/z93/zLilyf4HAACADnL3Pytusf8BAABgGrn7nx232P8AAAAwjdz9z4lbmux//b/+X/+v/7+s7/9fNUf/7/v/+6P/1/8v0f/r/7f8fv2//p91o/X/ufufG7c02f8AAAAwvTO72v3Pi1vsfwAAAJhG7v7nxy32PwAAAEwjd/8L4pYm+1//r//X/+v/L6v/n+T7//r//dH/6/+XHLf/3+n/669F/z/O+/X/+n/Wjdb/5+5/YdzSZP8DAABAB7n7XxS32P8AAAAwjdz9L45b7H8AAACYRu7+l8QtTfa//l//r//X/+v/9f/7pP/X/y/x/X/9/5bfr//X/7NutP4/d/9L45Ym+x8AAAA6yN3/srjF/gcAAIBp5O5/edxi/wMAAMA0cve/Im45vP/PXMlXXTn6f/2//l//r//X/++T/l//v0T/f+H+/+oj/nz6/7Her//X/7NutP4/d/9NcYt//g8AAADTyN3/yrjF/gcAAIBp5O5/Vdxi/wMAAMA0cve/Om5psv+P6v9vu9u5X9f/H4/+/8Lv1//r//X/+n/9v/5/if7f9/+3/H79v/6fdaP1/7n7XxO3NNn/AAAA0EHu/tfGLfY/AAAATCN3/+viFvsfAAAAppG7//VxS5P9f/Lf/79W/6//1//H1f/r//X/+n/9/zL9v/5/y+/X/+v/WTda/5+7/w1xS5P9DwAAAB3k7n9j3GL/AwAAwDRy978pbrH/AQAAYBq5+98ctzTZ/yff//v+v/7/Ivv/M/r/pP+Pv6/6f/3/RdD/6/93+v9Ldtr9/Nbfr//X/7NutP4/d//NB1Ov3/4HAACADm4++OPVu7fELfY/AAAATCN3/1vjFvsfAAAAppG7/21xS5P9r//X/596/+/7/0X/H39f9f/6/4ug/9f/7/T/l+y0+/mtv1//r/9n3Wj9f+7+t8ctTfY/AAAAdJC7/x1xi/0PAAAA04jdf+5ffrf/AQAAYErvPPjj1bt3xS1N9n/j/v/ay+3/r/mf/6z/v/D79f8n0v/ffPj3nv5f/78l+n/9/xL9v/5/y+8fp/+PH1yn/2c8o/X/ufvfHbc02f8AAADQQe7+98Qt9j8AAABMI3f/LXGL/Q8AAADTyN3/3rilyf5v3P9P8v3/e98aL9D/z9v/+/5/XP2//v9C9P/6/53+/5Kddj+/9feP0//7/j/jGq3/z93/vrilyf4HAACADnL3vz9usf8BAABgGrn7PxC32P8AAAAwjdz9H4xbmux//f/W+3/f/9f/6//1/2PT/+v/l+j/9f9bfr/+X//PutH6/9z9H4pbmux/AAAA6CB3/4fjFvsfAAAAppG7/yNxi/0PAAAA08jd/9G4pcn+1//r//fV/9/+J9H/N+n/r9f/7/T/R9L/6/+X6P/1/1t+v/5f/8+60fr/3P0fi1ua7H8AAADoIHf/x+MW+x8AAACmkbv/E3GL/Q8AAADTyN3/ybjhHnc/vSedrLNH/Dx6c/2//t/3//X/vv+v/98n/b/+f4n+X/+/5ffr//X/rBut/8/d/6m4xT//BwAAgGnk7v903GL/AwAAwDRy938mbrH/AQAAYBq5+z8btzTZ//p//b/+f7P9/zX6//Pfr/8fk/5f/79E/6//3/L79f/6f9aN1v/n7v9c3NJk/wMAAEAHufs/H7fY/wAAADCN3P1fiFvsfwAAAJhG7v4vxi1N9r/+X/+v/99s/+/7/4fer/8fk/5f/79E/6//3/L79f/6f9aN1v/n7v9S3NJk/wMAAEAHufu/HLfY/wAAADCN3P1fiVvsfwAAAJhG7v6vxi1N9r/+X/+v/9f/6//1//uk/9f/L9H/6/+3/H79v/6fdaP1/7n7vxa3NNn/AAAA0EHu/q/HLfY/AAAATCN3/zfiFvsfAAAAppG7/5txS5P9P3P/v/Q/0/+fo//X/+/0//r/PdP/6/+X6P/1/1t+v/5f/8+60fr/3P3filua7H8AAADoIHf/t+MW+x8AAACmkbv/O3GL/Q8AAADTyN3/3bilyf6fuf9fov8/R/+v/9/p//X/e6b/1/8v0f/r/7f8fv2//p91p9T/n90d0f/n7v9e3NJk/wMAAEAHufu/H7fY/wAAADCN3P0/iFvsfwAAAJhG7v4fxi3z7P/73LLwi/r/E+//D34T6f/1/zv9v/5f/39A/6//X6L/1/9v+f36f/0/60b7/n/u/h/FLfPsfwAAAGgvd/+P4xb7HwAAAKaRu/8ncYv9DwAAANPI3f/TuKXJ/r+S/f/h5nbS/t/3//X/I/f/V+30//r/K0z/r/9fov/X/2/5/fp//T/rRuv/c/f/LG5psv8BAACgg9z9P49b7H8AAACYRu7+X8Qt9j8AAABMI3f/L+OWJvvf9//1//r/Vv2/7//r/684/b/+f4n+X/+/5fdn/5+/7/T/+n/+32j9f+7+X8UtTfY/AAAAdJC7/9dxi/0PAAAA08jd/5u4xf4HAACAaeTu/23c0mT/6//1//p//b/+X/+/T/p//f8S/b/+f8vv9/1//T/rRuv/c/ffGrc02f8AAADQQe7+38Ut9j8AAABMI3f/7+MW+x8AAACmkbv/trilyf7X/+v/p+z/76r/1//r/0eh/9f/L9H/6/+3/H79v/6fdaP1/7n7/xC3NNn/AAAA0EHu/j/GLfY/AAAATCN3/5/iFvsfAAAAppG7/89xS5P9r//X/198/3+2/rqH7f99/1//r/8fxrz9/130//r/y+7/b7zp3I/1/9t8v/5f/8+60fr/3P1/iVua7H8AAADoIHf/X+MW+x8AAACmkbv/b3GL/Q8AAADTyN3/97ilyf7X/+v/p/z+v/5f/6//H8a8/b/v/+v/ff9f/6//1/+zZrT+P3f/P+KWJvsfAAAAZnF24ddy9/8zbrH/AQAAYBq5+/8Vt9j/AAAAMI3c/f+OW5rsf/2//l//r//X/+v/90n/r/9fov/X/2/5/fp//T/rRuv/c/f/NwAA//81KzOQ")
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1200000025000000080000000300000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000090000000000007f0000000048000000000000000000000000a0497ec49a6b04e6f85e69e2f83373c7b22eca8aa0cf9f1ee34e4a85712616104d8673d5104d0a3d6063a1b1ff5ff887bc8034b55c9546c4076f7d3c217adb207fe231527788aa86c800dd5acfa366685ba5c7a6ff682e056b7a49c791ee8d04192db71005c25979769ce20cc996e63635f8aed7f1f71c764a758a6484a137772d45c8e5489bb24911c1057bf1d8d9c6ead91caf782e9a186cba4b658154766d0a92cb71f07598d64030f412ba52f9ef1173c0b0569f19cd7483435ee34a53a74ea36621ee8490703604e84966a0f165936f528c330bd7649e7b4acefa1b8cf26342fd365e6fa84a198ef56428558882d2988c1839e620cde37e4324499d81040f92f704d4225963754bfddbc6fca422136a37d8c2e19d41b2e206178792f137c195729571fb0e8dfb7927d7e3b4bf1881bd8239c762b0f9232d9f9930c48699272edc6123909cf97064e050f375cda07f38e2cfe42f1d97abe50b8c616589247f1d65d75229555ae141d094c71e894be1160cee1b9e70778e0f18234f99b987541f587b4ffa91cdb007613da6e376f98a3ce7b5"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000240), &(0x7f00000000c0)=@udp=r3}, 0x49)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
recvfrom$inet6(r4, &(0x7f00000001c0)=""/97, 0x61, 0x2, 0x0, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000000c0)='./bus\x00', 0x2c600, 0x0, 0xbe, 0x0, &(0x7f00000007c0))
truncate(&(0x7f0000000080)='./file2\x00', 0x1200)
sendfile(r3, r5, 0x0, 0x80000002)
syz_usb_connect$printer(0x3, 0x0, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000980)={[{@noauto_da_alloc}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@dioread_lock}, {@norecovery}, {@jqfmt_vfsv0}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x554, &(0x7f0000000bc0)="$eJzs3U9rFOcfAPDvbBL/xd/PFUTaHkrAQy3WjSb9Y6EHeyytVGjvdtmMQbJxJbsRkwrVQ730UqRQSoXSF9B7j9I30FchtIIUCe2hPWyZZDauZjdZk9Ws3c8HRp9nZjbfefaZ75NndjJsAENrIvunEPFyRHydRBxq2zYa+caJtf1WHl6vZEsSzeYnfySRZOuKUWntn+T/j+eVlyLily8jThQ2xq0vLc+Vq9V0Ia9PNuavTNaXlk9emi/PprPp5anp6TNvTU+9+87bfWvr6+f/+u7jux+c+erYyrc/3T98O4mzcTDflrWrDyFutFcmYiJ/T8bi7BM7nu5DsEGS7PYBsC0jeZ6PRTYGHIqRPOuB/74vIqIJDKlE/sOQas0DWtf2fboOfmE8eH/tAmhj+0fXPhuJfavXRgdWkseujLLr3WIf4mcxfv79zu1sif59DgGwpRs3I+LU6OjG8S/Jx7/tO9XDPk/GMP7B83M3m/+80Wn+U1if/0SH+c947Nvx+BA95X/hfh/CdJXN/97rOP9dv2lVHMlr/4t/msUYSy5eqqbZ2Pb/iDgeY3uz+mb3c86s3Gt229Y+/8uWLH5rLpgfx/3RvY+/ZqbcKO+kze0e3Ix4peP8N1nv/6RD/2fvx/keYxxN77zabdvW7X+2mj9GvNax/x/d0Uo2vz85uXo+TLbOio3+vHX0127xd7v9Wf8f2Lz9xaT9fm396WP8sO/vtNu27Z7/e5JPV8t78nXXyo3GwumIPclHG9dPPXptq97aP2v/8WObj3+dzv/9EfFZj+2/deRW110Hof9nnqr/n75w78PPv+8Wv7f+f3O1dDxf08v41+sB7uS9AwAAAAAAgEFTiIiDkRRK6+VCoVRae4b3SBwoVGv1xomLtcXLM7H6rGwxxgqtO93ja/Wk9fcPxbb61BP16Yg4HBHfjOxfrZcqterMbjceAAAAAAAAAAAAAAAAAAAABsR4l+f/M7+N7PbRAc+cr/yG4bVl/vfjm56AgeT3Pwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/7D8JL/AAAAAAAAAAAAAAAAAAAAAAAAAAAA0Ffnz53LlubKw+uVrD5zdWlxrnb15ExanyvNL1ZKldrCldJsrTZbTUuV2vxWP69aq105PRWL1yYbab0xWV9avjBfW7zcuHBpvjybXkjHnkurAAAAAAAAAAAAAAAAAAAA4MVSX1qeK1er6YKCwrYKo4NxGAp9Luz2yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj/wbAAD//07dOVg=")
mount$overlay(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), 0x8, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r7 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r7, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x40005, 0xffffffffffffffff, 0xe, 0x29, "22536a030000000000000043a52dbc3a9ae8b04fcca15548328cb3e74d938981061383375e1d61471a2d2dfe0000000000000000000000040000000000821700", "04106d0c31ef6c1f02a4aa6d0c5aa9263626c0240010f9db74161ccff2c5cf5e", [0x5, 0xff]})
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@mcast2, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
[ 85.205805][ T4656] Bluetooth: hci0: command tx timeout
[ 85.869138][ T5328] loop0: detected capacity change from 0 to 32768
[ 86.061808][ T24] audit: type=1800 audit(1781518807.629:2): pid=5328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=4 res=0 errno=0
[ 86.153447][ T5328] ==================================================================
[ 86.157218][ T5328] BUG: KASAN: slab-use-after-free in release_metapage+0x717/0xa60
[ 86.160571][ T5328] Read of size 8 at addr ffff888000211db8 by task syz.0.0/5328
[ 86.163714][ T5328]
[ 86.164731][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 86.164744][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.164750][ T5328] Call Trace:
[ 86.164756][ T5328]
[ 86.164761][ T5328] dump_stack_lvl+0xe8/0x150
[ 86.164774][ T5328] print_address_description+0x55/0x1e0
[ 86.164783][ T5328] ? release_metapage+0x717/0xa60
[ 86.164793][ T5328] print_report+0x58/0x70
[ 86.164804][ T5328] kasan_report+0x117/0x150
[ 86.164817][ T5328] ? release_metapage+0x717/0xa60
[ 86.164827][ T5328] release_metapage+0x717/0xa60
[ 86.164837][ T5328] diAllocAG+0x1757/0x1de0
[ 86.164847][ T5328] ? __pfx___mutex_lock+0x10/0x10
[ 86.164901][ T5328] ? __pfx_diAllocAG+0x10/0x10
[ 86.164910][ T5328] ? dbNextAG+0x520/0x640
[ 86.164926][ T5328] diAlloc+0x1e2/0x16b0
[ 86.164939][ T5328] ? do_raw_spin_unlock+0x4d/0x210
[ 86.164956][ T5328] ? _raw_spin_unlock+0x28/0x50
[ 86.164967][ T5328] ? new_inode+0x14a/0x170
[ 86.164983][ T5328] ialloc+0x8c/0x8e0
[ 86.164995][ T5328] jfs_mkdir+0x1e4/0xb00
[ 86.165009][ T5328] ? __pfx_jfs_mkdir+0x10/0x10
[ 86.165024][ T5328] ? generic_permission+0x2bf/0x670
[ 86.165066][ T5328] ? bpf_lsm_inode_mkdir+0x9/0x20
[ 86.165083][ T5328] vfs_mkdir+0x406/0x620
[ 86.165101][ T5328] filename_mkdirat+0x285/0x510
[ 86.165118][ T5328] ? __pfx_filename_mkdirat+0x10/0x10
[ 86.165133][ T5328] ? do_getname+0x151/0x250
[ 86.165143][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.165154][ T5328] __se_sys_mkdirat+0x35/0x150
[ 86.165169][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.165180][ T5328] do_syscall_64+0x174/0x580
[ 86.165190][ T5328] ? trace_irq_disable+0x3b/0x140
[ 86.165200][ T5328] ? clear_bhb_loop+0x40/0x90
[ 86.165207][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.165214][ T5328] RIP: 0033:0x7ff90d79bcc7
[ 86.165223][ T5328] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 86.165230][ T5328] RSP: 002b:00007ff90e66be18 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 86.165239][ T5328] RAX: ffffffffffffffda RBX: 00007ff90e66bea0 RCX: 00007ff90d79bcc7
[ 86.165244][ T5328] RDX: 00000000000001ff RSI: 00002000000000c0 RDI: 00000000ffffff9c
[ 86.165248][ T5328] RBP: 00002000000002c0 R08: 00002000000007c0 R09: 0000000000000000
[ 86.165253][ T5328] R10: 00002000000002c0 R11: 0000000000000246 R12: 00002000000000c0
[ 86.165257][ T5328] R13: 00007ff90e66be60 R14: 0000000000000000 R15: 0000000000000000
[ 86.165264][ T5328]
[ 86.165266][ T5328]
[ 86.275249][ T5328] Allocated by task 5328:
[ 86.277390][ T5328] kasan_save_track+0x3e/0x80
[ 86.279431][ T5328] __kasan_slab_alloc+0x6c/0x80
[ 86.281619][ T5328] kmem_cache_alloc_noprof+0x2b8/0x650
[ 86.283831][ T5328] mempool_alloc_noprof+0x1bf/0x300
[ 86.286005][ T5328] __get_metapage+0x4ed/0xdf0
[ 86.288174][ T5328] diAllocAG+0x168f/0x1de0
[ 86.290484][ T5328] diAlloc+0x1e2/0x16b0
[ 86.292622][ T5328] ialloc+0x8c/0x8e0
[ 86.294486][ T5328] jfs_mkdir+0x1e4/0xb00
[ 86.296351][ T5328] vfs_mkdir+0x406/0x620
[ 86.298215][ T5328] filename_mkdirat+0x285/0x510
[ 86.300393][ T5328] __se_sys_mkdirat+0x35/0x150
[ 86.302604][ T5328] do_syscall_64+0x174/0x580
[ 86.305012][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.307865][ T5328]
[ 86.308957][ T5328] Freed by task 75:
[ 86.310559][ T5328] kasan_save_track+0x3e/0x80
[ 86.312478][ T5328] kasan_save_free_info+0x40/0x50
[ 86.314563][ T5328] __kasan_slab_free+0x5c/0x80
[ 86.316910][ T5328] kmem_cache_free+0x182/0x650
[ 86.319530][ T5328] mempool_free+0xec/0x130
[ 86.322053][ T5328] metapage_release_folio+0x462/0x590
[ 86.324882][ T5328] shrink_folio_list+0x2364/0x5320
[ 86.327250][ T5328] evict_folios+0x4827/0x5970
[ 86.329648][ T5328] try_to_shrink_lruvec+0xac5/0xf40
[ 86.332261][ T5328] shrink_one+0x233/0x700
[ 86.334615][ T5328] shrink_node+0x31d6/0x3a40
[ 86.337010][ T5328] kswapd+0x170d/0x2d60
[ 86.338839][ T5328] kthread+0x388/0x470
[ 86.340360][ T5328] ret_from_fork+0x514/0xb70
[ 86.342143][ T5328] ret_from_fork_asm+0x1a/0x30
[ 86.344198][ T5328]
[ 86.345260][ T5328] The buggy address belongs to the object at ffff888000211d90
[ 86.345260][ T5328] which belongs to the cache jfs_mp of size 184
[ 86.351766][ T5328] The buggy address is located 40 bytes inside of
[ 86.351766][ T5328] freed 184-byte region [ffff888000211d90, ffff888000211e48)
[ 86.357679][ T5328]
[ 86.358828][ T5328] The buggy address belongs to the physical page:
[ 86.361580][ T5328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x211
[ 86.366137][ T5328] flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
[ 86.369716][ T5328] page_type: f5(slab)
[ 86.371535][ T5328] raw: 007ff00000000000 ffff88803128e640 dead000000000122 0000000000000000
[ 86.375318][ T5328] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 86.379239][ T5328] page dumped because: kasan: bad access detected
[ 86.382403][ T5328] page_owner tracks the page as allocated
[ 86.385066][ T5328] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 7515103356, free_ts 0
[ 86.392970][ T5328] post_alloc_hook+0x22d/0x280
[ 86.394694][ T5328] get_page_from_freelist+0x24ae/0x2530
[ 86.396817][ T5328] __alloc_frozen_pages_noprof+0x18d/0x380
[ 86.399732][ T5328] allocate_slab+0x77/0x660
[ 86.402195][ T5328] refill_objects+0x336/0x3d0
[ 86.404294][ T5328] __pcs_replace_empty_main+0x320/0x720
[ 86.406679][ T5328] kmem_cache_alloc_noprof+0x373/0x650
[ 86.409121][ T5328] mempool_init_node+0x1f4/0x4f0
[ 86.411588][ T5328] mempool_create_node_noprof+0xb8/0x150
[ 86.414575][ T5328] metapage_init+0xed/0x150
[ 86.417100][ T5328] init_jfs_fs+0xfd/0x4e0
[ 86.419120][ T5328] do_one_initcall+0x250/0x870
[ 86.421171][ T5328] do_initcall_level+0x10a/0x1a0
[ 86.423386][ T5328] do_initcalls+0x59/0xa0
[ 86.425345][ T5328] kernel_init_freeable+0x29d/0x3e0
[ 86.427539][ T5328] kernel_init+0x1d/0x1d0
[ 86.429628][ T5328] page_owner free stack trace missing
[ 86.432116][ T5328]
[ 86.433611][ T5328] Memory state around the buggy address:
[ 86.436087][ T5328] ffff888000211c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 86.439524][ T5328] ffff888000211d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 86.442961][ T5328] >ffff888000211d80: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.447165][ T5328] ^
[ 86.449882][ T5328] ffff888000211e00: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[ 86.453066][ T5328] ffff888000211e80: fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 86.456366][ T5328] ==================================================================
[ 86.626213][ T5328] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 86.629375][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 86.633075][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.637519][ T5328] Call Trace:
[ 86.639365][ T5328]
[ 86.640908][ T5328] vpanic+0x56c/0xa60
[ 86.642663][ T5328] ? __pfx_vpanic+0x10/0x10
[ 86.644775][ T5328] panic+0xc5/0xd0
[ 86.646588][ T5328] ? __pfx_panic+0x10/0x10
[ 86.648841][ T5328] ? preempt_schedule_thunk+0x16/0x30
[ 86.651649][ T5328] ? release_metapage+0x717/0xa60
[ 86.654213][ T5328] ? preempt_schedule_thunk+0x16/0x30
[ 86.656662][ T5328] ? release_metapage+0x717/0xa60
[ 86.658994][ T5328] check_panic_on_warn+0x89/0xb0
[ 86.661158][ T5328] ? release_metapage+0x717/0xa60
[ 86.663333][ T5328] end_report+0x73/0x170
[ 86.665188][ T5328] ? release_metapage+0x717/0xa60
[ 86.667341][ T5328] kasan_report+0x128/0x150
[ 86.669627][ T5328] ? release_metapage+0x717/0xa60
[ 86.672328][ T5328] release_metapage+0x717/0xa60
[ 86.674541][ T5328] diAllocAG+0x1757/0x1de0
[ 86.676618][ T5328] ? __pfx___mutex_lock+0x10/0x10
[ 86.678700][ T5328] ? __pfx_diAllocAG+0x10/0x10
[ 86.680785][ T5328] ? dbNextAG+0x520/0x640
[ 86.682905][ T5328] diAlloc+0x1e2/0x16b0
[ 86.685338][ T5328] ? do_raw_spin_unlock+0x4d/0x210
[ 86.688710][ T5328] ? _raw_spin_unlock+0x28/0x50
[ 86.691078][ T5328] ? new_inode+0x14a/0x170
[ 86.692899][ T5328] ialloc+0x8c/0x8e0
[ 86.694689][ T5328] jfs_mkdir+0x1e4/0xb00
[ 86.696707][ T5328] ? __pfx_jfs_mkdir+0x10/0x10
[ 86.698738][ T5328] ? generic_permission+0x2bf/0x670
[ 86.701072][ T5328] ? bpf_lsm_inode_mkdir+0x9/0x20
[ 86.703403][ T5328] vfs_mkdir+0x406/0x620
[ 86.705666][ T5328] filename_mkdirat+0x285/0x510
[ 86.708486][ T5328] ? __pfx_filename_mkdirat+0x10/0x10
[ 86.711380][ T5328] ? do_getname+0x151/0x250
[ 86.713458][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.716093][ T5328] __se_sys_mkdirat+0x35/0x150
[ 86.718218][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.720787][ T5328] do_syscall_64+0x174/0x580
[ 86.722813][ T5328] ? trace_irq_disable+0x3b/0x140
[ 86.724992][ T5328] ? clear_bhb_loop+0x40/0x90
[ 86.727287][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.730453][ T5328] RIP: 0033:0x7ff90d79bcc7
[ 86.732748][ T5328] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 86.741073][ T5328] RSP: 002b:00007ff90e66be18 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 86.744854][ T5328] RAX: ffffffffffffffda RBX: 00007ff90e66bea0 RCX: 00007ff90d79bcc7
[ 86.748807][ T5328] RDX: 00000000000001ff RSI: 00002000000000c0 RDI: 00000000ffffff9c
[ 86.752011][ T5328] RBP: 00002000000002c0 R08: 00002000000007c0 R09: 0000000000000000
[ 86.755237][ T5328] R10: 00002000000002c0 R11: 0000000000000246 R12: 00002000000000c0
[ 86.758500][ T5328] R13: 00007ff90e66be60 R14: 0000000000000000 R15: 0000000000000000
[ 86.762347][ T5328]
[ 86.764414][ T5328] Kernel Offset: disabled
[ 86.766408][ T5328] Rebooting in 86400 seconds..