program: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r2}, 0x10) munlock(&(0x7f00005a5000/0x1000)=nil, 0x1000) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6ee8da636c2c61636c2c00"], 0x3, 0x174, &(0x7f0000000240)="$eJzsmD9PwkAYxp9rESJxcMZBE0lEI6UtalxMJPEDmOCfsEGkErSIQgdh85MYv4CLu/GjKJMLo3NN2wNOouKgJsbnN7z3vNe317u3ydOkIIT8W3pPL48XvcaKDmAGaSTk/LM+qtGU+tVssTl3vZ28K9+WdlL3/fH1BADf//rzYwAeCjo8mfv+27vTctyDNtT70LAs9SEEDKnL0HAgtQOBktQnim4G9YZxXHcd46jpVgNhBsEKgh2E/Pj++lcCVWV/Qrne7nRPK67rtH5QTOpfv6BhS9mf+r4GvTGV/lnQYEmdh0BR6k0kBr2JWqKcPxUbra//8vkpKCj+mhj5k38jsKT4U0zxj5zXOM+1O91svVGpOTXnzLbzG+aaaa7budCIoviJ/02H/pRU1p/6oDYu4riseF7LiuIwt6P4nuPGQ//TkFmMciHnVMLvwaxYCIaMLnNCCCGEEEIIIYQQQgj5duYhwr+gE7B3w+rXAAAA//9nP3XZ") r3 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x40010001, 0x2, 0xa, 0x1d, "9e959f16b6787b08aa26e66c4056a51695284854c382ec6bcfeef4fb0efcc1d8a6078ed98e203fd5f0643902dd8f6fac274de9d940bba5e51e92bbd4ce85450d", "f625c1076e4c36c800def96015e0fb7e904d865c2fdc458ec58d347f41be5a08", [0x4, 0x7]}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000c40)={'ip6tnl0\x00', 0x0, 0x2f, 0x10, 0x3, 0x9b2, 0x2d, @private2={0xfc, 0x2, '\x00', 0x1}, @private1, 0x10, 0x10, 0x2, 0x3}}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r5, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)={0x28, r6, 0x1, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0xf}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x80) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000cc0)={r0, r4, 0x25, 0x4, @void}, 0x10) sendmmsg$unix(r1, &(0x7f0000000ec0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) syz_mount_image$bcachefs(&(0x7f0000000d00), &(0x7f0000000000)='./file1\x00', 0x800000, &(0x7f0000000540)=ANY=[@ANYBLOB="696e6f6465735f33326269742c6469726563745f696f2c6e6f7265636f766572792c6673636b2c6a6f75726e616c5f666c7573685f64697361626c65642c67635f726573657276655f70657263656e743d303030303031352c62747265655f6e6f64655f6d656d5f7074725f6f7074696d697a6174696f6e2c766572626d73652c6e6f5f646174615f696f2c009396575f7c769e965edf660fd0d5b3f2321029910eff4d0109f4a1e2f9f01016563a649fc96455af5bb650579a732d0dd4866315a13dab7be7ab4f1e6c9fcdaf41d77611243b22160df04e26256f448740205764a8a71c428041063634e34e4676709639f2042ffd026f1866205c59cfc9718231ad30d3f91791ce3d9ac3ad8995aa1a37d4a29400"/287], 0xff, 0x5931, &(0x7f0000016480)="$eJzs3XuQXFX9IPBzu3synZk8JgEkgkyGQBRBzYRX4aM0ur4KkIqFpYSNwkAmGE1CKgkCASW44EIBFlpaivoHWkgtGi2qYJVIiTw2YRWlWF1qC6mVXfQPt5AlJZClLNf51Uzf05m503duT3dPXnw+lcztc/r295x77+nb93u6ZzoAAADwurD7xi17zzvmQ7/58vCr1330FxuuD73lsfpqXKEvXV51oHrI/tRdWTS2zI6Lt1zzo78MXPqBX9/b88PXdq05fu0fP3jEpQ9+7uydd3z3kVfm3v+v54vixvF08r5y8mISQvWXe775lV1PHD1al4QQyknf9hAWJAsfWZBkQgz+I4SwJi0sytx536unrR1dXn9L94T6+Zn1jPfXt2o6zrbtvfKU8Kf3r7rhd4t/+pOuHS9s37dKUh03nkKYd/H4x3eFEGan/0fF0RbHYxy0K0MIPeMed1ZBv05osv/LcsrHpstZ6bK3IE68f0mmXMqsly1HXZllT0F77crrR6vrFZmTKWdPRu3K62esX5Auf54uT55m/HL8n4RSEir17q9P9o2RMO64JSEZO5bVerlUP7Yh3f5MOcmUS5lyuSuzXWPtpgOtnCQT6+N6mfp4Oq6k9cePP1c3cH5O/RvTZTV9or4WyyF7o6Z30o36do2J/dozRV/2h9K4c1Cj+vqBTw9Gb1rXmyyc9JiRBuJ9u1bdurS8+tHdfTn9SO5N0vhJS/G3/XbBnM/8+OYrsq/r9fgXl9L4pdowmmb858558qULb/7Bd3Lj3x7jl1vq/6kP9bx4zmM3LsndP3vi/qmMHZvpxh96/vHbFh95yY7c/t8Z41db6v+KnU92z9370MO5/R+M+2d2S/GfffeH/3zP0w+8kBs/xPg9LcVfvXPTV7v7956UG//huH96W4r/3Ms7znymv/+vA3nxn4rx57YU/+7td7zrrvm3nJ17fFfG/dPXUvxzT3zwhjl7Hzgu79yZ3NmpV06A16cj0musm9Jyq3lmu8blC98eqNSu+eak/+d2sqHMxedoO/OKHnN9JzsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOvBUaf814/870/2vVhJy93pjWdLtWWsnxVCMjuEsGXr0Oat6zZeNvC5y6/YvHFo/cDQ1oHhjVs3Xz1w+tsGNg9vWj909ei9g28/rfa4hSGpLZPjJrXdPTIyUuqbWBfb+3cn7vjT0rP+z99CGDzqD/2V3P4vu2PDXUc2+JmRrBh534YrzvvDGd9Pt6sv7Vdfg36NjIyMhJx+/d8L/nnX1/f85aQQBt8wVb8ef/a9v5rQobGKfXFSpe5Q61B30tOwH/Vep/2J+6uydt364cGp9+/o48s52/Hvr3nhH2uv+to/a/u3mrsdTe7f2StG1pe+terc//+ta2sVRf06UMe9aH/HrYj9i/uvmu7veel2zcvZrkrOdt34u4ef/uUxN7+yPQxWXl48ue2i7epKB0BX8sam2o0t9CQLJtRX0/XjEY+PW7Z1w6ZlW67e9vZ1G4YuG75seOM7l5++/MzBM848Y9nYli/r8PbH9t/c5Pbvn/E0/wvbfx5/NjeeivpVtD9G+1W8P8b3KO/513P+V77xzjseO69WUTTO49r180m67Bk9zsvDuPE2eV812q6i/RBCGGi0H1565exw9P9Yd0PReWj8kRn/MyNZMfLEkr9//6zvLXpPrWK/nOfHd6jF83y91/v6M7a/qunxGDlI9293KKfb1duwX8ufeKzr1t1/+2K9f7NmhauGtm7dvLz2c07a0znJsQ37la2N27V47Gc5pLsl1Idpg/E6qivU+pc9f8bVs3u1N72vN1nYcLuy4n27Vt26tLz60d15ezq5t9bi7DC3tkzelLPm+swDy/UON2r/YH3+FY2P/o987/5P3v+z0yeNj1NrP4u2K8nZrp8+ffc3fvi1//izzm3XR977ZN/f/+dnl9YqDpXzSr3XaX+S8eeVU0Moev4tDo23I/f5V2q8PUXPv2w7+9ZvHG8gU+4N5Zaer6c+1PPiOY/duCT3+bqn2efrtRNK5YLn68EyfrLPr6QysR8z9/yaMFCSFSO/vumI7Y9ct/KYWkXRuK6v3Whcn9ZE/pGzXb+68Jn+ywf+w3/v3HnjR2+776I/Dq34Uq2i9eMe+9KZ415N9281Z//Wex3zzvH79x2XXr5+Ta3+4L3+TZcF+U88lWy5etvnh9avH968pbntavb1NLaT3cutvp7Gs9vCgu0qTdqumbvRzP5q9vkW+7+m5f018fnWG5KWXhe2/XbBnM/8+OYr+iY9Km3o4lIav9RS/OfOefKlC2/+wXdy498e41daij/0/OO3LT7ykh258e9M0vjVluKv2Plk99y9Dz2cG38w9n92S/GfffeH/3zP0w+8kBs/xPi9re3/l3ec+Ux//19z4z+VpO2MXiOFcN+rp62tlZPQlT7fYj+6JvQrZMtJplzKlMvjy6XaXGu9gXKSTKyP66X1x4/rSyOfyqmPV2HVRbXla7Ecsjemrj/YlMad+xvVF12nAgAc7uL7//EaNL7/P5xeKOXPNMA+7eZhi3Lixjxs33zOrAn3L0rjx8fHecD+d4TB0eX1A7UL/em+jxCfD9l5ztjOSSdMjNHqPGfR/PuSTDn2qzZfXhmXh6ayeU09X5t6/n1yO1PPv2c2v3h+fOCmTEVlbIdXc45fVzpj1ujzDpn+VkYj5I2P7LxY/DxH/7ywcqy9JsdH9nM08ThkP0cT2zkmc+Js9XM07Y6P2O0p8t6xLhe/vzH5+IUp9u++49c4Wvb4TeN4V0fXn+n3Zzswb9jwlLb/5g1n9v0w85I58dMn2ME+bxjr43ZUmpxP/GROfafmE+PpIvZrzxR92R/MJwKHq5j/x9eI0fx/9AL8/2XWK7oOzV41xni5nxMqN+5PUd4x+XN6PS29jq/euemr3f17T8q9znm42c/9bJpQ6in43E/RflyaKRfux5wJmqLPW2XbKdjvk1rpDXNb2u93b7/jXXfNv+Xs3P2+svZCWrzfvzGhNLdgvx8C+ULj+PKF10W+MNPzZwcsH0k/+DRT+cgncuqnm4/0TLpR364xh1w+0rV/+wUAHDpi/l9//yzN//9XXCG9jijKW0/OlGO83Lw15/okL2/9WLq8KrN+b/obFdO9bj73xAdvmLP3geNy85Y7m81D/9OEUl9hHtpe3pybR6zszOfFc/OIep7VXp6Y2/96nthenp4bv56nt5dH5+6feh7d3jxAbvz6PMChnucWzNdlGovFZufr9ncePVLeT3l0+uuzM5VHn59TP908unfSjfp2jZFHAwAcWDH/j5dxMf9/LLNeu++z5+YFHbpuz/49kHr8p/ZXXjnTed9M560znde3Py/R6KMJh8/7vzM9LzSz82QH7P3lgyUvThuVFwMAcDCL+f/stJyf/7eXnzTKP7sm5Cfy84bxD6H8vGH8wyY/P9Tnv+T/3hcvJv8HADi8xfw//tpj/Pt//yUtZ/9uvTw9J748XZ4+1fhpOk/v/Dxb8DmAAzsPMHvf+uYBAAA4ELrGMqXJv2f/6XSZ/T37vN/LvzBn/WZV0svjS7ZuHh6+6IpNa4a2Dl+08fI1w1suunLzuq1bhzfW1ms3b8zNW9K8sStU0v3ReL1s3jY//XsI83P+HkJ2/Rj22LEbk/8eQrbZ2QV/R2Df8Wuuv3nHrzTF+o3GR97xzov/qZz1o/rxv/Szp160dstF6zau27puaP26bcMT1xvNWnum8b2ZcbdM6/tSMz8mKU3/+zs704/SpH50pfsj7/vZk0w/FqQ9WZD3/Qc5/f7Nf/v6F04c+ec9IQweVX5TW/svWTHyny8Y/tjW3X/YNNr/0pT9r6+Z9qvo+0qz68ftqay/fMvWU9ZefsXG7DdKtibOZ5Tq5Rmaz0if/uUm5ydW59RP93MK5Uk3Dk5Nz08AADBBfP8/Xs/G9w+/ll5Axfrm8/T23j/OzdMHm8vTs99LVpSnZ9eP29tsnl5tM0/Ptl+Upzdav1Genpd358X/RM7609X8OGnvcx654+Ti5sbJmzPlonGSXX+64yRpc5xk2y8aJ43WbzRO8o57XvyP56yfp/nx0N7ncnLHw+3NjYe3ZspF4yG7/nTHQ6nN8ZBtv2g8NFq/0XjIO7558c/LWb9ZE8fH6MAYGxfDF115+ebPj1tvpr//ov3+zez3f7Sq+f7P7Oe+Zr7/M/u5spnvf3ufK8vt/1PtzYQ13/+Z/X6XVu23+dr0w2ZFnz8rmsddlVOfM4+bbI8rZILOmnTj4GQeFw6cmP/Ht3ti/n9Luuz020CH/vek+R6zhvE79D1mRdcxh/nree77sl7PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4v3ZVFY8vdN27Ze94xH/rNl4dfve6jv9hw/Vuu+dFfBi79wK/v7fnha7vWHL/2jx884tIHP3f2zju++8grc+//1/OFgfvGflZOTovVEJIXkxCqv9zzza/seuLo0bokhFBO+raHsCBZ+MiCJBNh8B8hhDX1fk68875XT1s7urz+lu4J9fMzQbLbFXrLsT/j+xnCVYVbxCGomo6zbXuvPCX86f2rbvjd4p/+pGvHC9v3rZJUx42nEOZdPP7xXSGE2en/UXG0LYoPTpcrQwg94x53VkG/Tmiy/8tyysemy1npsrcgTrx/SaZcyqyXLUddmWVPQXvtyutHq+sVmZMpZ09G7crrZ6xfkC5/ni5Pnmb8cvyfhFISKvXur0/2jZEw7rglIRk7ltV6uVQ/tiHd/kw5yZRLmXK5K7NdY+2mA62cJBPr43qZ+ng6rqT1x48/Vzdwfk79G9NlNX2ivhbLIXujpnfSjfp2jYn92jNFX/aH0rhzUKP6+oFPD0ZvWtebLJz0mJEG4n27Vt26tLz60d19Of1I7k3S+ElL8bf9dsGcz/z45isW5cW/uJTGL7UU/7lznnzpwpt/8J3c+LfH+OWW4p/6UM+L5zx245Lc/bMn7p9KS/GHnn/8tsVHXrIjt/93xvjVluKv2Plk99y9Dz2c2//BuH9mtxT/2Xd/+M/3PP3AC7nxQ4zf01L81Ts3fbW7f+9JufEfjvunt7Xx8/KOM5/p7//rQF78p2L8uS3Fv3v7He+6a/4tZ+ce35Vx//S1FP/cEx+8Yc7eB47LO3cmd3bqlRPg9emI9BrrprTcap7ZrnH5wrcHKrVrvjnp/7mdbChjtJ15MxgfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD0++vPf3TF7zv46sqSQhJzjojDcT7yrNWrBhood2h5x+/bfGRl+wYX7eohTgAAABAsZiHl+o11bAoXJnMDsc2XD/OERwbS8nE+uwcQoyTnSNoNU6pQ3HKHYpT6VCcrg7FmdWhON0dilMtiFMNzcWZPUWcyuioaLI/PVP2p/k4vR2KM6dDceZ2KM68DsWZ36E4fVPGaX4cLuhQnIUdinNEh+Ic2aE4R3Uozhs6FOfoDsXJzilPdxzOTdc8Ji/O2I1yYZxKUq7f0Wg+/ei0nePabKe3oJ25Ra/HTbYzu8l2Tsg8rjTNdqpNtvPmNttJmmznrW22UypoJ47bq7L9i+3EUpPj/+oOxdnWoTjXdCjOtR2K88UOxflSh+Jc12YcgGbF/H9fvtcXuivvCT3pGSedBdge74357uKxn5Nf7/JOSDHemzL1s4riZRP1TLzFmfrC/mUnEDLxlmTquybEq9TzkSniVcfHW5q5s3B7sxMKmf6dnKnvLoqXnVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBn0+2tP//QF7/v4qpCE0X8NjTQQ7yvPWrFioIV2d626dWl59aO7x9d1V1oIBAAAABSKeXhXvaYauivLQ3cya8J61XQeoJqWy321Zf+8sHJ0mQyUxso9yYIpH1dJH7ds64ZNy7Zcve3t6zYMXTZ82fDGdy4/ffmZg2ececaytevWDw/WfobQXRAvhDA2/bDl6m2fH1q/fnjzllpltv+L0sctSstJ+rj+d4TB0eX1af8XFrRXmtTezN0oPnoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/Grt2FyHXWfwB/zszszHTb/DN/+jYNzWbIS4laNIlbSbV0DggW2iRkKchMdS3BJljcNKFNSqxjG7CtCYrQEgiRXBiJxdbiTV9sEftCIFKjATcGaYv2Qi+UVitpyYWkjGR3zuzM7ExmHUO2jZ/PxZyZ5/k9z+88c7HwPTsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwYU3WRscr5bHqcBRC1KOm3kUyl87GcWmAvl9+cfv3cyOnV7aO5TIDbAQAAAD0leTwoeZIPuQy6ZAO10x9WhpaJsJM7gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP73TNZGxyvlseqlUQhRj5p6F8lcOhvHpQH6vvXe0595fWTkr61jxQH2AQAAAPpLcniqOZIPxbAsDEXXtNUlzwYWdazvrEv2WTzHus5nB73qls2x7ro51n2sT92GxnVXAAAAgI++JP9nmiOFkMss6Jn/++X6pG5JR126cR3ktwIAAADAfyfJ/7nmSDHkMsVmXp9r3l/aUZes7/d/+2T9ih7r+/0/f33j6v/0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDRMVkbHa+Ux6rpKISoR029i2QunY3j0gB917w0/PfbjjyytHUslxlgIwAAAKCvJIfPRO98yGWGw1C4dCr3j9xy8NkvPvv8aAhhOuZns2HXph077l0z/ZrUrT52ZOh7R9/51qy61dOv83ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgvJmsjY5XymPVS6IQoh419S6SuXQ2jksD9H3zc1/485MnX3i7daw4wD4AAABAf0kOn8n++VAM2ZANV019as36Z6U61vd6ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcPO77xgNf3zQxsfne8/smZKa3P/87e+ONNxfgzXz/ZQIAAM63JSEK9f/Q1Rvn+64BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPg8na6HilPFbNRyFEPWrqXSRz6WwclwboG794PLfg9EuvtI4VB9gHAAAA6C/J4TPZPx+KYSgMhSunPnV7JjCV/wsX8CYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD5XJ2uh4pTxWXRCFEPWoqXeRzKWzcVwaoO8Tuw989vDC797aOpbLDLARAAAA0FeSw7PNkXzIZT4ecuHaxueJ9gVRunHt/lxgZt32tmXDc15Xa1uXnvO6PR0nyzROM70un+xXmL4215Vmryu1rCuGZvtS27qwr23Vgj73GQAAAGAeJfk/1xwphFwm15Jzf9JWX5BzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAeJmuj45XyWDWKQoh61NS7SObS2TguDdD3gd/8/2Vf+enena1jxQH2AQAAAPpLcvhM9s+HYlgc/i8snsr9odBen9T9o3Lm8OP//MvKEFZddWIk07ntD5M3v3rz5pc7X0JItVenQljY6Bf16Pfr3z1+//L6mSdDWHVl+tpZ/cK5+7VvGdefq2xev+Poie19vhwAAAC4SCT5f6g5Ugi5zD0983+SvPvk/6apAL7w/t0/v6Lx2kjkHStShUa/VI9+n1/+9J9WrP3bO2fz/7n6ferA1sNXtDWcHukQxfXy1p0bTtxwKJWcerp/uqN/8r186Ztv/2vLrsfOTPfPh3xjfFGmW//Zrx0uiesTqf3VdR/sr7X3z/Q4/yO/feXkLxftff9s//eWDDf7X3eO85+7//Dtj+678cCRDe39Qwilbv3fff/WcPUf7n648/zDHRu3fvOtrx2iuH5s6alDaw8Wb2rvH3X0T77/n518Yt+PH/vO80n/5LciK5fNtX+qo/9rey7f/epDGxe190/1OP/Ld7w+sq307d93nv+utl0zPe9i9vmfuv6ZO9/YFD/YOQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBxmayNjlfKY9VUFELUo6beRTKXzsZxaYC+b912/N079v7oB61jxQH2AQAAAPpLcvhM9s+HYsiGbBieyv3PVTav33H0xPZQmJ6NGtfMxLb7dnxiy7ad99w1T3cOAAAAzFWS/zPNkULIZZaHoUb+L2/dueHEDYdSSf5PJfl/y90Tm1eFZt1rey7f/epDGxc1nxOEMPWzgPzZuk/P1N1y8/HCqT9+bUXXujUzdceWnjq09mDxpqQutNatDs3nE09d/8ydb2yKH2zeX2vdJ7+6baLxeCLZd/j2R/fdeODIhuY5Gtfhxr5J3URqf3XdB/trSV26cc03zg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzDZZGx2vlMeqIR1C1KOm3kUyl87GcWmAvuuW/+Lhy06/sLh1LJcZYCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+zQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX26yc0jrKPA/jz7CZvttmkTdoXjIppWhWlHiwKInpRUZFWpOCpUqTa2oMoCCJKPZhKK5aqeBGsXoqooEYpKNhYLK2Siv+KFw8qKFQPQikGtEvxoJLdZ7ab6Y6rkyqonw8MT55nZr7zm3menc0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyjDPSNNdvDO+5v3HLODR89eteJR256595tFz386ncTm677cO/gSydnNq/Y8uX1yzbtv3vN9O7nD/00/NYvR3sGP9RqVqVuLYR4PIZQe3f2mcdmPj5rbiyGEKpxZDKE0bj00GjMJaz+OYSwuV3n/J1vnrh8y1y7bdfAvPEluZD8fYV6NaunZWR+vfy71NI629p48JLw9bXrt3+6/I3X+6eOTZ46JNY61lMIizd2nt8fQliUtjnZahvLTk7tuhDCYMd5V/ao6/w/WP+lBf1zU/u/1NZ75GT7V+b6ldxx+X6mP9cO9rjeQhXVUfa4XoZy/fzLaKGK6szGR1P7dmpX/cn8arbFUImhr13+PfHUGgkd8xZDbM5lrd2vtOc2pPvP9WOuX8n1q/25+2peNy20aozzx7PjcuPZ67gvja/ofFd3cWvB+NmpraUP6smsH/J/tNRP+6N9X01ZXbO/U8vfodLxDuo23p74NBn1NFaPS08759cusn0z65+4sLrhvcMjBXXEvTHlx1L5Wz8ZHbr9tZ0PjBXlb6yk/Eqp/G/WHvnhtp0vPFeY/3SWXy2Vf9mBweNr39+xsvD5zGbPp69U/h1HP3hy+f/vnOo21838PVl+rVT+NdNHBoYbBw4W1r86ez6LSuV/dfWN377y+b5jhfkhyx8slb9h+r6nBsYbFxfmH2x9FOrNFVpi/fw4dcUX4+PfTxTlf5Y9/+Eu+bFn/suTu696ccmuNYXrc132fEZK1X/zBfu3DzX2nVf07ox7ztQ3J8B/07L0P9bjqV/2d+ZCdfxeeHair/UNNJS24TN5oZy56yz+C/MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+I0dOCABAAAAEPT/dTsCBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4KgAA//9RjScz") [ 68.920216][ T4682] Bluetooth: hci0: command tx timeout [ 69.064278][ T5336] loop0: detected capacity change from 0 to 16 [ 69.075872][ T5336] erofs: Unknown parameter 'nèÚcl' [ 69.436024][ T5335] ================================================================== [ 69.439129][ T5335] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x340/0x3a0 [ 69.442204][ T5335] Write of size 4064 at addr ffffc9000d469020 by task syz.0.0/5335 [ 69.445486][ T5335] [ 69.446413][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10689-g7af08b57bcb9 #0 [ 69.449970][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.453816][ T5335] Call Trace: [ 69.455127][ T5335] [ 69.456197][ T5335] dump_stack_lvl+0x241/0x360 [ 69.458024][ T5335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.459819][ T5335] ? __pfx__printk+0x10/0x10 [ 69.461556][ T5335] ? _printk+0xd5/0x120 [ 69.463240][ T5335] print_report+0x169/0x550 [ 69.464966][ T5335] ? __virt_addr_valid+0xbd/0x530 [ 69.466566][ T5335] ? vrealloc_noprof+0x340/0x3a0 [ 69.468533][ T5335] kasan_report+0x143/0x180 [ 69.470459][ T5335] ? vrealloc_noprof+0x340/0x3a0 [ 69.472884][ T5335] kasan_check_range+0x282/0x290 [ 69.475366][ T5335] __asan_memset+0x23/0x50 [ 69.477411][ T5335] vrealloc_noprof+0x340/0x3a0 [ 69.479222][ T5335] push_insn_history+0x16c/0x6a0 [ 69.481132][ T5335] do_check+0x692f/0xfcd0 [ 69.482814][ T5335] ? __pfx_do_check+0x10/0x10 [ 69.484438][ T5335] ? mark_reg_not_init+0xd4/0x4b0 [ 69.486292][ T5335] ? __asan_memcpy+0x40/0x70 [ 69.488075][ T5335] ? mark_reg_not_init+0xd4/0x4b0 [ 69.489855][ T5335] do_check_common+0x1564/0x2010 [ 69.491569][ T5335] bpf_check+0x19380/0x1f1b0 [ 69.493134][ T5335] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 69.495297][ T5335] ? validate_chain+0x11e/0x5920 [ 69.497133][ T5335] ? page_ext_get+0x20/0x2a0 [ 69.498800][ T5335] ? post_alloc_hook+0x206/0x230 [ 69.500653][ T5335] ? __pfx_validate_chain+0x10/0x10 [ 69.502722][ T5335] ? validate_chain+0x11e/0x5920 [ 69.504555][ T5335] ? validate_chain+0x11e/0x5920 [ 69.506512][ T5335] ? mark_lock+0x9a/0x360 [ 69.508215][ T5335] ? __pfx___might_resched+0x10/0x10 [ 69.510262][ T5335] ? validate_chain+0x11e/0x5920 [ 69.512225][ T5335] ? validate_chain+0x11e/0x5920 [ 69.514209][ T5335] ? __pfx_validate_chain+0x10/0x10 [ 69.516230][ T5335] ? validate_chain+0x11e/0x5920 [ 69.518149][ T5335] ? validate_chain+0x11e/0x5920 [ 69.519965][ T5335] ? validate_chain+0x11e/0x5920 [ 69.521849][ T5335] ? __pfx_validate_chain+0x10/0x10 [ 69.523813][ T5335] ? __pfx_validate_chain+0x10/0x10 [ 69.525757][ T5335] ? __pfx_bpf_check+0x10/0x10 [ 69.527613][ T5335] ? __pfx_validate_chain+0x10/0x10 [ 69.529639][ T5335] ? mark_lock+0x9a/0x360 [ 69.531293][ T5335] ? mark_lock+0x9a/0x360 [ 69.532731][ T5335] ? __lock_acquire+0x1397/0x2100 [ 69.534539][ T5335] ? mark_lock+0x9a/0x360 [ 69.536064][ T5335] ? __lock_acquire+0x1397/0x2100 [ 69.537865][ T5335] ? __pfx_lock_acquire+0x10/0x10 [ 69.539645][ T5335] ? ktime_get_with_offset+0x8c/0x290 [ 69.541652][ T5335] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.543689][ T5335] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.546031][ T5335] ? ktime_get_with_offset+0x8c/0x290 [ 69.548010][ T5335] ? seqcount_lockdep_reader_access+0x157/0x220 [ 69.550413][ T5335] ? lockdep_hardirqs_on+0x99/0x150 [ 69.552367][ T5335] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 69.554800][ T5335] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 69.557324][ T5335] ? _raw_spin_unlock+0x28/0x50 [ 69.559215][ T5335] ? __asan_memset+0x23/0x50 [ 69.561043][ T5335] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 69.563042][ T5335] bpf_prog_load+0x1667/0x20f0 [ 69.564880][ T5335] ? __pfx_bpf_prog_load+0x10/0x10 [ 69.566871][ T5335] ? __pfx___might_resched+0x10/0x10 [ 69.568865][ T5335] ? __might_fault+0xc6/0x120 [ 69.570719][ T5335] __sys_bpf+0x4ee/0x810 [ 69.572318][ T5335] ? __pfx___sys_bpf+0x10/0x10 [ 69.574128][ T5335] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.576470][ T5335] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.578869][ T5335] ? exc_page_fault+0x590/0x8b0 [ 69.580722][ T5335] __x64_sys_bpf+0x7c/0x90 [ 69.582456][ T5335] do_syscall_64+0xf3/0x230 [ 69.584325][ T5335] ? clear_bhb_loop+0x35/0x90 [ 69.585998][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.588189][ T5335] RIP: 0033:0x7faa9ef80849 [ 69.589970][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.597304][ T5335] RSP: 002b:00007faa9fd4f058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 69.600510][ T5335] RAX: ffffffffffffffda RBX: 00007faa9f145fa0 RCX: 00007faa9ef80849 [ 69.603545][ T5335] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005 [ 69.606669][ T5335] RBP: 00007faa9eff3986 R08: 0000000000000000 R09: 0000000000000000 [ 69.609694][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.612595][ T5335] R13: 0000000000000001 R14: 00007faa9f145fa0 R15: 00007ffff63a3988 [ 69.615528][ T5335] [ 69.616655][ T5335] [ 69.617562][ T5335] The buggy address belongs to the virtual mapping at [ 69.617562][ T5335] [ffffc9000d459000, ffffc9000d46b000) created by: [ 69.617562][ T5335] kvrealloc_noprof+0xc7/0x120 [ 69.623719][ T5335] [ 69.624618][ T5335] The buggy address belongs to the physical page: [ 69.627091][ T5335] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880347ffdc0 pfn:0x347ff [ 69.630877][ T5335] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 69.633537][ T5335] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 69.636665][ T5335] raw: ffff8880347ffdc0 0000000000000000 00000001ffffffff 0000000000000000 [ 69.639771][ T5335] page dumped because: kasan: bad access detected [ 69.642236][ T5335] page_owner tracks the page as allocated [ 69.644417][ T5335] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 5335, tgid 5334 (syz.0.0), ts 69435844012, free_ts 69404168059 [ 69.650756][ T5335] post_alloc_hook+0x1f3/0x230 [ 69.652700][ T5335] get_page_from_freelist+0x365c/0x37a0 [ 69.654915][ T5335] __alloc_pages_slowpath+0x414/0x1020 [ 69.657018][ T5335] __alloc_pages_noprof+0x49b/0x710 [ 69.659016][ T5335] alloc_pages_mpol_noprof+0x3e8/0x680 [ 69.661015][ T5335] __vmalloc_node_range_noprof+0x9c9/0x1380 [ 69.664099][ T5335] __kvmalloc_node_noprof+0x142/0x190 [ 69.666054][ T5335] kvrealloc_noprof+0xc7/0x120 [ 69.667933][ T5335] push_insn_history+0x16c/0x6a0 [ 69.669880][ T5335] do_check+0x692f/0xfcd0 [ 69.671407][ T5335] do_check_common+0x1564/0x2010 [ 69.673125][ T5335] bpf_check+0x19380/0x1f1b0 [ 69.675256][ T5335] bpf_prog_load+0x1667/0x20f0 [ 69.677481][ T5335] __sys_bpf+0x4ee/0x810 [ 69.679338][ T5335] __x64_sys_bpf+0x7c/0x90 [ 69.680973][ T5335] do_syscall_64+0xf3/0x230 [ 69.682659][ T5335] page last free pid 5328 tgid 5328 stack trace: [ 69.685130][ T5335] free_unref_page+0xdef/0x1130 [ 69.686996][ T5335] __put_partials+0xeb/0x130 [ 69.688575][ T5335] put_cpu_partial+0x17c/0x250 [ 69.690332][ T5335] __slab_free+0x2ea/0x3d0 [ 69.691943][ T5335] qlist_free_all+0x9a/0x140 [ 69.693534][ T5335] kasan_quarantine_reduce+0x14f/0x170 [ 69.695565][ T5335] __kasan_slab_alloc+0x23/0x80 [ 69.697348][ T5335] kmem_cache_alloc_node_noprof+0x1d9/0x380 [ 69.699569][ T5335] __alloc_skb+0x1c3/0x440 [ 69.701249][ T5335] alloc_skb_with_frags+0xc3/0x820 [ 69.703116][ T5335] sock_alloc_send_pskb+0x91a/0xa60 [ 69.705145][ T5335] mld_newpack+0x1c3/0xaf0 [ 69.706839][ T5335] add_grec+0x1492/0x19a0 [ 69.708453][ T5335] mld_send_initial_cr+0x228/0x4b0 [ 69.710265][ T5335] mld_dad_work+0x44/0x500 [ 69.711977][ T5335] process_scheduled_works+0xa66/0x1840 [ 69.714090][ T5335] [ 69.715045][ T5335] Memory state around the buggy address: [ 69.717106][ T5335] ffffc9000d468f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.720028][ T5335] ffffc9000d468f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.722825][ T5335] >ffffc9000d469000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 69.725687][ T5335] ^ [ 69.727498][ T5335] ffffc9000d469080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 69.730371][ T5335] ffffc9000d469100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 69.733186][ T5335] ================================================================== [ 70.173340][ T5336] loop0: detected capacity change from 0 to 32768 [ 70.248985][ T5335] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.251748][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10689-g7af08b57bcb9 #0 [ 70.255416][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.259434][ T5335] Call Trace: [ 70.260670][ T5335] [ 70.261842][ T5335] dump_stack_lvl+0x241/0x360 [ 70.263701][ T5335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.265723][ T5335] ? __pfx__printk+0x10/0x10 [ 70.267556][ T5335] ? preempt_schedule+0xe1/0xf0 [ 70.269587][ T5335] ? vscnprintf+0x5d/0x90 [ 70.271252][ T5335] panic+0x349/0x880 [ 70.272781][ T5335] ? check_panic_on_warn+0x21/0xb0 [ 70.275005][ T5335] ? __pfx_panic+0x10/0x10 [ 70.276550][ T5335] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 70.278921][ T5335] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 70.281335][ T5335] ? print_report+0x502/0x550 [ 70.283104][ T5335] check_panic_on_warn+0x86/0xb0 [ 70.285069][ T5335] ? vrealloc_noprof+0x340/0x3a0 [ 70.287006][ T5335] end_report+0x77/0x160 [ 70.288665][ T5335] kasan_report+0x154/0x180 [ 70.290459][ T5335] ? vrealloc_noprof+0x340/0x3a0 [ 70.292368][ T5335] kasan_check_range+0x282/0x290 [ 70.294335][ T5335] __asan_memset+0x23/0x50 [ 70.296030][ T5335] vrealloc_noprof+0x340/0x3a0 [ 70.297906][ T5335] push_insn_history+0x16c/0x6a0 [ 70.299623][ T5335] do_check+0x692f/0xfcd0 [ 70.301332][ T5335] ? __pfx_do_check+0x10/0x10 [ 70.303113][ T5335] ? mark_reg_not_init+0xd4/0x4b0 [ 70.305008][ T5335] ? __asan_memcpy+0x40/0x70 [ 70.306773][ T5335] ? mark_reg_not_init+0xd4/0x4b0 [ 70.308617][ T5335] do_check_common+0x1564/0x2010 [ 70.310517][ T5335] bpf_check+0x19380/0x1f1b0 [ 70.312231][ T5335] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 70.314446][ T5335] ? validate_chain+0x11e/0x5920 [ 70.316275][ T5335] ? page_ext_get+0x20/0x2a0 [ 70.318039][ T5335] ? post_alloc_hook+0x206/0x230 [ 70.319947][ T5335] ? __pfx_validate_chain+0x10/0x10 [ 70.321940][ T5335] ? validate_chain+0x11e/0x5920 [ 70.323877][ T5335] ? validate_chain+0x11e/0x5920 [ 70.325803][ T5335] ? mark_lock+0x9a/0x360 [ 70.327428][ T5335] ? __pfx___might_resched+0x10/0x10 [ 70.329528][ T5335] ? validate_chain+0x11e/0x5920 [ 70.331342][ T5335] ? validate_chain+0x11e/0x5920 [ 70.333134][ T5335] ? __pfx_validate_chain+0x10/0x10 [ 70.335208][ T5335] ? validate_chain+0x11e/0x5920 [ 70.337071][ T5335] ? validate_chain+0x11e/0x5920 [ 70.338889][ T5335] ? validate_chain+0x11e/0x5920 [ 70.340743][ T5335] ? __pfx_validate_chain+0x10/0x10 [ 70.342828][ T5335] ? __pfx_validate_chain+0x10/0x10 [ 70.344833][ T5335] ? __pfx_bpf_check+0x10/0x10 [ 70.346707][ T5335] ? __pfx_validate_chain+0x10/0x10 [ 70.348729][ T5335] ? mark_lock+0x9a/0x360 [ 70.350403][ T5335] ? mark_lock+0x9a/0x360 [ 70.352010][ T5335] ? __lock_acquire+0x1397/0x2100 [ 70.354031][ T5335] ? mark_lock+0x9a/0x360 [ 70.355681][ T5335] ? __lock_acquire+0x1397/0x2100 [ 70.357618][ T5335] ? __pfx_lock_acquire+0x10/0x10 [ 70.359469][ T5335] ? ktime_get_with_offset+0x8c/0x290 [ 70.361449][ T5335] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.363565][ T5335] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.365872][ T5335] ? ktime_get_with_offset+0x8c/0x290 [ 70.367778][ T5335] ? seqcount_lockdep_reader_access+0x157/0x220 [ 70.370267][ T5335] ? lockdep_hardirqs_on+0x99/0x150 [ 70.372116][ T5335] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 70.374551][ T5335] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 70.376958][ T5335] ? _raw_spin_unlock+0x28/0x50 [ 70.378855][ T5335] ? __asan_memset+0x23/0x50 [ 70.380496][ T5335] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 70.382214][ T5335] bpf_prog_load+0x1667/0x20f0 [ 70.383920][ T5335] ? __pfx_bpf_prog_load+0x10/0x10 [ 70.385533][ T5335] ? __pfx___might_resched+0x10/0x10 [ 70.387234][ T5335] ? __might_fault+0xc6/0x120 [ 70.388792][ T5335] __sys_bpf+0x4ee/0x810 [ 70.390361][ T5335] ? __pfx___sys_bpf+0x10/0x10 [ 70.392155][ T5335] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.394529][ T5335] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.396905][ T5335] ? exc_page_fault+0x590/0x8b0 [ 70.398730][ T5335] __x64_sys_bpf+0x7c/0x90 [ 70.400423][ T5335] do_syscall_64+0xf3/0x230 [ 70.402152][ T5335] ? clear_bhb_loop+0x35/0x90 [ 70.403932][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.406216][ T5335] RIP: 0033:0x7faa9ef80849 [ 70.407890][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.415062][ T5335] RSP: 002b:00007faa9fd4f058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 70.418177][ T5335] RAX: ffffffffffffffda RBX: 00007faa9f145fa0 RCX: 00007faa9ef80849 [ 70.421172][ T5335] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005 [ 70.424192][ T5335] RBP: 00007faa9eff3986 R08: 0000000000000000 R09: 0000000000000000 [ 70.427057][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.429948][ T5335] R13: 0000000000000001 R14: 00007faa9f145fa0 R15: 00007ffff63a3988 [ 70.432992][ T5335] [ 70.434528][ T5335] Kernel Offset: disabled [ 70.436171][ T5335] Rebooting in 86400 seconds..