program: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000540)={{}, {0x18}, 0x0, 0xbf}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000005a80)={&(0x7f0000000340)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r3, @ANYBLOB="06009600ff0c000000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x24, r5, 0x101, 0x0, 0x0, {{0x19}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_BSS_BASIC_RATES={0x6, 0x24, [{0x16}, {0x6, 0x1}]}]}, 0x24}}, 0x0) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x800000, &(0x7f0000005b40)=ANY=[@ANYBLOB="ca6e4e5dc3322d43487a06ad2c5f0951097933189743e98dbc970a836648d28b3fc9bfae35df892e55532c", @ANYRESHEX=r0, @ANYRES8=r0, @ANYRESOCT=r0, @ANYRESHEX=r0, @ANYRES64=r0, @ANYRESDEC=r0, @ANYRESHEX=r0, @ANYBLOB="3186c355e5d3f48ccc72d6abf6791c42e56409e992f8654fc27e77ed8e03f84289e683f3c552"], 0x2, 0x595d, &(0x7f0000000100)="$eJzs3W2QXFWdMPBzu3synZm8TAJIBJkMgSiCmglvhS+l0ce3AqRiYSnhicJAJhhNQioJAgEl+IAPFGChpaWoH9BC6kGjRRU8SqREXjZhFaVYXWoLqdVd9INbyJISyFKW62zN9D2dnjt95/b09OQFfr9K5vY9fft/zj339O37P90zHQAAAHhV2H39lr3nHPW+X3x++KVrPviTDdeG3vJYeTVu0JcurzhQLWR/6q4sGltmx8UbrvreHwcufs/P7+757su71hy79rfvPezi+z915s7bvvnQi3Pv/fszRXHjeDpx33ryXBJC9ad7vvqFXY8dOVqWhBDKSd/2EBYkCx9akGRCDP41hLAmXVmUufOel05ZO7q89qbuceXzM9sZ769u1XScbdt7+Unhd+9edd2vFv/wB107nt2+b5Ok2jCeQph3YePju0IIs9P/o+Joi+MxDtqVIYSehsedUdCu48JIdrw3tSxn/eh0OStd9hbEifcvyayXMttl16OuzLKnoL7pymtHu9sVmZNZb+ngTEFeO2P5gnT543R54hTjl+P/JJSSUKk3f32yb4yEhuOWhGTsWFbr66X6sQ3p/mfWk8x6KbNe7srs11i96UArJ8n48rhdpjyejitp+bGN5+omzs0pf226rKZP1JfjesjeqOmdcKO+X2Niu/ZM0pb9odRwDmpWXj/w6cHoTct6k4UTHjPSRLxv16qbl5ZXP7y7L6cdyd1JGj9pK/62Xy6Y84nv33hZ9nW9Hv/CUhq/1Fb835/1+PPn3/idb+TGvzXGL7cV/+QHep4765Hrl0zsn1rHJ3ti/1Taij/0zKO3LD78oh257b89xq+2FX/Fzse75+594MHc4zsY+2d2W/Gffvv7/3DXk/c9mxs/xPg9bcVfvXPTF7v7956QG//B2D+97Y2fF3ac/lR//58G8uI/EePPbSv+ndtve9sd8286M/f4roz909dW/LOPv/+6OXvvOybv3JncXqrk3AVACw5Lr7FuSNfbzTOnqyFf+PpApXbNNyf9P7eTFWUuPkfrmdfJ+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQQjjipH/8wL9/tO+5Srrend54ulRbxvJZISSzQwhbtg5t3rpu4yUDn7r0ss0bh9YPDG0dGN64dfOVA6e+aWDz8Kb1Q1eO3jv45lNqj1sYktoyOWZC3d0jIyOlvvFlsb7/dfyO3y094z/+HMLgEb/pr+S2f9ltG+44vMnPjGTFyLs2XHbOb077drpffWm7+pq0a2RkZCTktOs/z/vbHV/e88cTQhh8zWTtevTpd/5sXIPGCvbFSZW6Q61B3UlP03bUW522J/ZXZe269cODk/fv6OPLOfvxv6969q9rr/jS32r9W83djxb7d/aKkfWlr606+7+/dnWtoKhdB+q4F/V33IvYvth/1bS/56X7NS9nvyo5+3X9rx588qdH3fji9jBYeWHxxLqL9qsrHQBdyWtbqjfW0JMsGFdeTbePRzw+btnWDZuWbbly25vXbRi6ZPiS4Y1vXX7q8tMHTzv9tGVje76sw/sf6399i/u/f8bT/M9s/3H82dp4KmpXUX+Mtqu4PxpblPf86zn3C195622PnFMrKBrncev6+SRd9owe5+WhYbxN7Ktm+1XUDyGEgWb98PyLZ4Yj/2XddUXnocYj0/gzI1kx8tiSv3z7jG8teketYL+c5xsb1OZ5vt7qfe0Z669qejxG9nP/jtbWSv92h3K6X71N27X8sUe6bt7958/W2zdrVrhiaOvWzctrP+ekLZ2THN20XdnSuF+Lx36WQ9otoT5Mm4zXUV2h1r7s+TNunu3V3vS+3mRh0/3KivftWnXz0vLqh3fn9XRyd63G2WFubZm8LmfL9ZkHlusNblb/wfr8Kxof/R/41r0fvfdHp04YHyfXfjbu16wmj09y9uuHT975le9+6f/+qHP79YF3Pt73l3/95NJawaFyXqm3Om1P0nheOTmEouff4tB8P3Kff6Xm+1P0/MvWs2/75vEGMuu9odzW8/XkB3qeO+uR65fkPl/3tPp8vXrcWrng+XqwjJ/seSOpjG/HzD2/xg2UZMXIz284bPtD16w8qlZQNK7rWzcb16e0kH/k7NfPzn+q/9KB//PPnTtvfO9N91zw26EVn6sVtH/cY1s6c9yraf9Wc/q33uqYdzb271suvnT9mlr5wXv9my4L8p94Ktly5bZPD61fP7x5S2v71erraawn28vtvp7Gs9vCgv0qTdivmbvRSn+1+nyL7V/Tdn+Nf771hqTJ60JvvV15rwvbfrlgzie+f+NlfRP2Jq3owlIaqdTW687vz3r8+fNv/M43cuPfGuNX2oo/9Myjtyw+/KIdufFvT9L41bbir9j5ePfcvQ88mBt/MLZ/dlvxn377+/9w15P3PZsbP8T4ve31/ws7Tn+qv/9PufGfSNJ6Rq+RQrjnpVPW1taT0JU+32I7usa1K2TXk8x6KbNeblwv1eZa6xWUk2R8edwuLT+2oS3NfCynPF6FVRfVli/H9ZC9MXn5wabUcO5vVl50nQoA8EoX3/+P16Dx/f/h9EIpf6YB9pluHrYoJ27Mw/bN54x/F2BRGj8+Ps4D9r8lDI4urx2oXegXzU9k5znj8yE7zxnrOeG48THanecsmn9fklmP7arNl1ca8tDUxLymElqYf59Yz+Tz75ndL54fH7hhQrMGGuatssevK50xa/Z5h0x7K6MR8sZHdl4sfp6jf15YOVZfi+Mj+zmaeByyn6OJ9RyVOXG2+zma6Y6P2OxJxsdYk4vf35h4/MIk/bvv+DWPlj1+Uzje1dHtZ/r92XTesOnL32TxG+YNm57S9t+84cy+H2ZeMid++gQ72OcNY3ncj0qL84kfzSnv1HxiPF3Edu2ZpC37g/lE4JUq5v/xNWI0/x+9AP+vzHZF16HZq8YYL/dzQuXm7SnKOyZ+Tq+nrdfx1Ts3fbG7f+8Judc5D7b6uZ9N49Z6Cj73U9SPSzPrhf2YM0FTlO9l6ynq9+znMnrD3Lb6/c7tt73tjvk3nZnb7ytrL6TF/f6VcWtzC/p9P+ULU45/8HzOQL7QNP7+yBdmh3QEzdz82QHLR9IPPs1UPvKRnPKp5iM9E27U92vMIZePdO3fdgEAh46Y/9ffP0vz/3+LG6TXEUV564mZ9RgvN2/NuT7Jy1s/lC6vyGzfm/5GxVSvm88+/v7r5uy975jcvOX2VvPQ/zdura8wD51e3pybR6zszOfFc/OIep41vTwxt/31PHF6eXpu/HqePr08Ord/6nn09OYBcuPX5wEO4Ty3lfm6TGVxdfL5unJ9vm6mP4dywPLo9NdnZyqPPjenfKp5dO+EG/X9GiOPBgA4sGL+Hy/jYv7/SGa76b7PnpsXdOi6Pfv3QOrxn9hfeeVM530znbfOdF4/0/MSh3pePNPzQjM7T/aqz4vTSuXFAAAczGL+Pztdz8//p5efNMvfusblJ/LzpvHl5wdJfn6oz3/J/70vXkz+DwDwyhbz//hrj/Hv//1Dup79u/Xy9Jz48vQDlqePzH8l5emdn2cL9Xm2inmAAzEPMHvf9uYBAAA4ELrGMqWJv2f/8XSZ/T37vN/LPz9n+1ZV0svji7ZuHh6+4LJNa4a2Dl+w8dI1w1suuHzzuq1bhzfWtptu3pibt6R5Y1eopP3RfLts3jY//XsI83P+HkJ2+xj26LEbE/8eQrba2QV/R2Df8WutvXnHrzTJ9s3GR97xzov/sZzto/rxv/iTJ1+wdssF6zau27puaP26bcPjtxvNWnum8L2ZsVum9H2pmR8TlKb+/Z2daUdpQju60v7I+372JNOOBWlLFuR9/0FOu3/xT1/+zPEjf7srhMEjyq+bVv8lK0b+/3nDH9q6+zebRttfmrT99S3TdhV9X2l2+7g/lfWXbtl60tpLL9uY/UbJ9sT5jFJ9fYbmM9Knf7nF+YnVOeVT/ZxCecKNg1PL8xMAAIwT3/+P17Px/cMvpRdQsbz1PH167x/n5umDreXp2e8lK8rTs9vH/W01T69OM0/P1l+Upzfbvlmenpd358X/SM72U9X6OJne5zxyx8mFrY2T7PcZFI2T7PZTHSfJNMdJtv6icdJs+2bjJO+458X/cM72eVofD9P7XE7ueLi1tfHwxrGf8+vrRePhjZn1qY6H0jTHQ7b+ovHQbPtm4yHv+ObFPydn+1aNHx+jA2NsXAxfcPmlmz/dsN1Mf//F9Ns3s9//0a7W2z+zn/ua+fbP7O9/zXz7p/e5stz2PzG9mbDW2z+z3+/Srv02X5t+2Kzo82dF87ircsqnOo87a8KNg5N5XDhwYv4f3+6J+f9N6bLTbwMd+t+T5nvMmsavf/5+Zq9jvJ5PUtlBwOs5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGu6K4vGlruv37L3nKPe94vPD790zQd/suHaN1z1vT8OXPyen9/d892Xd605du1v33vYxfd/6sydt33zoRfn3vv3ZwoD9439rJyYrlZDSJ5LQqj+dM9Xv7DrsSNHy5IQQjnp2x7CgmThQwuSTITBv4YQ1tTbOf7Oe146Ze3o8tqbuseVz88Eye5X6C3H9jS2M4QrCveIQ1A1HWfb9l5+Uvjdu1dd96vFP/xB145nt+/bJKk2jKcQ5l3Y+PiuEMLs9P+oONoWxQeny5UhhJ6Gx51R0K7jWmz/spz1o9PlrHTZWxAn3r8ks17KbJddj7oyy56C+qYrrx3tbldkTmY9ezKarrx2xvIF6fLH6fLEKcYvx/9JKCWhUm/++mTfGAkNxy0JydixrNbXS/VjG9L9z6wnmfVSZr3cldmvsXrTgVZOkvHlcbtMeTwdV9LyYxvP1U2cm1P+2nRZTZ+oL8f1kL1R0zvhRn2/xsR27ZmkLftDqeEc1Ky8fuDTg9GblvUmCyc8ZqSJeN+uVTcvLa9+eHdfTjuSu5M0ftJW/G2/XDDnE9+/8bJFefEvLKXxS23F//1Zjz9//o3f+UZu/Ftj/HJb8U9+oOe5sx65fklu/+yJ/VNpK/7QM4/esvjwi3bktv/2GL/aVvwVOx/vnrv3gQdz2z8Y+2d2W/Gffvv7/3DXk/c9mxs/xPg9bcVfvXPTF7v7956QG//B2D+97Y2fF3ac/lR//58G8uI/EePPbSv+ndtve9sd8286M/f4roz909dW/LOPv/+6OXvvOybv3Jnc3qlXToBXp8PSa6wb0vV288zpasgXvj5QqV3zzUn/z+1kRRmj9cybWDzZJTsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIRfX33qx89714dXVZIQkpxtRpqI95VnrVgx0Ea9Q888esviwy/a0Vi2qI04AAAAQLGYh5fqJdWwKFyezA5HN90+zhEcHdeS8eXZOYQYJztH0G6cUofilDsUp9KhOF0dijOrQ3G6OxSnWhCnGlqLM3uSOJXRUdFie3ombU/rcXo7FGdOi3G6CuLM7VB75jWJs+zvcc6v9TjzO9SevknjtD4OF3QozsIOxTmsQ3EO71CcIzoU5zUdinNkh+Jk55SnOg7nplselRdn7Ea5ME4lKdfvaDaffmRazzHTrKe3oJ65Ra/HLdYzu8V6jss8rjTFeqot1vP6adaTtFjPG6dZT6mgnjhur8i2L9YT11oc/1dOO07timJbh9pzVYfiXN2hOJ/tUJzPdSjONdOMA9CqmP/vy/f6QnflHaEnPeNkZwFivrt47OfE17u8E1KM97pM+ayieNlEPRNv8VTbl51AyMRbkinvGhevUs9HJolXbYy3NHNn4f5mJxQy7TsxU95dFC87sQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+jXV5/68fPe9eFVIQmj/5oaaSLeV561YsVAG/XuWnXz0vLqh3c3lnVX2ggEAAAAFIp5eFe9pBq6K8tDdzJr3HbVdB6gmq6X+2rL/nlh5egyGSiNrfckCyZ9XCV93LKtGzYt23Lltjev2zB0yfAlwxvfuvzU5acPnnb6acvWrls/PFj7GUJ3QbwQwtj0w5Yrt316aP364c1baoXZ9i9KH7coXU/Sx/W/JQyOLq9N27+woL7ShPpm7kbx0QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/2HX7kLkKu8/gP/OzOzMuJq/+8e3MZh1SKLYVlq1a9FW3AOFCr4EF6HM2m4l1EilqwmaiLVTDVSt0lJQAiHFi6akUq30xpcqpb4QSLFpA900FJXWi/aiRVslSi5KZEp258zOzM4426mYGD+fi3Nmnuf3PL/zzEXge7IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH665+sRMbXJqejSJSPrUNHrI5vLFNK0O0ferz236YWn80HntY6XCEBsBAAAAA2U5fKQ1Uo5SIR/5OHP+2+pom4jF3A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHz8zNUnZmqTU9MnJhFJn5pGD9lcvpim1SH6vv7OE597ZXz87+1jlSH2AQAAAAbLcniuNVKOSqyJkeTMjrrs3cDKrvXdddk+q5ZZ1/3uoF/dmmXWnbvMuk8MqFvXvN8ZAAAA8NGX5f9Ca2QsSoUVffP/oFyf1Z3dVZdv3of5WwEAAADgf5Pl/1JrpBKlQqWV15eb91d31WXr10RuWevP6bN+0P/nX9O8+396AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjomKtPzNQmp6bzSUTSp6bRQzaXL6ZpdYi+Fz0/+s+rdt+3un2sVBhiIwAAAGCgLIcvRu9ylAqjMRInzuf+8SseeerLTz0zERELMb9YjDvXb95820UL16zuwr27R36w583vLKm7cOF61A4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8YObqEzO1yanpE5KIpE9No4dsLl9M0+oQfV/7wpf++tiBZ99oH6sMsQ8AAAAwWJbDF7N/OSpRjGKcPv+tPesfketa3++dAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD8uP1bd31z/ezshtt88OFj/CHePiYe4xj6cLT/ZQIAAD5oZ0cSjf/SGdce7acGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOBXP1iZna5NR0OYlI+tQ0esjm8sU0rQ7RN31uX2nFoedfbB+rDLEPAAAAMFiWwxezfzkqMRIjcdr8t17vBObz/9iH+JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAMWWuPjFTm5yaXpFEJH1qGj1kc/limlaH6Pvo1h2f33Xy969sHysVhtgIAAAAGCjL4cXWSDlKhU9GKc5qfp/tXJDkm/fe7wUW123qWDa67HX1jnX5Za97oOtkheZpFtaVs/3GFu6tddWl66pt6yrRal/tWBfbOlatGPCcAQAAAEdRlv9LrZGxKBVKbTn3Zx31Y3IuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDHXH1ipjY5NZ0kEUmfmkYP2Vy+mKbVIfre9bv/P+lrP39wS/tYZYh9AAAAgMGyHL6Y/ctRiVXxf7FqPvfHWGd9Vvev2uFdD7/9t/MiLjh9/3ihe9sfZx9+89rlL3RfInKd1bmIk5v9kj79fvuHh+9Y2zj8WMQFp+XPWtIv3r9f55Zp4+nahms279m/acCPAwAAAMeJLP+PtEbGolS4tW/+z5L3gPzfMh/AT75j6y9PbV6bibxrRW6s2S/Xp98X1z7xl3Mu+cebR/L/+/X7zI5bdp3a0XBhpEuSNiZv2bJu/8U7c9mpF/rnu/pnv8tXvv3Gv2+686HDC/3LUW6Oryz06r/02uWEtDGb2z599Xvb6539C33Of9/vXzzw65UPvnuk/ztnj7b6n9vj/MWIWDx5v/6j192/7dIdu9d19o+Iaq/+b717ZZzxp5vv7T7/aNfG7b98+7VLkjb2rj6485JHKpd19k+6+me//y8OPLrtpw9975msf/a3IuetWW7/XFf/lx84ZetL91y7srN/rs/5X7j+lfGN1e/+sfv8N3bsWuj7FEvP//j5T97w6vr07u4pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA48tcfWKmNjk1nUsikj41jR6yuXwxTatD9H39qn1vXf/gT37UPlYZYh8AAABgsCyHL2b/clSiGMUYnc/9T9c2XLN5z/5NMbYwmzTvhdmNt2/+1E0bt9x641F6cgAAAGC5svxfaI2MRamwNkaa+X/yli3r9l+8M5fl/1yW/2+6eXbDBdGqe/mBU7a+dM+1K1vvCSLm/yygfKTus4t1V1y+b+zgn79xTs+6ixbr9q4+uPOSRyqXZXXRXndhtN5PPH7+kze8uj69u/V87XWf/vrG2ebriWzf0evu33bpjt3rWudo3keb+2Z1s7nt01e/t72e1eWb93Lz3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAUnP1iZna5NR05COS3iUnRESjWzaZL6ZpdYi+V6/91b0nHXp2VftYqTDERgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAfduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBffyFSVXEcwM+Z2W3HnV3d1SArWlcrCntICiLqpaIiNELoyZCwNB+iIIgo7KE1NBIregmyXiQqKLcQCnKTRIs1+ie99FBBgfUQiLRQDtJDxc6cO85e5zZ114Lq84HZM+fce7/3d+89c2YHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhXGehb2mwPb3+wcdt5N338+D0nHrvl3fu3XvLo69+Pb7zho72Dr5yc3rR881c3Ltm4/97VU7tePPTz8Nu/Hu0Z/EirWZm6tRDi8RhC7b2Z556Y/uSc2bEYQqjGkYkQRuPiQ6Mxl7DqlxDCpnadcze+deLKzbPt1p0Dc8YX5ULy1xXq1ayelpG59fLfUkvzbEvj4cvCN9ev2/bZsjff6J88NnFql1jrmE8hLNzQeXx/CGFBes3KZtvS7ODUrg0hDHYcd3WPui78k/VfXtA/P7VnpbbeIyfbviLXr+T2y/cz/bl2sMf55quojrL79TLU/LunvcrkF6P5KqozGx9N7TupXfkX86vZK4ZKDH3t8u+Lp+ZI6HhuMcTms6y1+5X2sw3p+nP9mOtXcv1qf+66mudNE60a49zxbL/ceLYc96Xx5Z1rdRe3F4yfm9pa+qCezPoh/6alftqb9nU1ZXXN/EEt/4RKxxrUbbz94NPDqKexelx82jG/dZFtm1731MXV9e8fHimoI+6NKT+Wyt/y6ejQnXt2PLS0KH9DJeVXSuV/u+bIj3fseOmFwvxns/xqqfwrDgweX/PB9hWF92cmuz99pfLvOvrh08vOvnuy27Nu5u/O8mul8q+bOjIw3DhwsLD+Vdn9WVAq/+trb/7utS/2HSvMD1n+YKn89VMPPDMw1ri0MP9g66NQb87QEvPnp8mrvhwb+2G8KP/z7P4Pd8mPPfNfndh1zcuLdq4unJ9rs/szUqr+Wy/av22ose+CorUz7j5T35wA/09L0v9YT6Z+2d+Z89Xxe+H58b7WN9BQeg2fyRPlzJ5n4d+YDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA7O3BAAgAAACDo/+t2BAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFMBAAD//ymrLgc=") [ 67.807272][ T4669] Bluetooth: hci0: command tx timeout [ 67.783560][ T5320] netlink: 20 bytes leftover after parsing attributes in process `syz.0.0'. [ 67.807569][ T4669] Bluetooth: hci0: command tx timeout [ 68.101248][ T5320] loop0: detected capacity change from 0 to 32768 [ 68.219606][ T5320] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 68.219626][ T5320] allowing incompatible features above 0.0: (unknown version) [ 68.219634][ T5320] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 68.240296][ T5320] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 68.244629][ T5320] bcachefs (loop0): invalid bkey in superblock btree=deleted_inodes level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:16426:0 gen 0 invalid [ 68.244656][ T5320] pointer past last bucket (16426 > 128), deleting [ 68.257359][ T5320] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 68.260701][ T5320] bcachefs (loop0): Version upgrade required: [ 68.260701][ T5320] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 68.260701][ T5320] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 68.260701][ T5320] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 68.361312][ T5320] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4100:U32_MAX len 0 ver 0: (unpack error) [ 68.361340][ T5320] invalid variable length fields, deleting [ 68.376416][ T5320] bcachefs (loop0): btree node read error at btree xattrs level 0/0 [ 68.376448][ T5320] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key 327680:0:0 durability: 1 ptr: 0:31:0 gen 0 [ 68.376456][ T5320] loop0 node offset 0/16: incorrect min_key: got POS_MIN should be 327680:0:0 [ 68.376462][ T5320] flagging btree xattrs lost data [ 68.376468][ T5320] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 68.376476][ T5320] ret btree_node_read_validate_error [ 68.400821][ T5320] bcachefs (loop0): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing [ 68.415383][ T5320] bcachefs (loop0): check_topology... [ 68.415538][ T5320] bcachefs (loop0): btree root xattrs unreadable, must recover from scan [ 68.422737][ T5320] bcachefs (loop0): no nodes found for btree xattrs, continuing [ 68.428544][ T5320] done [ 68.429914][ T5320] bcachefs (loop0): accounting_read... done [ 68.434907][ T5320] bcachefs (loop0): alloc_read... done [ 68.439215][ T5320] bcachefs (loop0): snapshots_read... done [ 68.442782][ T5320] bcachefs (loop0): check_allocations... [ 68.447489][ T5320] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 68.447512][ T5320] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 68.462915][ T5320] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 68.462929][ T5320] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 68.476673][ T5320] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 68.476682][ T5320] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 68.488359][ T5320] bcachefs (loop0): bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 68.488369][ T5320] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 68.501208][ T5320] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 68.501222][ T5320] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 68.513247][ T5320] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 68.517559][ T5320] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 68.523309][ T5320] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 68.529124][ T5320] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 68.534924][ T5320] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 68.539438][ T5320] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 68.543896][ T5320] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 68.548588][ T5320] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 68.552888][ T5320] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 68.557936][ T5320] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 68.562720][ T5320] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 68.567634][ T5320] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 68.573352][ T5320] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 68.578608][ T5320] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 68.583706][ T5320] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 68.589061][ T5320] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 68.594081][ T5320] bcachefs (loop0): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 68.598402][ T5320] bcachefs (loop0): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 68.603135][ T5320] bcachefs (loop0): bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing [ 68.609897][ T5320] bcachefs (loop0): bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 68.615016][ T5320] bcachefs (loop0): bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing [ 68.615028][ T5320] Ratelimiting new instances of previous error [ 68.623244][ T5320] bcachefs (loop0): bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 68.623255][ T5320] Ratelimiting new instances of previous error [ 68.640982][ T5320] done [ 68.643455][ T5320] bcachefs (loop0): going read-write [ 68.792775][ T5320] bcachefs (loop0): journal_replay... [ 68.802659][ T5320] bcachefs (loop0): u64s 12 type alloc_v4 0:37:0 len 0 ver 0: [ 68.802688][ T5320] gen 0 oldest_gen 0 data_type btree [ 68.802695][ T5320] journal_seq_nonempty 6 [ 68.802700][ T5320] journal_seq_empty 0 [ 68.802706][ T5320] need_discard 1 [ 68.802712][ T5320] need_inc_gen 1 [ 68.802718][ T5320] dirty_sectors 256 [ 68.802723][ T5320] stripe_sectors 0 [ 68.802729][ T5320] cached_sectors 0 [ 68.802735][ T5320] stripe 0 [ 68.802741][ T5320] stripe_redundancy 0 [ 68.802746][ T5320] io_time[READ] 1 [ 68.802752][ T5320] io_time[WRITE] 1024 [ 68.802757][ T5320] fragmentation 0 [ 68.802762][ T5320] bp_start 7 [ 68.802768][ T5320] [ 68.802772][ T5320] incorrectly set at freespace:0:37:0 (free 0, genbits 0 should be 0), fixing [ 68.859031][ T5320] bcachefs (loop0): u64s 13 type alloc_v4 0:42:0 len 0 ver 0: [ 68.859045][ T5320] gen 0 oldest_gen 0 data_type need_discard [ 68.859054][ T5320] journal_seq_nonempty 7 [ 68.859061][ T5320] journal_seq_empty 0 [ 68.859066][ T5320] need_discard 1 [ 68.859074][ T5320] need_inc_gen 1 [ 68.859081][ T5320] dirty_sectors 0 [ 68.859087][ T5320] stripe_sectors 0 [ 68.859094][ T5320] cached_sectors 0 [ 68.859100][ T5320] stripe 0 [ 68.859107][ T5320] stripe_redundancy 0 [ 68.859115][ T5320] io_time[READ] 1 [ 68.859120][ T5320] io_time[WRITE] 1280 [ 68.859126][ T5320] fragmentation 0 [ 68.859131][ T5320] bp_start 8 [ 68.859135][ T5320] [ 68.859140][ T5320] incorrectly set at freespace:0:42:0 (free 0, genbits 0 should be 0), fixing [ 68.902142][ T5320] ================================================================== [ 68.905606][ T5320] BUG: KASAN: slab-use-after-free in bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 68.909378][ T5320] Read of size 8 at addr ffff8880401bd520 by task syz.0.0/5320 [ 68.912382][ T5320] [ 68.913442][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 68.913458][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.913466][ T5320] Call Trace: [ 68.913475][ T5320] [ 68.913480][ T5320] dump_stack_lvl+0x189/0x250 [ 68.913502][ T5320] ? __virt_addr_valid+0x1c8/0x5c0 [ 68.913513][ T5320] ? rcu_is_watching+0x15/0xb0 [ 68.913525][ T5320] ? __kasan_check_byte+0x12/0x40 [ 68.913533][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.913543][ T5320] ? rcu_is_watching+0x15/0xb0 [ 68.913554][ T5320] ? lock_release+0x4b/0x3e0 [ 68.913567][ T5320] ? __virt_addr_valid+0x1c8/0x5c0 [ 68.913576][ T5320] ? __virt_addr_valid+0x4a5/0x5c0 [ 68.913586][ T5320] print_report+0xd2/0x2b0 [ 68.913598][ T5320] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 68.913612][ T5320] kasan_report+0x118/0x150 [ 68.913622][ T5320] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 68.913638][ T5320] bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 68.913656][ T5320] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 68.913699][ T5320] ? __pfx_bch2_bucket_alloc_trans+0x10/0x10 [ 68.913716][ T5320] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 68.913732][ T5320] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 68.913748][ T5320] bch2_bucket_alloc_set_trans+0x5a6/0xe70 [ 68.913764][ T5320] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 68.913778][ T5320] ? __open_bucket_add_buckets+0x783/0x1e40 [ 68.913803][ T5320] __open_bucket_add_buckets+0x1437/0x1e40 [ 68.913825][ T5320] open_bucket_add_buckets+0x2ee/0x440 [ 68.913843][ T5320] bch2_alloc_sectors_start_trans+0xd26/0x1e80 [ 68.913858][ T5320] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 68.913935][ T5320] bch2_btree_reserve_get+0x641/0x1810 [ 68.913961][ T5320] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 68.913974][ T5320] ? __pfx_bch2_btree_reserve_get+0x10/0x10 [ 68.913991][ T5320] ? __pfx___bch2_disk_reservation_add+0x10/0x10 [ 68.914007][ T5320] ? bch2_btree_update_start+0xadb/0x1dc0 [ 68.914023][ T5320] bch2_btree_update_start+0x147e/0x1dc0 [ 68.914041][ T5320] ? bch2_btree_split_leaf+0x14b/0x8e0 [ 68.914055][ T5320] ? __pfx_bch2_btree_update_start+0x10/0x10 [ 68.914069][ T5320] ? bch2_journal_replay_key+0x44f/0xb10 [ 68.914085][ T5320] ? __asan_memset+0x22/0x50 [ 68.914098][ T5320] ? __bch2_bkey_unpack_key+0x98b/0xe10 [ 68.914110][ T5320] ? bch2_btree_path_peek_slot+0x3f4/0xfe0 [ 68.914121][ T5320] ? __build_rw_aux_tree+0x6ed/0x880 [ 68.914138][ T5320] bch2_btree_split_leaf+0x14b/0x8e0 [ 68.914153][ T5320] bch2_trans_commit_error+0x1b7/0x1130 [ 68.914165][ T5320] ? bch2_journal_replay+0x1789/0x2620 [ 68.914180][ T5320] ? six_unlock_ip+0x302/0x430 [ 68.914189][ T5320] ? __pfx_bch2_trans_commit_error+0x10/0x10 [ 68.914200][ T5320] ? bch2_trans_unlock_updates_write+0xc22/0xd50 [ 68.914215][ T5320] __bch2_trans_commit+0x1ce8/0x8880 [ 68.914233][ T5320] ? bch2_journal_replay+0x1789/0x2620 [ 68.914247][ T5320] ? bch2_journal_replay_key+0x636/0xb10 [ 68.914261][ T5320] ? __pfx___bch2_trans_commit+0x10/0x10 [ 68.914275][ T5320] ? __pfx_bch2_journal_replay_key+0x10/0x10 [ 68.914290][ T5320] ? bch2_journal_replay_key+0x1dc/0xb10 [ 68.914304][ T5320] ? __bch2_trans_get+0x9c2/0xd80 [ 68.914316][ T5320] bch2_journal_replay+0x1789/0x2620 [ 68.914332][ T5320] ? __pfx_console_unlock+0x10/0x10 [ 68.914343][ T5320] ? irq_work_queue+0xbc/0x140 [ 68.914356][ T5320] ? __wake_up_klogd+0xd9/0x110 [ 68.914367][ T5320] ? __pfx_vprintk_emit+0x10/0x10 [ 68.914378][ T5320] ? __pfx_bch2_journal_replay+0x10/0x10 [ 68.914395][ T5320] ? do_raw_spin_lock+0x121/0x290 [ 68.914408][ T5320] ? __bch2_print+0x176/0x220 [ 68.914429][ T5320] ? __pfx___bch2_print+0x10/0x10 [ 68.914445][ T5320] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.914459][ T5320] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.914473][ T5320] __bch2_run_recovery_passes+0x395/0x1010 [ 68.914490][ T5320] bch2_run_recovery_passes+0x184/0x210 [ 68.914502][ T5320] bch2_fs_recovery+0x25fd/0x3950 [ 68.914517][ T5320] ? check_noncircular+0xe0/0x160 [ 68.914530][ T5320] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 68.914547][ T5320] ? __lock_acquire+0xab9/0xd20 [ 68.914563][ T5320] ? __lock_acquire+0xab9/0xd20 [ 68.914578][ T5320] ? __lock_acquire+0xab9/0xd20 [ 68.914595][ T5320] ? bch2_fs_start+0x9fe/0xd90 [ 68.914606][ T5320] ? up_write+0x1c4/0x420 [ 68.914615][ T5320] ? bch2_fs_start+0x5c4/0xd90 [ 68.914625][ T5320] bch2_fs_start+0xa99/0xd90 [ 68.914634][ T5320] ? bch2_fs_start+0x5c4/0xd90 [ 68.914645][ T5320] ? __pfx_bch2_fs_start+0x10/0x10 [ 68.914658][ T5320] ? sget+0x267/0x620 [ 68.914673][ T5320] bch2_fs_get_tree+0xb02/0x14f0 [ 68.914694][ T5320] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 68.914712][ T5320] ? aa_get_newest_label+0xf7/0x5d0 [ 68.914724][ T5320] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 68.914738][ T5320] ? apparmor_capable+0x137/0x1b0 [ 68.914754][ T5320] vfs_get_tree+0x92/0x2b0 [ 68.914764][ T5320] do_new_mount+0x24a/0xa40 [ 68.914776][ T5320] __se_sys_mount+0x317/0x410 [ 68.914788][ T5320] ? __pfx___se_sys_mount+0x10/0x10 [ 68.914800][ T5320] ? do_syscall_64+0xbe/0x3b0 [ 68.914808][ T5320] ? __x64_sys_mount+0x20/0xc0 [ 68.914819][ T5320] do_syscall_64+0xfa/0x3b0 [ 68.914827][ T5320] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.914840][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.914851][ T5320] ? clear_bhb_loop+0x60/0xb0 [ 68.914862][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.914872][ T5320] RIP: 0033:0x7f61ba7900ca [ 68.914883][ T5320] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.914891][ T5320] RSP: 002b:00007f61bb69ce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 68.914903][ T5320] RAX: ffffffffffffffda RBX: 00007f61bb69cef0 RCX: 00007f61ba7900ca [ 68.914912][ T5320] RDX: 00002000000000c0 RSI: 0000200000000000 RDI: 00007f61bb69ceb0 [ 68.914919][ T5320] RBP: 00002000000000c0 R08: 00007f61bb69cef0 R09: 0000000000800000 [ 68.914926][ T5320] R10: 0000000000800000 R11: 0000000000000246 R12: 0000200000000000 [ 68.914934][ T5320] R13: 00007f61bb69ceb0 R14: 000000000000595d R15: 0000200000005b40 [ 68.914952][ T5320] [ 68.914956][ T5320] [ 69.174770][ T5320] Allocated by task 5320: [ 69.176704][ T5320] kasan_save_track+0x3e/0x80 [ 69.178965][ T5320] __kasan_kmalloc+0x93/0xb0 [ 69.181052][ T5320] __kmalloc_node_track_caller_noprof+0x271/0x4e0 [ 69.183741][ T5320] krealloc_noprof+0x124/0x340 [ 69.185782][ T5320] __bch2_trans_kmalloc+0x26c/0xc80 [ 69.188128][ T5320] bch2_alloc_sectors_start_trans+0x1d59/0x1e80 [ 69.190787][ T5320] bch2_btree_reserve_get+0x641/0x1810 [ 69.192872][ T5320] bch2_btree_update_start+0x147e/0x1dc0 [ 69.195289][ T5320] bch2_btree_split_leaf+0x14b/0x8e0 [ 69.197533][ T5320] bch2_trans_commit_error+0x1b7/0x1130 [ 69.199995][ T5320] __bch2_trans_commit+0x1ce8/0x8880 [ 69.202387][ T5320] bch2_journal_replay+0x1789/0x2620 [ 69.204659][ T5320] __bch2_run_recovery_passes+0x395/0x1010 [ 69.206980][ T5320] bch2_run_recovery_passes+0x184/0x210 [ 69.209320][ T5320] bch2_fs_recovery+0x25fd/0x3950 [ 69.211635][ T5320] bch2_fs_start+0xa99/0xd90 [ 69.213470][ T5320] bch2_fs_get_tree+0xb02/0x14f0 [ 69.215406][ T5320] vfs_get_tree+0x92/0x2b0 [ 69.217426][ T5320] do_new_mount+0x24a/0xa40 [ 69.219318][ T5320] __se_sys_mount+0x317/0x410 [ 69.221431][ T5320] do_syscall_64+0xfa/0x3b0 [ 69.223532][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.226025][ T5320] [ 69.227071][ T5320] Freed by task 5320: [ 69.228797][ T5320] kasan_save_track+0x3e/0x80 [ 69.230810][ T5320] kasan_save_free_info+0x46/0x50 [ 69.233087][ T5320] __kasan_slab_free+0x62/0x70 [ 69.235209][ T5320] kfree+0x18e/0x440 [ 69.236994][ T5320] krealloc_noprof+0x1cd/0x340 [ 69.239203][ T5320] __bch2_trans_kmalloc+0x26c/0xc80 [ 69.241493][ T5320] __bch2_trans_subbuf_alloc+0x2da/0x460 [ 69.243915][ T5320] bch2_trans_log_str+0xd5/0x3c0 [ 69.246099][ T5320] __bch2_fsck_err+0xc11/0xfb0 [ 69.248073][ T5320] bch2_check_discard_freespace_key+0x71b/0xce0 [ 69.250817][ T5320] bch2_bucket_alloc_trans+0x1333/0x2410 [ 69.253164][ T5320] bch2_bucket_alloc_set_trans+0x5a6/0xe70 [ 69.255583][ T5320] __open_bucket_add_buckets+0x1437/0x1e40 [ 69.258189][ T5320] open_bucket_add_buckets+0x2ee/0x440 [ 69.260601][ T5320] bch2_alloc_sectors_start_trans+0xd26/0x1e80 [ 69.263599][ T5320] bch2_btree_reserve_get+0x641/0x1810 [ 69.266384][ T5320] bch2_btree_update_start+0x147e/0x1dc0 [ 69.269047][ T5320] bch2_btree_split_leaf+0x14b/0x8e0 [ 69.271325][ T5320] bch2_trans_commit_error+0x1b7/0x1130 [ 69.273761][ T5320] __bch2_trans_commit+0x1ce8/0x8880 [ 69.276139][ T5320] bch2_journal_replay+0x1789/0x2620 [ 69.278385][ T5320] __bch2_run_recovery_passes+0x395/0x1010 [ 69.280756][ T5320] bch2_run_recovery_passes+0x184/0x210 [ 69.283072][ T5320] bch2_fs_recovery+0x25fd/0x3950 [ 69.285370][ T5320] bch2_fs_start+0xa99/0xd90 [ 69.287392][ T5320] bch2_fs_get_tree+0xb02/0x14f0 [ 69.289551][ T5320] vfs_get_tree+0x92/0x2b0 [ 69.291422][ T5320] do_new_mount+0x24a/0xa40 [ 69.293720][ T5320] __se_sys_mount+0x317/0x410 [ 69.295835][ T5320] do_syscall_64+0xfa/0x3b0 [ 69.297867][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.300575][ T5320] [ 69.301582][ T5320] The buggy address belongs to the object at ffff8880401bd400 [ 69.301582][ T5320] which belongs to the cache kmalloc-512 of size 512 [ 69.307552][ T5320] The buggy address is located 288 bytes inside of [ 69.307552][ T5320] freed 512-byte region [ffff8880401bd400, ffff8880401bd600) [ 69.313379][ T5320] [ 69.315881][ T5320] The buggy address belongs to the physical page: [ 69.318605][ T5320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x401bc [ 69.322441][ T5320] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 69.326453][ T5320] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 69.329947][ T5320] page_type: f5(slab) [ 69.331706][ T5320] raw: 04fff00000000040 ffff88801a441c80 ffffea0001007400 dead000000000004 [ 69.335538][ T5320] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 69.339318][ T5320] head: 04fff00000000040 ffff88801a441c80 ffffea0001007400 dead000000000004 [ 69.343031][ T5320] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 69.346622][ T5320] head: 04fff00000000001 ffffea0001006f01 00000000ffffffff 00000000ffffffff [ 69.350318][ T5320] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 69.354183][ T5320] page dumped because: kasan: bad access detected [ 69.357069][ T5320] page_owner tracks the page as allocated [ 69.359671][ T5320] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5017, tgid 5017 (dhcpcd), ts 43151487685, free_ts 33737505603 [ 69.368326][ T5320] post_alloc_hook+0x240/0x2a0 [ 69.370623][ T5320] get_page_from_freelist+0x21e4/0x22c0 [ 69.373026][ T5320] __alloc_frozen_pages_noprof+0x181/0x370 [ 69.375574][ T5320] alloc_pages_mpol+0x232/0x4a0 [ 69.377495][ T5320] allocate_slab+0x8a/0x3b0 [ 69.379230][ T5320] ___slab_alloc+0xbfc/0x1480 [ 69.381221][ T5320] __kmalloc_noprof+0x305/0x4f0 [ 69.383333][ T5320] tomoyo_init_log+0x1a6e/0x1f70 [ 69.385442][ T5320] tomoyo_supervisor+0x340/0x1480 [ 69.387678][ T5320] tomoyo_path_number_perm+0x438/0x5a0 [ 69.390118][ T5320] security_path_chmod+0x136/0x350 [ 69.392233][ T5320] chmod_common+0x182/0x400 [ 69.394217][ T5320] do_fchmodat+0x12d/0x200 [ 69.396164][ T5320] __x64_sys_chmod+0x62/0x70 [ 69.398158][ T5320] do_syscall_64+0xfa/0x3b0 [ 69.399887][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.402302][ T5320] page last free pid 4721 tgid 4721 stack trace: [ 69.405162][ T5320] __free_frozen_pages+0xc71/0xe70 [ 69.407292][ T5320] __slab_free+0x326/0x400 [ 69.409253][ T5320] qlist_free_all+0x97/0x140 [ 69.411232][ T5320] kasan_quarantine_reduce+0x148/0x160 [ 69.413471][ T5320] __kasan_slab_alloc+0x22/0x80 [ 69.415529][ T5320] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 69.417866][ T5320] getname_flags+0xb8/0x540 [ 69.419827][ T5320] __x64_sys_symlink+0x5d/0x90 [ 69.421835][ T5320] do_syscall_64+0xfa/0x3b0 [ 69.423672][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.426309][ T5320] [ 69.427204][ T5320] Memory state around the buggy address: [ 69.429425][ T5320] ffff8880401bd400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.432724][ T5320] ffff8880401bd480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.436269][ T5320] >ffff8880401bd500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.439666][ T5320] ^ [ 69.441794][ T5320] ffff8880401bd580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.445095][ T5320] ffff8880401bd600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.448281][ T5320] ================================================================== [ 69.460083][ T5320] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.463174][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 69.468127][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.473011][ T5320] Call Trace: [ 69.474496][ T5320] [ 69.475792][ T5320] dump_stack_lvl+0x99/0x250 [ 69.478974][ T5320] ? __asan_memcpy+0x40/0x70 [ 69.481064][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.483172][ T5320] ? __pfx__printk+0x10/0x10 [ 69.484996][ T5320] panic+0x2db/0x790 [ 69.486585][ T5320] ? __pfx_panic+0x10/0x10 [ 69.488469][ T5320] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 69.491539][ T5320] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.494713][ T5320] ? print_memory_metadata+0x314/0x400 [ 69.496967][ T5320] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 69.499649][ T5320] check_panic_on_warn+0x89/0xb0 [ 69.501969][ T5320] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 69.504522][ T5320] end_report+0x78/0x160 [ 69.506489][ T5320] kasan_report+0x129/0x150 [ 69.508472][ T5320] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 69.511087][ T5320] bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 69.513375][ T5320] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 69.515762][ T5320] ? __pfx_bch2_bucket_alloc_trans+0x10/0x10 [ 69.518332][ T5320] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 69.520749][ T5320] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 69.523351][ T5320] bch2_bucket_alloc_set_trans+0x5a6/0xe70 [ 69.525811][ T5320] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 69.528310][ T5320] ? __open_bucket_add_buckets+0x783/0x1e40 [ 69.531003][ T5320] __open_bucket_add_buckets+0x1437/0x1e40 [ 69.533479][ T5320] open_bucket_add_buckets+0x2ee/0x440 [ 69.535951][ T5320] bch2_alloc_sectors_start_trans+0xd26/0x1e80 [ 69.538503][ T5320] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 69.540703][ T5320] bch2_btree_reserve_get+0x641/0x1810 [ 69.542824][ T5320] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 69.545430][ T5320] ? __pfx_bch2_btree_reserve_get+0x10/0x10 [ 69.547984][ T5320] ? __pfx___bch2_disk_reservation_add+0x10/0x10 [ 69.550865][ T5320] ? bch2_btree_update_start+0xadb/0x1dc0 [ 69.553378][ T5320] bch2_btree_update_start+0x147e/0x1dc0 [ 69.555688][ T5320] ? bch2_btree_split_leaf+0x14b/0x8e0 [ 69.558088][ T5320] ? __pfx_bch2_btree_update_start+0x10/0x10 [ 69.560513][ T5320] ? bch2_journal_replay_key+0x44f/0xb10 [ 69.562958][ T5320] ? __asan_memset+0x22/0x50 [ 69.565009][ T5320] ? __bch2_bkey_unpack_key+0x98b/0xe10 [ 69.567325][ T5320] ? bch2_btree_path_peek_slot+0x3f4/0xfe0 [ 69.569868][ T5320] ? __build_rw_aux_tree+0x6ed/0x880 [ 69.572203][ T5320] bch2_btree_split_leaf+0x14b/0x8e0 [ 69.574540][ T5320] bch2_trans_commit_error+0x1b7/0x1130 [ 69.576931][ T5320] ? bch2_journal_replay+0x1789/0x2620 [ 69.579347][ T5320] ? six_unlock_ip+0x302/0x430 [ 69.581489][ T5320] ? __pfx_bch2_trans_commit_error+0x10/0x10 [ 69.584081][ T5320] ? bch2_trans_unlock_updates_write+0xc22/0xd50 [ 69.586524][ T5320] __bch2_trans_commit+0x1ce8/0x8880 [ 69.588555][ T5320] ? bch2_journal_replay+0x1789/0x2620 [ 69.590913][ T5320] ? bch2_journal_replay_key+0x636/0xb10 [ 69.593559][ T5320] ? __pfx___bch2_trans_commit+0x10/0x10 [ 69.596066][ T5320] ? __pfx_bch2_journal_replay_key+0x10/0x10 [ 69.598659][ T5320] ? bch2_journal_replay_key+0x1dc/0xb10 [ 69.601160][ T5320] ? __bch2_trans_get+0x9c2/0xd80 [ 69.603350][ T5320] bch2_journal_replay+0x1789/0x2620 [ 69.605644][ T5320] ? __pfx_console_unlock+0x10/0x10 [ 69.607851][ T5320] ? irq_work_queue+0xbc/0x140 [ 69.609843][ T5320] ? __wake_up_klogd+0xd9/0x110 [ 69.611919][ T5320] ? __pfx_vprintk_emit+0x10/0x10 [ 69.614024][ T5320] ? __pfx_bch2_journal_replay+0x10/0x10 [ 69.616391][ T5320] ? do_raw_spin_lock+0x121/0x290 [ 69.618514][ T5320] ? __bch2_print+0x176/0x220 [ 69.620547][ T5320] ? __pfx___bch2_print+0x10/0x10 [ 69.622773][ T5320] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.625017][ T5320] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.627326][ T5320] __bch2_run_recovery_passes+0x395/0x1010 [ 69.629805][ T5320] bch2_run_recovery_passes+0x184/0x210 [ 69.632218][ T5320] bch2_fs_recovery+0x25fd/0x3950 [ 69.634328][ T5320] ? check_noncircular+0xe0/0x160 [ 69.636463][ T5320] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 69.638831][ T5320] ? __lock_acquire+0xab9/0xd20 [ 69.640975][ T5320] ? __lock_acquire+0xab9/0xd20 [ 69.642955][ T5320] ? __lock_acquire+0xab9/0xd20 [ 69.645050][ T5320] ? bch2_fs_start+0x9fe/0xd90 [ 69.647054][ T5320] ? up_write+0x1c4/0x420 [ 69.648656][ T5320] ? bch2_fs_start+0x5c4/0xd90 [ 69.650464][ T5320] bch2_fs_start+0xa99/0xd90 [ 69.652274][ T5320] ? bch2_fs_start+0x5c4/0xd90 [ 69.654204][ T5320] ? __pfx_bch2_fs_start+0x10/0x10 [ 69.656410][ T5320] ? sget+0x267/0x620 [ 69.658149][ T5320] bch2_fs_get_tree+0xb02/0x14f0 [ 69.660450][ T5320] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 69.663211][ T5320] ? aa_get_newest_label+0xf7/0x5d0 [ 69.666018][ T5320] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 69.669098][ T5320] ? apparmor_capable+0x137/0x1b0 [ 69.671851][ T5320] vfs_get_tree+0x92/0x2b0 [ 69.674377][ T5320] do_new_mount+0x24a/0xa40 [ 69.677074][ T5320] __se_sys_mount+0x317/0x410 [ 69.679559][ T5320] ? __pfx___se_sys_mount+0x10/0x10 [ 69.682433][ T5320] ? do_syscall_64+0xbe/0x3b0 [ 69.684991][ T5320] ? __x64_sys_mount+0x20/0xc0 [ 69.687526][ T5320] do_syscall_64+0xfa/0x3b0 [ 69.689900][ T5320] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.692388][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.695160][ T5320] ? clear_bhb_loop+0x60/0xb0 [ 69.697286][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.700083][ T5320] RIP: 0033:0x7f61ba7900ca [ 69.702083][ T5320] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.710036][ T5320] RSP: 002b:00007f61bb69ce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.713362][ T5320] RAX: ffffffffffffffda RBX: 00007f61bb69cef0 RCX: 00007f61ba7900ca [ 69.716554][ T5320] RDX: 00002000000000c0 RSI: 0000200000000000 RDI: 00007f61bb69ceb0 [ 69.719985][ T5320] RBP: 00002000000000c0 R08: 00007f61bb69cef0 R09: 0000000000800000 [ 69.723221][ T5320] R10: 0000000000800000 R11: 0000000000000246 R12: 0000200000000000 [ 69.726628][ T5320] R13: 00007f61bb69ceb0 R14: 000000000000595d R15: 0000200000005b40 [ 69.730087][ T5320] [ 69.731729][ T5320] Kernel Offset: disabled [ 69.733531][ T5320] Rebooting in 86400 seconds..