program: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6}]}) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000180)={@private2, 0x0}, &(0x7f00000001c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000003c0)={'ip_vti0\x00', &(0x7f0000000300)={'syztnl0\x00', r5, 0x80, 0x8, 0xb, 0x7, {{0xf, 0x4, 0x1, 0x2a, 0x3c, 0x67, 0x0, 0xf, 0x4, 0x0, @loopback, @multicast1, {[@generic={0x1, 0x3, '$'}, @timestamp_prespec={0x44, 0x24, 0x88, 0x3, 0x2, [{@loopback, 0x3}, {@rand_addr=0x64010102}, {@multicast2}, {@empty, 0x1}]}]}}}}}) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r6, 0x3) accept4(r6, 0x0, 0x0, 0x800) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) close_range(r4, 0xffffffffffffffff, 0x0) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) read$FUSE(r1, &(0x7f0000002c80)={0x2020}, 0x2020) vmsplice(r2, &(0x7f00000013c0)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) syz_mount_image$bcachefs(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x800000, &(0x7f0000000240)=ANY=[@ANYBLOB="76657273696f6e5f757067726164653d636f6d70617469626c652c726174656c696d69745f6572726f72732c70726a71756f74612c0000000072713d636f6e74696e75652c0007c1128846117e4ee8027f12843025f64a7087374f58467cf3c6caefa860479e313d70ea80d99dcfc5ee0c9ae4c99ac08df714f64278c1d434091f8c0dbef87b34f941c5527587315ac8b84765c5493eb3f725f1436f903b5280fd33f7f696ad6b26b5e5492ca1068b337d3c7aa3"], 0x1, 0x59a2, &(0x7f0000005b00)="$eJzs3X+QXFW9IPBzu3synZlMMgnwiCCTIZD3ePA0E34V6qtn3lufvgIeFQtLCRuBgUwwmoRUEgQCSnDBhQIstLQU9Q+0kFo0WlSBSqREfmzCKkqxutQWUiu76B9uIUtKIMtarvNqpu/p9NzpO7enpyc/yOdTydw+p29/z/fee/r2Pad7pgMAAABHhD23bN13wXH//LPPjLxx47/8aONNobc8Xl+NK/Sny2sPVoYcSN2VxePLbL/4m+u//bvBK/7ppw/0fOvN3WtPXPfr9x11xSMfP3fX3V97/PW+h/7yUlHc2J9O3V9OXklCqP5475c+u/vpY8fqkhBCOenfEcLCZNHjC5NMiKE/hRDWpoXFmTsffOOMdWPLm27vnlC/ILOe/n5kq6b9bPu+a04Lv/nH1Tf/Ysn3vtu18+Ud+1dJqg39KYT5lzU+viuEMDf9Pyb2ttgfY6ddFULoaXjcOQV5ndRi/stzysenyznpsrcgTrx/aaZcyqyXLUddmWVPQXszlZdHu+sVmZcpZ09GM5WXZ6xfmC5/mC5PnWb8cvyfhFISKvX0NyT7+0hoOG5JSMaPZbVeLtWPbUi3P1NOMuVSplzuymzXeLtpRysnycT6uF6mPp6OK2n9iY3n6iYuzKl/W7qspk/UN2M5ZG/U9E66Ud+ucTGvvVPkciCUGs5BzerrBz49GL0hvK9vbJksmvSY0SbifbtX37GsvOaJPf05eSQPJGn8ZLzN6cbf/vOF8y75zm1XZ1/X6/EvK6XxS5n4SUvxXzzvmVcvvu2bX82Nf1eMX24r/9Mf7XnlvCdvWZq7f/bG/VNpK/7wS0/dueToy3fm5n9PjF9tK/7KXc909+179LHc/Ifi/pnbVvwX3vP+397/3MMvH5cXP8T4PW3FX7Nr8+e6B/adkpv/Y3H/9LYV/8XXdp79/MDA7wcbH3BK3/74z8b4fW3Fv2/H3e++d8Ht5+Ye31Vx//S3Ff/8kx+5ed6+h0/IO3cm93TqlRPgyHRUesl4a1pud5w5Uw3jha8MVmpXSfPS/32dbChz8TnWzvxOxgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEMIxp/2XD/yvD/e/UknL3emNF0q1ZayfE0IyN4Swddvwlm3rN105+PGrrt6yaXjD4PC2wZFN27ZcN3jm3w1uGdm8Yfi6sXuH3nFG7XGLQlJbJidMart7dHS01D+xLrb3707e+Ztl5/zvP4QwdMyvBiq5+S+/e+O9Rzf5mZGsHH3vxqsv+NVZ30i3qz/Nq79JXqOjo6OhP8xtltf/uejP935h7+9OCWHor6bK66kX/uEnExIar9gfJ1XqDrWEupOepnnUs073U9xflXXrN4wMTb1/xx5fztm///76l/+07trP/7m2f6u529Hi/p27cnRD6curz///X76hVlGU18E67kX7O25FzC/uv2q6v+en2zU/Z7sqOdt1yy8ee+7Hx932+o4wVHltyeS2i7arK+0AXcnbWmo3ttCTLJxQX03Xj0c8Pm75to2bl2+9bvs71m8cvnLkypFN71px5oqzh846+6zl41u+vMPbH9v/6xa3/8D0pwWf3PHD+LO1/lSUV9H+GMureH80ZpT3/Ou58LNffNfdT15Qqyjq53Ht+vkkXfaMHecVoaG/Td5XzbaraD+EEAab7YdXXz83HPvf199cdB5qPDKNPzOSlaNPL/3jN875+uK/r1W0cJ4P2bzOm+55vjGh9Dw/Z+Jqhef5etb78xnfX9X0eIweovu3O5TT7eptmteKp5/sumPPHz5Vz2/OnHDt8LZtW1bUfs5LM52XHN80r2xt3K4l4z/LId0tod5Nm/TXMV2hll/2/BlXz+7V3vS+3mRR0+3KivftXn3HsvKaJ/bk7enkgVqLc0NfbZm8PWfNDZkHlusJN2v/UH3+FfWPgQ98/aEPP/SDMyf1j9NrP4u2K8nZru89d98Xv/X5//iDzm3XB/7hmf4//o+PLatVtHNeCR04r0z3+rGedZpP0nheOT2EouffktB8O3Kff6Xm21P0/Mu2s3/95vEGM+XeUG7r+Xr6oz2vnPfkLUtzn697Jz9fm697w4RSueD5eqj0n+zzK6lMzGP2nl8TOkqycvSntx614/EbVx1Xqyjq1/W1m/XrM1oYf+Rs108ufn7gqsH/8N86d9749t89eOmvh1d+ulbR/nGPuXTmuFfT/VvN2b/1rOO4s3H/vvOKqzasrdUfute/6bJg/BNPJVuv2/6J4Q0bRrZsbW27Wn09je1k93K7r6fx7LaoYLtKk7Zr9m60sr9afb7F/Ne2vb8mPt96Q9LW68L2ny+cd8l3bru6f9Kj0oYuK6XxS23Ff/G8Z169+LZvfjU3/l0xfqWt+MMvPXXnkqMv35kb/54kjV9tK/7KXc909+179LHc+EMx/7nN4peL4r/wnvf/9v7nHn45N36I8Xvb2/+v7Tz7+YGB3+fGfzZJ2xm7RgrhwTfOWFcrJ6Erfb7FPLom5BWy5SRTLmXK5cZyKY4d0wbKSTKxPq6X1p/YkEszH8mpj1dh1cW15ZuxHLI3pq4/1JQazv3N6ouuUwEA3uri+//xGjS+/z+SXijlzzTAfjMdhy3OiRvHYfvncya+s7Y4jR8fH+cBB94ZhsaWNw3WLvSn+z5CfD5k5zljO6ecNDFGu/OcRfPvSzPlmFdtvrzSMA5NTR7XVEIL8++T25l6/j2z+cXvZw3eOimtwYZ5q+zx60pnzJp93iGTb2UsQl7/yM6Lxc9zDMwPq8bba7F/ZD9HE49D9nM0sZ3jMifOdj9HM9P+EdOeon+Mp1z8fuTk4xem2L/7j1/zaNnjN43jXR1bf7bfn+3AvGHTU9qBmzec3ffD3qLzkoXxW52XPNTnDWN93I5Ki/OJH86prz1rd9TL7c4nxtNFzGvvFLkcCOYTgbeqZuP/sQvw/5tZr+g6NHvVGF9zcj8nVG6eT9G4Y/Ln9Hraeh1fs2vz57oH9p2Se53zWKuf09s8odRT8Lmfov24LFMu3I85EzRF471sO0X7Pfu5jN7Q19Z+v2/H3e++d8Ht5+bu91W1F9K5paL9/sUJpb6C/X4YjBeaxzdeOCLGC7M9f3bQxiPpB59mazzyoZz66X6+oWfSjfp2jTvsxiNdBzYvAODwEcf/9ffP0vH//4wrpNcRRePWUzPlGC933JpzfZI3bv3XdHltZv3e9DcqpnvdfP7Jj9w8b9/DJ+SOW+5Jx6GF4///NKHUXzgOndm4OXccsaoznxfPHUfUx1kzGyfm5l8fJ85snJ4bvz5On9k4Onf/1MfRM5sHyI1fnwc43Me5BfN1mcZisdX5urfsODr99dnpjqPjKbdoHH1hTv10x9G9k240JGEcDQBw0MXxf7yMi+P/JzPrzfR99txxQYeu27N/D6Qe/9mWx5VJYzHe1/q4crbHfbM9bp3tcf1sz0tMY1w851AcF8/2vNDszpMdbuPiVt9fbnlcnDZqXAwAwKEsjv/jH7vPH//PbHzSbPzWNWF8Mtvv+x6a4/Mbn07H580uuo/U8fnh+L51TvxDZ/7L+H9Wx/+xHLI3aoz/AQA4FMTxf/y1x/j3//5zWs7+3fojdZx+RL2P/v9GR0eN0yfGP2Dj9M7PswWfAzi48wAN3yRqHgAAgIOha3ykNPn37D+aLrO/Z5/3e/kX56zfqkp6eXz5ti0jI5devXnt8LaRSzddtXZk66XXbFm/bdvIptp6Mx035o5b0nFjV6ik+6P5etlx24L07yEsyPl7CNn1Y9jjx29M/nsI2WbnFvwdgf3Hr7V8845faYr1m/WPvOOdF/8jOetH9eN/xcdOv3Td1kvXb1q/bf3whvXbRyauNzZq7ZnG92bG3TKt70vN/JikNP3v7+xMHqVJeXSl+yPv+9mTiXnU/z7+wrzvP8jJ+2f/9QufPHn0z/eHMHRM+e0z2n/JytHvXzTyr9v2/GrzWP6lKfOvr5nmVfR9pdn14/ZUNly1ddtp6666elP2GyXbE+czSvXyLM1npE//covzE2ty6qf7OYXypBuNHpoigwOr5fkJAAAmiO//x+vZ+P7h59MLqFjf+jh9Zp/zzh2nD7U2Ts9+L1nROD27ftzeVsfp1RmO07PtF43Tm63fbJyeN+7Oi/+hnPWnq/V+MrPPeeT2k8ta6yfZ7zMo6ifZ9afbT5IZ9pNs+0X9pNn6zfpJ3nHPi//BnPXztN4fZva5nNz+cFdr/eFvM+Wi/pBdf7r9oTTD/pBtv6g/NFu/WX/IO7558S/IWb9VE/vHWMcY7xcjl15z1ZZPNKw3299/MfP8Zvf7P9rVev6z+/tZs5//7H6ubPbzn9nnynLzf3ZmM2Gt5z+73+/SrgM2X5t+2Kzo82dF87irc+qnO49ba7s8MYlDkHlcOHji+D++3RPH/7eny5yv6Wvb4f89aQfue8zmTiP+ofP5+9m9jjmyX88bbuT8vYiDzes5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGu6K4vHl3tu2brvguP++WefGXnjxn/50cab/ub6b/9u8Ip/+ukDPd96c/faE9f9+n1HXfHIx8/ddffXHn+976G/vFQYuH/8Z+XUtFgNIXklCaH6471f+uzup48dq0tCCOWkf0cIC5NFjy9MMhGG/hRCWFvPc+KdD75xxrqx5U23d0+oX5AJkt2u0FuO+TTmGcK1hVvEYaia9rPt+645LfzmH1ff/Isl3/tu186Xd+xfJak29KcQ5l/W+PiuEMLc9P+Y2NsWxweny1UhhJ6Gx51TkNdJLea/PKd8fLqcky57C+LE+5dmyqXMetly1JVZ9hS0N1N5ebS7XpF5mXL2ZFRTaTt+Xp6xfmG6/GG6PHWa8cvxfxJKSajU09+Q7O8joeG4JSEZP5bVerlUP7Yh3f5MOcmUS5lyuSuzXePtph2tnCQT6+N6mfp4Oq6k9SeO51jO3e4Lc+rfli6r6RP1zVgO2Rs1vZNu1LdrXMxrb24mB0ap4RzUrL5+4NOD0ZvW9SaLJj1mtIl43+7Vdywrr3liT39OHskDSRo/aSv+9p8vnHfJd267enFe/MtKafxSW/FfPO+ZVy++7ZtfzY1/V4xfbhb/nrwm4gqnP9rzynlP3rI0d//sjfun0lb+wy89deeSoy/fmZv/PbX4z4VqW/FX7nqmu2/fo4/l5j8U98/ctuK/8J73//b+5x5+OTd+iPF72oq/Ztfmz3UP7DslN/5jcf/3ttd/Xtt59vMDA78fzIv/bIzfN5349RPZfTvufve9C24/N/f4ror7p7+t/M8/+ZGb5+17+IRqXvx7OvXKCXBkOiq9xro1Lbc7zpyphvHCVwYrtWu+een/vk42lDHWzvxZjA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFvTL28486MXvfeDqytJCEnOOqNNxPvKc1auHGyj3eGXnrpzydGX72ysW9xGHAAAAKBYHIeX6jXVsDhck8wNxzddP84RHB9LycT67BxCjJOdI2g3Tqm9ON+/JBOn3KF8Kh2K09WhOHM6FKe7Q3GqBXGqobU4c6eIUxnrFS3m0zNlPq3H6e1QnHkditPXoTjzOxRnQYfi9E8Zp/V+uLBDcRZ1KM5RHYpzdIfiHNOhOH/VRpw5TeIc26F8snPK0+2Hfemax+XFGb9RLoxTScr1O5rNpx+btnPCDNvpTduZkzNv31f0etxiO3MLtie2c1LmcaVptlNtsZ2/nmE7SYvt/O0M2ykVtBP77bXZ/GI7sdRi/7+uQ3G2dyjO9R2Kc0OH4nyqQ3E+3aE4N84wDkCr4vh//3ivP3RX/j4sSM842VmAON5dMv5z8utd3gmpJ4309kz9nKJ42YF6Jt6S6eaXnUDIxFuaqe+aEK9SH49MEa/aGG9Z5s7C7c1OKGTyOzVT310ULzuxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACz6Jc3nPnRi977wdUhCWP/mhptIt5XnrNy5WAb7e5efcey8pon9jTWdVfaCAQAAAAUiuPwrnpNNXRXVoTuZM6E9arpPEA1LZf7a8uB+WHV2DIZLI2Xe5KFUz6ukj5u+baNm5dvvW77O9ZvHL5y5MqRTe9aceaKs4fOOvus5evWbxgZqv0MobsgXghhfPph63XbPzG8YcPIlq21ymz+i9PHLU7LSfq4gXeGobHlTWn+iwraK01qb/ZuFB89AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4N3btLkTOq3wA+HlnZmem2+bf/WM/pqHZDvkoUYsmcSuplu4LgoU2CVkKMlNdS7AJFjdNaJMS69gGbGuDIrQEQiQXRmKxtXjTD1vEfhCIaDTgxiBt0V7ohdJqJS25kJSR7M6ZnZmdyaxjadr4+12877zPec553jMXC8/ZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeH9N18YmK+MT1eEkhKRHTr2LOJbNp2l5gLpfen779wqjp1a2xgq5ARYCAAAA+op9+FAzUgyFXDZkwxUzT0tDy0CY6/sBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/PdO1scnK+ET1wiSEpEdOvYs4ls2naXmAuq+//eSnXxkd/WtrrDTAOgAAAEB/sQ/PNCPFUArLwlByRVtePBtY3DG/My+us2SBeZ1nB73yli0w7+oF5n20T96Gxn1XAAAAgA+/2P/nmpGRUMgt6tn/9+vrY95VHXnZxn2Q3woAAAAA/53Y/xeakVIo5ErNfn2h/f7Sjrw4v9//7eP8FT3m9/t//vrG3f/pAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODDY7o2NlkZn6hmkxCSHjn1LuJYNp+m5QHqrnlh+O83H35waWuskBtgIQAAAKCv2IfPtd7FUMgNh6Fw4UzfP3rjgae/8PSzYyGE2TY/nw+7Nu3Ycdea2WvMW3308NB3j7z5zXl5q2ev52yDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAe2a6NjZZGZ+oXpCEkPTIqXcRx7L5NC0PUPe1z37+z4+feO6N1lhpgHUAAACA/mIfPtf7F0Mp5EM+XDbz1Nrrn5HpmN/rzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4f9z99Xu/tmlqavNdPvjggw/ND+f6LxMAAPBeuyokof4funzjuX5rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgg2C6NjZZGZ+oFpMQkh459S7iWDafpuUB6qbPHyssOvXCS62x0gDrAAAAAP3FPnyu9y+GUhgKQ+HSmaduZwIz/f/I+/iSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAfKdG1ssjI+UV2UhJD0yKl3Ecey+TQtD1D3sd37P3Po4u/c1Bor5AZYCAAAAOgr9uH5ZqQYCrmPhUK4svE81T4hyTbu3c8F5uZtb5s2vOB5tbZ52QXPe7hjZ7nGbmbnFeN6I7P35rzy/Hnllnml0CxfbpsX9rbNWtTnPQMAAACcQ7H/LzQjI6GQK7T0uT9uyx/R5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPUzXxiYr4xPVJAkh6ZFT7yKOZfNpWh6g7r2/+f+LvvyTPTtbY6UB1gEAAAD6i334XO9fDKWwJPxfWDLT94eR9vyY94/K6UOP/vMvK0NYddnx0Vwj2jwX+EHM/+VrN7zYeQkh075oy2PSo96vf/foPcvrpx8PYdWl2StzPffTvV77kmn9mcrm9TuOHN9+1q8GAAAAzhux/x9qRkZCIXdnz/4/dt7d+//5Zhrwi+/Z/bNLGtdGR94xIzPSqJfpUe9zy5/804q1f3vzTP9/tnqf3L/10CVtBWcjHZK0Pr5154bj1x7MxF3P1s921I/fyxe/8ca/tux65PRs/WIoNuKLc93qz792uCCtT2X2Vde9u6/WXj/XY/8P/valE79YvOedM/Xfvmq4Wf/qs+z/7PWHb3lo73X7D29orx9CKHer/9Y7N4XL/3DHA537H+5YuPWbb712SNL60aUnD649ULq+vX7SUT9+/z898djeHz3y7Wdj/fhbkZXLFlo/01H/Vw9/ZPfL929c3F4/02P/L976yui28rd+37n/29tWzfV8i/n7f+Kap257dVN6X+cQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA+WW6NjZZGZ+oZpIQkm4JxRDqXcThbD5NywPUff3mY2/duueH32+NlQbZAAAAANBX7MPnev9iKIV8yIfhmb7/mcrm9TuOHN8eRmZHk8Y9N7Xt7h0f37Jt5523n6M3BwAAABYq9v+5ZmQkFHLLw1Cj/x/funPD8WsPZmL/n4n9/5Y7pjavCjHvTGj3y/dvXNw8Jwhh5mcBxTN5n2rm1W+84djIyT9+dUXXvDVzeUeXnjy49kDp+pgXWvNWh+b5xBPXPHXbq5vS+5rv15r3ia9sm2ocT8R1h295aO91+w9vaO6jcR9urBvzpjL7quve3VeLednGvdjYNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw33RtbLIyPlEN2RCSHjn1LuJYNp+m5QHqrlv+8wcuOvXcktZYITfAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2YHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoK+/UTGkcVxwH8vd2N2WaTNmkFo2KaVkWpB4uCiF5UVKQVKXiqFKm29iAKgohSD6bSiqUqXgSrlyIqqFEKCjYWS6uk4r/ixYMKCtWDUIoBbSgejGTzZruZZFw7qYL284Hh5b2Z+c5v5r2dzQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCf0l0bbLaHdzw8eccFt3z25H0nnrjtgwe3Xfb4mz8Nb7rp0709r50c37xiy7c3L9u0//41Y7tfPvRb33t/HO0Y/NhMsyp16yHE4zGE+ocTLzw1/vl502MxhFCN/SMhDMSlhwZiLmH17yGEza06Z+9898TVW6bbbbu6Z40vyYXk7ys0qlk9M/pn18v/Sz2ts62Tj14Rvr9x/fYvl7/zdtfosZFTh8R623oKYfHG9vO7QgiL0jYtW22D2cmpXRdC6Gk779oOdV38N+u/sqB/YWrPSW2jQ062f2WuX8kdl+9nunJtT4frLVRRHWWP66Q318+/jBaqqM5sfCC176d21WnmV7MthkoMtVb5D8RTayS0zVsMsTmX9Va/0prbkO4/14+5fiXXr3bl7qt53bTQqjHOHs+Oy41nr+NaGl/R/q6ex50F4+entp4+qCezfsj/MaMx54/WfTVldU38RS3/hkrbO2i+8dbEp8lopLFGXDrnnKk5alPZvvH1z1xa3fDR4f7ZcS1xb0z58TTyp1r5W78Y6L37rZ2PDBbcZ9xYSfmVUvk/rD3yy107X3mpMP/5LL9aKv+qAz3H1368Y2V/Uf5E9nxqpfLvOfrJs8vPvXd0vrlu5u/J8uul8m8YO9LdN3ngYGH9q7Pns6hU/nfX3/rjG1/vO1aYH7L8nlL5G8Yeeq57aPLywvyDMx+FRnOFllg/v45e883Q0M/DRflfZc+/b5782DH/9ZHd1726ZNeawvW5Lns+/aXqv/2S/dt7J/ddVPTujHvO1DcnwNlpWfof6+nUL/s7c6Hafi+8OFyb+QbqTVvfmbxQzvR1Fv+D+QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8yQ4ckAAAAAAI+v+6HYECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVAAD//7zCH48=") [ 68.616675][ T4669] Bluetooth: hci0: command tx timeout [ 68.661503][ T25] audit: type=1326 audit(1743606220.278:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5321 comm="syz.0.0" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa601f8d169 code=0x0 [ 69.071388][ T5324] loop0: detected capacity change from 0 to 32768 [ 69.081562][ T4669] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 69.085277][ T4669] CPU: 0 UID: 0 PID: 4669 Comm: kworker/u5:1 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) [ 69.085295][ T4669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.085304][ T4669] Workqueue: hci0 hci_rx_work [ 69.085423][ T4669] Call Trace: [ 69.085429][ T4669] [ 69.085435][ T4669] dump_stack_lvl+0x241/0x360 [ 69.085458][ T4669] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.085475][ T4669] ? __pfx__printk+0x10/0x10 [ 69.085491][ T4669] ? kernfs_path_from_node+0x2b/0x250 [ 69.085542][ T4669] ? kernfs_path_from_node+0x217/0x250 [ 69.085558][ T4669] sysfs_create_dir_ns+0x2fd/0x3f0 [ 69.085572][ T4669] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 69.085592][ T4669] kobject_add_internal+0x435/0x8d0 [ 69.085612][ T4669] kobject_add+0x15b/0x230 [ 69.085627][ T4669] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.085650][ T4669] ? device_add+0x3e7/0xbf0 [ 69.085665][ T4669] ? __pfx_kobject_add+0x10/0x10 [ 69.085680][ T4669] ? _raw_spin_unlock+0x28/0x50 [ 69.085699][ T4669] ? get_device_parent+0x165/0x410 [ 69.085715][ T4669] device_add+0x4e5/0xbf0 [ 69.085736][ T4669] hci_conn_add_sysfs+0xe8/0x200 [ 69.085754][ T4669] le_conn_complete_evt+0xc6e/0x12a0 [ 69.085776][ T4669] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 69.085786][ T4669] ? __mutex_unlock_slowpath+0x229/0x800 [ 69.085800][ T4669] ? __skb_clone+0x5c/0x6d0 [ 69.085815][ T4669] ? skb_pull_data+0x112/0x230 [ 69.085832][ T4669] hci_le_conn_complete_evt+0x18c/0x420 [ 69.085856][ T4669] hci_event_packet+0xa5c/0x1550 [ 69.085875][ T4669] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 69.085896][ T4669] ? __pfx_hci_event_packet+0x10/0x10 [ 69.085914][ T4669] ? kcov_remote_start+0x450/0x7d0 [ 69.085924][ T4669] ? lockdep_hardirqs_on+0x9d/0x150 [ 69.085939][ T4669] ? hci_send_to_monitor+0xdc/0x530 [ 69.085952][ T4669] hci_rx_work+0x3f3/0xdb0 [ 69.085975][ T4669] ? process_scheduled_works+0x9cb/0x18e0 [ 69.085987][ T4669] process_scheduled_works+0xac3/0x18e0 [ 69.086014][ T4669] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.086030][ T4669] ? assign_work+0x367/0x3d0 [ 69.086071][ T4669] worker_thread+0x870/0xd50 [ 69.086095][ T4669] ? __kthread_parkme+0x1a8/0x200 [ 69.086110][ T4669] ? __pfx_worker_thread+0x10/0x10 [ 69.086121][ T4669] kthread+0x7b7/0x940 [ 69.086139][ T4669] ? __pfx_worker_thread+0x10/0x10 [ 69.086173][ T4669] ? __pfx_kthread+0x10/0x10 [ 69.086189][ T4669] ? __pfx_kthread+0x10/0x10 [ 69.086205][ T4669] ? __pfx_kthread+0x10/0x10 [ 69.086220][ T4669] ? __pfx_kthread+0x10/0x10 [ 69.086235][ T4669] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.086251][ T4669] ? lockdep_hardirqs_on+0x9d/0x150 [ 69.086263][ T4669] ? __pfx_kthread+0x10/0x10 [ 69.086280][ T4669] ret_from_fork+0x4b/0x80 [ 69.086293][ T4669] ? __pfx_kthread+0x10/0x10 [ 69.086309][ T4669] ret_from_fork_asm+0x1a/0x30 [ 69.086332][ T4669] [ 69.086354][ T4669] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 69.208933][ T4669] Bluetooth: hci0: failed to register connection device [ 69.503385][ T5324] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,prjquota,nojournal_transaction_names [ 69.510384][ T5324] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 69.513808][ T5324] bcachefs (loop0): Version upgrade required: [ 69.513808][ T5324] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 69.513808][ T5324] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags [ 69.513808][ T5324] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 69.552020][ T5324] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree inodes level 0/0 [ 69.552041][ T5324] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 69.552050][ T5324] node offset 8/24 bset u64s 29 bset byte offset 152: bad k->u64s 0 (min 3 max 253), shutting down [ 69.552058][ T5324] inconsistency detected - emergency read only at journal seq 10 [ 69.568474][ T5324] bcachefs (loop0): flagging btree inodes lost data [ 69.571291][ T5324] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 69.575767][ T5324] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 69.582448][ T5324] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing [ 69.588397][ T5324] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree dirents level 0/0 [ 69.588415][ T5324] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 281474976710656: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 69.588425][ T5324] node offset 0/24: incorrect min_key: got 8796093022208:0:0 should be POS_MIN, btree topology error: [ 69.602989][ T5324] bcachefs (loop0): flagging btree dirents lost data [ 69.611748][ T5324] bcachefs (loop0): error reading btree root btree=dirents level=0: btree_node_read_error, fixing [ 69.620164][ T5324] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree alloc level 0/0 [ 69.620178][ T5324] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 69.620185][ T5324] node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing [ 69.635938][ T5324] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree alloc level 0/0 [ 69.635951][ T5324] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 69.635960][ T5324] node offset 16/24 bset u64s 60 bset byte offset 160: bad k->u64s 0 (min 5 max 255), shutting down [ 69.649907][ T5324] bcachefs (loop0): flagging btree alloc lost data [ 69.654361][ T5324] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 69.665302][ T5324] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree snapshots level 0/0 [ 69.665317][ T5324] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 26 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 69.665326][ T5324] node offset 16/26: btree node data missing: expected 26 sectors, found 16, shutting down [ 69.680878][ T5324] bcachefs (loop0): flagging btree snapshots lost data [ 69.688896][ T5324] bcachefs (loop0): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing [ 69.702347][ T5324] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0 [ 69.702364][ T5324] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key 0:3703155162349568:0 durability: 1 ptr: 0:29:0 gen 0 [ 69.702373][ T5324] node offset 0/32: incorrect min_key: got POS_MIN should be 0:3703155162349568:0, btree topology error: [ 69.716973][ T5324] bcachefs (loop0): flagging btree freespace lost data [ 69.723686][ T5324] bcachefs (loop0): error reading btree root btree=freespace level=0: btree_node_read_error, fixing [ 69.731971][ T5324] bcachefs (loop0): scan_for_btree_nodes... [ 69.750732][ T5333] bcachefs (loop0): invalid bkey in btree_node btree=dirents level=0: u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir [ 69.750753][ T5333] key before start of btree node, deleting [ 69.780362][ T5324] bcachefs (loop0): btree node scan found 6 nodes after overwrites [ 69.784070][ T5324] done [ 69.785117][ T5324] bcachefs (loop0): check_topology... [ 69.786868][ T5324] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 69.793111][ T5324] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=inodes level=0 POS_MIN - SPOS_MAX [ 69.797608][ T5324] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 69.807541][ T40] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree inodes level 0/0 [ 69.807556][ T40] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 69.807563][ T40] node offset 8/24 bset u64s 29 bset byte offset 152: bad k->u64s 0 (min 3 max 253), shutting down [ 69.827557][ T5324] bcachefs (loop0): Topology repair: unreadable btree node at [ 69.827576][ T5324] btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 69.839344][ T5324] bcachefs (loop0): empty interior btree node at btree=inodes level=1 [ 69.839361][ T5324] u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing [ 69.845340][ T5324] bcachefs (loop0): empty btree root inodes [ 69.848720][ T5324] bcachefs (loop0): btree root dirents unreadable, must recover from scan [ 69.852810][ T5324] bcachefs (loop0): no nodes found for btree dirents, shutting down [ 69.855883][ T5324] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed [ 69.859099][ T5324] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 69.862619][ T5324] bcachefs (loop0): shutting down [ 69.887163][ T5324] bcachefs (loop0): shutdown complete [ 69.890366][ T1033] ================================================================== [ 69.893464][ T1033] BUG: KASAN: slab-use-after-free in percpu_ref_put+0xda/0x250 [ 69.896304][ T1033] Read of size 8 at addr ffff88801e3de0b0 by task kworker/u4:5/1033 [ 69.899643][ T1033] [ 69.900603][ T1033] CPU: 0 UID: 0 PID: 1033 Comm: kworker/u4:5 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) [ 69.900617][ T1033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.900624][ T1033] Workqueue: loop0 loop_rootcg_workfn [ 69.900643][ T1033] Call Trace: [ 69.900650][ T1033] [ 69.900655][ T1033] dump_stack_lvl+0x241/0x360 [ 69.900672][ T1033] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.900685][ T1033] ? __virt_addr_valid+0x183/0x530 [ 69.900704][ T1033] ? rcu_is_watching+0x15/0xb0 [ 69.900717][ T1033] ? __virt_addr_valid+0x183/0x530 [ 69.900729][ T1033] ? lock_release+0x4e/0x3e0 [ 69.900740][ T1033] ? __virt_addr_valid+0x183/0x530 [ 69.900752][ T1033] ? __virt_addr_valid+0x183/0x530 [ 69.900764][ T1033] print_report+0x16e/0x5b0 [ 69.900778][ T1033] ? __virt_addr_valid+0x183/0x530 [ 69.900790][ T1033] ? __virt_addr_valid+0x183/0x530 [ 69.900802][ T1033] ? __virt_addr_valid+0x45f/0x530 [ 69.900815][ T1033] ? __phys_addr+0xba/0x170 [ 69.900826][ T1033] ? percpu_ref_put+0xda/0x250 [ 69.900838][ T1033] kasan_report+0x143/0x180 [ 69.900851][ T1033] ? percpu_ref_put+0xda/0x250 [ 69.900864][ T1033] ? percpu_ref_put+0x1f/0x250 [ 69.900874][ T1033] percpu_ref_put+0xda/0x250 [ 69.900887][ T1033] blk_update_request+0x5e5/0x1160 [ 69.900901][ T1033] blk_mq_end_request+0x3e/0x70 [ 69.900910][ T1033] loop_process_work+0x1bdf/0x21d0 [ 69.900928][ T1033] ? __pfx_loop_process_work+0x10/0x10 [ 69.900938][ T1033] ? update_curr_dl_se+0x10e/0x8d0 [ 69.900953][ T1033] ? do_raw_spin_lock+0x151/0x370 [ 69.900969][ T1033] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.900982][ T1033] ? look_up_lock_class+0x7b/0x170 [ 69.901041][ T1033] ? register_lock_class+0x54/0x330 [ 69.901051][ T1033] ? __lock_acquire+0xad5/0xd80 [ 69.901061][ T1033] ? lockdep_hardirqs_on+0x9d/0x150 [ 69.901074][ T1033] ? process_scheduled_works+0x9cb/0x18e0 [ 69.901085][ T1033] process_scheduled_works+0xac3/0x18e0 [ 69.901101][ T1033] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.901114][ T1033] ? assign_work+0x367/0x3d0 [ 69.901125][ T1033] worker_thread+0x870/0xd50 [ 69.901139][ T1033] ? __kthread_parkme+0x1a8/0x200 [ 69.901152][ T1033] ? __pfx_worker_thread+0x10/0x10 [ 69.901163][ T1033] kthread+0x7b7/0x940 [ 69.901176][ T1033] ? __pfx_worker_thread+0x10/0x10 [ 69.901187][ T1033] ? __pfx_kthread+0x10/0x10 [ 69.901199][ T1033] ? __pfx_kthread+0x10/0x10 [ 69.901210][ T1033] ? __pfx_kthread+0x10/0x10 [ 69.901222][ T1033] ? __pfx_kthread+0x10/0x10 [ 69.901234][ T1033] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.901247][ T1033] ? lockdep_hardirqs_on+0x9d/0x150 [ 69.901256][ T1033] ? __pfx_kthread+0x10/0x10 [ 69.901268][ T1033] ret_from_fork+0x4b/0x80 [ 69.901279][ T1033] ? __pfx_kthread+0x10/0x10 [ 69.901291][ T1033] ret_from_fork_asm+0x1a/0x30 [ 69.901303][ T1033] [ 69.901307][ T1033] [ 70.006875][ T1033] Allocated by task 5324: [ 70.008524][ T1033] kasan_save_track+0x3f/0x80 [ 70.010892][ T1033] __kasan_kmalloc+0x9d/0xb0 [ 70.012614][ T1033] __kmalloc_cache_noprof+0x236/0x370 [ 70.014664][ T1033] __bch2_dev_alloc+0x57/0xa60 [ 70.016538][ T1033] bch2_dev_alloc+0xd6/0x180 [ 70.018295][ T1033] bch2_fs_open+0x315f/0x32a0 [ 70.020145][ T1033] bch2_fs_get_tree+0x77b/0x18f0 [ 70.022053][ T1033] vfs_get_tree+0x90/0x2b0 [ 70.023800][ T1033] do_new_mount+0x2cf/0xb70 [ 70.025524][ T1033] __se_sys_mount+0x38c/0x400 [ 70.027332][ T1033] do_syscall_64+0xf3/0x230 [ 70.029080][ T1033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.031450][ T1033] [ 70.032439][ T1033] Freed by task 5324: [ 70.033962][ T1033] kasan_save_track+0x3f/0x80 [ 70.035833][ T1033] kasan_save_free_info+0x40/0x50 [ 70.037853][ T1033] __kasan_slab_free+0x59/0x70 [ 70.039786][ T1033] kfree+0x198/0x430 [ 70.041300][ T1033] kobject_put+0x22f/0x480 [ 70.042982][ T1033] bch2_fs_free+0x27b/0x3c0 [ 70.044783][ T1033] deactivate_locked_super+0xc4/0x130 [ 70.046918][ T1033] bch2_fs_get_tree+0x11b4/0x18f0 [ 70.048958][ T1033] vfs_get_tree+0x90/0x2b0 [ 70.050813][ T1033] do_new_mount+0x2cf/0xb70 [ 70.052648][ T1033] __se_sys_mount+0x38c/0x400 [ 70.054508][ T1033] do_syscall_64+0xf3/0x230 [ 70.056340][ T1033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.058859][ T1033] [ 70.059880][ T1033] The buggy address belongs to the object at ffff88801e3de000 [ 70.059880][ T1033] which belongs to the cache kmalloc-4k of size 4096 [ 70.065721][ T1033] The buggy address is located 176 bytes inside of [ 70.065721][ T1033] freed 4096-byte region [ffff88801e3de000, ffff88801e3df000) [ 70.070673][ T1033] [ 70.071673][ T1033] The buggy address belongs to the physical page: [ 70.074655][ T1033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e3d8 [ 70.078442][ T1033] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 70.081452][ T1033] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 70.084284][ T1033] page_type: f5(slab) [ 70.085755][ T1033] raw: 00fff00000000040 ffff88801b042140 ffffea0000790c00 dead000000000002 [ 70.089431][ T1033] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 70.092908][ T1033] head: 00fff00000000040 ffff88801b042140 ffffea0000790c00 dead000000000002 [ 70.096104][ T1033] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 70.099358][ T1033] head: 00fff00000000003 ffffea000078f601 00000000ffffffff 00000000ffffffff [ 70.103159][ T1033] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 70.107305][ T1033] page dumped because: kasan: bad access detected [ 70.114750][ T1033] page_owner tracks the page as allocated [ 70.117231][ T1033] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 5024283495, free_ts 0 [ 70.124531][ T1033] post_alloc_hook+0x1f4/0x240 [ 70.126419][ T1033] get_page_from_freelist+0x352b/0x36c0 [ 70.128668][ T1033] __alloc_frozen_pages_noprof+0x211/0x5b0 [ 70.130798][ T1033] alloc_pages_mpol+0x339/0x690 [ 70.132739][ T1033] allocate_slab+0x8f/0x3a0 [ 70.134538][ T1033] ___slab_alloc+0xc3b/0x1500 [ 70.136372][ T1033] __slab_alloc+0x58/0xa0 [ 70.138019][ T1033] __kmalloc_cache_noprof+0x26a/0x370 [ 70.140042][ T1033] alloc_super+0x59/0x9d0 [ 70.141714][ T1033] sget_fc+0x34c/0xa50 [ 70.143333][ T1033] get_tree_nodev+0x2a/0x140 [ 70.145044][ T1033] vfs_get_tree+0x90/0x2b0 [ 70.146606][ T1033] vfs_kern_mount+0xbc/0x160 [ 70.147988][ T1033] kern_mount+0x43/0x90 [ 70.149301][ T1033] dax_core_init+0xd5/0x1f0 [ 70.150644][ T1033] do_one_initcall+0x24a/0x940 [ 70.152432][ T1033] page_owner free stack trace missing [ 70.154391][ T1033] [ 70.155300][ T1033] Memory state around the buggy address: [ 70.157456][ T1033] ffff88801e3ddf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 70.160665][ T1033] ffff88801e3de000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.163820][ T1033] >ffff88801e3de080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.166850][ T1033] ^ [ 70.169134][ T1033] ffff88801e3de100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.172225][ T1033] ffff88801e3de180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.174687][ T1033] ================================================================== [ 70.207486][ T1033] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.210466][ T1033] CPU: 0 UID: 0 PID: 1033 Comm: kworker/u4:5 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) [ 70.214931][ T1033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.219040][ T1033] Workqueue: loop0 loop_rootcg_workfn [ 70.221236][ T1033] Call Trace: [ 70.222583][ T1033] [ 70.223694][ T1033] dump_stack_lvl+0x241/0x360 [ 70.225465][ T1033] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.227340][ T1033] ? __pfx__printk+0x10/0x10 [ 70.229133][ T1033] ? vscnprintf+0x5d/0x90 [ 70.230924][ T1033] panic+0x349/0x880 [ 70.232525][ T1033] ? check_panic_on_warn+0x21/0xb0 [ 70.234601][ T1033] ? __pfx_panic+0x10/0x10 [ 70.236101][ T1033] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 70.238280][ T1033] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 70.240646][ T1033] ? print_report+0x519/0x5b0 [ 70.242423][ T1033] check_panic_on_warn+0x86/0xb0 [ 70.244159][ T1033] ? percpu_ref_put+0xda/0x250 [ 70.245915][ T1033] end_report+0x77/0x160 [ 70.247369][ T1033] kasan_report+0x154/0x180 [ 70.249186][ T1033] ? percpu_ref_put+0xda/0x250 [ 70.251080][ T1033] ? percpu_ref_put+0x1f/0x250 [ 70.252914][ T1033] percpu_ref_put+0xda/0x250 [ 70.254725][ T1033] blk_update_request+0x5e5/0x1160 [ 70.256710][ T1033] blk_mq_end_request+0x3e/0x70 [ 70.258709][ T1033] loop_process_work+0x1bdf/0x21d0 [ 70.260727][ T1033] ? __pfx_loop_process_work+0x10/0x10 [ 70.263024][ T1033] ? update_curr_dl_se+0x10e/0x8d0 [ 70.265128][ T1033] ? do_raw_spin_lock+0x151/0x370 [ 70.267063][ T1033] ? do_raw_spin_unlock+0x58/0x8b0 [ 70.269205][ T1033] ? look_up_lock_class+0x7b/0x170 [ 70.271293][ T1033] ? register_lock_class+0x54/0x330 [ 70.273191][ T1033] ? __lock_acquire+0xad5/0xd80 [ 70.274985][ T1033] ? lockdep_hardirqs_on+0x9d/0x150 [ 70.276945][ T1033] ? process_scheduled_works+0x9cb/0x18e0 [ 70.279062][ T1033] process_scheduled_works+0xac3/0x18e0 [ 70.281617][ T1033] ? __pfx_process_scheduled_works+0x10/0x10 [ 70.283964][ T1033] ? assign_work+0x367/0x3d0 [ 70.285795][ T1033] worker_thread+0x870/0xd50 [ 70.287598][ T1033] ? __kthread_parkme+0x1a8/0x200 [ 70.289623][ T1033] ? __pfx_worker_thread+0x10/0x10 [ 70.291579][ T1033] kthread+0x7b7/0x940 [ 70.293012][ T1033] ? __pfx_worker_thread+0x10/0x10 [ 70.295196][ T1033] ? __pfx_kthread+0x10/0x10 [ 70.297010][ T1033] ? __pfx_kthread+0x10/0x10 [ 70.298849][ T1033] ? __pfx_kthread+0x10/0x10 [ 70.300806][ T1033] ? __pfx_kthread+0x10/0x10 [ 70.302685][ T1033] ? _raw_spin_unlock_irq+0x23/0x50 [ 70.304768][ T1033] ? lockdep_hardirqs_on+0x9d/0x150 [ 70.306831][ T1033] ? __pfx_kthread+0x10/0x10 [ 70.308649][ T1033] ret_from_fork+0x4b/0x80 [ 70.310424][ T1033] ? __pfx_kthread+0x10/0x10 [ 70.312206][ T1033] ret_from_fork_asm+0x1a/0x30 [ 70.314011][ T1033] [ 70.315319][ T1033] Kernel Offset: disabled [ 70.316802][ T1033] Rebooting in 86400 seconds..