program:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0xfffffffffffffc57)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x40010000)
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f00000002c0)=0x1)
ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, &(0x7f0000000040))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r1 = userfaultfd(0x80001)
syz_usb_connect$cdc_ncm(0x0, 0x7a, 0x0, 0x0)
syz_mount_image$jfs(&(0x7f0000000400), &(0x7f00000000c0)='./bus\x00', 0x1c802, &(0x7f0000002740)=ANY=[], 0x1, 0x5f52, &(0x7f000000ef80)="$eJzs3V1vHFcZB/BnX7x+KU2jClUh4iJNobSU5j2B8taUCy4ACSSUaxK5bhVIASUB0SoirnKBuODlI8BNb7joFylfAfEBiBRzVQnKoLHPScbjddZp4p1dn99PcmaePTveM/l7PDuemT0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMT3vvvj072IuPzr9MDhiM/EIKIfsVzXx6KeuZifP4yII7HZHM9FxGAxol5+859nIs5FxEeHIu5t3FqtHz6zx36cP3Xz+iff/84/fvenO0d++uZPPmi3/+izZz/8/e2Iwz987cNPbj+ZdQcAAIBSVFVV9dJh/tF0fN/vulMAwFTk/X+V5MfVarVa/UTrP/Znqz/qQuumarzbzSIi1pvL1O8ZnI4HgDmzHh933QU6JP+iDSPiqa47Acy0XtcdYF/c27i12kv59pr7g2Nb7fnvlNvyX+/dv79jt+kk7WtMpvXzdScG8ewu/VmeUh9mSc6/387/8lb7KD1vv/Oflt3yH23d+lScnP+gnX/Ltvz/HBFzm39/bP6lyvkPHyX/9cEcb//yBwAAAADg4Mt//z/c8fnfxcdflT152PnfY1PqAwAAAAAAAAA8aY87/t99xv8DAACAmVUfq9f+cujBY7t9Hmh9iH+pF/F06/lAYdLNMitd9wMAAAAAAAAAAAAASjLcuob3Ui9iISKeXlmpqqr+amrXj+pxl593pa8/lKzrX/IAALDlo0Ote/l7EUsRcSl91t/CyspKVS0tr1Qr1fJifj87WlyqlhvHtXlaP7Y42sMb4uGoqr/ZUmO5pknHy5Pa29+vfq1RNdhDx6ajw8ABICK29kb37JEOmKp6Jrp+l8N8sP0fPLZ/9qLrn1MAAABg/1VVVfXSx3kfTef8+113CgCYhqW8/2+fF1Cr1Wq1Wn3w6qZqvNvNIiLWm8vU7xkMxw8Ac2Y9Pu66C3RI/kUbRsSRrjsBzLRe1x1gX9zbuLXaS/n2mvuDNL57vhZkW/7rvc3l8vLjppO0rzGZ1s/XnRjEs7v057kp9WGW5Pz77fwvb7WP0vP2O/9p2S3/ej0Pd9CfruX8B+38Ww5O/v2x+Zcq5z98pPwH8gcAAAAAgBmW//5/2PnfvMoAAAAAAAAAMHfubdxazfe95vP/nx/zvF5zzv2fB0bOv7fn/N3/e5Dk/Pvt/FsX5Awa83ffeJD/vzdurX5w81+fy9OZz39hMKpfe6HXHwzTNT/VwltxNa7FWpza8fzhtvbTO9oXtrWfmdB+dkf7qG5fzu0nYjV+EdfizfvtixMujFqa0F5NaM/5D2z/Rcr5Dxtfdf4rqb3Xmtbuvt/fsd03p+Ne5+Lf/vvizq1r+u7E4P66NdXrd7yD/mz+nzw1il/dWLt+4jdXbt68fjrSZNujZyJNnrCc/0L6yvm/9MJWe/6939xe774/euT8Z8WdGO6a/wuN+Xp9X55y37qQ8x+lr5x/3gON3/7nOf/dt/9XOugPAAAAAAAAAAAAAAAAPExVVZu3iF6MiAvp/p+u7s0EAKbqDz9IM1USarVarVarD2zdVI33erOIpe3LXIiI3477ZgDALPtfRPyz607QGfkXLH/eXz39QtedAabqxrvv/ezKtWtr12903RMAAAAAAAAA4NPK438ea4z/vHkdUGvc6G3jv74Rx+Z2/M/+aLA51nlaoefj4eN/H4+Hj/89nPB6CxPaRxPaFye0L01oH3ujR0PO//mUcc7/aFqxksZ/famD/nQt5388jfWc8/9S63nN/Ku/znP+/W35n7z5zi9P3nj3vVevvnPl7bW3135++tSFc2fPnzt7/vzJt65eWzu19W+HPd5fOf889rXrQMuS88+Zy78sOf8vplr+Zcn5v5hq+Zcl55/f78m/LDn/fOwj/7Lk/F9OtfzLkvP/cqrlX5ac/yupln9Zcv5fSbX8y5LzfzXV8i9Lzv9EquVflpz/yVTLvyw5/3yGS/5lyfnnKxvkX5ac/5lUy78sOf+zqZZ/WXL+51It/7Lk/M+nWv5lyflfSLX8y5Lz/2qq5V+WnP/XUi3/suT8X0u1/MuS8/96quVflpz/N1It/7Lk/L+ZavmXJef/rVTLvyw5/2+nWv5lyfm/nmr5l+XB5/+bmfLMf/4eMQPdMGNm3EzXv5kAAAAAAAAAAAAAgLZpXE7c9ToCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2Lu7GLnK+wzgZ7/stSHBDYSvOLA2Bgws3l1/gUMMJgkpJW1KSUibltQ49tps4q961wkgVJZCW6IgFam9oBfNl9IoUluBokhNJRohNVJzV64ScRO1EheWCpWDkkqpAludOe/77szs7Mx6vYtnzvn9EP57Z87MvHPmzOw+az0zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1Nv00cm/7MuyLP+/9seGLLs4//u6bF/+5ezuC71CAAAA4Hy9XfvzHy9JJ+xbwoXqtvn3a/7j+3Nzc3PZ5986885fz82lM0aybGBtltXOi378q1/O1W8TPJ0N9/XXfd3f4eYHOpw/2OH8oQ7nr+lw/toO5w93OH/BDlhgXfH7mNqVban9dUOxS7PLsqHaeVtaXOrpvrX9/fF3OTV9tcvMDR3OprKj2WQ2vuAyfbX/suzlTflt3ZvF2+qvu62NWZad/fkTB+Ma+sI+3pI13FhN/WP35t3ZyFs/f+Lgd2beuKrV7LgbFqw0y7Zuztf5TJbN/7oq68vWpn0S19lft86NLdY50LDOvtrl8r83r/PsEtcZ7/dwWOerbda5MZz26HVZls1mi27T7OmsP1vfdKtpfw8XR0R+HflD+b5s8JyOk01LOE7yy7x+XeNx0nxMxv2/KeyTwUXWUP9wvPnUmgX7fbnHSX6vu+FYza/7/vxGh4frf7XacKzm2zxx/eLHQMvHrsUxkI7lumNgc6djoH/NQO0Y6J9f8+aGY2BiwWX6s77abZ25vv0xMDZz7OTY9GOP3zp17MCRySOTxyfGd+/csWvnjl27xg5PHZ0cL/48t13aQ9Zn/ekY3Bxea+IxeGPTtvWH5Nw3V+55MNwlz4P8vn/6hnxBF/dnixzj+TbPbD3/50H6vl/3PBisex60fE1t8TwYXMLzIN/m7Nalfc8crPu/1RpW67VwQ90xcCG/H+a3+dBNi78Wbgzrevbmc/1+OLDgGIh3qy889/JT0s97w7eH/bLwuLg6P+OiNdnp6clT2x49MDNzaiIL411xad1j1Xy8rK+7T9mC46X/nI+Xff/w6xuubnH6hrCvhm9p/1jl2+wcbf9Y1V7dG/fnmqzYnw2nbs/CWGHv9v5s9d0s358pS7TZn/k2z9x6/j8LplxS9/o31On1b2BosHj9G0h7Y6jh9W/hQzNQW1mWnb11aa9/Q+H/d/v177Iuef3L99VD29ofA/k2z46d6zEw2Pb177ow+8J6bgqJYbgu979TO3+2OEzrHsuOx83g4FA4bgbjLTYeNzsWXCa/tvy2t44v77jZel3jY9Xwc0sJj5t8X/3NePvjJt/mlYnzf+1YF/9a99qxptMxMDSwJl/vUDoIite7uXXxGNiWHcxOZEezQ+ky+aOc39bo9qUdA2vC/+/2a8eVXXIM5Pvqhe3tj4F8mx/tWNmfnbaGU9I2dT87Nf9+YbHMf/Xg/PU177aVzvz5Oj/2k0+m01pliHybN3aea85ov59uCadc1GI/NT9/FjumD2Xvzn66Mqzz6K72v5vKt7ls9xKPp31Zlr028Vrt913h97vfO/2T7zf83rfV75Rfm3jtvrEHfnou6wcAYPneqf05u6b4WbPuX6yX8u//AAAAQE+Iub8/zET+BwAAgNKIuX8gzET+BwAAgNKIuX8wzKQi+f+R2/e8+PaTWXo3wLkgnh93w/13FtvFjvds+Hpkbl5++ke+PfTiV55c2m33Z1n26/s+0HL7R+6M6yqcjOv8UOPpC1x57ZJu/+EH57erf/+Es3uK64/3Z6mHQewqvzy2vXa9I49N1OYr92W1+cDss08X1198Hbc/s6PY/u/Cm5bsO9zXcPmtYT1bwhwJ7ylz/775/ZDPeLkXN17zb5d+Zv724uX6Nr+3djdf+NPieuN7RD1/abF9vN+Lrf9fv/rdF/PtH72+9fqf7G+9/jPhel8P81d7i+3r9/lX6tb/52H98fbi5bZ964ct1//SFcX2L4Xj4hthNq//7r/64NutHq94O/vuKC4Xb3/8f3fWLhevL15/8/qHn5xo2B/N1//KW8X17P3SLwbqt4+nx9uJHr6j8fjuC49vQ488y7Lv/kXWsJ+zDxeX+5em9cfrO3lH6/Xf0rTOk33X1i4/f382NNyvr/399pb3N65n3z9taLg/z98T9t9bYz/Kr/fMA+F4DOf/36vF9TW/l+lL9zS+3sTtv7GheN7G6xtrWv/zTeufvTbfd53Xf+9bxfpfumttw/r3fTwcT/cWs9P6j3z9kobLf/M7xeNx6sujx09Mn546VLdX65/Ha4fXrb/o4ve895LwWtr89f4TM49MnhoZHxnPspEefMvA1V7/t8L8n2LMrvwtFH76i+K4e+4TxfetG39ZfP18OP3h8HjG749f+9uhhuO1+XGfvauY57v+m8M6luqKr/7XtUva8MznXj79z3/2RvPPBfH+nHz/cO3+vbDp8tp5fa8U5ze/XnXyn+9vfF7/bHC8Nn8Q9utceGfmzZcXt9d8/fG9SZ77VPH8jT/JxctnTe8nsmGg8X6c7/p/Fn6O+eGVja9/8fj4wZNN7+a8IevLlzAbXh+y2eL8uFXc38+dvbzl7cX34clmrzqXZS5q+rHpsaNTx08/OjYzOT0zNv3Y4/uPnTh9fGZ/7b1L93+h0+Xnn9/ra8/vQ5O7d2a1Z/uJYqyyC73+kw8ePHTb+A2HJg8fOH145sGTk6eOHJyePjh5aPqGA4cPT3650+WnDu2d2L5nx23bR49MHdp7+549O/aMTh0/kS+jWFQHu8e/OHr81P7aRab37twzsWvXzvHRYycOTe69bXx89HSny9e+N43ml/7S6KnJowdmpo5Njk5PPT65d2LP7t3bO77747GTh6dHxk6dPj52enry1FhxX0Zmaifn3/s6XZ5qmD4RXu+a9IWfzj97y+70/ri5bz+16FUVmzT+eJq9Gd4LKn5/6/R1zP1DYSYVyf8AAABQBTH3hzf+nz9D/gcAAIDSiLl/bZiJ/A8AAAClEXN/kfyH08e/VyX/r1T//yn9/xr9f/3/bAX6//1116P/r/+v/9+e/r/+f6b/v2wXuj/f6+vX/9f/p7Nu6/+H3J+tyzL//g8AAAAlFXP/+jAT+R8AAABKI+b+i8JM5H8AAAAojZj7Lw4zqUj+9/n/+v/6/+36/3Fbn/+f6f93Q/9/y3/r/y+g/6//n+n/L9uF7s/3+vq7sP+/Tv+fbtNt/f+Y+98TZlKR/A8AAABVEHP/e8NM5H8AAAAojZj7Lwkzkf8BAACgNGLu3xBmUpH8r/+v/6//332f/19/Pfr/+v8+/789/X/9/0z/f9kudH++19ffhf1/n/9P1+m2/n/M/b8RZlKR/A8AAABVEHP/+8JM5H8AAAAojZj7Lw0zkf8BAACgNGLuvyzMpCL5v5r9/9ezLNP/z/T/9f+b1qn/r/+/GvT/9f/b0f/X/+/l9ev/6//TWbf1/2Puf3+YSUXyPwAAAFRBzP2Xh5nI/wAAAFAaMfdfEWYi/wMAAEBpxNx/ZZhJRfJ/Nfv/Pv9f/7+g/9+4Tv1//f/VoP+v/9+O/r/+fy+vX/9f/5/Ouq3/H3P/VWEmFcn/AAAAUAUx918dZiL/AwAAQGnE3P+BMBP5HwAAAEoj5v6NYSYVyf9N/f+39f/1//X/9f/1/wv6/yujt/r//Yueo/9f0P9vtHL9/9n5Bej/98z69f/1/+ms2/r/Mfd/MMykIvkfAAAAqiDm/mvCTOR/AAAAKI2Y+68NM5H/AQAAoDRi7h8JM6lI/vf5//r/+v/6//r/+v+rqbf6/4vT/y/o/zfy+f/6//r/+v+01239/5j7N4WZVCT/AwAAQBXE3L85zET+BwAAgNKIuf+6MBP5HwAAAEoj5v4tYSYVyf/6//r/bfv/Px7IMv1//f9A/1//fzn0//X/29H/1//v5fXr/+v/01m39f9j7r8+zKQi+R8AAACqIOb+G8JM5H8AAAAojZj7bwwzkf8BAACgNGLu3xpmUpH8r/+v/+/z/3u4/z+g/5/p/3c9/X/9/3b0//X/e3n9+v/6/3TWbf3/mPtvCjOpSP4HAACAKoi5/+YwE/kfAAAASiPm/lvCTOR/AAAAKI2Y+0fDTCqS//X/9f/1/3u4/+/z/xvWr//fnfT/9f/b0f/X/+/l9ev/6//TWbf1/2PuvzXMpCL5HwAAAKog5v5tYSbyPwAAAJRGzP1jYSbyPwAAAJRGzP3jYSYVyf/6//r/+v/6//r/+v+rSf9f/78d/X/9/15ev/6//j+ddVv/P+b+iTCTiuR/AAAAqIKY+7eHmcj/AAAAUBox9+8IM5H/AQAAoDRi7t8ZZlKR/N8j/f9tqQCl/6//r/+v/6//31P0//X/29H/1//v5fXr/+v/06i/xWnd1v+PuX9XmElF8j8AAABUQcz9u8NM5H8AAAAojZj7bwszkf8BAACgNGLuvz3MpCL5v0f6/z7/X/9f/7+O/r/+fy/R/9f/b2cF+v+1H970/5fnQvfne339+v/6/3TWbf3/mPv3hJlUJP8DAABAFcTc/6EwE/kfAAAASiPm/jvCTOR/AAAA6CmtPocwirn/w2EmFcn/+v9l7//PrdX/1//X/2+/fv3/1aX/r//fjs//1//v5fXr/+v/01m39f9j7t8bZlKR/A8AAABVEHP/nWEm8j8AAACURsz9d4WZyP8AAABQGjH37wszqUj+1/8ve//f5//r/+v/d1q//v/q0v/X/29H/783+//hxxb9/y7q/+fHkP4/3ajb+v8x998dZlKR/A8AAABVEHP/R8JM5H8AAAAojZj7PxpmIv8DAABAacTc/7Ewk4rkf/1//X/9f/1//X/9/9Wk/79q/f/aS6H+f0H/f3kudH++19ffTf1/n/9Pt+q2/n/M/feEmVQk/wMAAEAVxNz/8TAT+R8AAABKI+b+3wwzkf8BAACgNGLuvzfMpCL5X/9f/1//X/9f/1//fzXp//v8/3b0//X/e3n9+v/6/3TWbf3/mPt/K8ykIvkfAAAAqiDm/vvCTOR/AAAAKI2Y+z8RZiL/AwAAQI9Zs+g5Mff/dphJRfJ/7/X/R3qy/9+frl//X/9f/1//X/9/Jen/6/9n+v/LdqH7872+fv1//X8667b+f8z9vxNmUpH8DwAAAFUQc/8nw0zkfwAAACiNmPt/N8xE/gcAAIDSiLn//jCTiuT/le7/N1++HZ//r/+f6f/r/+v/6/+fJ/1//f9M/3/ZLnR/vtfXr/+v/09n3db/j7n/98JMKpL/AQAAoApi7n8gzET+BwAAgC71yDlfIub+T4WZyP8AAABQGjH3fzrMpCL5v/c+/1//X/9f/1//X/+/l+j/6/+3o/+v/9/L69f/1/+ns27r/8fc/2CYSUXyPwAAAFRBzP2fCTOR/wEAAKA0Yu7//TAT+R8AAABKI+b+PwgzqUj+1//X/9f/1//X/9f/X036/wv7//lrmP5/Qf9f/7+X16//r/9PZ93W/4+5/7NhJhXJ/wAAAFAFMff/YZiJ/A8AAAClEXP/H4WZyP8AAABQGjH3PxRmUpH8r/+v/6//r/+v/6//v5r0/33+fzv6//r/vbx+/X/9fzrrtv5/zP2fCzOpSP4HAACAKoi5/4/DTOR/AAAAKI2Y+/eHmcj/AAAAUBox9z8cZlKR/K//v7T+f3NfuJn+f+v16//r/+v/6//r/+v/t6P/r//fy+vX/9f/p7Nu6//H3H8gzGRf480AAAAAvSvm/s+HmVTk3/8BAACgCmLuPxhmIv8DAABAacTcfyjMpCL5X//f5//r/+v/6//r/68m/X/9/3b0//X/e3n9+v/6/3TWbf3/mPsnw0wqkv8BAACgCmLuPxxmIv8DAABAacTcfyTMRP4HAACA0oi5/5Ewk4rkf/1//X/9/8r2/1/9XtM69f/1/1eD/r/+fzv6//r/vbx+/X/9fzrrtv5/zP1TYSYVyf8AAABQBTH3fyHMRP4HAACA0oi5/4thJvI/AAAAlEbM/UfDTCqS//X/9f/1/yvb/1/a5/+vm79d/X/9/+XQ/9f/b0f/X/+/l9ev/6//T2fd1v+Puf9YmElF8j8AAABUQcz9x8NM5H8AAAAojZj7T4SZyP8AAABQGjH3nwwzqUj+1/8/t/5/3yLdwKX0/78+pP+v/9+D/f86+v/6/8uh/6//347+v/5/L69f/1//n866rf8fc/+fhJlUJP8DAABAFcTcfyrMRP4HAACA0oi5fzrMRP4HAACA0oi5fybMpCL5X//f5//r/+v/6//r/68m/X/9/3b0//X/e3n9+v/6/3T2/+zd545eVxXH4RcHQyLEPeQWuAIugWtA4hboLaGHDqH3FnoLHULvvffeeyD0KoEyXmsFD55zxva8nn32ep4PWTBGyo5iPvyV/HRG6/9z9983bmmy/wEAAKCD3P33i1vsfwAAAJhG7v77xy32PwAAAEwjd/8D4pYm+1//r//X/+v/9f/6/33S/+v/l+j/9f9bfr/+X//PutH6/9z9D4xbmux/AAAA6CB3/4PiFvsfAAAAppG7/8Fxi/0PAAAA08jd/5C4pcn+1//r//X/+n/9v/5/n/T/+v8l+n/9/5bfr//X/7NutP4/d/9D45Ym+x8AAAA6yN3/sLjF/gcAAIBp5O5/eNxi/wMAAMA0cvdfF7c02f/6f/2//n+D/f+d9f/6/+3Q/+v/l+j/9f9bfr/+X//PutH6/9z918ctTfY/AAAAdJC7/xFxi/0PAAAA08jd/8i4xf4HAACAaeTuf1Tc0mT/6//1//r/Dfb/vv+v/98Q/b/+f4n+X/+/5ffr//X/rBut/8/d/+i4pcn+BwAAgA5y9z8mbrH/AQAAYBq5+x8bt9j/AAAAMI3c/Y+LW5rsf/2//l//r//X/+v/90n/r/9fov/X/2/5/fp//T/r9t7/3+uGg3vc/j93/w1xS5P9DwAAAB3k7n983GL/AwAAwDRy9z8hbrH/AQAAYBq5+58YtzTZ//p//f8d/f9/7qT/1//r/+/4uf7/ZOj/9f9L9P/6/y2/X/+v/2fd3vv/ld7/8H/P3f+kuKXJ/gcAAIAOcvc/OW6x/wEAAGAaufufErfY/wAAADCN3P1PjVua7H/9v/7f9//1//p//f8+6f+H7f8P/1/vfPr/Y9H/6/+P6v/veYz36//pYLT+P3f/0+KWJvsfAAAAOsjd//S4xf4HAACAaeTuvzFusf8BAABgGrn7nxG3NNn/+n/9v/5f/39+/3+mZf9/+8/0//uh/x+2/1+m/z8W/b/+3/f/9f8sG63/z93/zLilyf4HAACADnL3Pytusf8BAABgGrn7nx232P8AAAAwjdz9z4lbmux//b/+X/+v/7+s7/9fNUf/7/v/+6P/1/8v0f/r/7f8fv2//p91o/X/ufufG7c02f8AAAAwvTO72v3Pi1vsfwAAAJhG7v7nxy32PwAAAEwjd/8L4pYm+1//r//X/+v/L6v/n+T7//r//dH/6/+XHLf/3+n/669F/z/O+/X/+n/Wjdb/5+5/YdzSZP8DAABAB7n7XxS32P8AAAAwjdz9L45b7H8AAACYRu7+l8QtTfa//l//r//X/+v/9f/7pP/X/y/x/X/9/5bfr//X/7NutP4/d/9L45Ym+x8AAAA6yN3/srjF/gcAAIBp5O5/edxi/wMAAMA0cve/Im45vP/PXMlXXTn6f/2//l//r//X/++T/l//v0T/f+H+/+oj/nz6/7Her//X/7NutP4/d/9NcYt//g8AAADTyN3/yrjF/gcAAIBp5O5/Vdxi/wMAAMA0cve/Om5psv+P6v9vu9u5X9f/H4/+/8Lv1//r//X/+n/9v/5/if7f9/+3/H79v/6fdaP1/7n7XxO3NNn/AAAA0EHu/tfGLfY/AAAATCN3/+viFvsfAAAAppG7//VxS5P9f/Lf/79W/6//1//H1f/r//X/+n/9/zL9v/5/y+/X/+v/WTda/5+7/w1xS5P9DwAAAB3k7n9j3GL/AwAAwDRy978pbrH/AQAAYBq5+98ctzTZ/yff//v+v/7/Ivv/M/r/pP+Pv6/6f/3/RdD/6/93+v9Ldtr9/Nbfr//X/7NutP4/d//NB1Ov3/4HAACADm4++OPVu7fELfY/AAAATCN3/1vjFvsfAAAAppG7/21xS5P9r//X/596/+/7/0X/H39f9f/6/4ug/9f/7/T/l+y0+/mtv1//r/9n3Wj9f+7+t8ctTfY/AAAAdJC7/x1xi/0PAAAA04jdf+5ffrf/AQAAYErvPPjj1bt3xS1N9n/j/v/ay+3/r/mf/6z/v/D79f8n0v/ffPj3nv5f/78l+n/9/xL9v/5/y+8fp/+PH1yn/2c8o/X/ufvfHbc02f8AAADQQe7+98Qt9j8AAABMI3f/LXGL/Q8AAADTyN3/3rilyf5v3P9P8v3/e98aL9D/z9v/+/5/XP2//v9C9P/6/53+/5Kddj+/9feP0//7/j/jGq3/z93/vrilyf4HAACADnL3vz9usf8BAABgGrn7PxC32P8AAAAwjdz9H4xbmux//f/W+3/f/9f/6//1/2PT/+v/l+j/9f9bfr/+X//PutH6/9z9H4pbmux/AAAA6CB3/4fjFvsfAAAAppG7/yNxi/0PAAAA08jd/9G4pcn+1//r//fV/9/+J9H/N+n/r9f/7/T/R9L/6/+X6P/1/1t+v/5f/8+60fr/3P0fi1ua7H8AAADoIHf/x+MW+x8AAACmkbv/E3GL/Q8AAADTyN3/ybjhHnc/vSedrLNH/Dx6c/2//t/3//X/vv+v/98n/b/+f4n+X/+/5ffr//X/rBut/8/d/6m4xT//BwAAgGnk7v903GL/AwAAwDRy938mbrH/AQAAYBq5+z8btzTZ//p//b/+f7P9/zX6//Pfr/8fk/5f/79E/6//3/L79f/6f9aN1v/n7v9c3NJk/wMAAEAHufs/H7fY/wAAADCN3P1fiFvsfwAAAJhG7v4vxi1N9r/+X/+v/99s/+/7/4fer/8fk/5f/79E/6//3/L79f/6f9aN1v/n7v9S3NJk/wMAAEAHufu/HLfY/wAAADCN3P1fiVvsfwAAAJhG7v6vxi1N9r/+X/+v/9f/6//1//uk/9f/L9H/6/+3/H79v/6fdaP1/7n7vxa3NNn/AAAA0EHu/q/HLfY/AAAATCN3/zfiFvsfAAAAppG7/5txS5P9P3P/v/Q/0/+fo//X/+/0//r/PdP/6/+X6P/1/1t+v/5f/8+60fr/3P3filua7H8AAADoIHf/t+MW+x8AAACmkbv/O3GL/Q8AAADTyN3/3bilyf6fuf9fov8/R/+v/9/p//X/e6b/1/8v0f/r/7f8fv2//p91p9T/n90d0f/n7v9e3NJk/wMAAEAHufu/H7fY/wAAADCN3P0/iFvsfwAAAJhG7v4fxi3z7P/73LLwi/r/E+//D34T6f/1/zv9v/5f/39A/6//X6L/1/9v+f36f/0/60b7/n/u/h/FLfPsfwAAAGgvd/+P4xb7HwAAAKaRu/8ncYv9DwAAANPI3f/TuKXJ/r+S/f/h5nbS/t/3//X/I/f/V+30//r/K0z/r/9fov/X/2/5/fp//T/rRuv/c/f/LG5psv8BAACgg9z9P49b7H8AAACYRu7+X8Qt9j8AAABMI3f/L+OWJvvf9//1//r/Vv2/7//r/684/b/+f4n+X/+/5fdn/5+/7/T/+n/+32j9f+7+X8UtTfY/AAAAdJC7/9dxi/0PAAAA08jd/5u4xf4HAACAaeTu/23c0mT/6//1//p//b/+X/+/T/p//f8S/b/+f8vv9/1//T/rRuv/c/ffGrc02f8AAADQQe7+38Ut9j8AAABMI3f/7+MW+x8AAACmkbv/trilyf7X/+v/p+z/76r/1//r/0eh/9f/L9H/6/+3/H79v/6fdaP1/7n7/xC3NNn/AAAA0EHu/j/GLfY/AAAATCN3/5/iFvsfAAAAppG7/89xS5P9r//X/198/3+2/rqH7f99/1//r/8fxrz9/130//r/y+7/b7zp3I/1/9t8v/5f/8+60fr/3P1/iVua7H8AAADoIHf/X+MW+x8AAACmkbv/b3GL/Q8AAADTyN3/97ilyf7X/+v/p/z+v/5f/6//H8a8/b/v/+v/ff9f/6//1/+zZrT+P3f/P+KWJvsfAAAAZnF24ddy9/8zbrH/AQAAYBq5+/8Vt9j/AAAAMI3c/f+OW5rsf/2//l//r//X/+v/90n/r/9fov/X/2/5/fp//T/rRuv/c/f/NwAA//81KzOQ")
r2 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400)
r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x6042, 0x144)
sendfile(r3, r2, 0x0, 0x80000002)
r4 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r4, 0x4c09, 0x8000)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000080), &(0x7f0000000200)=0x4)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0)
syz_clone(0x40204400, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000300000008"], 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x8})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x5})
[ 74.557047][ T5320] Bluetooth: hci0: command tx timeout
[ 74.912726][ T5340] loop0: detected capacity change from 0 to 32768
[ 74.956798][ T25] audit: type=1800 audit(1752550216.378:2): pid=5340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=4 res=0 errno=0
[ 75.038268][ T5341] metapage_write_end_io: I/O error
[ 75.044759][ T5340] Buffer I/O error on dev loop0, logical block 228, async page read
[ 75.050112][ T5341] ERROR: (device loop0): release_metapage: metapage_write_one() failed
[ 75.050112][ T5341]
[ 75.054759][ T5341] getblk(): invalid block size 4096 requested
[ 75.058736][ T5340] Buffer I/O error on dev loop0, logical block 229, async page read
[ 75.062489][ T5340] Buffer I/O error on dev loop0, logical block 230, async page read
[ 75.067616][ T5341] logical block size: 32768
[ 75.069630][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full)
[ 75.069648][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.069656][ T5341] Call Trace:
[ 75.069662][ T5341]
[ 75.069668][ T5341] dump_stack_lvl+0x189/0x250
[ 75.069693][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.069709][ T5341] ? __pfx__printk+0x10/0x10
[ 75.069731][ T5341] ? fs_reclaim_acquire+0x7d/0x100
[ 75.069751][ T5341] bdev_getblk+0x5b0/0x690
[ 75.069782][ T5341] __bread_gfp+0x89/0x3c0
[ 75.069802][ T5341] readSuper+0xdb/0x270
[ 75.069820][ T5341] updateSuper+0x1cf/0x5d0
[ 75.069839][ T5341] jfs_error+0x198/0x2c0
[ 75.069858][ T5341] ? __pfx_jfs_error+0x10/0x10
[ 75.069877][ T5341] ? __mark_inode_dirty+0x3ab/0xdf0
[ 75.069898][ T5341] ? filemap_dirty_folio+0x13d/0x190
[ 75.069915][ T5341] release_metapage+0x60f/0xac0
[ 75.069937][ T5341] diAllocAG+0x1749/0x1df0
[ 75.069966][ T5341] ? __pfx_diAllocAG+0x10/0x10
[ 75.069981][ T5341] ? dbNextAG+0x52e/0x640
[ 75.069997][ T5341] ? do_raw_spin_lock+0x121/0x290
[ 75.070019][ T5341] diAlloc+0x1d5/0x1680
[ 75.070031][ T5341] ? do_raw_spin_unlock+0x4d/0x240
[ 75.070049][ T5341] ? new_inode+0x150/0x170
[ 75.070069][ T5341] ialloc+0x8c/0x8f0
[ 75.070083][ T5341] jfs_mkdir+0x193/0xa70
[ 75.070103][ T5341] ? __pfx_jfs_mkdir+0x10/0x10
[ 75.070137][ T5341] ? generic_permission+0x2e5/0x690
[ 75.070158][ T5341] ? inode_permission+0x149/0x470
[ 75.070173][ T5341] ? may_create+0x227/0x320
[ 75.070182][ T5341] ? bpf_lsm_inode_mkdir+0x9/0x20
[ 75.070202][ T5341] vfs_mkdir+0x303/0x510
[ 75.070219][ T5341] do_mkdirat+0x247/0x590
[ 75.070234][ T5341] ? __pfx_do_mkdirat+0x10/0x10
[ 75.070249][ T5341] ? getname_flags+0x1e5/0x540
[ 75.070265][ T5341] __x64_sys_mkdirat+0x87/0xa0
[ 75.070278][ T5341] do_syscall_64+0xfa/0x3b0
[ 75.070340][ T5341] ? lockdep_hardirqs_on+0x9c/0x150
[ 75.070358][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.070370][ T5341] ? clear_bhb_loop+0x60/0xb0
[ 75.070386][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.070398][ T5341] RIP: 0033:0x7f541718e929
[ 75.070410][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 75.070420][ T5341] RSP: 002b:00007f5418081038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 75.070434][ T5341] RAX: ffffffffffffffda RBX: 00007f54173b6080 RCX: 00007f541718e929
[ 75.070443][ T5341] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: ffffffffffffff9c
[ 75.070452][ T5341] RBP: 00007f5417210b39 R08: 0000000000000000 R09: 0000000000000000
[ 75.070460][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 75.070467][ T5341] R13: 0000000000000000 R14: 00007f54173b6080 R15: 00007ffe28e1e1c8
[ 75.070487][ T5341]
[ 75.070500][ T5341] getblk(): invalid block size 4096 requested
[ 75.205500][ T5340] Buffer I/O error on dev loop0, logical block 231, async page read
[ 75.209982][ T5340] lbmIODone: I/O error in JFS log
[ 75.346321][ T5341] logical block size: 32768
[ 75.348405][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full)
[ 75.348423][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.348431][ T5341] Call Trace:
[ 75.348436][ T5341]
[ 75.348444][ T5341] dump_stack_lvl+0x189/0x250
[ 75.348466][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.348482][ T5341] ? __pfx__printk+0x10/0x10
[ 75.348504][ T5341] ? fs_reclaim_acquire+0x7d/0x100
[ 75.348526][ T5341] bdev_getblk+0x5b0/0x690
[ 75.348553][ T5341] __bread_gfp+0x89/0x3c0
[ 75.348569][ T5341] readSuper+0x1ac/0x270
[ 75.348582][ T5341] updateSuper+0x1cf/0x5d0
[ 75.348593][ T5341] jfs_error+0x198/0x2c0
[ 75.348605][ T5341] ? __pfx_jfs_error+0x10/0x10
[ 75.348616][ T5341] ? __mark_inode_dirty+0x3ab/0xdf0
[ 75.348629][ T5341] ? filemap_dirty_folio+0x13d/0x190
[ 75.348639][ T5341] release_metapage+0x60f/0xac0
[ 75.348651][ T5341] diAllocAG+0x1749/0x1df0
[ 75.348668][ T5341] ? __pfx_diAllocAG+0x10/0x10
[ 75.348677][ T5341] ? dbNextAG+0x52e/0x640
[ 75.348685][ T5341] ? do_raw_spin_lock+0x121/0x290
[ 75.348699][ T5341] diAlloc+0x1d5/0x1680
[ 75.348708][ T5341] ? do_raw_spin_unlock+0x4d/0x240
[ 75.348720][ T5341] ? new_inode+0x150/0x170
[ 75.348737][ T5341] ialloc+0x8c/0x8f0
[ 75.348749][ T5341] jfs_mkdir+0x193/0xa70
[ 75.348765][ T5341] ? __pfx_jfs_mkdir+0x10/0x10
[ 75.348784][ T5341] ? generic_permission+0x2e5/0x690
[ 75.348804][ T5341] ? inode_permission+0x149/0x470
[ 75.348814][ T5341] ? may_create+0x227/0x320
[ 75.348821][ T5341] ? bpf_lsm_inode_mkdir+0x9/0x20
[ 75.348835][ T5341] vfs_mkdir+0x303/0x510
[ 75.348851][ T5341] do_mkdirat+0x247/0x590
[ 75.348865][ T5341] ? __pfx_do_mkdirat+0x10/0x10
[ 75.348880][ T5341] ? getname_flags+0x1e5/0x540
[ 75.348894][ T5341] __x64_sys_mkdirat+0x87/0xa0
[ 75.348903][ T5341] do_syscall_64+0xfa/0x3b0
[ 75.348910][ T5341] ? lockdep_hardirqs_on+0x9c/0x150
[ 75.348921][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.348931][ T5341] ? clear_bhb_loop+0x60/0xb0
[ 75.348946][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.348956][ T5341] RIP: 0033:0x7f541718e929
[ 75.348969][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 75.348978][ T5341] RSP: 002b:00007f5418081038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 75.348992][ T5341] RAX: ffffffffffffffda RBX: 00007f54173b6080 RCX: 00007f541718e929
[ 75.349001][ T5341] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: ffffffffffffff9c
[ 75.349009][ T5341] RBP: 00007f5417210b39 R08: 0000000000000000 R09: 0000000000000000
[ 75.349015][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 75.349024][ T5341] R13: 0000000000000000 R14: 00007f54173b6080 R15: 00007ffe28e1e1c8
[ 75.349043][ T5341]
[ 75.349049][ T5341] ERROR: (device loop0): remounting filesystem as read-only
[ 75.486644][ T5341] ==================================================================
[ 75.489963][ T5341] BUG: KASAN: slab-use-after-free in release_metapage+0x760/0xac0
[ 75.493213][ T5341] Read of size 8 at addr ffff888042e16cc0 by task syz.0.0/5341
[ 75.496351][ T5341]
[ 75.497548][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full)
[ 75.497560][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.497566][ T5341] Call Trace:
[ 75.497572][ T5341]
[ 75.497577][ T5341] dump_stack_lvl+0x189/0x250
[ 75.497596][ T5341] ? __virt_addr_valid+0x1c8/0x5c0
[ 75.497614][ T5341] ? rcu_is_watching+0x15/0xb0
[ 75.497630][ T5341] ? __kasan_check_byte+0x12/0x40
[ 75.497647][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.497661][ T5341] ? rcu_is_watching+0x15/0xb0
[ 75.497676][ T5341] ? lock_release+0x4b/0x3e0
[ 75.497690][ T5341] ? __virt_addr_valid+0x1c8/0x5c0
[ 75.497705][ T5341] ? __virt_addr_valid+0x4a5/0x5c0
[ 75.497720][ T5341] print_report+0xca/0x230
[ 75.497728][ T5341] ? release_metapage+0x760/0xac0
[ 75.497736][ T5341] kasan_report+0x118/0x150
[ 75.497745][ T5341] ? release_metapage+0x760/0xac0
[ 75.497757][ T5341] release_metapage+0x760/0xac0
[ 75.497770][ T5341] diAllocAG+0x1749/0x1df0
[ 75.497788][ T5341] ? __pfx_diAllocAG+0x10/0x10
[ 75.497804][ T5341] ? dbNextAG+0x52e/0x640
[ 75.497818][ T5341] ? do_raw_spin_lock+0x121/0x290
[ 75.497835][ T5341] diAlloc+0x1d5/0x1680
[ 75.497848][ T5341] ? do_raw_spin_unlock+0x4d/0x240
[ 75.497865][ T5341] ? new_inode+0x150/0x170
[ 75.497881][ T5341] ialloc+0x8c/0x8f0
[ 75.497892][ T5341] jfs_mkdir+0x193/0xa70
[ 75.497906][ T5341] ? __pfx_jfs_mkdir+0x10/0x10
[ 75.497923][ T5341] ? generic_permission+0x2e5/0x690
[ 75.497943][ T5341] ? inode_permission+0x149/0x470
[ 75.497958][ T5341] ? may_create+0x227/0x320
[ 75.497969][ T5341] ? bpf_lsm_inode_mkdir+0x9/0x20
[ 75.497987][ T5341] vfs_mkdir+0x303/0x510
[ 75.498001][ T5341] do_mkdirat+0x247/0x590
[ 75.498014][ T5341] ? __pfx_do_mkdirat+0x10/0x10
[ 75.498037][ T5341] ? getname_flags+0x1e5/0x540
[ 75.498055][ T5341] __x64_sys_mkdirat+0x87/0xa0
[ 75.498069][ T5341] do_syscall_64+0xfa/0x3b0
[ 75.498082][ T5341] ? lockdep_hardirqs_on+0x9c/0x150
[ 75.498101][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.498114][ T5341] ? clear_bhb_loop+0x60/0xb0
[ 75.498129][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.498140][ T5341] RIP: 0033:0x7f541718e929
[ 75.498153][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 75.498163][ T5341] RSP: 002b:00007f5418081038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 75.498177][ T5341] RAX: ffffffffffffffda RBX: 00007f54173b6080 RCX: 00007f541718e929
[ 75.498185][ T5341] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: ffffffffffffff9c
[ 75.498192][ T5341] RBP: 00007f5417210b39 R08: 0000000000000000 R09: 0000000000000000
[ 75.498199][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 75.498206][ T5341] R13: 0000000000000000 R14: 00007f54173b6080 R15: 00007ffe28e1e1c8
[ 75.498219][ T5341]
[ 75.498223][ T5341]
[ 75.624902][ T5341] Allocated by task 5341:
[ 75.626919][ T5341] kasan_save_track+0x3e/0x80
[ 75.629333][ T5341] __kasan_slab_alloc+0x6c/0x80
[ 75.631645][ T5341] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 75.634151][ T5341] mempool_alloc_noprof+0x1a4/0x510
[ 75.636398][ T5341] __get_metapage+0x509/0xde0
[ 75.638566][ T5341] diAllocAG+0x1666/0x1df0
[ 75.640542][ T5341] diAlloc+0x1d5/0x1680
[ 75.642401][ T5341] ialloc+0x8c/0x8f0
[ 75.644156][ T5341] jfs_mkdir+0x193/0xa70
[ 75.646116][ T5341] vfs_mkdir+0x303/0x510
[ 75.648212][ T5341] do_mkdirat+0x247/0x590
[ 75.650132][ T5341] __x64_sys_mkdirat+0x87/0xa0
[ 75.652262][ T5341] do_syscall_64+0xfa/0x3b0
[ 75.654311][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.656964][ T5341]
[ 75.658119][ T5341] Freed by task 73:
[ 75.659865][ T5341] kasan_save_track+0x3e/0x80
[ 75.662119][ T5341] kasan_save_free_info+0x46/0x50
[ 75.664361][ T5341] __kasan_slab_free+0x62/0x70
[ 75.666553][ T5341] kmem_cache_free+0x18f/0x400
[ 75.668646][ T5341] metapage_release_folio+0x40e/0x540
[ 75.671051][ T5341] shrink_folio_list+0x2113/0x4e90
[ 75.673231][ T5341] evict_folios+0x4447/0x5500
[ 75.675214][ T5341] try_to_shrink_lruvec+0x705/0x990
[ 75.677513][ T5341] shrink_one+0x21b/0x7c0
[ 75.679438][ T5341] shrink_node+0x314e/0x3760
[ 75.681541][ T5341] kswapd+0x147c/0x2830
[ 75.683353][ T5341] kthread+0x70e/0x8a0
[ 75.685131][ T5341] ret_from_fork+0x3fc/0x770
[ 75.687143][ T5341] ret_from_fork_asm+0x1a/0x30
[ 75.689312][ T5341]
[ 75.690487][ T5341] The buggy address belongs to the object at ffff888042e16c98
[ 75.690487][ T5341] which belongs to the cache jfs_mp of size 184
[ 75.696365][ T5341] The buggy address is located 40 bytes inside of
[ 75.696365][ T5341] freed 184-byte region [ffff888042e16c98, ffff888042e16d50)
[ 75.702429][ T5341]
[ 75.703573][ T5341] The buggy address belongs to the physical page:
[ 75.706425][ T5341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42e16
[ 75.710349][ T5341] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 75.713592][ T5341] page_type: f5(slab)
[ 75.715372][ T5341] raw: 04fff00000000000 ffff88801c525c80 dead000000000122 0000000000000000
[ 75.719026][ T5341] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 75.722450][ T5341] page dumped because: kasan: bad access detected
[ 75.724995][ T5341] page_owner tracks the page as allocated
[ 75.727287][ T5341] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5340, tgid 5339 (syz.0.0), ts 74932525096, free_ts 74575791429
[ 75.735099][ T5341] post_alloc_hook+0x240/0x2a0
[ 75.737269][ T5341] get_page_from_freelist+0x21e4/0x22c0
[ 75.739669][ T5341] __alloc_frozen_pages_noprof+0x181/0x370
[ 75.742188][ T5341] alloc_pages_mpol+0x232/0x4a0
[ 75.744286][ T5341] allocate_slab+0x8a/0x3b0
[ 75.746366][ T5341] ___slab_alloc+0xbfc/0x1480
[ 75.748548][ T5341] kmem_cache_alloc_noprof+0x283/0x3c0
[ 75.751115][ T5341] mempool_alloc_noprof+0x1a4/0x510
[ 75.753518][ T5341] __get_metapage+0x509/0xde0
[ 75.755628][ T5341] diReadSpecial+0x25b/0x710
[ 75.757740][ T5341] jfs_mount+0x73/0x870
[ 75.759787][ T5341] jfs_fill_super+0x6bc/0xd90
[ 75.762020][ T5341] get_tree_bdev_flags+0x40e/0x4d0
[ 75.764416][ T5341] vfs_get_tree+0x8f/0x2b0
[ 75.766529][ T5341] do_new_mount+0x24a/0xa40
[ 75.768762][ T5341] __se_sys_mount+0x317/0x410
[ 75.770736][ T5341] page last free pid 1149 tgid 1149 stack trace:
[ 75.773400][ T5341] __free_frozen_pages+0xc71/0xe70
[ 75.775698][ T5341] rcu_core+0xca8/0x1710
[ 75.777682][ T5341] handle_softirqs+0x286/0x870
[ 75.779849][ T5341] __irq_exit_rcu+0xca/0x1f0
[ 75.781955][ T5341] irq_exit_rcu+0x9/0x30
[ 75.783928][ T5341] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 75.786460][ T5341] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 75.789118][ T5341]
[ 75.790262][ T5341] Memory state around the buggy address:
[ 75.792883][ T5341] ffff888042e16b80: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00
[ 75.796511][ T5341] ffff888042e16c00: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[ 75.800117][ T5341] >ffff888042e16c80: fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb
[ 75.803603][ T5341] ^
[ 75.806238][ T5341] ffff888042e16d00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[ 75.810216][ T5341] ffff888042e16d80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 75.813515][ T5341] ==================================================================
[ 75.885788][ T5338] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 75.904159][ T5341] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 75.907367][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full)
[ 75.912232][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.916755][ T5341] Call Trace:
[ 75.918271][ T5341]
[ 75.919632][ T5341] dump_stack_lvl+0x99/0x250
[ 75.921761][ T5341] ? __asan_memcpy+0x40/0x70
[ 75.923851][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.926219][ T5341] ? __pfx__printk+0x10/0x10
[ 75.928362][ T5341] panic+0x2db/0x790
[ 75.930210][ T5341] ? __pfx_preempt_schedule+0x10/0x10
[ 75.932628][ T5341] ? __pfx_panic+0x10/0x10
[ 75.934735][ T5341] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 75.937409][ T5341] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 75.940367][ T5341] ? release_metapage+0x760/0xac0
[ 75.942903][ T5341] check_panic_on_warn+0x89/0xb0
[ 75.945171][ T5341] ? release_metapage+0x760/0xac0
[ 75.947412][ T5341] end_report+0x78/0x160
[ 75.949303][ T5341] kasan_report+0x129/0x150
[ 75.951436][ T5341] ? release_metapage+0x760/0xac0
[ 75.953747][ T5341] release_metapage+0x760/0xac0
[ 75.955954][ T5341] diAllocAG+0x1749/0x1df0
[ 75.957999][ T5341] ? __pfx_diAllocAG+0x10/0x10
[ 75.960148][ T5341] ? dbNextAG+0x52e/0x640
[ 75.962138][ T5341] ? do_raw_spin_lock+0x121/0x290
[ 75.964436][ T5341] diAlloc+0x1d5/0x1680
[ 75.966475][ T5341] ? do_raw_spin_unlock+0x4d/0x240
[ 75.969022][ T5341] ? new_inode+0x150/0x170
[ 75.971359][ T5341] ialloc+0x8c/0x8f0
[ 75.973224][ T5341] jfs_mkdir+0x193/0xa70
[ 75.975158][ T5341] ? __pfx_jfs_mkdir+0x10/0x10
[ 75.977352][ T5341] ? generic_permission+0x2e5/0x690
[ 75.979666][ T5341] ? inode_permission+0x149/0x470
[ 75.981758][ T5341] ? may_create+0x227/0x320
[ 75.983739][ T5341] ? bpf_lsm_inode_mkdir+0x9/0x20
[ 75.985685][ T5341] vfs_mkdir+0x303/0x510
[ 75.987714][ T5341] do_mkdirat+0x247/0x590
[ 75.989727][ T5341] ? __pfx_do_mkdirat+0x10/0x10
[ 75.991895][ T5341] ? getname_flags+0x1e5/0x540
[ 75.993977][ T5341] __x64_sys_mkdirat+0x87/0xa0
[ 75.995976][ T5341] do_syscall_64+0xfa/0x3b0
[ 75.998152][ T5341] ? lockdep_hardirqs_on+0x9c/0x150
[ 76.000504][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.003156][ T5341] ? clear_bhb_loop+0x60/0xb0
[ 76.005183][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.007891][ T5341] RIP: 0033:0x7f541718e929
[ 76.010106][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.018352][ T5341] RSP: 002b:00007f5418081038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 76.022029][ T5341] RAX: ffffffffffffffda RBX: 00007f54173b6080 RCX: 00007f541718e929
[ 76.025590][ T5341] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: ffffffffffffff9c
[ 76.029058][ T5341] RBP: 00007f5417210b39 R08: 0000000000000000 R09: 0000000000000000
[ 76.032431][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 76.035896][ T5341] R13: 0000000000000000 R14: 00007f54173b6080 R15: 00007ffe28e1e1c8
[ 76.039104][ T5341]
[ 76.040773][ T5341] Kernel Offset: disabled
[ 76.042699][ T5341] Rebooting in 86400 seconds..