program: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000e00)='./file0\x00', 0x0, &(0x7f0000000e40), 0x1, 0xd99, &(0x7f0000000e80)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==") renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file7\x00', 0x0) syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x10442, &(0x7f0000000000)={[{@noacl}, {@flushoncommit}, {@usebackuproot}, {@notreelog}, {@compress_force_algo={'compress-force', 0x3d, 'zlib'}}, {@enospc_debug}, {@nodiscard}, {@rescan_uuid_tree}, {@compress}, {@datasum}]}, 0x1, 0x55a8, &(0x7f0000005680)="$eJzs3X1sVWcdB/Bz25UiL21ndGnjCyyOgOAIrk4HRFqLGF7mrG2ygXuhTuPAOSxkiOKadYOQzc1aNot2MphEp0yRSgbIFkdxCegs2UxcV8Ut4OoLjVuY7IW5+ZLee8/l3nNoe4dzndvnQ9pznvs7z3Ofe3L+uN9Ln3MDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIJg3c2d1z3Y1vHyOVt3VN7xxNqGGeue6Tv7C633bn5gUl3FhKebHq1b2bRxevWTbcfO6qlY2D4pCBLJfol0/8U1c+s+V7/44yPDARs+mdqWlQ30lKmuh1ONETkP9vfL/fl0EARFkQEK09s56Z2CnAEyuyviAw5qwcIlO27cNr9vfemc/eO6EwfiL51+I4d7AsMlfV31nryWqpO/CyJHZNpZl14i5xJN9Y9ecK/JiwAAXpFptclN5u1o+i1upt0crUfa1ZF2a6QdvkNozW6cjtS4Iwaa5/hofZjmWZ2KCsUDzjNST5//TLs22j/SjkSNVzDP3EPTkWbkQPNsjNSHa54AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAryfvrfzLzOUv3l4yonvp9b9f86Gb5nVXvvuRr5XfUzn3Rx3L2u776qN1K5s2Tq9+su3YWT0VC9snBUFZsl8i1T1x3WVHV9WN+1jNN3754Z9eOfrOawvT44bbM7IODnrCnemlQXBlVqU3HPZoSRDU5haSzaA9Xlia3JkXFgAAAHgjqUj+Lsi0U3GwKKedSKbJRPJfKBUWFyxcsuPGbfP71pfO2T+uO3Hg9MerHWC86lOOl2mXnfxJZAXjMP5GxztZDw9dERtncNERo3n+4u27941Ztf6C5S90XjJz9l/P772h85kpVbd+/cExl25Z8c25K2P5v2zw/B+eOfkfAACA/4b8Hx1ncEPl/+Jv//aHrd95V9/2vU8d3fS3rc2r6584saGt/n0rJ9f//YJzW1+M5f/xOU8Zy//hjMP8XxCcXv4HAACA17P/df6vjo0zuKHy/4aqd0xZc33XHZsnbhp76+pn//HS/TMe/nnxZ6Yuftvsp/bN3Lg7lv+n5Zf/z8iedvhgVzjhq0uDYFr+JxUAAADIEf6/+8mPFsK8nvrkIJrXb9tVtXfbxglfunzMn+8+N3Fi77KpNe2bj/zhoi3fTdw7veVITyz/V+eX/4tem5cLAAAA5KHx8YOX3fzr8S99qqb97l1rv79s1vbjDTs3Pd2deGvlvJaWL7bE8n9tfvm/eHheDgAAAHAKSy685hcX94296fjSP5W09jY377m84tBD1z72x6bF35v1z/JtV8Tyf0N++X9Uepte+ZDqtD/8K4TbS4NgZP9OY6pwIGityhQAAACAV0mY0888/9LPN03YXjrxW7OvuGb5nh+0H9x625EP9p5z1Vcq1v7uuXUfiOX/xsHv/x/e6SBc/59z/7/Y+v+sQuqufzPdGAAAAIA3o/h6/vD2+KlvLhjo+/fzXf9f3LWq7bld71nQXFN7/32PTX1o0aHnJ24Zs+eW5q6qd3Z/ufztsfzfnF/+L8zevprf/wcAAACn4f/t+/8WxcYZ3FD3/3/h5Z2HZx286N+/+ejaO8e2bOhJ/Kppzc+e7Tm88+jkH1ecN/ktsfzfml/+D7ejs19eZ3h+1pQGQXn/TvpuglvD6V4dKXQUZRVSJz7Soz7skS50FGcVkhojPc4rDYKz+3eaI4Uzw0JrpHCsJF24K1J4OCykr4dM4SeRQmd4pW0oSU83WtgdFtILLDrCFRSjM0siIj2OD9Sjv3DKHocyTw4AAPCmEobndJYtym0G0SjbkRjqgFFDHVAw1AGFQx1wRuSA6IEDPR405BYyA144v+D99zzw+A1TP7tvxiOjPnLV7Ckn1q/+V1fbJ55fXd+46JJY/r8rv/wfnooRqc1A6/+DcP1/+nsNM+v/G8JCWaTQERZqo3cMqA2fIxV2bwmfo6w23eNYeaYAAAAAb2jh5wKFwzwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+wd+9xUlV3gsBPN/2EpmkNiaAEezBiMKFpBBI1ukFMjKujaUkwZmJi82hJh0aQh4qLE3wkGYX4WDGRjI6wjgkaJcTEFaMOrJMoM0N8P+IjjFk1SnyBuu66rrqf7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAfw4LfnrVx4MgX/n5lv+MPX/KPa/a5e4+njjnt+ZVrjn3p289tXts46qGJ88+64qDxT122+WN/GHzCsk+G0NJVriwpXrbwxE2nT9z7iAkXrT/0l1P6XTmvKlNvJh76df4pz9w5L7b6dP8Qbi4LoSIdGFmXBCoz9+tifUPqQtgtbA1kS7T1TUqkGw6/qw1hedgayFZ1S20IdTmBr95/x9ofdiaW1oawbwihOt3GH6uTNmrTgeFVSaBvOjCrIgn873cS2cCa8iQA2y2+GbIv+tUt+Rkaui9X5PVXucM69sFKD69PTDQUz/fiYTu5Uzmq0g+0bNfTVlAdO0XB22Odd1sveLcVbOeLPW25X6Qy31De2RqqDuXT2k6ePL9jXnykPDQ19SlW0056nh/bsnDqtqR7zeswdqBhh7wON1/+yqTm/scMumHCpiFjT1q2bHu7WWzz7mzVIfOa6zXPYzTe50kvePsVfEtq9KUrhPCfvzvm7BMrDjritoOXvjHm8Gv67TXp84fu9uI1bR/f+/jd7/rymZsK5v8N7z7/jy/neFuelzu2+mZ9MjePj9TFxMv1ydwcAAAAeo3esNf00h+Nmtrv6FsfnVy556xFf//fhrVeMXDT+YNu3f8PBzUd8ZVBK75eMP9vLO34fzzkX5c72nUhjO9KnDsghEFdjyeBa2N3pgwI4a+6Ui35gcNSgXUhDO5KjMhWlSpRE0s0pgLP1mcC41OBO2OgJRW4JgYuTgXOi4HVqcDUGFiXCkyIgdCeP4796zPjKDlQGwOtyUZcHc9CeLU+tpbaVo9nqwIAANhBMrPDyvy7Oec6bG+GOL1cXdtThngGdtEM1aka0jPY7LSqaA0VPdVQ3lMN2XEvevfhF9Rc1lPNBadhlOVnuK/h6sOH3vv2dTO+sLF90BnrP/XZ139xxoVXXvbM/5nyP0Yt/PQPniuY/ze/+/y/upuOlBUc/w/huK6/MXd5JtKRjbe25GUAAAAAtsPgyiVrnj6070+O2vj0859af/nAe25bf+0PDrju4dbyh/dcumrQXgXz//Glnf8f94n0yckcNsTdEDMGhNCcH0iq/VxhIDnq3S8TAAAAgN4gezw+eyy8PXObnKKdnk8X5m/ZxvzxwP/4bvPXXPDc93+37JL/d+XU//5fvzDt53/35W8997nqo74258ZvH/3vIyb/rPD3/y2lnf/fN/826cSdsReXDgihJidwV+xlZ6BLYww8+fn8QGb8d8YNsDhWlTkxIVvV4liiNQaaU4HlxUrcmy0xKD+QebKyjZ+bHUd7pkROAAAAAN53cXdAPC4fz/+vn/yjw7dc8Ppfr3/r+WUvPfrCD/Yd9tnW4f8w+NbPDP/u7z+z70MLC+b/rdt2/n/XPLjg9P6OfiGMqgihT/qHARv6JgsDxkBdWSZxe9+krj7pqs7uG8IhnQNLV/WnzPr/Fek1Bu+vTaqKgUHDVm4Z3pm4ujaEUbmBh7+xYlxnYl4qkG18Um0Ie3eONt34TTVJ45Xpxn9cE8LQnEC2qik1IXQ2VpWu6o7qzHUM0lX9ojqEj+QEslV9pjqEBQGAXir+K52W++DcBWfOmNzR0TZnJybiPvzacHJ7R1vT1Fkd06qL9Glaqs95yxidXTimUq9880RmiaIHL3i0oZR09neCzbltZfbjF5w4mLkfvwtVdo3zgMq8u2PSQ/7kPoVNhJxvUsWGXL6Th9w3t5KtT2JB/TF/VegXaubPbZvTdMbkefPmjE7+lpr9gORvPMyUbKvR6W3Vt7u+lfDyKLpaVsp73Vb75VYyat7M2aPmLjhzZPvMydPbpredMubAsWMPHDd29JhxozpH1Zz87WGo+3VXdWqo76wocVw7cKh7VuRU8n58akhISPS2xE3HXt/4QMf1d9S2jbz/4I6T7r5q1r8+Pv6MI3/b9K9L5q9aULlHwfx/9rvP/+OnTvzkz6zPUOz4f0M8zJ88vvUwf2sMLC/1+H9DsaP52RMDGlOBRTGwyGF+AAAAPhzi7si4NzPulb59yZbV9x7/0Z8ffOnvd/9szdy9Nkz98XXfa3up5leHtf954qFNhxXM/xeV9vv/HbT+f3bp+qOKLfM/IpZoLrb+f3qZ/+z6/4uKrf+fXuY/u/7/8g9g/f/52UBqk7xq/X8AAODD4P1b/7/H5f3TFwgoyNDj8v7pCwQUZOhxGf9SLxCwzev/n1Yz7K9PvOCLVVu+NOCV1Xfs+/NPTD/+xX9/fObfnDjyiC+eNOXTtxbM/y8ubf5v4X4AAADYdXzptz9tv3vsWQOffO2fxpy+uO3UtRdM+p+zrr9nn8fXr7qqz5SNTxTM/5eXNv9//9f/C8XO/28sFmgptjCg9f8AAADopYqt/3fTg7W/OXrw2Q2vnrr8uoF7P3TqgDk3PvjAk3cNG3pR1U0L5i95oGD+v7q0+X887aI8L3fszZv1yZp2Ib2m3cv12Z8MAAAAQO9QHpqaKkvMm7cy6mHvvc3HMkuBvls617n/aey6B154e/GU855d+eKNT97/sZdPue3q7/3jF05/7cKhI8cvHlow/19X2vw/73cZmy9/ZVJz/2MGvXnDhE1Dxp60bNnW4/8AAADAzlPqfgkAAAAAAAAAAAAAAOCD98aKlv97x/5/PrDj8U+sqfvEhCea9h8y8adXVp/z6+8/84vW6b9cWvD7/3BcV7liv/+P1/2Lvy8YmJc7ttrz+n+Z+189etWCriULN9SHsE9uYMY5M3YLmWvz75cbWPvNEXt0Js5Jl7ht44RnOhMnpQNHjtz99c7EIalAa1wkcXA6EK+q+Hr/VCAur/hAOhC3x+p0oCoTOL9/Mo6y9LbaVJdsq7L0tnqsLoQBOYHstrq5LmmjLD3ApalAdoCnpgNxgMdmAuXpXq3ql/QqBupi0av6Jb0CAGCXFb8FVoaT2zvamuNX+Hi7Z0X+bZS3ZNnZhdWWldj8E5mlyR684NGGUtJ90t9Ft15rvDJUdw5hdMHX1dwsZV2j3DG19LDpBhYZck+rvZUXKZe2rZuuqviIapMRNU2d1TGtsseBj+k5ywEVPWYZXTDZyc1S3rVJS6ilhL6UMKISt00JXY73y0NTU59UroNjsCHk6ekVUerv9XPX+Sv2KsjNc8LuW2b+y9FXffPvNvxpw7TzL51wRNmzx1yz9oq3Nj75N4+33/jyfymY/zeUNv+vzh3X65mLASyKV9b73IAQWkscEQAAAHz43fDd6288Ydadm05eV/HIfffNKP/yCZXvLPz1wjO/99jti488/9M/2974WafV7f5kxU//+YRTvtEwfdrev6756GXnvbX21M2nvla/36u153+0YP7fWNr8P+7ByhwKTvZ2rIvX/z93QAhdl9ZvSALXxuFOGRDCX3WlWmKJ5IL6R8USzUng2rjDZEQs0dqSX1VNDKxOBZ6tzwTWpQJ3xkBmL8XKkNmVc0l9COO6Usfll5gdSzSkAl+OgcZUoCkGmlOB/jEwPhV4oX8m0JIK/FsMhPb8bfWr/pltBQAAsC0y86zK/LshPc9bXdFThrKeMvTtKUN5Txmqe8pQbBTx/o0xQ2Xq5JWynEyV6VprU7UUZIgXw9/mfhVkCPfm50wXLGg6nn+QPd+gLD/Dxx+6es131nzhpWN/s+SyN+99qvxHQ1Z8t7H2rXUbLvnxsLG7v/iDgvl/c2nz/775t0nrd8b5/9br/yWBu2L3Lo2njjfGwJOfzw9kdgzcGSe7i7NVtWRKZCbti2OJ8THQmArMjoHxqUDrcZnA8j3yA5mZdrbxc7ONt2dK5AQAAADgfRd3EMTdNHH+P7Nu0sRxo36y5I3lMxetffvCFy5ccXvHq5XjNr52zae+1ufx4bcXzP/Hlzb/j+31y23svNibp/uHcHPZ1t5kAyPrkkDcj1EXfx4/pC6E3XJ2cGRLtPVNSlSlGg6/q01+oV6VruqW2mSNgXj/q/ffsfaHnYmltSHsm7P3JdvGH6uTNmrTgeFVSaBvOjCrIgnEPT/ZwJryJADbLbtXML6gMqe6ZDV0X67I6+/Dck3Q9PAK9oF2k6+731ztLNXpBzL7VLO27WkrqI6douDtsc67rTe+2xq823K/SGW+obyzNVQdyqe1nTx5fse8+EjuL1kL7KTnOfdXqqWkd8DrcNF7723PqtMdaE59fDR3X67712FZrG7z5a9Mau5/zKAbJmwaMvakZctK7kYR8YfCI9ZM2i138+5s1SHzmut1nyctPk9647+BRk9bCGH/1pdu7X/wv+310MmrvzVqr8Hj/vJPTxwZHnl46T4Ljrlo5T63HFUw/28pbf5fkbrt8kbcmHMHhPDJnI27IW7+wwckn4M5geRT8iOFgeSQ+1P1RT85AQAAYEfL7u7I7i9oz9wmJ4Sn58mF+Vu2MX/cXzG+2/yl9vu1b7z49ozTvn7Lpe+E/oc3jJ2/5ZLjZm2cseaFh6b/cdV1x7a+UTD/b333+X9NqpuO/zv+z07i+H+3dvVd0TXpBxZt167ogurYKRz/79au/m5z/L9bjv87/t8dx/974Ph/t3b1p63gW9JsX7pCCHcf9Naqv7305iX/63uTh3xq7aTGeyq+f9iM368cvu6+q75y+5FffLlg/j+7tPm/9f+6X7Qvu/5fa7H1/2YXW/9vkfX/AACAnarIQnPpeV7B6n0FGdKr9xVk6HGBwB6XGLT+3zav//f82qf+XHf8+p/86qKqRz5y+ohBQ0945sDpl1859IcPbNz87P5f21gw/19U2vw/vhz65bbeW9b/azyuSFUXx8BsCwMCAACwKyq2gwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAP1nlfP+u0xcNem/bP35p4991fuW7PsqFPPPIPf/nWPafUHvLCd2YM/PhDE+efdcVB45+6bPPH/jD4hGWfDKG9q1xZUrxs4YmbTp+49xETLlp/6C+n9LtyXnWm3srM7V55uWOrb9aHsDznkbqYeLm+887WwFePXrWgojOxoT6EfXIDM86ZsVtn4pr6EPbLDaz95og9OhPnpEvctnHCM52Jk9KBI0fu/npn4pBMoCzd3Sv6J90tS3f3h/1DGJATyHb3O/3zq8q28aVMoDzdxs/qkjZioC4WvbwuaSMGOmKJ9poQRlWE0Cdd1b9UJ1X1SVf1m+qkqj7pqv62OoRDQggV6ao2ViVVVaRHfk9VUlUMDBq2csvwzsTyqhBG5QYe/saKcZ2JU1OBbOMTq0LYu/Mlk278xsqk8cp040srQxgaQqhKl3itIilRlS7xp4oQPpITyDb+7YoQFgQ+FOKHz7TcB+cuOHPG5I6Otjk7MVGVaas2nNze0dY0dVbHtOpUn4opy0m/c/Z7H/sTWxZO7bx98IJHG0pJV2TKVXZ1+YDKvLtjdvXex371za1k6/NRUH/MXxX6hZr5c9vmNJ0xed68OaOTv6VmPyD52ycTTbbV6N6yrfbLrWTUvJmzR81dcObI9pmTp7dNbztlzIFjxx44buzoMeNGdY6qOfm7I4a64v0f6p4VOZW8Hx8AEhISvS1Rnvfp1ryrf5AXfNHf2tHKUN31AV0wrcjNUtY1yh0x6MPe44jfy/eUHkc0umDiUJDlgJ6zjCmYTGzNUptk6fpeVzA5zK2pvGuTxvvloampT7Ht0JB/N3fzvrgdm/exzKYrNQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/H924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADApQAAAP//j/n+Zw==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000)) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r3, 0x40045304, &(0x7f0000000100)={{}, {0x0, 0x3}, 0x2}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0x8, 0x1, 0x0, {0xfffff8a5, 0xfffffffe}, 0x5, 0x296}) r4 = io_uring_setup(0x4a7e, &(0x7f0000000140)={0x0, 0x7e16, 0x8, 0x3, 0x70}) r5 = io_uring_setup(0x492e, &(0x7f0000000300)={0x0, 0x4098, 0x10, 0x0, 0xbd, 0x0, r4}) r6 = io_uring_setup(0x65f, &(0x7f0000001740)={0x0, 0x7b7d, 0x1000, 0x0, 0x2, 0x0, r5}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r6, 0x1a, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@setneightbl={0x68, 0x43, 0x2, 0x70bd28, 0x25dfdbfe, {0x7}, [@NDTA_THRESH2={0x8, 0x3, 0xa86}, @NDTA_THRESH2={0x8, 0x3, 0x7}, @NDTA_PARMS={0x44, 0x6, 0x0, 0x1, [@NDTPA_IFINDEX={0x8, 0x1, r2}, @NDTPA_PROXY_DELAY={0xc, 0xd, 0x1}, @NDTPA_PROXY_DELAY={0xc, 0xd, 0x1}, @NDTPA_GC_STALETIME={0xc}, @NDTPA_PROXY_DELAY={0xc, 0xd, 0x3}, @NDTPA_UCAST_PROBES={0x8, 0xa, 0x7ff}]}]}, 0x68}}, 0x0) [ 58.781931][ T5308] Bluetooth: hci0: command tx timeout [ 58.794503][ T5324] loop0: detected capacity change from 0 to 4096 [ 58.832078][ T5327] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 59.204632][ T5308] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 [ 59.208514][ T5308] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5308, name: kworker/u5:2 [ 59.213103][ T5308] preempt_count: 0, expected: 0 [ 59.215379][ T5308] RCU nest depth: 1, expected: 0 [ 59.217368][ T5308] 4 locks held by kworker/u5:2/5308: [ 59.219539][ T5308] #0: ffff888042e5d948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 59.224460][ T5308] #1: ffffc9000d1dfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 59.229072][ T5308] #2: ffff888043830078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 59.235319][ T5308] #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 59.240875][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/u5:2 Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0 [ 59.244843][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.248756][ T5308] Workqueue: hci0 hci_rx_work [ 59.250697][ T5308] Call Trace: [ 59.251999][ T5308] [ 59.253154][ T5308] dump_stack_lvl+0x241/0x360 [ 59.254898][ T5308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.256850][ T5308] ? __pfx__printk+0x10/0x10 [ 59.258650][ T5308] __might_resched+0x5d4/0x780 [ 59.260474][ T5308] ? __mutex_lock+0x112/0xd70 [ 59.262218][ T5308] ? __pfx___might_resched+0x10/0x10 [ 59.264222][ T5308] __mutex_lock+0xc1/0xd70 [ 59.265918][ T5308] ? __pfx_lock_acquire+0x10/0x10 [ 59.267778][ T5308] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 59.270379][ T5308] ? __pfx_lock_release+0x10/0x10 [ 59.272233][ T5308] ? __pfx___mutex_lock+0x10/0x10 [ 59.274158][ T5308] ? trace_contention_end+0x3c/0x120 [ 59.276165][ T5308] ? skb_pull_data+0x112/0x230 [ 59.278004][ T5308] ? hci_conn_set_handle+0x9a/0x270 [ 59.279940][ T5308] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 59.282280][ T5308] ? __copy_skb_header+0x437/0x5b0 [ 59.284254][ T5308] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 59.286465][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 59.288943][ T5308] ? hci_le_meta_evt+0x366/0x580 [ 59.290793][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 59.293249][ T5308] hci_event_packet+0xa55/0x1540 [ 59.295147][ T5308] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 59.297076][ T5308] ? __pfx_hci_event_packet+0x10/0x10 [ 59.299067][ T5308] ? get_conn_info_sync+0x40/0x300 [ 59.301027][ T5308] ? kcov_remote_start+0x97/0x7d0 [ 59.302988][ T5308] hci_rx_work+0x3fe/0xd80 [ 59.304595][ T5308] ? process_scheduled_works+0x976/0x1850 [ 59.306591][ T5308] process_scheduled_works+0xa63/0x1850 [ 59.308618][ T5308] ? __pfx_process_scheduled_works+0x10/0x10 [ 59.310761][ T5308] ? assign_work+0x364/0x3d0 [ 59.312362][ T5308] worker_thread+0x870/0xd30 [ 59.314042][ T5308] ? __kthread_parkme+0x169/0x1d0 [ 59.315818][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 59.317625][ T5308] kthread+0x2f0/0x390 [ 59.319095][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 59.320882][ T5308] ? __pfx_kthread+0x10/0x10 [ 59.322649][ T5308] ret_from_fork+0x4b/0x80 [ 59.324346][ T5308] ? __pfx_kthread+0x10/0x10 [ 59.326099][ T5308] ret_from_fork_asm+0x1a/0x30 [ 59.327884][ T5308] [ 59.336783][ T5308] [ 59.337828][ T5308] ============================= [ 59.339669][ T5308] [ BUG: Invalid wait context ] [ 59.341516][ T5308] 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0 Tainted: G W [ 59.344881][ T5308] ----------------------------- [ 59.346708][ T5308] kworker/u5:2/5308 is trying to lock: [ 59.348779][ T5308] ffffffff8fe402a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0 [ 59.352679][ T5308] other info that might help us debug this: [ 59.354929][ T5308] context-{4:4} [ 59.356237][ T5308] 4 locks held by kworker/u5:2/5308: [ 59.358179][ T5308] #0: ffff888042e5d948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 59.362321][ T5308] #1: ffffc9000d1dfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 59.366860][ T5308] #2: ffff888043830078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 59.370881][ T5308] #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 59.374857][ T5308] stack backtrace: [ 59.376297][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0 [ 59.380688][ T5308] Tainted: [W]=WARN [ 59.382114][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.386220][ T5308] Workqueue: hci0 hci_rx_work [ 59.388064][ T5308] Call Trace: [ 59.389476][ T5308] [ 59.390738][ T5308] dump_stack_lvl+0x241/0x360 [ 59.392792][ T5308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.395018][ T5308] ? __pfx__printk+0x10/0x10 [ 59.396691][ T5308] __lock_acquire+0x154a/0x2050 [ 59.398514][ T5308] lock_acquire+0x1ed/0x550 [ 59.400202][ T5308] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 59.402431][ T5308] ? __pfx_lock_acquire+0x10/0x10 [ 59.404301][ T5308] ? __mutex_lock+0x112/0xd70 [ 59.406054][ T5308] ? __pfx___might_resched+0x10/0x10 [ 59.407904][ T5308] __mutex_lock+0x136/0xd70 [ 59.409508][ T5308] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 59.411778][ T5308] ? __pfx_lock_acquire+0x10/0x10 [ 59.413691][ T5308] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 59.415997][ T5308] ? __pfx_lock_release+0x10/0x10 [ 59.417785][ T5308] ? __pfx___mutex_lock+0x10/0x10 [ 59.419653][ T5308] ? trace_contention_end+0x3c/0x120 [ 59.421678][ T5308] ? skb_pull_data+0x112/0x230 [ 59.423499][ T5308] ? hci_conn_set_handle+0x9a/0x270 [ 59.425371][ T5308] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 59.427614][ T5308] ? __copy_skb_header+0x437/0x5b0 [ 59.429478][ T5308] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 59.431801][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 59.434328][ T5308] ? hci_le_meta_evt+0x366/0x580 [ 59.436193][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 59.438560][ T5308] hci_event_packet+0xa55/0x1540 [ 59.440373][ T5308] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 59.442344][ T5308] ? __pfx_hci_event_packet+0x10/0x10 [ 59.444353][ T5308] ? get_conn_info_sync+0x40/0x300 [ 59.446314][ T5308] ? kcov_remote_start+0x97/0x7d0 [ 59.448257][ T5308] hci_rx_work+0x3fe/0xd80 [ 59.449889][ T5308] ? process_scheduled_works+0x976/0x1850 [ 59.451953][ T5308] process_scheduled_works+0xa63/0x1850 [ 59.454095][ T5308] ? __pfx_process_scheduled_works+0x10/0x10 [ 59.456193][ T5308] ? assign_work+0x364/0x3d0 [ 59.457885][ T5308] worker_thread+0x870/0xd30 [ 59.459590][ T5308] ? __kthread_parkme+0x169/0x1d0 [ 59.461457][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 59.463526][ T5308] kthread+0x2f0/0x390 [ 59.465061][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 59.467028][ T5308] ? __pfx_kthread+0x10/0x10 [ 59.468844][ T5308] ret_from_fork+0x4b/0x80 [ 59.470553][ T5308] ? __pfx_kthread+0x10/0x10 [ 59.472201][ T5308] ret_from_fork_asm+0x1a/0x30 [ 59.474178][ T5308] [ 59.484161][ T5308] ================================================================== [ 59.487009][ T5308] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0 [ 59.490115][ T5308] Read of size 8 at addr ffff888043be0000 by task kworker/u5:2/5308 [ 59.492851][ T5308] [ 59.493652][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0 [ 59.497666][ T5308] Tainted: [W]=WARN [ 59.499146][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.503174][ T5308] Workqueue: hci0 hci_rx_work [ 59.504904][ T5308] Call Trace: [ 59.506207][ T5308] [ 59.507347][ T5308] dump_stack_lvl+0x241/0x360 [ 59.509121][ T5308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.511125][ T5308] ? __pfx__printk+0x10/0x10 [ 59.512830][ T5308] ? _printk+0xd5/0x120 [ 59.514388][ T5308] ? __virt_addr_valid+0x183/0x530 [ 59.516304][ T5308] ? __virt_addr_valid+0x183/0x530 [ 59.518191][ T5308] print_report+0x169/0x550 [ 59.519841][ T5308] ? __virt_addr_valid+0x183/0x530 [ 59.521690][ T5308] ? __virt_addr_valid+0x183/0x530 [ 59.523535][ T5308] ? __virt_addr_valid+0x45f/0x530 [ 59.525521][ T5308] ? __phys_addr+0xba/0x170 [ 59.527214][ T5308] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 59.529612][ T5308] kasan_report+0x143/0x180 [ 59.531296][ T5308] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 59.533705][ T5308] hci_le_create_big_complete_evt+0x383/0xae0 [ 59.536032][ T5308] ? __copy_skb_header+0x437/0x5b0 [ 59.538077][ T5308] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 59.540505][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 59.543124][ T5308] ? hci_le_meta_evt+0x366/0x580 [ 59.544954][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 59.547388][ T5308] hci_event_packet+0xa55/0x1540 [ 59.549277][ T5308] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 59.551322][ T5308] ? __pfx_hci_event_packet+0x10/0x10 [ 59.553383][ T5308] ? get_conn_info_sync+0x40/0x300 [ 59.555276][ T5308] ? kcov_remote_start+0x97/0x7d0 [ 59.557074][ T5308] hci_rx_work+0x3fe/0xd80 [ 59.558718][ T5308] ? process_scheduled_works+0x976/0x1850 [ 59.560751][ T5308] process_scheduled_works+0xa63/0x1850 [ 59.562752][ T5308] ? __pfx_process_scheduled_works+0x10/0x10 [ 59.564855][ T5308] ? assign_work+0x364/0x3d0 [ 59.566592][ T5308] worker_thread+0x870/0xd30 [ 59.568483][ T5308] ? __kthread_parkme+0x169/0x1d0 [ 59.570466][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 59.572558][ T5308] kthread+0x2f0/0x390 [ 59.574135][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 59.576089][ T5308] ? __pfx_kthread+0x10/0x10 [ 59.577885][ T5308] ret_from_fork+0x4b/0x80 [ 59.579547][ T5308] ? __pfx_kthread+0x10/0x10 [ 59.581237][ T5308] ret_from_fork_asm+0x1a/0x30 [ 59.583123][ T5308] [ 59.584316][ T5308] [ 59.585247][ T5308] Allocated by task 5308: [ 59.586863][ T5308] kasan_save_track+0x3f/0x80 [ 59.588650][ T5308] __kasan_kmalloc+0x98/0xb0 [ 59.590506][ T5308] __kmalloc_cache_noprof+0x19c/0x2c0 [ 59.592651][ T5308] __hci_conn_add+0x2f9/0x1850 [ 59.594595][ T5308] hci_le_big_sync_established_evt+0x414/0xc20 [ 59.597388][ T5308] hci_event_packet+0xa55/0x1540 [ 59.599556][ T5308] hci_rx_work+0x3fe/0xd80 [ 59.601603][ T5308] process_scheduled_works+0xa63/0x1850 [ 59.603895][ T5308] worker_thread+0x870/0xd30 [ 59.605717][ T5308] kthread+0x2f0/0x390 [ 59.607277][ T5308] ret_from_fork+0x4b/0x80 [ 59.609015][ T5308] ret_from_fork_asm+0x1a/0x30 [ 59.610798][ T5308] [ 59.611725][ T5308] Freed by task 5308: [ 59.613465][ T5308] kasan_save_track+0x3f/0x80 [ 59.615227][ T5308] kasan_save_free_info+0x40/0x50 [ 59.617157][ T5308] __kasan_slab_free+0x59/0x70 [ 59.618986][ T5308] kfree+0x1a0/0x440 [ 59.620504][ T5308] device_release+0x99/0x1c0 [ 59.622369][ T5308] kobject_put+0x22f/0x480 [ 59.624104][ T5308] hci_conn_del+0x8c4/0xc40 [ 59.625933][ T5308] hci_le_create_big_complete_evt+0x619/0xae0 [ 59.628034][ T5308] hci_event_packet+0xa55/0x1540 [ 59.629887][ T5308] hci_rx_work+0x3fe/0xd80 [ 59.631522][ T5308] process_scheduled_works+0xa63/0x1850 [ 59.633571][ T5308] worker_thread+0x870/0xd30 [ 59.635248][ T5308] kthread+0x2f0/0x390 [ 59.636710][ T5308] ret_from_fork+0x4b/0x80 [ 59.638398][ T5308] ret_from_fork_asm+0x1a/0x30 [ 59.640208][ T5308] [ 59.641107][ T5308] The buggy address belongs to the object at ffff888043be0000 [ 59.641107][ T5308] which belongs to the cache kmalloc-8k of size 8192 [ 59.646848][ T5308] The buggy address is located 0 bytes inside of [ 59.646848][ T5308] freed 8192-byte region [ffff888043be0000, ffff888043be2000) [ 59.652075][ T5308] [ 59.653045][ T5308] The buggy address belongs to the physical page: [ 59.655333][ T5308] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43be0 [ 59.658530][ T5308] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 59.661782][ T5308] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 59.664559][ T5308] page_type: f5(slab) [ 59.666057][ T5308] raw: 04fff00000000040 ffff88801ac42280 ffffea0001035400 0000000000000004 [ 59.668858][ T5308] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000 [ 59.671772][ T5308] head: 04fff00000000040 ffff88801ac42280 ffffea0001035400 0000000000000004 [ 59.674744][ T5308] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000 [ 59.677438][ T5308] head: 04fff00000000003 ffffea00010ef801 ffffffffffffffff 0000000000000000 [ 59.680383][ T5308] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 59.683826][ T5308] page dumped because: kasan: bad access detected [ 59.686585][ T5308] page_owner tracks the page as allocated [ 59.688712][ T5308] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5304, tgid 5304 (sh), ts 55797559989, free_ts 55778273765 [ 59.696128][ T5308] post_alloc_hook+0x1f3/0x230 [ 59.697954][ T5308] get_page_from_freelist+0x303f/0x3190 [ 59.700034][ T5308] __alloc_pages_noprof+0x292/0x710 [ 59.701980][ T5308] alloc_pages_mpol_noprof+0x3e8/0x680 [ 59.704087][ T5308] alloc_slab_page+0x6a/0x140 [ 59.705804][ T5308] allocate_slab+0x5a/0x2f0 [ 59.707527][ T5308] ___slab_alloc+0xcd1/0x14b0 [ 59.709204][ T5308] __slab_alloc+0x58/0xa0 [ 59.710904][ T5308] __kmalloc_cache_noprof+0x1d5/0x2c0 [ 59.712996][ T5308] tomoyo_init_log+0x11cd/0x2050 [ 59.714982][ T5308] tomoyo_supervisor+0x38a/0x11f0 [ 59.717026][ T5308] tomoyo_env_perm+0x178/0x210 [ 59.718970][ T5308] tomoyo_find_next_domain+0x146e/0x1d40 [ 59.721355][ T5308] tomoyo_bprm_check_security+0x114/0x180 [ 59.723458][ T5308] security_bprm_check+0x86/0x250 [ 59.725284][ T5308] bprm_execve+0xa56/0x1770 [ 59.727014][ T5308] page last free pid 5304 tgid 5304 stack trace: [ 59.729394][ T5308] free_unref_page+0xcfb/0xf20 [ 59.731168][ T5308] __put_partials+0xeb/0x130 [ 59.732850][ T5308] put_cpu_partial+0x17c/0x250 [ 59.734706][ T5308] __slab_free+0x2ea/0x3d0 [ 59.736409][ T5308] qlist_free_all+0x9a/0x140 [ 59.738280][ T5308] kasan_quarantine_reduce+0x14f/0x170 [ 59.740376][ T5308] __kasan_slab_alloc+0x23/0x80 [ 59.742247][ T5308] kmem_cache_alloc_noprof+0x135/0x2a0 [ 59.744357][ T5308] getname_flags+0xb7/0x540 [ 59.745847][ T5308] do_sys_openat2+0xd2/0x1d0 [ 59.747605][ T5308] __x64_sys_openat+0x247/0x2a0 [ 59.749605][ T5308] do_syscall_64+0xf3/0x230 [ 59.751543][ T5308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.753531][ T5308] [ 59.754416][ T5308] Memory state around the buggy address: [ 59.756452][ T5308] ffff888043bdff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.759379][ T5308] ffff888043bdff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.762102][ T5308] >ffff888043be0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.765020][ T5308] ^ [ 59.766316][ T5308] ffff888043be0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.769281][ T5308] ffff888043be0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.772119][ T5308] ==================================================================