program: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000840)={0x94, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @NL80211_ATTR_HE_BSS_COLOR={0x40, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x33}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x26}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x2}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x18}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x19}]}, @NL80211_ATTR_SSID={0x7, 0x34, @random="1ad75e"}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x94}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x20, r4, 0x101, 0x0, 0x0, {{0x19}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_BSS_BASIC_RATES={0x4}]}, 0x20}}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) chdir(0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x59}, [@jmp={0x5, 0x0, 0xe, 0x0, 0x2, 0x0, 0xfffffffffffffff0}]}, &(0x7f0000000140)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400, @void, @value}, 0x90) nanosleep(0x0, 0x0) syz_mount_image$bcachefs(&(0x7f0000005d80), &(0x7f0000005dc0)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c6e6f636f775f656e61626c65552c6469727261696e654f4b56949796adfa6f6e6c792c000000000f25cce2aae357a51485a7207d"], 0x1, 0x5d7d, &(0x7f0000005e00)="$eJzs3X2QHOWZGPDumVntSquPlSzMCgmxGNmOuGALFIjlO0cb5+zYjmxkYQEWp5NkWGEdQhL6QCBdwlcOCCYpVUEdBOJEBxS5Sl0luHQJ4U6pkjHgi6+KQib+gyNfRwXnj/iI6ixxRHK8V7vbvTvT2+/07PSsEPbvV6WdfXufed7n6X2np3u0OxsBAADwS+GV39nz7lcu+NwP7h06ddcX/ujWe6Le6uj2njSgL7m94/2qkOm0/IdnGr6z3bX+0dvsujj/jxe+23ffmi8/tOrzP9z8J/MHly4buuo7R66+/74XP/OzFx97Yk3RPOl6unRiHP9FHEVL3z7y2P0v/+n5I9vikfnjvruj+fPjBd+dH2dSrDgdRdFN43U2fvHIqZVbR27v+VZ3w/Z5mSTW+y+3nmSdHdz0jaeO3TL48pGBXSt/cvLKnXdPhMQ9despiuZurr9/VxRFM5N/I9LV1p/eObldG0XRrLr7faqgrktarP+ywHhJcjsjue0tyJN+/eLMuNZiHbXMbXeL92tXZZrzZ2X3X/ZgNF3SPucmt88nt5dOMU81/RdHlTiqjZe/PZ5YI1Hd9y2O4tG13TM+royOo/FxlB3HmXElM652ZfoanTfZsdU4btyexmW2p4fjWrL94vpjdY51ge2Lktue5IH6XjqOsp+M6Z30yUQfUV1dJ87WwgioBB576fbx8pJvRm+yrTdeMOk+wznSr534/pYN77xx4Pm+QB3xc3GSP24r/+DQk8eevf7oov5Q/s2VJH+lrfyvVF89/czJ/tnB/IfS/NW28q//+Y8fvPea/QuD++dEun9qbeVf9vDsg6f2r+seCOU/nObvaSv/VRuXrrrw5L7bg/WvSPfPzLby/+iR5Wc2HnrhaDB/lOaf1Vb+N598ekl10aPHg/mPpfunt6381658fPWXFt/3RHD/v5bmn9NW/g3H79+866mXlgfX59p0//S1lf/06tffOtO35unQsTM+fLafYQF+sXwoOcd6MBm3e51ZVt31wuMDtbFzvtnJvzmdnCgjrrt2AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB2Pbr6399WP/7o/7l9/fH/sHRbLRl316IojqLonerYON0+I4rimVEU7dm7ZffebTtuHvitnft279iyfWDL3oGhHXt33znwt/7mwO6hXdu33Dny1RWXrRy734LRbFG0IL5wUi3Dw8PDURQN1G9L5/u9Lz73/9Y/8Zdfj6IV572+tBbs55P/9a3PLcz5mBEPDq/9F1c+cmDG/5o3tqEvqasvVFdf47a0gt7B1/7ss8+/MVLXh5vV9dir1/3fhoJGN0zkSVS6o8roJ93xrNw6xqueqGd0f9W2bts+tKJ4/8aB/fvxl/7w5L+7Y/0/Hdu/PcE+Wty/I3u1NvzQT+/9+N2fHfr0Ofx9L9rfdS2M1pfuv55kf89N+pob6KsS6Ov2gTdP/LN/+5+euTtaUfvpRZPnLuqrK1kAXfGiluZNZ5gVz2+I7Uni0+94er9P7r111yf33Hngsm23brl56OahHStXXrnq8pWXX7Fq5SdHWx/72LH+0/k/3mL/s5NMs+PFufstuzWd96LRj9UoKTu9qfukUVfUO3ab2c9peLbr3uRrvfGCSbmGc6RfO/H9LRveeePA86FHXvzc2Iwzozljt/GSQOT2zB2r4wXnzX92Hpc7f7dne/qxtcdlUV1F62qkruJ1VV9Rk+PYq5c8+NOnHvjnN7RwvKgLHa0vrXPWyMPl8qjucTt5X+X11cL3ZzBvP9x42e4/vHPbhkNFx/P670z9x4x4cPh/Lom/vG/Pn+0e23BWni/rC2rz+XK86ol6RvdXT/L9OFf3b3dUTfrqza1rXfzUZz5+69FfGa9vxozoji179+6+fOzjB7WvP58xb+G2exZfOKmvK8Y+Fh33L8qMC4/7lfz+io772Xkm4vPzDWTGvVG1reeJ9T//8YP3XrN/YfB54kSrzxO/3TCqlnyeqAQe7w/95bcH3r3ha+8Wraer9yy+a2HOx2x7g8Mv/MGvXv7p6675/NiGs3Icqi+ozePQeNVJPen+Gj0OXXHu9PH+fZ8bHojx4PBF3/nYtWdO3fbVsQ1F+3c8Om//riw+zlcDfd3Q9ZH5j/xk8Uc6t373bPqrSz4xa/Y5tn57kv3bE9i/41Un9VTr9+8nbty5/aax8bl73jamu+D6J33e2XPngVu2bN8+tHtPa321+nyazpPdy+0+n6bPHgsK+kq/XxN9Td8nreyvVh9vaf03ZXK0+3gDSE08L8xo2J49fqav+y2dG63/xAPfezUeGHu+7NTrrek8F2SemNt9vbXoOukjmXHjdVItqut7zOTrpNG7FF0nZecpuk66JDMuvo55MLeT0PevK3nmzXvdNFNvbSRDaH30J/n7k3F6vrn0E9GV1ec/+sV4sLX10er5dDrP38jsoHbPp4vWx7Iov65Or4+PZe5U/P0+lFtZT+D7UfT9XtaQaHi47HV5X6Dq9Lq8N4rbyj849OSxZ68/uiiYf3MlyV9pK/8r1VdPP3Oyf3Yw/6E0f62t/Msenn3w1P513cH8h9P909NW/qs2Ll114cl9twfzr0jrn9lW/h89svzMxkMvHA3mj9L8vW3lv3bl46u/tPi+J4L5X4uTeUYeu1F05NTKrWPjOOpK1n9aR1dDXVF2HI+PZ+T1EVXr4ytpWDJBNY4bt6dxme1pH7Vk+8V1NeZZH9iePmp7kgf2e+k4yn7SfHt6eErrOhF4/jlbKnXnHnnbi16f7JR33u7/vfpx+v//6Rroro19767I7K+i54/s0TvNF3wdNvASRtH5wuT/f5vV1uPvzSefXlJd9Ojx4Ouqx1p9XXVXw2hWweuqZesNHi+OpcfTcsej/lD+19L85Z4PgvmT54OidfbRzLhwnXXlz1e0zrLnKb3RnLb63nD8/s27nnppeXCdrR17wBevs0cbRnMK11m5/5cOrrPn4o7sj2D+tZ05rwmus+S8pmidXZoZl19njeejX05u78jE9yavEE+179OrX3/rTN+ap4Pr7HCr6+z3G0Z9heus3Plt8Ps0fn473efnH+zzz46eH46NK5lx/vlh8t+503V+uC6wfarnh72TPpnoI/ognh8GjjMA0MwPHrrzf9eP0+v/9Lk7vf7/XuZ+Za8rsz8PlerUdWUw/+HOXK8Ez1PHr1em+3prus+zp/d6y3l8IP/468jT/brQ9F5Xug5JxlH2kzGuQwAAeD9c/K+//ev14/T6f/zn3pLf/38pHWfu7zo3kP+sXedO9+skrqNz83fo5yuKXweb7teppvI6wH8+L/2a1wHyeR3g7NYFAMDUbNq6e2hoz64tNw5t2rZj297x7V2jV06Tf071bye3azN5in5+Oi9+VpP4rwbzN9bzqUB8SG30Z16j6Bs3fvOKTTcN3T7V/kPzFfWfF9+s/+z1Raj/VYH4kLL9h+Yr6j8vvln/1wTzN9bz6UB8SNn+Q/MV9Z8X36z/rwXzN9bzq4H4kLL9h+Yr6j8vvln/2d8HC/X/a4H4kLL9h+Yr6j8vvln/1wbzN9bzmUB8SNn+Q/MV9Z8X36z/64L5G+v5O4H4kLL9h+Yr6j8vvln/1wfzN9azOhAfUrb/0HxF/efFN+v/68H8jfUMBuJDyvYfmq+o/7z4Zv1vCOZvrOfvBuJDyvYfmq+o/7z4Zv3fEMzfWM9nA/EhZfsPzVfUf158s/5/I5i/sZ6/F4gPadp/bn2tzVfUf158s/43BvM31vPrgfiQst//0HxF/efFN+v/N4P5G+v5XCA+pGz/ofmK+s+Lb9b/pmD+xno+H4gPKdt/aL6i/vPim/W/OZi/sZ6/H4gPKdt/aL6i/vPim/W/JZi/sZ4vBOJDyvYfmq+o/7z4Zv1/I5i/sZ4vBuJDyvYfmq+o/7z4Zv3fGMzfWM+XAvEhZfsPzVfUf158s/6z73cY6v8fBOJDyvYfmq+o/7z4Zv0PBfM31rMmEB9Stv/QfEX958U3639rMH/++wZk40PK9h+ar6j/vPhm/d8czN9Yz1cC8SFl+w/NV9R/Xnyz/r8ZzN9Yz9WB+JCy/YfmK+o/L75Z/9uC+RvrWRuIDynbf2i+ov7z4pv1/1vB/I31fDUQH1K2/9B8Rf3nxTfr/5Zg/sZ61gXiQ8r2H5qvqP+8+Gb9bw/mb6znmkB8SNn+Q/MV9Z8X36z/W4P5G+v5WiA+pGz/I/P9q5y8Rf3n9dOs/x3B/I31rA/Eh5TtPzRfUf958c363xnM31jPtYH4kLL9h+Yr6j8vvln/u4L5G+u5LhAfUrb/0HxF/efFN+v/tmD+xnquD8SHlO0/NF9R/3nxzfrfHczfWM/XA/EhZfsPzVfUf158s/73BPM31rMhEB9Stv/QfEX958U3639vMH9jPTcE4kPK9h+ar6j/vPhm/e8L5m+s5zcC8SFl+w/NV9R/Xnyz/m8P5m+sZ2MgPqRs/6H5ivrPi2/W//5g/sZ6fjMQH1K2/9B8Rf3nxTfrP/s+kKH+NwXiQ8b737t7aGjTvl03bdk7tGnHzpuG9mzav3vb3r1DyYla2d8rC/9e0Pv8iyw01fD4GFsk23bsGdo9+fg9s+n6rV8T0eivPc0cu40/3FJ89m2v210158p674pqTffXBZnxvOT9aOcF3o82G5+mXTz6yeT3o81OWyt4H9ei41N2/tDxKW4Sn3d8DR3Pip7/pnz8K1zfPU37z27uTn6xrzs+r6X4qMnfd2ttvZb7vdPgen2ttfWafd/1ovWajZ/qeu0tuV6z84fWU6VJfLPzoVbX64ZAfKr19RkH+81bV1P9O4Np2in9ncHMh0na+FsGrT8eyv0eefDxkBRd9HjI/h530eMhGz/Vx8PMko+H7PxFj4e8+GbXx60+Hq4LxIe0vh7KvW9BcD2saG09ZP+OVdF6yMZPdT30lFwP2fmL1kNefLPXC1tdD18LxLeq9fVR7n1Fgutjc2vrI/v3JIrWRzZ+qusjLrk+svMXrY+8+ND/p0RTWB9fDcSnGp4/t+4ZvajftmX7tgOZH8DoS54/3+/nw7PyvPxXv/bn7419SOqoTKqj6HwiztQxP6lkfujvHgbqvvG//Jv13/vZA9+OohXnVZeE654oeeJDRjw4vOCuZc9e/+Hjnx2pv9K0/vHI9O8WF/y942x82k9t+849e39l6859O1r9iavm0vdDqYyPp+n9UJKN1Rbf3yT0+wRTfX+TrkmfnJtafn8TgF8Q8w4/N6d+nL7/X/p81J8c+2YmB8B0e+vn2eXeXy94nn2otfPs5dl+C86zs/Fpv62eZ1dKnmdn5y86z86Lb/Zze62eZ38lED9VjetkZIGMro+hTft37q7/mbjp/ru1na93ev+Ob/n6pvd9G9vVev3T+76Q01//9P4d4Omvf3r/znO7ztr1UvJmkUXvH1l0HRX6vfSpXkfNmPTJucl1FACc+/7J7rf/Zf04vf5PrmLHr/+/lYyrHZ5/uq+jpvu6crrPkz/4778/vddBrgeaTHYOcD0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkO/3//t//G79uLvWP3r7yu/sefcrF3zuB/cOnbrrC3906z3n//HCd/vuW/Plh1Z9/oeb/2T+4NJlQ1d958jV99/34md+9uJjT6wpnKhv7ObSZNgTRfFfxFG09O0jj93/8p+eP7ItHpk/7rs7mj8/XvDd+XEmw4rTURTdNF5n4xePnFq5deT2nm91N2yfl0mS7Svqrab1NNQZ3VHYER9APck6O7jpG08du2Xw5SMDu1b+5OSVO++eCIl76tZTFM3dXH//riiKZib/RqSrrT+9c3K7NoqiWXX3+1RBXZe0WP9lgfGS5HZGcttbkCf9+sWZca3FOmqZ2+4W79em/1+Z3vyTZPdf9mA0XdI+5ya3zye3l04xTzX9F0eVOKqNl789nlgjUd33LY7i0bXdMz6ujI6j8XGUHceZcSUzrnZl+hqdN9mx1Thu3J7GZbanh+Nasv3i+mN1jnWB7YuS257kgfpeOo6yn4zpnfTJRB9RXV0nztbCCKgEHnvp9vHykm9Gb7KtN14w6T7DOdKvnfj+lg3vvHHg+b5AHfFzcZI/biv/4NCTx569/uii/lD+zZUkf6Wt/K9UXz39zMn+2cH8h9L81bbyr//5jx+895r9C4P750S6f2pt5V/28OyDp/av6x4I5T+c5u9pK/9VG5euuvDkvtuD9a9I98/MtvL/6JHlZzYeeuFoMH+U5p/VVv43n3x6SXXRo8eD+Y+l+6e3rfzXrnx89ZcW3/dEcP+/luaf01b+Dcfv37zrqZeWB9fn2nT/9LWV//Tq198607fm6dCxMz58tp9hAX6xfCg5x3owGbd7nVlW3fXC4wO1sXO+2cm/OZ2cKCOuu3YBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICQncPVffXjt44+dPU3/8em/1aLoygO3Gc4R/q16ozBwYE26lj28OyDp/av607HI3P3t5EHAAAAmGzxmw/cVj9Or8MryTiOeqL+aH88M1qce//0NYLF6Shu3J59DWHmRGRH8lQ6lKfaoTy1DuXp6lCeGR3K092hPD0FeXqi1vLMbJqn0nI9szqUp7dDeWZ3KM+cDuWZ236eWn2eeR2qp69pntbX4fwO5VnQoTwf6lCehR3Kc16H8ny4Q3nO71Ce7GvKU12Hc5LIC0J5Rj+pFuapxdXxL+S9np7Oc2HJeXpbnCf7mv1U55nZ4jyXlJynp8V5PlZynrjFeZZn7leZ4jyVgnnSdXtHqJ901OL6v7NDeQ50KM/BDuX57Q7l+YcdyvOPOpTnrpJ5AEJ+98VL/6B+nF7/p9efcdQXddeuiGYlR5zsqwDp9e5Fox8nP9+FDkhpviWZ7V1F+bIX2Jl8F021vuwLCJl8H2marzbpejUnX60+37IO5QMAAICp+MenDzb819zk6//+qLu2cPz69aOZ+xder2f/IzuR5ru0Q/kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ppde42RqywfAP6endmZ+S+XLqQtU3rbtP1TCKEXmhpBhUkTSTDCFrHl0pC1wsI2LC10W6BVUwRjm00waPHC7YMFiSFEICFp0DXBgBI/2NgghovrwkrgCxGkN6DomNk9Z/fszA67jNJa/f1CzpnnnOd5n/ccEpLnLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH++P37/b8+m48G+3vaugY7+EIXKP+MqjyO5l8mVSm0N7OOd59Ze+deXtu5O4krvfLaBhQAAAIAaj5834/R0nMzhyegdhULIZ5eGfJQbU1eMvwMU47ipdfg8Z1FYntn9/xdGpaah+OTopDF1hbiuEMeZuK5ny9br13Z3d278BH9U+lQ/R/V+ohCGPl/MOTGsWrT9mT1R2/BztEzwHE1x3eJNN9y4uGfL1rPW3bD2us7rOtcvW7b8nKXLlp59zrLF167r7lwyfAz5CdYLIZTGvpcJ/kUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMARsO23u7+Vjgf7etu7Bjr6W6IQojo15XEk9zK5UqmtgX28ct+DszIz7t6bxJXe+WwDCwEAAAA1fvX4jPPTcTKHJ6N3FAohn82FTJgxFM8bTc2GUC4n1xdUXT8SewcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI6sfQfb/5yOB/t627sGOvqPi0KI6tSUx5Hcy+RKpbYG9rF62Y/O/8LMO+5N4krvYgPrAAAAALVeOL35jnSczOFNcRyFQiiG+aE5mjGmLvk2cGrVetV5yTqzJ5lX/e2gXt78SeadNsm8MybIuzg+3xoAAADg2HNF6+9Wp+Nk/m+O4yi0hny2GDJxPNEcn3wXmFuVl9RPNN8n9fPq1E809yf11XM/AAAA/C87680nPkzHtfN/MeSzhZH5e6K/p18Un/2dHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACo59cHL/xFOh7s623vGujoz0QhRHVqyuNI7mVypVJbA/tY9Y83dtx+6S1Tk7jSO59tYCEAAACgxqO5T9+SjpM5PBm9o1AI+WxLaA7HDc39r+WmTF33zZmzQwiloYRcLty6dtOmjWcPH5O8L0W7Prfwhr4za/KWDh+P/JMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/qmWP7FyTjgf7etu7Bjr6/y8KIapTUx5Hci+TK5XaGtjHCzvPOHzVXU/1JXGld7GBdQAAAIBas7qf/ks6TubwZPaPQiEUQy7kwvShOD3rVzRVrVfvmwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw36Nny9br13Z3d270ww8//Bj5cbT/ywQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwtP1//vbfT8WBfb3vXQEd/IQohqlNTHkdyL5Mrldoa2Menrppzzuz9m29O4krvYgPrAAAAALXWvLV5fzpO5vBk9o9CIRRDc2gO0+K41tD833okdgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxNc0MUyh/TKSuP9q4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT8KBF1fdl44H+3rbuwY6+k+IQojq1JTHkdzL5Eqltgb2ceXeb3/lxl3PnpHEld75bAMLAQAAADWa33zxq+k4mcOT0TsKhZDPzgr5MCu+0j12gSiTJI77XWC07utjyjKTrttRtePhnRXi7xCFkX2Goc8Oo3V3fWRdMb7a1Dq59wQAAADHsmk7Lv5GOk7m/+Y4jkJryGenpebqG8fUt0x6jr97TN0Jk6776Zi61gnq/g2vBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo0J0rnzslHQ/29bZ3DXT0R1EIUZ2a8jiSe5lcqdTWwD5Knfc9/fDlfTOSuNK72MA6AAAAQK1L3yh8Nx0nc3gy+0ehEIphdjgxzB6a+0Pr2Pok77jS719esfulK0JYMv35Odm6/X6457K3w6HPvvbe8GEoDKFpbFJTCFPiflGdflf/4ZFVz3y4/YEQlkzLzKrfb7TV6KFKVCqfvG3Bw5dP37ui7jIAAABwTCs8eOAn6TiZ/5OJOgqtIZ9dX3f+T/I+1vzf3jNz29T4GH8BqKpoao37NdXp1/vuA20H13z5YGX+f35OYeT/FTh9/tj8dKv0seqbQ1Qqz33itNWHD9x0yfCFpH+mTv81zfNO2vnWzHlJ/0J8/Zow2f6hqn9Px6H5i1qOv2Bs/xBC23j9f3zh4++vuvfdK4b713/fi/80+PmpYcMPCt3JcfhKbf+V9y/fuTX3+pSx/aM6/Rc+++T+x25ddWf185+aHa9/7bFKpWu23Lvv9oW3reg8N9W/qU7/m9teeec7P/vlQ5X+++a2jPRf+BHPP2H/PfN37Nu1/Z41Y99/qbb/beHqszY+uWXdlXdVP39L1cLpN58+1r7/V2dFF23ueXlj9S0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBjW8djHxxKx4N9ve1dAx39TVEIUZ2a8jiSe5lcqdTWwD5+k9nzwUP7i8cncaV3sYF1AAAAgFqXrHj1unSczOHJ7B+FQiiGXMiFlqG5/+RtCx6+fPreFaE1vh+fs90bejadee2GzeuvOdKPAAAAAExg13nvr0jHyfyfjeMotIZ8dkFojuf/lfcv37k19/qUZP4PIQz9uT977bruziVh5DtBT8eh+Ytajr8gycvE50Ilb9HVG7rjzwTJuk89+pml51526Uh+Uzr/7NG8uU+ctvrwgZsuGTdv2Wjeq7Oiizb3vLwxtc/SSN7S0bzefbcvvG1F57nJc0TxuRA/T5K3Z/6Ofbu237MmyWuKzy3xegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABACCe99/evpePBvt72roGO/pAJIapTUx5Hci+TK5XaGtjHB+c/P3i49YsPJnGldz7bwEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2QHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoK+/UTGkcVxwH8vd2t2XbTuqmFJlpDir20IBSCxR6kufgHiVoqihaKUYwXFQuiFXuwbTAU9VBQaGkvpRXPSg5F7SEWW0VBrOJBPCnoSSWHpEgqKknmbTbTDomjLaV8PjC8/b3Z+c6bt29ndwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4pj3+47219rqj1j3bnnv9xQsP3nz3FweGp16776Pn96/9eM2F5sjgA29sveeboc+7Bno3DG/5YOyh0ZEzd/155vDRwUVP9Mpcsykr6yHE32IIvT+PHR49++Xamb44c/7Y3Be6uuLqT7piLmHzdAjh6dY4F+4cm+p/Zqbd/2bHgv4bcyH56wqNahrPnObC8XJ9qWfrbO8TT50Yf3bg7Fjf7v5fJ+94Yd/8W2K9bT2FsGqo/fhlIYTl2TYjrbbudHDWbg8hrGg77s5FxnXbEsd/e0G9LmtvyNrGIjlp//pcXVviOGq5tmOJx5VVucL5efn5y9+MrpR0nauy9lTWbvqXOdW0xVCJodYa/nNxfo2Ets8thji7tuutujJbh1Yd8nXM1ZVcXV2Wu67Z82YTW41xYX96X64/3Y5rWf/69nv1Zewo6O/J2nr2Rf0j1SH/Yk7jkhfz1xHaxjVxtRZGgUrBdy/1t4aXfRiNrK8RV19yzN+XkfZNfPbkzt+/f/VUs2Ac8f2Y5cdS+QPDx8bfe+x0T3dR/lAly6+Uyj9X/Wr63cnuzsL8Qym/Wir/kb9+OXjg4T1rCudnIs1PrVT+hrc6907t2dHRV5R/POXXS+Vv2dW79dbJl14uHP/mND/LS+V/9/bGi7sOfXi6MD+k/BWl8n84dnJdteed84X542l+GqXyH+0/su3+W0aOFs7/1yl/Zan8nedHh3af+HRj4frcnuanWSp/etu3P11sDp4sunfG41f7Fxbg+nJT9h/rYFaXfc78r9qeF4701eb+83Vm28r/80Q5se3ZhX/YgWMBAAAAAGH+1l1ZbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKwAAAD//8R6ZmI=") r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) ioctl$FICLONERANGE(r6, 0x4020940d, &(0x7f00000000c0)={{r6}, 0x0, 0x0, 0x3000}) r7 = open(&(0x7f0000000000)='./file2\x00', 0x101d42, 0x1c2) fallocate(r7, 0x20, 0x2000, 0x10000) r8 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r8, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c) connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote}, 0x1c) setsockopt$sock_linger(r8, 0x1, 0xd, &(0x7f00000000c0)={0x1}, 0xfeee) close(r8) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x19, &(0x7f0000000800), 0x9, 0x60c, &(0x7f00000001c0)="$eJzs3c9vFGUfAPDvTH/Svrwt5M2reJAmxkCitLSAIcZEiFdC8MfNU6WFIIUSWqNFEkuCF43x4sHEkwfxv1ASrx68evDiyZA0xnAQg7JmtrNl2+2W7XZ/tN3PJxn6zAw7z3fKfnmeffaZmQA61kj2RxpxICKuJRFDZfu6I985svz37v9x83y2JFEovPl7Ejc/ShbLj5XkPwfzF/8zFMlPacT+rsp65xZuXJ6cmZm+nq+PzV+5Nja3cOPIpSuTF6cvTl+deGni5InjJ06OH93S+e0tK5+5/e77Q5+cffubrx4m49/+cjaJU/Eojy07r7Wv7dtSzdnvbCQKyx6Ub89+rye3eOzt4s+h0vvksWTtBratC/n7sScinoqh6Cr71xyKj19va3BAUxWSKLVRQMdJ6sr//sYHArRYqR9Q+my/3ufgSmmTeyVAKyydXh4AWM79nogo5X/38thg9BfHBgbuJ6vGeZKI2NrI3LKsjh9/OHs7W6LKOBzQHIu3SqPca9v/pJibw9FfXBu4n67K/7Rsyba/UWf9I2vW5T+0zuKtiHg6b/97o+78f6fO+uU/AAAAAAAANM7d0xHx4nrz/9KV+T+968z/GYyIUw2o/8nf/6X38kLSgOqAMkunI16pmP/7d/ns4OGu/Hv+vcX5AD3phUsz00cj4r8RcTh6+rL18dWHXTVB+Mhn+7+sVn/5/L9syeovzQXMD3Wve82FuFOT85ONOXvobEu3Ip4pzv89mG9ZPf8na/+Tivb/09eyBL9WYx37n79zrtq+J+c/0CyFryMOrXv9z+PudrLx/TnGiv2BsVKvoNKzH37+XbX65T+0T9b+D2yc/31J+f165jZ3/N6IOLbQXai2v97+f2/yVlfp+JkPJufnr49H9CZnKrdPbC5m2K1K+VDKlyz/Dz+38fjfSv+/LA/3RMRijXX+/9Hgr9X2af+hfbL8n9q4/R9e3f5vttAfE3eGv89vMVbhXE3t//Fim34432L8D8pV3o+j1gRtS7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsMOlEfGfSNLRlXKajo5GDEbE/2IgnZmdm3/hwux7V6eyfauf/z+0vJ6Unv8/XLY+sWb9WETsi4gvuvYU10fPz85MtfvkAQAAAAAAAAAAAAAAAAAAYJsYLF7zX+hbe/1/5reudkcHNF13/lO+Q+fprvuVhb6GBgK0XP35D+x0ted/T1PjAFqvev4/eFgoamk4QAvp/0PnqjP/fV0Au4D2HzpVjWN6/c2OA2iHmtv/pebGAQAAAAAANMS+g3d/TiJi8eU9xSXTm+8z2R92t7TdAQBtYw4vdK7u2XZHALSLz/hAslL6a92L/avP/k+aExAAAAAAAAAAAAAAUOHQAdf/Q6dKIzZ4hLe5/bCbbXD9/3rJ73YBsItUf/RHLW1/oocAO5jP+MCT2nHX/wMAAAAAAAAAAADANtB/4/LkzMz09bmFnVd4dXuEsbnC4uS2CKOhhUfNOXJPRGyPE2x1oXQLjjaG0eb/lwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBX/BgAA///kYDBi") [ 80.965553][ T5093] Bluetooth: hci0: command tx timeout [ 81.256440][ T5108] loop0: detected capacity change from 0 to 32768 [ 81.404135][ T5108] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,compression=lz4,nojournal_transaction_names [ 81.408753][ T5108] bcachefs (loop0): recovering from clean shutdown, journal seq 7 [ 81.411484][ T5108] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.12: rebalance_work_acct_fix [ 81.411484][ T5108] running recovery passes: check_allocations [ 81.432106][ T5108] invalid bkey u64s 11 type alloc_v4 0:14:0 len 0 ver 0: [ 81.432132][ T5108] gen 0 oldest_gen 0 data_type journal [ 81.432140][ T5108] journal_seq 1 [ 81.432145][ T5108] need_discard 1 [ 81.432151][ T5108] need_inc_gen 1 [ 81.432157][ T5108] dirty_sectors 256 [ 81.432163][ T5108] stripe_sectors 0 [ 81.432169][ T5108] cached_sectors 0 [ 81.432175][ T5108] stripe 67108864 [ 81.432181][ T5108] stripe_redundancy 0 [ 81.432188][ T5108] io_time[READ] 1 [ 81.432193][ T5108] io_time[WRITE] 1 [ 81.432199][ T5108] fragmentation 0 [ 81.432204][ T5108] bp_start 8 [ 81.432210][ T5108] [ 81.432216][ T5108] invalid data type (got 2 should be 7): delete?, fixing [ 81.467637][ T5108] bcachefs (loop0): accounting_read... done [ 81.470240][ T5108] bcachefs (loop0): alloc_read... done [ 81.472238][ T5108] bcachefs (loop0): stripes_read... done [ 81.474701][ T5108] bcachefs (loop0): snapshots_read... done [ 81.477610][ T5108] bcachefs (loop0): check_allocations... [ 81.480872][ T5108] btree ptr not marked in member info btree allocated bitmap [ 81.480896][ T5108] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 75277f57b0c8c24 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 81.494824][ T5108] btree ptr not marked in member info btree allocated bitmap [ 81.494839][ T5108] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 19bc58a6c09b6540 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 81.505998][ T5108] btree ptr not marked in member info btree allocated bitmap [ 81.506012][ T5108] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c18f4a4face03c6 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 81.516242][ T5108] btree ptr not marked in member info btree allocated bitmap [ 81.516251][ T5108] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7675f41d391e5d36 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 81.528053][ T5108] btree ptr not marked in member info btree allocated bitmap [ 81.528067][ T5108] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq bcb9905dfb2993d5 written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 81.536228][ T5108] btree ptr not marked in member info btree allocated bitmap [ 81.536242][ T5108] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9a831b4a3f983356 written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 81.544581][ T5108] bucket 0:14 gen 0 has wrong data_type: got free, should be journal, fixing [ 81.547931][ T5108] bucket 0:14 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 81.554327][ T5108] done [ 81.558242][ T5108] bcachefs (loop0): going read-write [ 81.561702][ T5108] bcachefs (loop0): journal_replay... [ 81.588406][ T5108] bcachefs (loop0): bch2_journal_replay(): error ERESTARTSYS [ 81.593535][ T5108] bcachefs (loop0): bch2_fs_recovery(): error ERESTARTSYS [ 81.596730][ T5108] bcachefs (loop0): bch2_fs_start(): error starting filesystem ERESTARTSYS [ 81.599979][ T5108] bcachefs (loop0): shutting down [ 81.601871][ T5108] bcachefs (loop0): going read-only [ 81.603757][ T5108] bcachefs (loop0): finished waiting for writes to stop [ 81.606817][ T5108] bcachefs (loop0): flushing journal and stopping allocators, journal seq 16 [ 81.609990][ T5108] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 81.616945][ T5108] bcachefs (loop0): unshutdown complete, journal seq 16 [ 81.619830][ T5108] bcachefs (loop0): done going read-only, filesystem not clean [ 81.638727][ T5108] bcachefs (loop0): shutdown complete [ 81.700019][ T12] ================================================================== [ 81.703022][ T12] BUG: KASAN: slab-use-after-free in percpu_ref_put+0xda/0x250 [ 81.705735][ T12] Read of size 8 at addr ffff88803cd1e0b0 by task kworker/u4:1/12 [ 81.708779][ T12] [ 81.709737][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:1 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 81.713715][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.717715][ T12] Workqueue: loop0 loop_rootcg_workfn [ 81.719605][ T12] Call Trace: [ 81.720806][ T12] [ 81.721837][ T12] dump_stack_lvl+0x241/0x360 [ 81.723603][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.725459][ T12] ? __pfx__printk+0x10/0x10 [ 81.727102][ T12] ? _printk+0xd5/0x120 [ 81.728599][ T12] ? __virt_addr_valid+0x183/0x530 [ 81.730496][ T12] ? __virt_addr_valid+0x183/0x530 [ 81.732580][ T12] print_report+0x169/0x550 [ 81.734287][ T12] ? __virt_addr_valid+0x183/0x530 [ 81.736138][ T12] ? __virt_addr_valid+0x183/0x530 [ 81.737971][ T12] ? __virt_addr_valid+0x45f/0x530 [ 81.739821][ T12] ? __phys_addr+0xba/0x170 [ 81.741450][ T12] ? percpu_ref_put+0xda/0x250 [ 81.743258][ T12] kasan_report+0x143/0x180 [ 81.744972][ T12] ? percpu_ref_put+0xda/0x250 [ 81.746740][ T12] ? percpu_ref_put+0x1f/0x250 [ 81.748513][ T12] percpu_ref_put+0xda/0x250 [ 81.750238][ T12] ? closure_put_after_sub+0x2ba/0x330 [ 81.752285][ T12] blk_update_request+0x5e5/0x1160 [ 81.754288][ T12] blk_mq_end_request+0x3e/0x70 [ 81.756057][ T12] loop_process_work+0x1c10/0x2170 [ 81.757928][ T12] ? __pfx_loop_process_work+0x10/0x10 [ 81.759885][ T12] ? register_lock_class+0x102/0x980 [ 81.761760][ T12] ? __pfx_register_lock_class+0x10/0x10 [ 81.763824][ T12] ? mark_lock+0x9a/0x350 [ 81.765438][ T12] ? debug_object_deactivate+0x2d5/0x390 [ 81.767591][ T12] ? __pfx_lock_acquire+0x10/0x10 [ 81.769379][ T12] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 81.771502][ T12] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 81.773846][ T12] ? process_scheduled_works+0x945/0x1830 [ 81.776003][ T12] process_scheduled_works+0xa2c/0x1830 [ 81.778008][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 81.780114][ T12] ? assign_work+0x364/0x3d0 [ 81.781650][ T12] worker_thread+0x870/0xd30 [ 81.783307][ T12] ? __kthread_parkme+0x169/0x1d0 [ 81.785172][ T12] ? __pfx_worker_thread+0x10/0x10 [ 81.787166][ T12] kthread+0x2f0/0x390 [ 81.788669][ T12] ? __pfx_worker_thread+0x10/0x10 [ 81.790456][ T12] ? __pfx_kthread+0x10/0x10 [ 81.792154][ T12] ret_from_fork+0x4b/0x80 [ 81.793915][ T12] ? __pfx_kthread+0x10/0x10 [ 81.795771][ T12] ret_from_fork_asm+0x1a/0x30 [ 81.797604][ T12] [ 81.798846][ T12] [ 81.799859][ T12] Allocated by task 5108: [ 81.801542][ T12] kasan_save_track+0x3f/0x80 [ 81.803167][ T12] __kasan_kmalloc+0x98/0xb0 [ 81.804763][ T12] __kmalloc_cache_noprof+0x19c/0x2c0 [ 81.806728][ T12] __bch2_dev_alloc+0x57/0xa60 [ 81.808341][ T12] bch2_dev_alloc+0xd4/0x170 [ 81.809924][ T12] bch2_fs_alloc+0x1f7c/0x20b0 [ 81.811719][ T12] bch2_fs_open+0x8cc/0xdf0 [ 81.813351][ T12] bch2_fs_get_tree+0x731/0x1700 [ 81.815223][ T12] vfs_get_tree+0x90/0x2b0 [ 81.817089][ T12] do_new_mount+0x2be/0xb40 [ 81.818644][ T12] __se_sys_mount+0x2d6/0x3c0 [ 81.820424][ T12] do_syscall_64+0xf3/0x230 [ 81.822147][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.824313][ T12] [ 81.825179][ T12] Freed by task 5108: [ 81.826616][ T12] kasan_save_track+0x3f/0x80 [ 81.828287][ T12] kasan_save_free_info+0x40/0x50 [ 81.830080][ T12] poison_slab_object+0xe0/0x150 [ 81.832002][ T12] __kasan_slab_free+0x37/0x60 [ 81.833795][ T12] kfree+0x149/0x360 [ 81.835307][ T12] kobject_put+0x22f/0x480 [ 81.836902][ T12] bch2_fs_free+0x27b/0x3c0 [ 81.838632][ T12] bch2_fs_get_tree+0xd98/0x1700 [ 81.840596][ T12] vfs_get_tree+0x90/0x2b0 [ 81.842187][ T12] do_new_mount+0x2be/0xb40 [ 81.843796][ T12] __se_sys_mount+0x2d6/0x3c0 [ 81.845236][ T12] do_syscall_64+0xf3/0x230 [ 81.846862][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.848830][ T12] [ 81.849713][ T12] Last potentially related work creation: [ 81.851995][ T12] kasan_save_stack+0x3f/0x60 [ 81.853632][ T12] __kasan_record_aux_stack+0xac/0xc0 [ 81.855491][ T12] insert_work+0x3e/0x330 [ 81.856968][ T12] __queue_work+0xc8b/0xf50 [ 81.858656][ T12] queue_work_on+0x1c2/0x380 [ 81.860452][ T12] bch2_dev_do_invalidates+0x17a/0x1f0 [ 81.862577][ T12] bch2_do_invalidates+0x29/0x60 [ 81.864386][ T12] __bch2_fs_read_write+0x34c/0x370 [ 81.866366][ T12] bch2_run_recovery_pass+0xf0/0x1e0 [ 81.868357][ T12] bch2_run_recovery_passes+0x19e/0x820 [ 81.870390][ T12] bch2_fs_recovery+0x24f9/0x38b0 [ 81.872292][ T12] bch2_fs_start+0x356/0x5b0 [ 81.874091][ T12] bch2_fs_get_tree+0xd61/0x1700 [ 81.875834][ T12] vfs_get_tree+0x90/0x2b0 [ 81.877369][ T12] do_new_mount+0x2be/0xb40 [ 81.879200][ T12] __se_sys_mount+0x2d6/0x3c0 [ 81.880959][ T12] do_syscall_64+0xf3/0x230 [ 81.882624][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.884754][ T12] [ 81.885657][ T12] Second to last potentially related work creation: [ 81.888149][ T12] kasan_save_stack+0x3f/0x60 [ 81.889863][ T12] __kasan_record_aux_stack+0xac/0xc0 [ 81.891843][ T12] insert_work+0x3e/0x330 [ 81.893441][ T12] __queue_work+0xc8b/0xf50 [ 81.895158][ T12] queue_work_on+0x1c2/0x380 [ 81.896882][ T12] bch2_dev_do_discards+0x17a/0x1f0 [ 81.898753][ T12] bch2_do_discards+0x29/0x60 [ 81.900418][ T12] __bch2_fs_read_write+0x344/0x370 [ 81.902320][ T12] bch2_run_recovery_pass+0xf0/0x1e0 [ 81.904283][ T12] bch2_run_recovery_passes+0x19e/0x820 [ 81.906319][ T12] bch2_fs_recovery+0x24f9/0x38b0 [ 81.908101][ T12] bch2_fs_start+0x356/0x5b0 [ 81.909761][ T12] bch2_fs_get_tree+0xd61/0x1700 [ 81.911567][ T12] vfs_get_tree+0x90/0x2b0 [ 81.913078][ T12] do_new_mount+0x2be/0xb40 [ 81.914707][ T12] __se_sys_mount+0x2d6/0x3c0 [ 81.916373][ T12] do_syscall_64+0xf3/0x230 [ 81.918060][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.920153][ T12] [ 81.921068][ T12] The buggy address belongs to the object at ffff88803cd1e000 [ 81.921068][ T12] which belongs to the cache kmalloc-4k of size 4096 [ 81.926189][ T12] The buggy address is located 176 bytes inside of [ 81.926189][ T12] freed 4096-byte region [ffff88803cd1e000, ffff88803cd1f000) [ 81.930600][ T12] [ 81.931592][ T12] The buggy address belongs to the physical page: [ 81.934131][ T12] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3cd18 [ 81.937243][ T12] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.940522][ T12] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 81.943078][ T12] page_type: 0xfdffffff(slab) [ 81.944762][ T12] raw: 04fff00000000040 ffff88801ac42140 dead000000000122 0000000000000000 [ 81.947659][ T12] raw: 0000000000000000 0000000000040004 00000001fdffffff 0000000000000000 [ 81.950616][ T12] head: 04fff00000000040 ffff88801ac42140 dead000000000122 0000000000000000 [ 81.953631][ T12] head: 0000000000000000 0000000000040004 00000001fdffffff 0000000000000000 [ 81.956847][ T12] head: 04fff00000000003 ffffea0000f34601 ffffffffffffffff 0000000000000000 [ 81.959930][ T12] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 81.963053][ T12] page dumped because: kasan: bad access detected [ 81.965383][ T12] page_owner tracks the page as allocated [ 81.967463][ T12] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5108, tgid 5107 (syz.0.0), ts 81365488506, free_ts 79616321792 [ 81.975284][ T12] post_alloc_hook+0x1f3/0x230 [ 81.977014][ T12] get_page_from_freelist+0x2e4c/0x2f10 [ 81.978985][ T12] __alloc_pages_noprof+0x256/0x6c0 [ 81.980940][ T12] alloc_slab_page+0x5f/0x120 [ 81.982754][ T12] allocate_slab+0x5a/0x2f0 [ 81.984502][ T12] ___slab_alloc+0xcd1/0x14b0 [ 81.986277][ T12] __slab_alloc+0x58/0xa0 [ 81.987998][ T12] __kmalloc_node_noprof+0x286/0x440 [ 81.989999][ T12] __kvmalloc_node_noprof+0x72/0x190 [ 81.992020][ T12] btree_node_data_alloc+0x151/0x260 [ 81.994012][ T12] __bch2_btree_node_mem_alloc+0x1e1/0x3b0 [ 81.996278][ T12] bch2_fs_btree_cache_init+0x269/0x570 [ 81.998400][ T12] bch2_fs_alloc+0x1c49/0x20b0 [ 82.000259][ T12] bch2_fs_open+0x8cc/0xdf0 [ 82.002009][ T12] bch2_fs_get_tree+0x731/0x1700 [ 82.003922][ T12] vfs_get_tree+0x90/0x2b0 [ 82.005650][ T12] page last free pid 5092 tgid 5092 stack trace: [ 82.008059][ T12] free_unref_page+0xd22/0xea0 [ 82.009904][ T12] __put_partials+0xeb/0x130 [ 82.011733][ T12] put_cpu_partial+0x17c/0x250 [ 82.013571][ T12] __slab_free+0x2ea/0x3d0 [ 82.015297][ T12] qlist_free_all+0x9e/0x140 [ 82.017074][ T12] kasan_quarantine_reduce+0x14f/0x170 [ 82.018997][ T12] __kasan_slab_alloc+0x23/0x80 [ 82.020742][ T12] __kmalloc_cache_noprof+0x132/0x2c0 [ 82.022828][ T12] nsim_fib_event_work+0xe1a/0x4130 [ 82.024736][ T12] process_scheduled_works+0xa2c/0x1830 [ 82.026787][ T12] worker_thread+0x870/0xd30 [ 82.028457][ T12] kthread+0x2f0/0x390 [ 82.030041][ T12] ret_from_fork+0x4b/0x80 [ 82.031832][ T12] ret_from_fork_asm+0x1a/0x30 [ 82.033708][ T12] [ 82.034632][ T12] Memory state around the buggy address: [ 82.036733][ T12] ffff88803cd1df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.039572][ T12] ffff88803cd1e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.042420][ T12] >ffff88803cd1e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.045501][ T12] ^ [ 82.047794][ T12] ffff88803cd1e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.050972][ T12] ffff88803cd1e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.054067][ T12] ================================================================== [ 82.113868][ T12] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 82.116806][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:1 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 82.120624][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 82.124789][ T12] Workqueue: loop0 loop_rootcg_workfn [ 82.126903][ T12] Call Trace: [ 82.128174][ T12] [ 82.129287][ T12] dump_stack_lvl+0x241/0x360 [ 82.131054][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.132928][ T12] ? __pfx__printk+0x10/0x10 [ 82.134639][ T12] ? preempt_schedule+0xe1/0xf0 [ 82.136679][ T12] ? vscnprintf+0x5d/0x90 [ 82.138385][ T12] panic+0x349/0x860 [ 82.139976][ T12] ? check_panic_on_warn+0x21/0xb0 [ 82.141990][ T12] ? __pfx_panic+0x10/0x10 [ 82.143741][ T12] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 82.145918][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 82.148236][ T12] ? print_report+0x502/0x550 [ 82.149625][ T12] check_panic_on_warn+0x86/0xb0 [ 82.151138][ T12] ? percpu_ref_put+0xda/0x250 [ 82.152588][ T12] end_report+0x77/0x160 [ 82.154014][ T12] kasan_report+0x154/0x180 [ 82.155708][ T12] ? percpu_ref_put+0xda/0x250 [ 82.157505][ T12] ? percpu_ref_put+0x1f/0x250 [ 82.159321][ T12] percpu_ref_put+0xda/0x250 [ 82.161024][ T12] ? closure_put_after_sub+0x2ba/0x330 [ 82.162856][ T12] blk_update_request+0x5e5/0x1160 [ 82.164414][ T12] blk_mq_end_request+0x3e/0x70 [ 82.166020][ T12] loop_process_work+0x1c10/0x2170 [ 82.167954][ T12] ? __pfx_loop_process_work+0x10/0x10 [ 82.169992][ T12] ? register_lock_class+0x102/0x980 [ 82.171985][ T12] ? __pfx_register_lock_class+0x10/0x10 [ 82.173972][ T12] ? mark_lock+0x9a/0x350 [ 82.175618][ T12] ? debug_object_deactivate+0x2d5/0x390 [ 82.177901][ T12] ? __pfx_lock_acquire+0x10/0x10 [ 82.179793][ T12] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 82.182026][ T12] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 82.184381][ T12] ? process_scheduled_works+0x945/0x1830 [ 82.186403][ T12] process_scheduled_works+0xa2c/0x1830 [ 82.188383][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 82.190385][ T12] ? assign_work+0x364/0x3d0 [ 82.192114][ T12] worker_thread+0x870/0xd30 [ 82.193895][ T12] ? __kthread_parkme+0x169/0x1d0 [ 82.195791][ T12] ? __pfx_worker_thread+0x10/0x10 [ 82.197774][ T12] kthread+0x2f0/0x390 [ 82.199415][ T12] ? __pfx_worker_thread+0x10/0x10 [ 82.201235][ T12] ? __pfx_kthread+0x10/0x10 [ 82.202879][ T12] ret_from_fork+0x4b/0x80 [ 82.204520][ T12] ? __pfx_kthread+0x10/0x10 [ 82.206281][ T12] ret_from_fork_asm+0x1a/0x30 [ 82.208143][ T12] [ 82.209574][ T12] Kernel Offset: disabled [ 82.211201][ T12] Rebooting in 86400 seconds..