program: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f00000000c0)=0xc0008, 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2c010000160001000000000000000000fc000000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1e0001000000000000000000000000000000006c"], 0x12c}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) recvmmsg(r2, &(0x7f00000078c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000000, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newsa={0xf0, 0x12, 0x713, 0x0, 0x0, {{@in6=@private2, @in=@loopback, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, 0x0, 0xee00}, {@in=@empty}, @in6=@private0, {0x0, 0xffffffffffffffff, 0x8, 0x0, 0x4000000000000}, {0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0x7}, 0x70bd25, 0x0, 0xa, 0x2}}, 0xf0}}, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x1, &(0x7f0000000000)={[{@umask={'umask', 0x3d, 0x7}}, {@creator}, {@force}, {}, {@umask={'umask', 0x3d, 0xb}}, {@nls={'nls', 0x3d, 'utf8'}}]}, 0x1, 0x5f5, &(0x7f0000000680)="$eJzs3c1vHGcdB/DvbDZ2HKTEpUkbUCWsRioIi8T2ygVzISCEfKhQVQ6crcRprGzcynaRWyEU3q8c+geUg2+ckLhHKme49epjJSQuPfmE0czOrrf2srUTx7umn0/0zPM8+8zzMr+dnd1ZK9oAX1rLs2k+SZHl2Te2y/ruTqu9u9N61C0nmUzSSJqdLMV6Unyc3Ekn5Wvlg/Vwxf+a58O1pbc++Wz3006tWadq/8awfsfzuE6ZSXKhzk9rvLvPPF7RO8IyYDe7gYNR2z/i8Um6P+PrFhgHRed984jp5HKSS/XngNRXh8bZru7pTA5pO9FVDgAAAM6pq3vZy3aujHodAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcB606l/9r3//v6hTo1ueSdH9/f+J+rHU5XPtyagXAAAAAAAAAACn4Bt72ct2rnTr+0X1N/9Xq8q1avuVvJfNrGYjt7KdlWxlKxuZTzLdN9DE9srW1sb8MXouDOy5cDbHCwAAAAAAAAD/p36T5YO//wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDgokgudrErXuuXpNJr1LhPl5nHyz275PHsy6gUAAADAGbi6l71s50q3vl9U9/wvVff9l/Je1rOVtWylndXcq74L6Nz1N3Z3Wu3dndajMh0d94f/PtEyqhHT+e5h8Mw3qj2mcj9r1SO3cjfvpJ17aVQ9Sze66xm8rl+Xayp+UDvmyu7VeXnkf6rzMzM5rHG6isjFXkTm6rWV0XhheCRO+Owcnmk+jd43P9d6s1wa1PWpYn65zsvj+cNZx3yow5FY6Dv7Xhoe8+Sbf/vLzx+01x8+uL85Oz6H9JQOR6LVF4mXv1SRmKsicb1XX85P8rPMZiZvZiNr+UVWspXVzOTHVWmlPp/L7fTwSN35XO3NL1rJRP28dK6iJ1lT8mrV90rW8tO8k3tZzevVv4XM57tZzGKW+p7h68e40jZO9qq/+a26MJXkj3U+Hsq4vtAX1/5r7nTV1v9IHaX9q8npvx81v14Xyjl+W+fj4XAk5vvOlxeHR+LP++V2s73+cOPByrvHnO+1Oi9fR78fq3eJ8nz5avlkVbXPnx1l24sD2+artmu9tsaRtuu9ti96pU7Un+GOjrRQtb08sK1Vtd3oaxv0eQuAsXf525cnpv419Y+pj6Z+N/Vg6o1LP5r83uQrE7n494vfb85deK3xSvHXfJRfHdz/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT2/z/Q8errTbqxsKCmdcuJhkDJZxHgv/2e94jlOM+soEPG+3tx69e3vz/Q++s/Zo5e3Vt1fXlxYXl+aWFl9v3b6/1l6d62xHvUrgeTh40x/1SgAAAAAAAAAAAIDjOov/sTDqYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOt+XZNJ+kyPzcrbmyvrvTapepWz7Ys5mkkaT4ZVJ8nNxJJ2W6b7ji0PAXuoUP15be+uSz3U8Pxmp2928M6HdCj+uUmXrOmVMc7+4zj1f0jrAM2M1u4GDU/hsAAP//WNoP9g==") syz_80211_inject_frame(&(0x7f0000000240)=@device_b, &(0x7f0000000000)=ANY=[@ANYBLOB="80000000080211000001080211000000aa09b799c0d70000000000000000000064000110000602020202020201010b"], 0xb5) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f00000003c0)='./file1\x00', 0x81c, &(0x7f0000000040)=ANY=[], 0xff, 0x5a85, &(0x7f0000001080)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkcZDCrRUYJwbG14lf5RyqWc4mdAoeSyynH4mTDglZE9kqo9COATGKRA591YJedci7ByR/EhX1nW3FxZV+MQpmAOYnzLxUXH3VlU2ffYf/hK8KhMqCjXD42tTP9Zmd6p7dnZ2elBT6fkran37z59rdfv+np92Z2JwAAAPCqcPzOfaeuPvd3v/1nEy989Pf+YdftYahcK6/GCsPp8pYzlSGnU39lbW2Z7Re/9pEv/XT0ht/+1v2Dn3/x2PYLdvzwd8664cEPXXn0nr9+5PkVX3vpqaK4sT9dPLOePJOEUP3Gyb/42LHvnDNdlqyc/lk6FMLqZM0jq5NMiLFfhBC2T+cYQlibufOrL1y6Y3p5+139LeWrMvXy+nuD/v6KNt0PpzvWwVM3vyH86B1b7/jeuq/8Xd+Rpw/NVEmqTf0phJXXNT++L4QwkP4PaV8MTf0xdtotIYTBpse9uSCv13eY/8ac9fPS5bJ0OVQQJ96/PrNeytTLrkd9meVgwfYWKi+PbuqVO6izPLOePRktVF6esXx1uvx6urx4nvHL6T6Uk1BKQqWR/mQy00dC03FLQlI7ltXGeqlxbEO6/5n1JLNeyqyX+zL7Vdtu2tHKSdJaHutlyuPpuJKWX9B8bdLGe3PKX5suq+kT9cW4HrI36oZm3WjsV03M6+QcuZwOpaZzULvyxoFPD8ZQWjaUrJn1mKk24n3Htt69obztm8eHc/JI7k/S+ElX8Q9+d/XyD3758IHs63oj/nWlNH6pq/g/vurEs9cc/txnc+N/KsYvdxX/kocGn7nq0TvX57bPydg+la7ijz/12CfWnX39kdz8743xq13F33z0RP+KUw89nJv/WGyfga7iP/m2d/7ki0888HRu/BDjD3YVf9vRPZ/sHzl1UW78h2P7DHXXf547csUPRkZ+NpoX//EYf0VX8b9w6J633rfqritzj++W2D7DXcV/94UP3rH81APn5507k3s7fYUFoJ2z0musj6frXY0zp7KzFvPXNF74q9FK/Zpvefp/xYKjN8lcfE5vZ2Uv4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABACOE1b/iv7/rf7xt+ppKu96c3nizVl7F8WQjJQAhh3/7xvft37r5x9EM3Hdi7e3xydHz/6MTu/XtvHb3sN0b3TuyZHL91+t6xN15af9yakNSXyfmztj0QpqZKw61lcXv/6sIjP9rw5v/zzyGMveb7I5Xc/Dfes+u+s9v8zEg2T71914Grv3/536b7NZzmNdwmr6mpqamQk9f/ff8v7/vzkz+9KISxX5krr8ee/K1/bEmoVjATJ1XqD/WE+pPBtnk0sk7zie1V2bFzcmJs7vadfnw5Zz/+9Uee/sWOWz79y3r7VnP3o8P2Hdg8NVn6y63v/v9/eVu9oCivM3Xci9o77kXML7ZfNW3vlel+rczZr0rOft35vYef+Ma5h/MbumC/+tIO0Je8tqPtxr0bTFa3lFfT+jGR+LiN+3ft2bjv1oNv3Llr/MaJGyd2v2XTZZuuGLv8iss31vZ8Y2/2//lDYazy3LrBELf/qx3ufy/600D22Tdru6v++NDX48/O+lNrXsvm3R7TeRW3R3NGec+/wfd+7DNvuefRq+sFRf081m6cT9Ll4PRx3hSa+tvstmq3X0XHJ4Qw2q4dnn3+ynDO/9h5R9F5qPnINP/MSDZPfWf9z//2zX+z9jfrBaflPN+cUJfn+UbWM/nU2qu6Y+ftzXWXWvv2h3K6X0Nt89r0nUf77j7+z3/SyG/ZsnDL+P79ezfVfy5PM12enNc2r2xp3K91tZ/lkB7e0OimbfrrtL5Qzy97/ozVs606lN43lKxpu19Z8b5jW+/eUN72zeN5LZ3cX9/iQFhRXyavy6k5mXlguZFwu+0v1edfUf8YedfffO19X/v7y2b1j0vqP4v2K8nZr6888YXPfP7T//bve7df7/qtE8M//59/tKFesOTPK+V6Io2s03ySmfPK5MQlIRQ9/9aF9vvReP79+3KMm2bUfn+Knn/Z7czUbx9vNLM+FMpdPV8veWjwmasevXN97vP15FzP1+adva3lceWC5+tS6T/Z51dSac1j8Z5fLR0l2Tz1rY+fdeiRj245t15Q9HrZqN2uX1/awfgjZ7/+8ZofjNw0+m/+e+/OG1/6ja9e+8PxzX9aL+j+uMdcenPcq2n7VnPat5F1HHc2t++bbrhpcnu9vKidz9z1b7osGP/EU8m+Ww9+eHxycmLvvs72q9PX07idbCt3+3oaz25rCvarNGu/Fu9GJ+3V6fMt5r+96/Zqfb4NhaSr14WD3129/INfPnxgeNaj0g1dV0rjl7qK/+OrTjx7zeHPfTY3/qdi/EpX8cefeuwT686+/khu/HuTNH61q/ibj57oX3HqoYdz44/F/Ae6iv/k2975ky8+8cDTufFDjD/UVfzUz3LjP56k25m+Rgrhqy9cuqO+noS+9PkW8+hryStk15PMeimzXm5eL8VZhHQD5SRpLY/10vILmnJp5w9zyuNVWHVtffliXA/ZG3OXLzWlpnN/u/Ki61QAgFe6+P5/vAaN7/9PpBdK+TMNMKPbcdiPnztyxQ9GRn62NiduHIfNzOe0vse6No0fHx/nAUfeFMaml7eP1i/05/s+Qnw+ZOc543Yuen1rjMJ5zqna9mfNcxbNv6/PrMe86vPllaZxaGr2uKYSOph/X58JUzT/ntn94vezRj8+K63Rpnmr7PHrS2fM2n3eIbS2S2U6Ql7/yM6Lxc9zjKwMW2rb67B/ZD9HE49D9nM0cTvnZk6c3X6OJq9/DM9uh5a8Yv+I9eboH7WUi9+PnH38whztO3P82kfLHr95HO9qCP/pc3Flsd6f7cG8YdtTWifzhv1tthDv63zecHHfDzMvmRM/fYJ1MG/40qqWx53eecNYHvej0uF84vtyyns1nxhPFzGvk3PkcjqYTwReqeL4P75GTI//py/A/1+mXtE4JXvVGOPlfk6v3D6fonHH7M/pDXb1Or7t6J5P9o+cuij3OufhTj+nt6dlbbDgcz9F7bghs17YjjkTNEXjvex2ito9+7mMobCiq3b/wqF73nrfqruuzG33LfUX0uJ2/0zL2oqCdl/sz3O+/D9nYLzQNv4S/xxDp/NnZ+xzDOkHnxZrPPIHOeXzHY8MzrrR2K+apTsemXkh7W+dwAMAaCuO/xvvn6Xj//8VK6TXEUXj1osz6zFe7rg15/okb9z6++nylkz9ofQ3KuZ73fzuCx+8Y/mpB87PHbfc2+k49D+2rA0XjkMXNm7OHUds6c3nxXPHEY1x1sLGibn5N8aJCxun57xN2zROX9g4Ord9GuPo1nmAz5zoLH6cB8iN35gH6OE496WZSqdvnFswX5fZWFztdL7ujIyjV7bu56KMo9Nfn12scfR7c8rnO44emnWjsV81S3cc3VpuHA0AvFLF8X+8jIvj/0cz9Rb6PnvuuKBH1+3ZvwfSiP/4oowrZ+L36P3f4nHfYo9b88b1yaF2W4n3dj6uX+x5iZf7+7+LPS80XPsDnmn8TSs7jN/pPNkZe395qYyL040aFwMAsJTF8f9Aup4//l/Y+GTW+K2vfgk5Mz55+Y3Pm+udufF5r953Nz5vG7/T961z4i+d+a/F/ZzMq378H9fT1SnjfwAAlqA4/o+/9hj//t9/Sdezf7d+6Y3Tp9JL0kV6Hz1tD+N04/Qwxzj97Tm/7xHv73yc3uN5thi/+XMA5gFO7+fjB2bqmwcAAOBM6KuNlGb/nv0H0mX29+zzfi//mpz6NR38TdRKenl8/f69ExPXHtizfXz/xLW7b9o+se/am/fu3L9/Yne93kLHjbnjljTJvlBJ26N9vey4bVU6MbAq5+8hZOvHsOfVbsz+ewjZzQ4U/B2BmePXWb55x680R/12/SPveOfF/8Oc+lHj+N/wR5dcu2PftTt379y/c3xy58GJ1ujTDTE4j+/NTNL/8/q+1Mee/HfHQ6jfqn1rZkZp/t/fGQ/PPPNo+THriVSabpEk9/hP55Fk8lidZrI67/sPcvL+9n/78z++cOqXXwxh7DXl180379aQm6f+8/snfn//8e/vmc6/NGf+jZppXkXfV5qtH/enMnnTvv1v2HHTgd3Zb5TsTpzPKDXWF2k+I336lzucn9iWUz7f398vz7qxNHU8PzHtHdefvsQAAJa4+P5/vJ6N7x9+Or2AiuWdj9PrF47dvn+cO04f62ycnv1esqJxerZ+3N9Ox+nVBY7Ts9vPH6cP5NZvN07PG3fnxf+DnPrz1Xk/6eL3MeLw88uHD+T2k+uy/WSgbb3s9xkU9ZNs/fn2k2SB/SS7/aL5nHb12/WTvOOeF/89OfXzFPWHSqM/LOz3Z3L7w6c6O2/8ema9qD9k68+3P5QW2B+y2y/qD+3qt+sPecc3L/7VOfU71do/pjtGrV9MXHvzTXs/3FRvsb//Isz+SEYn+S2beezifv9Htzpv38X93NfC8w9hc60kL//F/VzZwvMvav95/P7XyjDrc2W5+T+ecwLpef6L+/0uGXnVZz/+dM3XpmeCos+fFc3jbs0pn+887rJZN5amec3jAj0Vx//x7Z44/r8rXfb6baCX//ek+R6ztvF79D1mRdcxr7rX8+xb7l7PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF7++kPor6yt3Tx+575TV5/7u9/+s4kXPvp7/7Dr9l/7yJd+OnrDb3/r/sHPv3hs+wU7fvg7Z93w4IeuPHrPXz/y/IqvvfRUYezh2s/KxelqNYTkmSSE6jdO/sXHjn3nnOmyJIRQToYPhbA6WfPI6iQTYewXIYTtMdVK651ffeHSHdPL2+/qbylflQmS3a8wVI75NOcZwi2Fe8TLUDXtZwdP3fyG8KN3bL3je+u+8nd9R54+NFMlqTb1pxBWXtf8+L4QwkD6P9SfMjVr44PT5ZYQwmDT495ckNfrO8x/Y876eelyWbocKogT71+fWS9l6mXXo77McrBgewuVl0e39Yosz6xnT0YLlZdnLF+dLr+eLi+eZ/xy/J+EUhIqjfQnk5k+EpqOWxKS2rGsNtZLjWMb0v3PrCeZ9VJmvdyX2a/adtOOVk6S1vJYL1MeT8eVtPyC5nN1G+/NKX9tuqymT9QX43rI3qgbmnWjsV81Ma+Tc+SS+g/FVbpXajoHtStvHPj0YAylZUPJmlmPmWoj3nds690bytu+eXw4J4/k/iSNn3QV/+B3Vy//4JcPH1ibF/+6Uhq/1FX8H1914tlrDn/us7nxPxXjl7uKf8lDg89c9eid63Pb52Rsn0pX8cefeuwT686+/khu/vfG+NWu4m8+eqJ/xamHHs7Nfyy2z0BX8Z982zt/8sUnHng6N36I8Qe7ir/t6J5P9o+cuig3/sOxfYa66z/PHbniByMjPxvNi/94jL+iq/hfOHTPW+9bddeVucd3S2yf4a7iv/vCB+9YfuqB8/POncm9vXrlBHh1Oiu9xvp4ut7tOHOhmsYLfzVaqV/zLU//r+jlhjKmt7NyEeMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDK9E+3XfaB97/9PVsrSQhJTp2pNuJ95WWbN492sd3xpx77xLqzrz/SXLa2izgAAABAsTgOLzVKqmFtuDkZCOe1rR/nCM6La0lreXYZ42TnCDqNEzJxSm3ilLqIU+5RPpUexenrUZxlPYrT36M41YI41dBZnIE54lSme0CH+QzOmU/ncYZ6FGd5j+Ks6FGclT2Ks6pHcYbnjNN5P1zdozhrehTnrB7FObtHcV7Tozi/0qM45/QoTnZOeb79cEVa89y8OLUb5cI4laTcuKPdfPo56XbOX+B2hubcTnVqRdHrcYfbGSjYn7id12ceVyrezqHm+tUOt/Or899O6/53uJ1fX+B2SgXbif32lmx+cTtxrcP+f2uP4hzsUZyP9CjObT2K8yfzidPmPbIY5097lM9HFxgHoFNx/D8z3hsO/ZXfDIPpGSc7CxDHu+tqP2e/3uWdkGK812XKlxXFyw7UM/HWzTe/7ARCJt76TLS+lniVxnhkjnjV5ngbMnfOtb9v29w+t+Z4F2fK++eIV5OdWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACARfRPt132gfe//T1bQxKm/7U11Ua8r7xs8+bRLrZ7bOvdG8rbvnm8uay/0kUgAAAAoFAch/c1Sqqhv7Ip9CfLWupV03mAarpeHq4vR1aGLdPLZLRUWx9MVs/5uEr6uI37d+3ZuO/Wg2/cuWv8xokbJ3a/ZdNlm64Yu/yKyzfu2Dk5MVb/GUJ/QbwQQm36Yd+tBz88Pjk5sXdfvTCb/9r0cWtrydb+1R438qYwNr28Pc1/TcH2SrO2t3g3OjqAAAAAAAAAAAAA/8Ku3YZKWpYPAL+emTkz49H9O398Gxf3OKyrWFmpHUNLPA8ECb4sHoSYY51kyZWko7vorphNupCaUgTKwrLhhzZM0qQvvqREvrBgmCV0NgmV8kN9KLQMFT+EMnHOzDNnZs6McxrEXbff78Pzct3XfV/P/Xw4cD1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgQ7TYmJ6vz8zOTSYRyZCc5gDZWL6YprUx6n7lie0/KE29c3p3rFQYYyEAAABgpKwPn+hEylEq5CMfJy7fbYyugVjp+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP89i43p+frM7NyRSUQyJKc5QDaWL6ZpbYy6r7710Gdfmpr6W3esOsY6AAAAwGhZH57rRMpRjVNiIjlxqfPvRLNvA+v75rfyVmTrbFhjXv+3g2F5p6wx77Q15n1sRN7m9vmmAAAAgI++rP8vdCKVKBXWreqHs/5/VF+f5Z3cl5dvn9f+W4HimjMBAACA95f1/6VOpBqlQrXTr6+139/Yl5fNH/V/+2z+qUPmj/p//qXts//TAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBHx2Jjer4+MzuXTyKSITnNAbKxfDFNa2PUPfvJyX9cvP/2jd2xUmGMhQAAAICRsj58pfUuR6kwGRNx5HLfP3XhvY986ZHHpiOi1eYXi3HTlh07rj+7dczyznp+/8T3n33926vyzmodD9oGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD8xiY3q+PjM7d0QSkQzJaQ6QjeWLaVobo+4rn//iXx548fHXumPVMdYBAAAARsv68JXevxzVKEYxjl++6+71l+T65g/7ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPm745s3f2LKwsPV6FwfnopmPOAQew4WL3ouD/ZcJAAD4oJ0cSTT/SydcdrCfGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQsNqbn6zOzc+UkIhmS02w2dy0dumVj+WKa1saomz7xQmndO08+3R2rjrEOAAAAMFrWh6/0/uWoxkRMxHHLd4O+CSz3/5UP8SEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQ8piY3q+PjM7ty6JSIbkNAfIxvLFNK2NUff+XXs/d9/R37uoO1YqjLEQAAAAMFLWhxc7kXKUCh+PUpzUvl/onZDk2+fB3wVW5m3vmTa55nmNrlnFyK953p19Oyu0d9OaV25H85XWuTOvtjIv155X65pXjU75Wmfe8sva3VNt3YjnHPTuAQAA4MOS9f+lTqQSpUKpq///aU9+RZ8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyx2Jier8/MziVJRDIkpzlANpYvpmltjLo3//b/j/rqz+7a2R2rjrEOAAAAMFrWh6/0/uWoxob4v9iw3PdHpTc/y/tn/d377vnXX0+POPP4A1OF/mV/lF38+pULnuo/ROR6s3MRR7frJUPq/eb399y4qfnuAxFnHpc/aVW9eP96vUumzUfrWy/d8eyB7SNeDgAAABwmsv5/ohOpRKlw3dD+P+u8R/T/HcsN+NE37vrFse1juyPvm5GrtOvlhtT7wqaH/nzquX9/fan/X13vk52rT++99r5jewq2In2StDlz7c7NB87Zl8t23aqf76ufvZcvf+u1f199093vtuqXo9yOr+97lFa11ce+8pE2F3J75i55b0+jt35hyP5v/93TL/5q/V1vL9V/6+TJTv3TYlD91s4LQ+vHEWlz8vI7dp+3d//m3voRUYv86vpvvH1RnPDHa27r3/9k38Ldb7772P8C0ubzG9/cd+691fN76ydL9btk7//nL96/+yd3f/exrH72W5HTT1lr/Vxf/efuPGbXM7detr63fq6vfrb/p654aWpb7Tt/6N//VT2rFoY+xer9P3jGw1e+vCW9pX8IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8LLYmJ6vz8zO5ZKIZEhOc4BsLF9M09oYdV+9+IU3rrjrxz/sjlXHWAcAAAAYLevDV3r/clSjGMWYXO77H61vvXTHswe2R6U1mrTPhYVtN+z4xNXbdl531UF6cgAAAGCtXr04We7/C51IJUqFTTHR7v9nrt25+cA5+3JZ/59bOicRcfU1C1vPjE7ec3ces+uZWy9b3/lOELH8s4DyUt5nVvIuvOCFypt/+vqpA/POXsl7fuOb+869t3p+lhfdeWdF5/vEg2c8fOXLW9JbOs/Xnfepr21baH+eyNadvPyO3eft3b85l33HaJ8n2+tmeQu5PXOXvLenkatEaWk8384rt/cNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKy22Jier8/MzkU+IhmS0+zWDmRj+WKa1saoe8mmX9521DuPb+iOlQpjLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsJ+/YVIVfZxAH+emdl3Z3d2dVdfaCtaVysKu1AKIuqmoiI0QujKkLA0L6IgiCjsojU0Eiu6CbJuJCqothAMcpNEizX6J910UUGBdRGItFC7SBcZO/OccfY4p9HZCqTPB4Znn+ec8z2/c55nzuwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiv9FZG6u2RHY/M3nnRrZ89df/Mk7d/8NC2K55466exTTd/urf/9ZNTm5dv+faWpZsOPLBmcvcrh38bfO+PYx2DH280K1O3GkI8EUOofjj94tNTn18wNxZDCOU4NB7CcFxyeDjmElb/HkLY3Kxz/sZ9M9dsmWu37eqdN744F5K/rlArZ/U0DM2vt9WpfBjnnWpaZ1tnH7sqfH/T+u1fLnv3nZ6J4+Ond4lz+5TTegph0cbW43tCCH3pMydbbSPZwaldF0Lobznuug51XXqW9a8q6F+c2v+lttYhJ9u+Itcv5fbL9zM9uba/w/kWqqiObvfrZCDXzz+MFqpZ56r248OpfT+1K88xv5x9YijFUGmW/2A8vUZCy7zFEOtzWW32S9ncVkK6/p6W42IIMdcv5frlntx11c+bFlo5xvnj2X658exxXEnjy1uf1W3cVTB+YWqr6Yt6MuuH/B8NtTP+aF5XXVbX9F/U8m8otTyD2o03Jz5NRi2N1eKSM4451Ua2bWr9s5eXN3x0ZKigjrg3pvzYVf7WL4YH7nl756MjRfkbSym/1FX+D2uP/nL3zldfLsx/Icsvd5V/9cH+E2s/3rGi8P5MZ/enclb5MfWzbfce++S5Zf+/b6LdXNfz92T51a7qv3HyaO/g7MFDhfWvzu5PX1f5391w249vfr3/eGF+yPL7u8rfMPnw872js1cW5h9qfBVq9RXaxfr5deLab0ZHfx4ryv8qu/+DbfJjx/w3xndf/9riXWsK1+e67P4Mpfy+c6r/jssObB+Y3X9J0bMz7vm7fjkB/puWpv+xnkn9Tu+Z+2ZKbd8zF6rlfeGlsUrjF2ggfTq9Gy7E3HkW/YP5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAAQkAAACAoP+v2xEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//2/0YpQ==") open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) chdir(0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x200, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0) sendfile(r3, r4, 0x0, 0xf800) r5 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x8000) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x101005) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) syz_80211_inject_frame(&(0x7f0000000280)=@device_b, &(0x7f00000002c0)=@data_frame={@a_msdu=@type01={{0x0, 0x2, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x4}, @broadcast, @initial, @from_mac=@device_b, {0x4, 0x4e1}}, @random="31f82d59d867eeefb4e2ddeaeafb1e9823f5fcc9070c6f5c3e4516e6a712fbf701f899e9f841b37afab0e74f10014efb0f198f2ebbbc4caa1f793e5bc35a93bf4c6712f985b65c47c0a96fc98db08a3f13320c591e78c6f35a62dfd7ecd20ead666ba000bac5051d6944174404ef9f1a5b53708e0cc3bf9c649ff3cfe73c8281b0cbc60a50678a0cff7882c375488409545edcad599f7e4c56c9e0866887c8b48ac23ffa8adc6b917c10e35ecf88b9317bf175e3d0585f64aa9f476cf47909787861dec7777c22d8b92cb11347a52c9a51652c939019f4061525448955404b363f1588f440a76bce51"}, 0x101) sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) [ 84.927806][ T5318] Bluetooth: hci0: command tx timeout [ 85.014441][ T5342] netlink: 52 bytes leftover after parsing attributes in process `syz.0.0'. [ 85.093250][ T5343] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'. [ 85.111954][ T5343] loop0: detected capacity change from 0 to 1024 [ 85.120353][ T5343] hfsplus: Bad value for 'creator' [ 85.132377][ T5342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.471778][ T5342] loop0: detected capacity change from 0 to 32768 [ 85.689621][ T5342] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 85.689638][ T5342] allowing incompatible features above 0.0: (unknown version) [ 85.689645][ T5342] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 85.707022][ T5342] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 85.711664][ T5342] bcachefs (loop0): initializing new filesystem [ 85.767218][ T5342] bcachefs (loop0): going read-write [ 85.776490][ T5342] bcachefs (loop0): marking superblocks [ 85.792843][ T5342] bcachefs (loop0): initializing freespace [ 85.802704][ T5342] bcachefs (loop0): done initializing freespace [ 85.811417][ T5342] bcachefs (loop0): reading snapshots table [ 85.814052][ T5342] bcachefs (loop0): reading snapshots done [ 85.832203][ T5342] bcachefs (loop0): loop0: Superblock write was silently dropped! (seq 0 expected 42) [ 85.836564][ T5342] bcachefs (loop0): done starting filesystem [ 85.880368][ T25] audit: type=1804 audit(1752181854.298:2): pid=5342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/file1/bus" dev="loop0" ino=4098 res=1 errno=0 [ 85.938518][ T25] audit: type=1800 audit(1752181854.318:3): pid=5342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=4098 res=0 errno=0 [ 85.969064][ T5342] bcachefs (loop0 inum 4098 offset 4096): data write error: I/O [ 85.989563][ T49] bcachefs (loop0): btree write error: I/O [ 85.989563][ T49] dirents level 0/0 [ 85.989563][ T49] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 5449db53909c1614 written 8 min_key POS_MIN durability: 1 ptr: 0:42:128 gen 0 [ 86.000007][ T49] bcachefs (loop0): btree_node_write_work(): fatal error writing btree node: btree_node_write_all_failed [ 86.000007][ T49] dirents level 0/0 [ 86.000007][ T49] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 5449db53909c1614 written 8 min_key POS_MIN durability: 1 ptr: 0:42:128 gen 0 [ 86.013919][ T49] bcachefs (loop0): fatal error - emergency read only [ 86.017343][ T5340] bcachefs (loop0): going read-only [ 86.019964][ T5340] bcachefs (loop0): finished waiting for writes to stop [ 86.027962][ T5342] ================================================================== [ 86.031547][ T5342] BUG: KASAN: slab-use-after-free in __bch2_write+0x38f8/0x3900 [ 86.035247][ T5342] Read of size 2 at addr ffff88805213797c by task syz.0.0/5342 [ 86.038812][ T5342] [ 86.039953][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 86.039970][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.039980][ T5342] Call Trace: [ 86.039988][ T5342] [ 86.039994][ T5342] dump_stack_lvl+0x189/0x250 [ 86.040015][ T5342] ? __virt_addr_valid+0x1c8/0x5c0 [ 86.040035][ T5342] ? rcu_is_watching+0x15/0xb0 [ 86.040050][ T5342] ? __kasan_check_byte+0x12/0x40 [ 86.040064][ T5342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.040077][ T5342] ? rcu_is_watching+0x15/0xb0 [ 86.040088][ T5342] ? lock_release+0x4b/0x3e0 [ 86.040098][ T5342] ? __virt_addr_valid+0x1c8/0x5c0 [ 86.040110][ T5342] ? __virt_addr_valid+0x4a5/0x5c0 [ 86.040122][ T5342] print_report+0xd2/0x2b0 [ 86.040132][ T5342] ? __bch2_write+0x38f8/0x3900 [ 86.040145][ T5342] kasan_report+0x118/0x150 [ 86.040157][ T5342] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 86.040171][ T5342] ? __bch2_write+0x38f8/0x3900 [ 86.040187][ T5342] __bch2_write+0x38f8/0x3900 [ 86.040204][ T5342] ? __lock_acquire+0xab9/0xd20 [ 86.040221][ T5342] ? filemap_get_folios_tag+0xed/0x630 [ 86.040240][ T5342] ? filemap_get_folios_tag+0x53b/0x630 [ 86.040256][ T5342] ? filemap_get_folios_tag+0xed/0x630 [ 86.040271][ T5342] ? __pfx___bch2_write+0x10/0x10 [ 86.040284][ T5342] ? mlock_drain_local+0x28e/0x490 [ 86.040301][ T5342] ? enumerated_ref_tryget+0x105/0x170 [ 86.040313][ T5342] ? bch2_write+0x719/0x10f0 [ 86.040328][ T5342] ? write_cache_pages+0xc1/0x100 [ 86.040341][ T5342] bch2_writepages+0x211/0x2d0 [ 86.040357][ T5342] ? __pfx_bch2_writepages+0x10/0x10 [ 86.040372][ T5342] do_writepages+0x32e/0x550 [ 86.040387][ T5342] ? do_raw_spin_unlock+0x4d/0x240 [ 86.040405][ T5342] file_write_and_wait_range+0x22c/0x330 [ 86.040423][ T5342] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 86.040436][ T5342] ? iter_file_splice_write+0x93a/0x1000 [ 86.040460][ T5342] bch2_fsync+0x127/0x330 [ 86.040479][ T5342] bch2_write_iter+0x2822/0x2b90 [ 86.040496][ T5342] ? __se_sys_sendfile64+0x13e/0x190 [ 86.040511][ T5342] ? do_syscall_64+0xfa/0x3b0 [ 86.040578][ T5342] ? __pfx_bch2_write_iter+0x10/0x10 [ 86.040598][ T5342] ? splice_from_pipe_next+0x608/0x660 [ 86.040612][ T5342] ? __asan_memset+0x22/0x50 [ 86.040631][ T5342] iter_file_splice_write+0x93a/0x1000 [ 86.040651][ T5342] ? __pfx_iter_file_splice_write+0x10/0x10 [ 86.040667][ T5342] ? rcu_read_lock_any_held+0xb3/0x120 [ 86.040682][ T5342] ? direct_splice_actor+0x10c/0x160 [ 86.040695][ T5342] ? __pfx_iter_file_splice_write+0x10/0x10 [ 86.040708][ T5342] direct_splice_actor+0x101/0x160 [ 86.040723][ T5342] splice_direct_to_actor+0x5a5/0xcc0 [ 86.040739][ T5342] ? __pfx_direct_splice_actor+0x10/0x10 [ 86.040751][ T5342] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 86.040762][ T5342] ? __pfx_aa_file_perm+0x10/0x10 [ 86.040773][ T5342] do_splice_direct+0x181/0x270 [ 86.040786][ T5342] ? __pfx_do_splice_direct+0x10/0x10 [ 86.040800][ T5342] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 86.040819][ T5342] ? rw_verify_area+0x258/0x650 [ 86.040833][ T5342] do_sendfile+0x4da/0x7e0 [ 86.040855][ T5342] ? __pfx_do_sendfile+0x10/0x10 [ 86.040869][ T5342] ? rcu_is_watching+0x15/0xb0 [ 86.040882][ T5342] ? __rseq_handle_notify_resume+0x37e/0x11f0 [ 86.040902][ T5342] __se_sys_sendfile64+0x13e/0x190 [ 86.040916][ T5342] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 86.040930][ T5342] ? rcu_is_watching+0x15/0xb0 [ 86.040944][ T5342] ? do_syscall_64+0xbe/0x3b0 [ 86.040956][ T5342] do_syscall_64+0xfa/0x3b0 [ 86.040968][ T5342] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.040988][ T5342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.041000][ T5342] ? clear_bhb_loop+0x60/0xb0 [ 86.041015][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.041028][ T5342] RIP: 0033:0x7fca46f8e929 [ 86.041041][ T5342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.041052][ T5342] RSP: 002b:00007fca47ddc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 86.041066][ T5342] RAX: ffffffffffffffda RBX: 00007fca471b5fa0 RCX: 00007fca46f8e929 [ 86.041075][ T5342] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 86.041083][ T5342] RBP: 00007fca47010b39 R08: 0000000000000000 R09: 0000000000000000 [ 86.041118][ T5342] R10: 000000000000f800 R11: 0000000000000246 R12: 0000000000000000 [ 86.041127][ T5342] R13: 0000000000000000 R14: 00007fca471b5fa0 R15: 00007ffffdeb8138 [ 86.041139][ T5342] [ 86.041144][ T5342] [ 86.239831][ T5342] Allocated by task 5342: [ 86.241795][ T5342] kasan_save_track+0x3e/0x80 [ 86.244058][ T5342] __kasan_slab_alloc+0x6c/0x80 [ 86.246269][ T5342] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 86.248620][ T5342] mempool_alloc_noprof+0x1a7/0x510 [ 86.251073][ T5342] bio_alloc_bioset+0x241/0x1110 [ 86.253191][ T5342] __bch2_writepage+0x1581/0x2790 [ 86.255359][ T5342] write_cache_pages+0x61/0x100 [ 86.257637][ T5342] bch2_writepages+0xf9/0x2d0 [ 86.259815][ T5342] do_writepages+0x32e/0x550 [ 86.262098][ T5342] file_write_and_wait_range+0x22c/0x330 [ 86.264768][ T5342] bch2_fsync+0x127/0x330 [ 86.266817][ T5342] bch2_write_iter+0x2822/0x2b90 [ 86.268996][ T5342] iter_file_splice_write+0x93a/0x1000 [ 86.271234][ T5342] direct_splice_actor+0x101/0x160 [ 86.273595][ T5342] splice_direct_to_actor+0x5a5/0xcc0 [ 86.275867][ T5342] do_splice_direct+0x181/0x270 [ 86.278124][ T5342] do_sendfile+0x4da/0x7e0 [ 86.280117][ T5342] __se_sys_sendfile64+0x13e/0x190 [ 86.282248][ T5342] do_syscall_64+0xfa/0x3b0 [ 86.284311][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.286992][ T5342] [ 86.288146][ T5342] Freed by task 5312: [ 86.290009][ T5342] kasan_save_track+0x3e/0x80 [ 86.292231][ T5342] kasan_save_free_info+0x46/0x50 [ 86.294728][ T5342] __kasan_slab_free+0x62/0x70 [ 86.296888][ T5342] slab_free_after_rcu_debug+0x129/0x2a0 [ 86.299540][ T5342] rcu_core+0xca8/0x1710 [ 86.301469][ T5342] handle_softirqs+0x286/0x870 [ 86.303621][ T5342] __irq_exit_rcu+0xca/0x1f0 [ 86.305873][ T5342] irq_exit_rcu+0x9/0x30 [ 86.307949][ T5342] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 86.310426][ T5342] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 86.312621][ T5342] [ 86.313568][ T5342] Last potentially related work creation: [ 86.316160][ T5342] kasan_save_stack+0x3e/0x60 [ 86.318467][ T5342] kasan_record_aux_stack+0xbd/0xd0 [ 86.320849][ T5342] kmem_cache_free+0x2f6/0x400 [ 86.322915][ T5342] process_scheduled_works+0xae1/0x17b0 [ 86.325122][ T5342] worker_thread+0x8a0/0xda0 [ 86.327170][ T5342] kthread+0x70e/0x8a0 [ 86.328824][ T5342] ret_from_fork+0x3fc/0x770 [ 86.330794][ T5342] ret_from_fork_asm+0x1a/0x30 [ 86.332728][ T5342] [ 86.333751][ T5342] Second to last potentially related work creation: [ 86.336662][ T5342] kasan_save_stack+0x3e/0x60 [ 86.339042][ T5342] kasan_record_aux_stack+0xbd/0xd0 [ 86.341403][ T5342] insert_work+0x3d/0x330 [ 86.343275][ T5342] __queue_work+0xcfc/0xfe0 [ 86.345318][ T5342] queue_work_on+0x181/0x270 [ 86.347239][ T5342] closure_put_after_sub+0x2ac/0x320 [ 86.349701][ T5342] bch2_nocow_write+0x3ab2/0x3e90 [ 86.351855][ T5342] __bch2_write+0x371c/0x3900 [ 86.353921][ T5342] bch2_writepages+0x211/0x2d0 [ 86.356064][ T5342] do_writepages+0x32e/0x550 [ 86.358141][ T5342] file_write_and_wait_range+0x22c/0x330 [ 86.360614][ T5342] bch2_fsync+0x127/0x330 [ 86.362586][ T5342] bch2_write_iter+0x2822/0x2b90 [ 86.364836][ T5342] iter_file_splice_write+0x93a/0x1000 [ 86.367142][ T5342] direct_splice_actor+0x101/0x160 [ 86.369212][ T5342] splice_direct_to_actor+0x5a5/0xcc0 [ 86.371554][ T5342] do_splice_direct+0x181/0x270 [ 86.373813][ T5342] do_sendfile+0x4da/0x7e0 [ 86.375730][ T5342] __se_sys_sendfile64+0x13e/0x190 [ 86.378089][ T5342] do_syscall_64+0xfa/0x3b0 [ 86.380114][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.382914][ T5342] [ 86.384027][ T5342] The buggy address belongs to the object at ffff888052137900 [ 86.384027][ T5342] which belongs to the cache bio-1072 of size 1072 [ 86.389953][ T5342] The buggy address is located 124 bytes inside of [ 86.389953][ T5342] freed 1072-byte region [ffff888052137900, ffff888052137d30) [ 86.395318][ T5342] [ 86.396336][ T5342] The buggy address belongs to the physical page: [ 86.398916][ T5342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52134 [ 86.402722][ T5342] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 86.406383][ T5342] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 86.409603][ T5342] page_type: f5(slab) [ 86.411387][ T5342] raw: 04fff00000000040 ffff888051dfc640 dead000000000122 0000000000000000 [ 86.414758][ T5342] raw: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000 [ 86.418389][ T5342] head: 04fff00000000040 ffff888051dfc640 dead000000000122 0000000000000000 [ 86.421469][ T5342] head: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000 [ 86.425033][ T5342] head: 04fff00000000002 ffffea0001484d01 00000000ffffffff 00000000ffffffff [ 86.428825][ T5342] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 86.432607][ T5342] page dumped because: kasan: bad access detected [ 86.435477][ T5342] page_owner tracks the page as allocated [ 86.437886][ T5342] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5342, tgid 5341 (syz.0.0), ts 85654438373, free_ts 85583779717 [ 86.446729][ T5342] post_alloc_hook+0x240/0x2a0 [ 86.448942][ T5342] get_page_from_freelist+0x21e4/0x22c0 [ 86.451097][ T5342] __alloc_frozen_pages_noprof+0x181/0x370 [ 86.453397][ T5342] alloc_pages_mpol+0x232/0x4a0 [ 86.455547][ T5342] allocate_slab+0x8a/0x3b0 [ 86.457432][ T5342] ___slab_alloc+0xbfc/0x1480 [ 86.459543][ T5342] kmem_cache_alloc_noprof+0x283/0x3c0 [ 86.461650][ T5342] mempool_init_node+0x1e5/0x4d0 [ 86.463637][ T5342] mempool_init_noprof+0x3a/0x50 [ 86.465759][ T5342] bioset_init+0x2eb/0x790 [ 86.467611][ T5342] bch2_fs_fs_io_buffered_init+0x2b/0x50 [ 86.469764][ T5342] bch2_fs_init_rw+0x246/0x2d0 [ 86.471577][ T5342] bch2_fs_open+0x2338/0x2600 [ 86.473436][ T5342] bch2_fs_get_tree+0x44f/0x1520 [ 86.475369][ T5342] vfs_get_tree+0x92/0x2b0 [ 86.477255][ T5342] do_new_mount+0x24a/0xa40 [ 86.479153][ T5342] page last free pid 5312 tgid 5312 stack trace: [ 86.481845][ T5342] __free_frozen_pages+0xc71/0xe70 [ 86.484059][ T5342] __put_partials+0x161/0x1c0 [ 86.485900][ T5342] put_cpu_partial+0x17c/0x250 [ 86.487913][ T5342] __slab_free+0x2f7/0x400 [ 86.489952][ T5342] qlist_free_all+0x97/0x140 [ 86.491802][ T5342] kasan_quarantine_reduce+0x148/0x160 [ 86.493896][ T5342] __kasan_slab_alloc+0x22/0x80 [ 86.495944][ T5342] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 86.497941][ T5342] getname_flags+0xb8/0x540 [ 86.499903][ T5342] vfs_fstatat+0x43/0x170 [ 86.501818][ T5342] __x64_sys_newfstatat+0x116/0x190 [ 86.504242][ T5342] do_syscall_64+0xfa/0x3b0 [ 86.506198][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.508759][ T5342] [ 86.509784][ T5342] Memory state around the buggy address: [ 86.512149][ T5342] ffff888052137800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 86.515381][ T5342] ffff888052137880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.518961][ T5342] >ffff888052137900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.522053][ T5342] ^ [ 86.525468][ T5342] ffff888052137980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.528727][ T5342] ffff888052137a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.532235][ T5342] ================================================================== [ 86.545692][ T54] cfg80211: failed to load regulatory.db [ 86.558927][ T5340] bcachefs (loop0): flushing journal and stopping allocators, journal seq 6 [ 86.562695][ T5340] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 6 [ 86.566612][ T5340] bcachefs (loop0): unclean shutdown complete, journal seq 6 [ 86.571112][ T5340] bcachefs (loop0): superblock read error: I/O [ 86.573851][ T5340] bcachefs (loop0): bch2_write_super(): fatal error : Unable to write superblock to sufficient devices (from bch2_fs_read_only) [ 86.581617][ T5340] bcachefs (loop0): done going read-only, filesystem not clean [ 86.614231][ T5343] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 86.619973][ T5343] wlan1: No basic rates, using min rate instead [ 86.624387][ T5343] wlan1: authenticate with aa:09:b7:99:c0:d7 (local address=08:02:11:00:00:01) [ 86.630574][ T5343] wlan1: send auth to aa:09:b7:99:c0:d7 (try 1/3) [ 86.634778][ T12] wlan1: send auth to aa:09:b7:99:c0:d7 (try 2/3) [ 86.638856][ T5342] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 86.641984][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 86.647005][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.651567][ T5342] Call Trace: [ 86.653009][ T5342] [ 86.654340][ T5342] dump_stack_lvl+0x99/0x250 [ 86.656417][ T5342] ? __asan_memcpy+0x40/0x70 [ 86.658343][ T5342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.660600][ T5342] ? __pfx__printk+0x10/0x10 [ 86.662451][ T5342] panic+0x2db/0x790 [ 86.663995][ T5342] ? __pfx_panic+0x10/0x10 [ 86.665783][ T5342] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 86.668275][ T5342] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.670635][ T5342] ? print_memory_metadata+0x314/0x400 [ 86.672662][ T5342] ? __bch2_write+0x38f8/0x3900 [ 86.674743][ T5342] check_panic_on_warn+0x89/0xb0 [ 86.676797][ T5342] ? __bch2_write+0x38f8/0x3900 [ 86.678841][ T5342] end_report+0x78/0x160 [ 86.680721][ T5342] kasan_report+0x129/0x150 [ 86.682658][ T5342] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 86.684861][ T5342] ? __bch2_write+0x38f8/0x3900 [ 86.686956][ T5342] __bch2_write+0x38f8/0x3900 [ 86.688894][ T5342] ? __lock_acquire+0xab9/0xd20 [ 86.691116][ T5342] ? filemap_get_folios_tag+0xed/0x630 [ 86.693556][ T5342] ? filemap_get_folios_tag+0x53b/0x630 [ 86.695751][ T5342] ? filemap_get_folios_tag+0xed/0x630 [ 86.697932][ T5342] ? __pfx___bch2_write+0x10/0x10 [ 86.700081][ T5342] ? mlock_drain_local+0x28e/0x490 [ 86.702186][ T5342] ? enumerated_ref_tryget+0x105/0x170 [ 86.704258][ T5342] ? bch2_write+0x719/0x10f0 [ 86.706070][ T5342] ? write_cache_pages+0xc1/0x100 [ 86.708130][ T5342] bch2_writepages+0x211/0x2d0 [ 86.710053][ T5342] ? __pfx_bch2_writepages+0x10/0x10 [ 86.712053][ T5342] do_writepages+0x32e/0x550 [ 86.713694][ T5342] ? do_raw_spin_unlock+0x4d/0x240 [ 86.715765][ T5342] file_write_and_wait_range+0x22c/0x330 [ 86.718103][ T5342] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 86.720609][ T5342] ? iter_file_splice_write+0x93a/0x1000 [ 86.722964][ T5342] bch2_fsync+0x127/0x330 [ 86.724829][ T5342] bch2_write_iter+0x2822/0x2b90 [ 86.726776][ T5342] ? __se_sys_sendfile64+0x13e/0x190 [ 86.728982][ T5342] ? do_syscall_64+0xfa/0x3b0 [ 86.731042][ T5342] ? __pfx_bch2_write_iter+0x10/0x10 [ 86.733210][ T5342] ? splice_from_pipe_next+0x608/0x660 [ 86.735571][ T5342] ? __asan_memset+0x22/0x50 [ 86.737674][ T5342] iter_file_splice_write+0x93a/0x1000 [ 86.740421][ T5342] ? __pfx_iter_file_splice_write+0x10/0x10 [ 86.743846][ T5342] ? rcu_read_lock_any_held+0xb3/0x120 [ 86.746985][ T5342] ? direct_splice_actor+0x10c/0x160 [ 86.749365][ T5342] ? __pfx_iter_file_splice_write+0x10/0x10 [ 86.751861][ T5342] direct_splice_actor+0x101/0x160 [ 86.754197][ T5342] splice_direct_to_actor+0x5a5/0xcc0 [ 86.756515][ T5342] ? __pfx_direct_splice_actor+0x10/0x10 [ 86.759040][ T5342] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 86.761624][ T5342] ? __pfx_aa_file_perm+0x10/0x10 [ 86.763897][ T5342] do_splice_direct+0x181/0x270 [ 86.766045][ T5342] ? __pfx_do_splice_direct+0x10/0x10 [ 86.768319][ T5342] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 86.770877][ T5342] ? rw_verify_area+0x258/0x650 [ 86.773024][ T5342] do_sendfile+0x4da/0x7e0 [ 86.775048][ T5342] ? __pfx_do_sendfile+0x10/0x10 [ 86.777194][ T5342] ? rcu_is_watching+0x15/0xb0 [ 86.779295][ T5342] ? __rseq_handle_notify_resume+0x37e/0x11f0 [ 86.781840][ T5342] __se_sys_sendfile64+0x13e/0x190 [ 86.784106][ T5342] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 86.786474][ T5342] ? rcu_is_watching+0x15/0xb0 [ 86.788476][ T5342] ? do_syscall_64+0xbe/0x3b0 [ 86.790453][ T5342] do_syscall_64+0xfa/0x3b0 [ 86.792240][ T5342] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.794196][ T5342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.796686][ T5342] ? clear_bhb_loop+0x60/0xb0 [ 86.798701][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.801264][ T5342] RIP: 0033:0x7fca46f8e929 [ 86.803248][ T5342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.811149][ T5342] RSP: 002b:00007fca47ddc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 86.814497][ T5342] RAX: ffffffffffffffda RBX: 00007fca471b5fa0 RCX: 00007fca46f8e929 [ 86.817690][ T5342] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 86.820857][ T5342] RBP: 00007fca47010b39 R08: 0000000000000000 R09: 0000000000000000 [ 86.824832][ T5342] R10: 000000000000f800 R11: 0000000000000246 R12: 0000000000000000 [ 86.828622][ T5342] R13: 0000000000000000 R14: 00007fca471b5fa0 R15: 00007ffffdeb8138 [ 86.832052][ T5342] [ 86.833714][ T5342] Kernel Offset: disabled [ 86.835539][ T5342] Rebooting in 86400 seconds..