program:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d09f90750090987f70906d038e7ff7fc6e5539b0d3d0e8b089b33346d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe59}}, 0xfa)
syz_mount_image$bcachefs(&(0x7f00000058c0), &(0x7f000009df40)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='acl,errors=continue,seclabel,permit_directio,subj_user=\x00,dont_measure,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fowner=', @ANYRESDEC=0x0, @ANYBLOB='Eeuid<', @ANYRESDEC=0x0, @ANYBLOB=',measure,\x00'], 0x0, 0x5908, &(0x7f000000b280)="$eJzs3W2QXFWdMPBzu3synZm8TAJIBJkMgSiCmglvhS8l0ce3AqRiYSnhiYaBTDCahFQSBAJK8AEfKMBCS0tRP6CF1INGiyp4lEiJvGzCKkqxutQWUqu76Ae3kCUlkKUs12zN9D09PXf6zu3p6YkJ/H6VzO1z+vb/nHvu6Tv9P9MzHQAAAHhV2HP91n3nHvXen39u+KVrPvDjjdeG3vJofTXu0Jdur/h79ZADqbuyaHSbnRdvuOq7fxi4+N0/u7vnOy/vXnvsut+857CL7//kWbtu+8ZDL86992/PFMWN8+nEsXLyXBJC9Sd7v/L53Y8dOVKXhBDKSd+OEBYkCx9akGRCDP4lhLA2LRxWGX/nPS+dsm5ke+1N3ePq52eCNJvv15jvrxrVdJ5t33f5SeG371p13S8X/+D7XTuf3TG2S1JtmE8hzLuw8fFdIYTZ6f8RcbYtig9OtytDCD0NjzujoF/H5d6zZl5jaVnm3lg+Ot3OSre9Be3F+5dkyqXMftly1JXZ9hS0N115/Wh3vyJzMuXsxWi68voZ6xek2x+l2xOnGL8c/yehlIRKvfsbkrE5EhrOWxKS0XNZrZdL9XMb0uPPlJNMuZQpl7syxzXabjrRykkyvj7ul6mPl+NKWn9s47W6ifNy6l+bbqvpE/XlWA7ZGzW9E27Uj2tU7NfeSfpyIJQarkHN6usnPj0ZvWldb7JwwmP2NxHv273q5qXl1Q/v6cvpR3J3ksZP2oq//RcL5nz8ezdetigv/oWlNH6prfi/O/vx5y+48dtfz41/a4xfbiv+yQ/0PHf2I9cvyR2fvXF8Km3FH3rm0VsWH37Rztz+3x7jV9uKv2LX491z9z3wYG7/B+P4zG4r/tNvf9/v73ryvmdz44cYv6et+Kt3bf5Cd/++E3LjPxjHp7e9+fPCztOf6u//40Be/Cdi/Lltxb9zx21vu2P+TWflnt+VcXz62op/zvH3Xzdn333H5F07k9s79Z0T4NXpsPQ11g1pud08c7oa8oWvDVRqr/nmpP/ndrKhjJF25s1gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABenY446R/f/+8f6Xuukpa70xtPl2rbWD8rhGR2CGHrtqEt29ZvumTgk5detmXT0IaBoW0Dw5u2bbly4NQ3DWwZ3rxh6MqRewfffErtcQtDUtsmx0xoe//+/ftLfePrYnv/6/idv116xn/8KYTBI37dX8nt/7LbNt5xeJOvGcmK/WduvOzcX5/2rfS4+tJ+9eX0K+T06z/P/+sdX9r7hxNCGHzNZP169Ol3/nRch0YrxuKkSt2h1qHupKdpP+q9TvsTx6uybv2G4cHi8S3nHMf/vurZv6y74ot/rY1vNfc4Whzf2Sv2byh9ddU5//3Vq2sVB+t5LxrveBSxf3H8qul4z0uPa17OcVVyjuv6Xz745E+OuvHFHWGw8sLiiW0XHVdXOgG6kte21G5soSdZMK6+mu4fz3h83LJtGzcv23rl9jev3zh0yfAlw5veuvzU5acPnnb6actGj3xZh48/tv/6Fo//wMyn+Z/e8aP4tbX5VNSvovEY6VfxeDT2KO/513Pe57/81tseObdWUTTP497160m67Rk5z8tDw3ybOFbNjqtoHEIIA83G4fkXzwpH/sv664quQ41npvFrRrJi/2NL/vytM7656B21igNynW/sUJvX+Xqvx/ozOl7V9HwcrOPbHcrpcfU27dfyxx7punnPnz5T79+sWeGKoW3btiyvfZ2T9nROcnTTfmVr43EtHv1aDumwhPo0bTJfR3SFWv+y18+4e3ZUe9P7epOFTY8rK963e9XNS8urH96TN9LJ3bUWZ4e5tW3yupw9N2QeWK53uFn7h+r86H//N+/9yL0/PHXC/Di59rXouJKc4/rBk3d++Ttf/L8/bPm4wu0Fx/X+dz7e9+d//cTSWsWhcl2p9zrtT9J4XTk5hKLn3+LQ/Dhyn3+l5sdT9PzLtjO2f/N4A5lybyi39Xw9+YGe585+5Poluc/Xva0+X68eVyoXPF8PlvlzwJ5fE64b4yZKsmL/z244bMdD16w8qlZRNK/rezeb16e0kH/kHNdPL3iq/9KB//PPnbsefvdN96z5zdCKz9YqDpbzXk3Ht5ozvvVex7yzcXzfcvGlG9bW6g/e17/ptiD/iZeSrVdu/9TQhg3DW7a2dlytfj+N7WRHud3vp/HqtrDguEoTjmvmbrQyXq0+32L/17Y9XuOfb70haev7wvZfLJjz8e/deFnfhEelDV1YSuOX2or/u7Mff/6CG7/99dz4t8b4lbbiDz3z6C2LD79oZ27825M0frWt+Ct2Pd49d98DD+bGH4z9n91W/Kff/r7f3/Xkfc/mxg8xfm974//CztOf6u//Y278J5K0nZHXSCHc89Ip62rlJHSlz7fYj65x/QrZcpIplzLlcmO5VFtrrTdQTpLx9XG/tP7Yhr4089Gc+vgqrLqotn05lkP2xuT1B5tSw7W/WX3R61QAgFe6+PP/+Bo0/vx/OH2hlL/SAGOmm4ctyokb87Cx9ZxZ4+5flMaPj4/rgP1vCYMj22sHai/0p7rOGZ8P2XXO2M4Jx42P0e46Z9H6+5JMOfartl5eachDUxPzmkpoYf19YjuTr79nDr94fXzghgndGmhYt8qev650xazZ+x0y/a2MRMibH9l1sfh+jv55YeVoey3Oj+z7aOJ5yL6PJrZzVObC2e77aKY7P2K3J5kfo10u/vnGxPMXJhnfsfPXPFr2/E3hfFdH9p/pn88e+uuGM/vzMOuSOfHTJ9jBvm4Y6+NxVFpcT/xITn2n1hPj5SL2a+8kfTkQrCcCr1Qx/4/fI0by/5EX4P+V2a/odWj2VWOMl/s+oXLz/hTlHRPfp9fT1vfx1bs2f6G7f98Jua9zHmz1fT+bx5V6Ct73UzSOSzPlwnHMWaApyvey7RSNe/Z9Gb1hblvjfueO2952x/ybzsod95W1b6TF4/7lcaW5BeMuX8iJX5wvdDVrJt4pXzg43sdQtH7WkXyka1y5tXwkfePTTOUjH86pn2o+0jPhRv24Rh1y+UjXge0XAHDoiPl//ednaf7/b5n9ivLWEzPlGC83b815fZKXt34w3V6R2b83/Y2Kqb5uPuf4+6+bs+++Y3LzlttbzUP/37hSX2EeOr28OTePWNmZ94vn5hH1PGt6P1fK7X89T5xenp4bv56nTy+Pzh2feh49vXWA3Pj1dYBDPc+d2fW6QyKPHl9uLY9Of312pvLo83Lqp5pH9064UT+uUfJoAIC/r5j/x5dxMf9/JLPfdF+35+YFHXrdnv17IPX4TxyovHKm876ZzltnOq+f6XWJQz0vnul1oZldJ5MXp+WQvVEjLwYA4GAQ8//ZaTk//59eftIsf1syLr78vGl8+flBkp8f6utf8n/5fzH5PwDAK1vM/+OvPca///cPaTn7d+tf8Xl6zu85y9Pl6WH6eXr24z3G4tfz9M6vswXvA7AOMEXWAQAAXlm6RjOlib9n/7F0m/09+7zfy78gZ/9WVUZ/xz6Ei7ZtGR5ec9nmtUPbhtdsunTt8NY1l29Zv23b8KbaftPNG3PzljRv7AqVdDya75f9+er89O8hzM/5ewjZ/WPYo0dvTPx7CNlmZxf8HYGx8zehiabt552/0iT7N5sfeec7L/5Hc/aP6uf/4k+cvGbd1jXrN63ftn5ow/rtw+P3G8lae6bwuZlxMKb0uZmZLxOUpv75nZ3pR2lCP7rS8cj7fPYk048FaU8W5H3+QU6/f/5PX/r08fv/elcIg0eUXzet8UtW7P//5w9/cNueX28e6X9p0v7X90z71eTzSu+YbP94PJUNl27ddtK6Sy/blP1EyfbE9YxSvTxD6xnp07/c4vrE6pz6qa5PlCfcODi1vD4BAMA48ef/8fVs/PnhF9MXULG+9Tx9ej8/zs3TB1vL07OfS1aUp2f3j8fbap5enXqePmn7RXl6s/2b5el5eXde/A/n7D9Vrc+T6b3PI3eeXNjaPMl+nkHRPMnuX58nMU8qmCfJNOdJtv2iedJs/2bzJO+858X/UM7+eVqfD9P7/Znc+XBra/PhjZly0XzI7j/V60ZpmvMh237RfGi2f7P5kHd+8+Kfm7N/q8bPj5GJMTovhtdcfumWTzXsN9OffzH9/rVwPeseK8T7Wv38j3a13v+Zfd/XzPd/Zt9XNuP935Fu2/z9r6L3lc14/2f4813adcDWa9M3mxW9/6xoHXdVTv1U13FnTbhxcLKOC38/Mf+PaUzM/29Kt53+MdCh/zlpPsesafwOfY5Z0esY388naewg4Ps5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGu6K4tGt3uu37rv3KPe+/PPDb90zQd+vPHaN1z13T8MXPzun93d852Xd689dt1v3nPYxfd/8qxdt33joRfn3vu3ZwoD99U2J6bFagilkIRQ/cner3x+92NHjtQlIYRy0rcjhAXJwocWJJkIg38JIayt93P8nfe8dMq6ke21N3WPq5+fCZI9rtBbjv0Z189wReERcQiqpvNs+77LTwq/fdeq6365+Aff79r57I6xXZJqw3wKYd6FjY/vCiHMTv+PiLNtUXxwul0ZQuhpeNwZBf06rsX+L8spH51uZ6Xb3oI48f4lmXIps1+2HHVltj0F7U1XXj/a3a/InEw5ezGarrx+xvoF6fZH6fbEKcYvx/9JKCWhUu/+hmRsjoSG85aEZPRcVuvlUv3chvT4M+UkUy5lyuWuzHGNtptOtHKSjK+P+2Xq4+W4ktYf23itbuK8nPrXpttq+kR9OZZD9kZN74Qb9eMaFfu1d5K+HAilhmtQs/r6iU9PRm9a15ssnPCY/U3E+3avunlpefXDe/py+pHcnaTxk7bib//Fgjkf/96Nly3Ki39hKY1faiv+785+/PkLbvz213Pj3xrjl9uKf/IDPc+d/cj1S3LHZ28cn0pb8YeeefSWxYdftDO3/7fH+NW24q/Y9Xj33H0PPJjb/8E4PrPbiv/029/3+7uevO/Z3Pghxu9pK/7qXZu/0N2/74Tc+A/G8eltb/68sPP0p/r7/ziQF/+JGH9uW/HvDLe97Y75N52Ve35XxvHpaz1+wzXtnOPvv27OvvuOybt2Jrd36jsnwKvTYelrrBvScrt55nQ15AtfG6jUXvPNSf/P7WRDGSPtzJvB+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvDL96upTP3b+mR9aVUlCSHL22d9EvK88a8WKgTbaHXrm0VsWH37Rzsa6RW3EAQAAAIrFPLxUr6mGReHyZHY4uun+cY3g6FhKxtdn1xBmj+3ZkTilDsUpdyhOpUNxujoUZ1aH4nR3KE61IE41tBZn9qRxSi33p6dDcXo7FGdOh+LM7VCceR2KM79DcfomjdP6PFzQoTgLOxTnsA7FObxDcY7oUJzXdCjOkR2Kk11Tnuo8nJvueVRenNEb5cI4laRcv6PZenps55hpttPbYjvZNfuptjN7rJ1qsx8RxHaOyzyuNMV2qi0ez+un2U7SYjtvnGY7pYJ24ry9Itu/2E4stTj/r+xQnO0dinNVh+Jc3aE4n+lQnM92KM4104wD0KqY/4/le32hu/KO0JNecbKrADHfXTz6deL3u7wLUoz3ukz9rKJ42UQ9E29xfv+SHc3iZRcQMvGWZOq7xuL1nBkq9XxkknjVxnhLM3cWHm92QSHTvxMz9d1F8bILCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwg3519akfO//MD60KSRj519T+JuJ95VkrVgy00e7uVTcvLa9+eE9jXXeljUAAAABAoZiHd9VrqqG7sjx0J7PG7VdN1wGqabncV9v2zwsrR7bJQGm03JMsmPRxlfRxy7Zt3Lxs65Xb37x+49Alw5cMb3rr8lOXnz542umnLVu3fsPwYO1rCN0F8UIIo8sPW6/c/qmhDRuGt2ytVWb7vyh93KK0nKSP639LGBzZXpv2f2FBe6UJ7c3cjeKzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8D7v2F+rmWccB/HmTnCQ9W21k65aV9TT0z6g6tK1n0ulYXhAcbG3pYSDJ9DiKa3F4upatHXXGreA2WxRho1AqvanU4ebwZn/cEPeHQmVWC55aZBu6C71QNp10oxfSEek5eXOSNGlO41j/7PO5yJs8z+95fu+TiwPf9wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4aE3WRscr5bHqcBRC1KOm3kUyl87GcWmAvl9/ceuPcyMnl59+P6cxlssMdAQAAACgjySHDzVH8iGXSYd0uGbq0+LQMhFmcj8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDxM1kbHa+Ux6qXRSFEPWrqXSRz6Wwclwbo+9Z7T3/h9ZGRf7SOFQfYBwAAAOgvyeGp5kg+FMOSMBRd01aXPBtY0LG+sy7ZZ+Es6zqfHfSqWzLLuutmWfepPnXrGtcdAQAAAC5+Sf7PNEcKIZeZ2zP/98v1Sd2ijrp04zrIbwUAAACA/0+S/3PNkWLIZYrNvD7bvL+4oy5Z3+//9sn6ZT3W9/t//trG1f/pAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODiMVkbHa+Ux6rpKISoR029i2QunY3j0gB9V700/K/bDj2yuHUslxlgIwAAAKCvJIfPRO98yGWGw1C4bCr3j9yy/9mvPvv8aAhhOuZns2HHhm3b7l01/ZrUrTxyaOhHh9/53hl1K6dfz9sBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD81kbXS8Uh6rzolCiHrU1LtI5tLZOC4N0PfNL33lb08ef+Ht1rHiAPsAAAAA/SU5fCb750MxZEM2XDX1qTXrn5bqWN/rmQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw6bjvOw98e8PExMZ7vbno3+QujNvw5pJ4c77/MgEAAB+2RSEK9XN09frzfdcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCFYLI2Ol4pj1XzUQhRj5p6F8lcOhvHpQH6xi8ezc09+dIrrWPFAfYBAAAA+kty+Ez2z4diGApDYf7Up27PBKbyf+EjvEkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADggjJZGx2vlMeqc6MQoh419S6SuXQ2jksD9H1i574vHpz3w1tbx3KZATYCAAAA+kpyeLY5kg+5zKdDLlzb+DzRviBKN67dnwvMrNvatmx41utqbevSs163q+NkmcZpptflk/0K09fmutKZ60ot64qh2b7Uti7saVs1t899BgAAADiPkvyfa44UQi6Ta8m5P2+rL8i5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAPk7XR8Up5rBpFIUQ9aupdJHPpbByXBuj7wO8/efk3frF7e+tYcYB9AAAAgP6SHD6T/fOhGBaGT4SFU7k/FNrrk7p/V04dfPw/f18ewoqrjo1keu7/2zdvfrnzJYRUe1EqhHmNflGPfr/74+P3L62fejKEFfPT155rv/Yt4/pzlY1rtx0+tvUsXwwAAABcQpL8P9QcKYRc5p6e+T9J3ueU/+fdv/NXVzZeG4m8Y0Wq0OiX6tHvy0uf/uuy1f98pz5vxfyz9fvcvs0Hr2xrOD3SIYrr5c3b1x274UAqOfV0/3RH/+R7+dp33/7vph2PnQrhdP98yDfGF2S69T/ztcOcuD6R2ltd88HeWnv/TI/zP/KHV47/ZsHu90/3f2/RcLP/dWc5/9n7D9/+6J4b9x1a194/hFDq1v/d928NV//57oc7zz/csXHrN9/62iGK60cWnziwen/xpvb+UUf/5Pv/5fEn9vzssR88n/RPfiuyfMls+6c6+r+264qdrz60fkF7/1SP8798x+sjW0rf/1Pn+e8a+PxPXf/MnW9siB/snAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi0TNZGxyvlsWoqCiHqUVPvIplLZ+O4NEDft247+u4du3/6k9ax4gD7AAAAAP0lOXwm++dDMWRDNgxP5f7nKhvXbjt8bGsoTM9GjWtmYst92z6zacv2e+46T3cOAAAAzFaS/zPNkULIZZaGoUb+L2/evu7YDQdSSf5PJfl/090TG1eEZt1ru67Y+epD6xc0nxOEMPWzgPzpus/P1N1y89HCib98a1nXulUzdUcWnziwen/xpqQutNatDM3nE09d/8ydb2yIH2zeX2vdZ7+5ZaLxeCLZd/j2R/fcuO/QuuY5Gtfhxr5J3URqb3XNB3trSV26cc03zg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnGmyNjpeKY9VQzqEqEdNvYtkLp2N49IAfdcs/fXDl598YWHrWC4zwEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/I8dOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NdPaBxVHAfw93YTs80mbdoKRsU0qYpSDxYFEb2oqEgrUvBUKVJt7UEUBBGlHkylFUtVvAhWL0VUUKMUFGwslqqk4r/ixYMKCtWDUIoBbSgeVLJ5b5NMOqadRkH9fGB5eW9mvvObeW8muwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Kl0d/a320I4HJ24776ZPH7/n+GO3vHf/tkseff3HwU03fLK3+5UTY5uHtnxz4/JN++9dM7r7xQ9+7X3n9yPzBj8y1axK3UYI8VgMofH++HNPjH12zuRYDCHUY99wCEvjstqchNW/hRA2t+ucvfHt41dumWy37eqaNb6kEFK8rtCs53qm9M2ul/+WRlpnWycevix8d/367V+seOvNzpGjw9O7xMaM9RTC4o0zj+8MISxKn0l5tfXng1O7bnpTy9Xz1HXhKdZ/eUn//NSeldrmPDl5+8pCv/jYzX0Mp3QW2u55znemyupoGTrF/U5DT6EfFyg3K6szjy9N7bupXXWa+fX8iaEWQ0e7/Pvi9BoJM+Ythtiay0a7X2vPbUjXX+jHQr9W6Nc7C9fVOm9aaPUYZ4/n/Qrj+XXckcaHZr6rT+L2kvFzU9tID+qJ3A/FP6Y05/zRvq6WXNf4X9TyT6iFwoumMN6e+DQZzTTWjMvmHPPHSeRtY+ufuri+4cNDfSV1xL0x5cdK+Vs/X9pz5xs7H+ovy99YS/m1Svnfrz388x07X3qhNP/ZnF+vlH/Fge5jaz/asbL0/ozn+9NRKf+uIx8/veLsu0dK69+T8xuV8q8bPdzVO3HgYGn9q/P9WVQp/9trb/7hta/2HS3NDzm/u1L+htEHnukamLi0NP9gvj/Nauvnl5Grvh4Y+GmwLP/LnN9bKf/V4d3XvLxk15rS+V2X709fpfxbL9q/vWdi3wVl7864Z6H+cwL8Py1P37GeTP2qvzPP1IzfC88Pdkx95+tJn96FPFHB5HkW/435AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ/swAEJAAAAgKD/r9sRKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//Y20ibg==")
[ 86.155036][ T4706] Bluetooth: hci0: command tx timeout
[ 86.684207][ T11] cfg80211: failed to load regulatory.db
[ 86.698326][ T5361] loop0: detected capacity change from 0 to 32768
[ 86.969590][ T5361] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[ 86.969612][ T5361] allowing incompatible features above 0.0: (unknown version)
[ 86.969621][ T5361] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 86.989010][ T5361] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 86.992950][ T5361] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 86.996523][ T5361] bcachefs (loop0): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete
[ 86.996523][ T5361] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive
[ 86.996523][ T5361] running recovery passes: check_extents_to_backpointers,check_inodes
[ 87.121502][ T5361] bcachefs (loop0): accounting_read... done
[ 87.127269][ T5361] bcachefs (loop0): alloc_read... done
[ 87.133927][ T5361] bcachefs (loop0): snapshots_read... done
[ 87.143345][ T5361] bcachefs (loop0): going read-write
[ 87.155162][ T5361] bcachefs (loop0): journal_replay... done
[ 87.158415][ T5361] bcachefs (loop0): check_extents_to_backpointers...
[ 87.164385][ T5361] bcachefs (loop0): scanning for missing backpointers in 8/128 buckets
[ 87.174067][ T5361] done
[ 87.179835][ T5361] bcachefs (loop0): check_inodes...
[ 87.180916][ T5361] bcachefs (loop0): inode unlinked but has dirent
[ 87.180949][ T5361] inum: 4098:4294967295
[ 87.180956][ T5361] mode=40755
[ 87.180962][ T5361] flags=sync,immutable,append,nodump,noatime,i_size_dirty,i_sectors_dirty,unlinked,backptr_untrusted,has_child_snapshot,has_case_insensitive(15300fff)
[ 87.180973][ T5361] journal_seq=4
[ 87.180978][ T5361] hash_seed=ece93825deac2443
[ 87.180984][ T5361] hash_type=siphash
[ 87.180989][ T5361] bi_size=0
[ 87.180993][ T5361] bi_sectors=0
[ 87.180997][ T5361] bi_version=0
[ 87.181001][ T5361] bi_atime=2770562249
[ 87.181014][ T5361] bi_ctime=2780562352
[ 87.181021][ T5361] bi_mtime=2780562352
[ 87.181027][ T5361] bi_otime=2770562249
[ 87.181034][ T5361] bi_uid=0
[ 87.181040][ T5361] bi_gid=0
[ 87.181046][ T5361] bi_nlink=0
[ 87.181051][ T5361] bi_generation=0
[ 87.181058][ T5361] bi_dev=0
[ 87.181063][ T5361] bi_data_checksum=0
[ 87.181070][ T5361] bi_compression=0
[ 87.181076][ T5361] bi_project=0
[ 87.181083][ T5361] bi_background_compression=0
[ 87.181089][ T5361] bi_data_replicas=0
[ 87.181095][ T5361] bi_promote_target=0
[ 87.181102][ T5361] bi_foreground_target=0
[ 87.181109][ T5361] bi_background_target=0
[ 87.181115][ T5361] bi_erasure_code=0
[ 87.181121][ T5361] bi_fields_set=0
[ 87.181127][ T5361] bi_dir=4096
[ 87.181134][ T5361] bi_dir_offset=189491840996961599
[ 87.181141][ T5361] bi_subvol=0
[ 87.181147][ T5361] bi_parent_subvol=0
[ 87.181153][ T5361] bi_nocow=0
[ 87.181160][ T5361] bi_depth=0
[ 87.181166][ T5361] bi_inodes_32bit=0
[ 87.181173][ T5361] bi_casefold=0, fixing
[ 87.303287][ T5361] bcachefs (loop0): inode has_child_snapshots flag wrong (should be 0)
[ 87.303307][ T5361] inum: 4098:4294967295
[ 87.303348][ T5361] mode=40755
[ 87.303358][ T5361] flags=sync,immutable,append,nodump,noatime,i_size_dirty,i_sectors_dirty,backptr_untrusted,has_child_snapshot,has_case_insensitive(15300f7f)
[ 87.303371][ T5361] journal_seq=4
[ 87.303380][ T5361] hash_seed=ece93825deac2443
[ 87.303390][ T5361] hash_type=siphash
[ 87.303399][ T5361] bi_size=0
[ 87.303408][ T5361] bi_sectors=0
[ 87.303419][ T5361] bi_version=0
[ 87.303428][ T5361] bi_atime=2770562249
[ 87.303438][ T5361] bi_ctime=2780562352
[ 87.303447][ T5361] bi_mtime=2780562352
[ 87.303457][ T5361] bi_otime=2770562249
[ 87.303466][ T5361] bi_uid=0
[ 87.303475][ T5361] bi_gid=0
[ 87.303483][ T5361] bi_nlink=0
[ 87.303493][ T5361] bi_generation=0
[ 87.303502][ T5361] bi_dev=0
[ 87.303511][ T5361] bi_data_checksum=0
[ 87.303521][ T5361] bi_compression=0
[ 87.303530][ T5361] bi_project=0
[ 87.303539][ T5361] bi_background_compression=0
[ 87.303549][ T5361] bi_data_replicas=0
[ 87.303558][ T5361] bi_promote_target=0
[ 87.303568][ T5361] bi_foreground_target=0
[ 87.303577][ T5361] bi_background_target=0
[ 87.303586][ T5361] bi_erasure_code=0
[ 87.303596][ T5361] bi_fields_set=0
[ 87.303605][ T5361] bi_dir=4096
[ 87.303622][ T5361] bi_dir_offset=189491840996961599
[ 87.303631][ T5361] bi_subvol=0
[ 87.303640][ T5361] bi_parent_subvol=0
[ 87.303649][ T5361] bi_nocow=0
[ 87.303658][ T5361] bi_depth=0
[ 87.303666][ T5361] bi_inodes_32bit=0
[ 87.303675][ T5361] bi_casefold=0, fixing
[ 87.390626][ T5361] done
[ 87.395179][ T5361] bcachefs (loop0): resume_logged_ops... done
[ 87.400445][ T5376] bcachefs (loop0): Detected missing backpointers in bucket 34, now have 1/128 with missing
[ 87.400488][ T5376] running recovery pass check_extents_to_backpointers (17), currently at resume_logged_ops (39)
[ 87.410604][ T5361] bcachefs (loop0): check_extents_to_backpointers...
[ 87.412081][ T5361] bcachefs (loop0): scanning for missing backpointers in 2/128 buckets
[ 87.420981][ T5376] ==================================================================
[ 87.424855][ T5376] BUG: KASAN: slab-use-after-free in bch2_copygc+0x105d/0x4510
[ 87.428347][ T5376] Read of size 8 at addr ffff888011b8cc80 by task bch-copygc/loop/5376
[ 87.431796][ T5376]
[ 87.432844][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: bch-copygc/loop Not tainted syzkaller #0 PREEMPT(full)
[ 87.432859][ T5376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.432866][ T5376] Call Trace:
[ 87.432874][ T5376]
[ 87.432879][ T5376] dump_stack_lvl+0x189/0x250
[ 87.432899][ T5376] ? rcu_is_watching+0x15/0xb0
[ 87.432911][ T5376] ? __kasan_check_byte+0x12/0x40
[ 87.432925][ T5376] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.432933][ T5376] ? rcu_is_watching+0x15/0xb0
[ 87.432940][ T5376] ? lock_release+0x4b/0x3e0
[ 87.432950][ T5376] ? __virt_addr_valid+0x1c8/0x5c0
[ 87.432960][ T5376] ? __virt_addr_valid+0x4a5/0x5c0
[ 87.432968][ T5376] print_report+0xca/0x240
[ 87.432976][ T5376] ? bch2_copygc+0x105d/0x4510
[ 87.432984][ T5376] kasan_report+0x118/0x150
[ 87.432997][ T5376] ? bch2_copygc+0x105d/0x4510
[ 87.433008][ T5376] kasan_check_range+0x2b0/0x2c0
[ 87.433021][ T5376] bch2_copygc+0x105d/0x4510
[ 87.433033][ T5376] ? bch2_copygc+0x5d3/0x4510
[ 87.433044][ T5376] ? __lock_acquire+0xab9/0xd20
[ 87.433065][ T5376] ? __pfx_bch2_copygc+0x10/0x10
[ 87.433075][ T5376] ? bch2_copygc_wait_amount+0x424/0x490
[ 87.433084][ T5376] ? bch2_copygc_wait_amount+0x97/0x490
[ 87.433091][ T5376] ? __pfx_bch2_copygc_wait_amount+0x10/0x10
[ 87.433098][ T5376] ? bch2_copygc+0x5d3/0x4510
[ 87.433107][ T5376] ? bch2_copygc+0x5d3/0x4510
[ 87.433115][ T5376] bch2_copygc_thread+0x97a/0xe00
[ 87.433122][ T5376] ? bch2_copygc_thread+0x19e/0xe00
[ 87.433131][ T5376] ? __pfx_bch2_copygc_thread+0x10/0x10
[ 87.433138][ T5376] ? bch2_copygc_thread+0x461/0xe00
[ 87.433152][ T5376] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 87.433215][ T5376] ? __kthread_parkme+0x7b/0x200
[ 87.433227][ T5376] ? __kthread_parkme+0x1a1/0x200
[ 87.433239][ T5376] kthread+0x70e/0x8a0
[ 87.433251][ T5376] ? __pfx_bch2_copygc_thread+0x10/0x10
[ 87.433261][ T5376] ? __pfx_kthread+0x10/0x10
[ 87.433274][ T5376] ? _raw_spin_unlock_irq+0x23/0x50
[ 87.433289][ T5376] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.433299][ T5376] ? __pfx_kthread+0x10/0x10
[ 87.433311][ T5376] ret_from_fork+0x439/0x7d0
[ 87.433322][ T5376] ? __pfx_ret_from_fork+0x10/0x10
[ 87.433330][ T5376] ? __pfx_kthread+0x10/0x10
[ 87.433338][ T5376] ret_from_fork_asm+0x1a/0x30
[ 87.433349][ T5376]
[ 87.433352][ T5376]
[ 87.532211][ T5376] Allocated by task 5376:
[ 87.534105][ T5376] kasan_save_track+0x3e/0x80
[ 87.536079][ T5376] __kasan_kmalloc+0x93/0xb0
[ 87.538056][ T5376] __kvmalloc_node_noprof+0x30d/0x5f0
[ 87.540164][ T5376] bch2_bucket_bitmap_set+0x9a/0x1d0
[ 87.542246][ T5376] check_bucket_backpointer_mismatch+0x1bdf/0x23a0
[ 87.544828][ T5376] bch2_check_bucket_backpointer_mismatch+0x36c/0x690
[ 87.547591][ T5376] __bch2_move_data_phys+0x17a7/0x1c50
[ 87.549638][ T5376] bch2_evacuate_bucket+0x228/0x3a0
[ 87.552000][ T5376] bch2_copygc+0x3be3/0x4510
[ 87.554181][ T5376] bch2_copygc_thread+0x97a/0xe00
[ 87.556763][ T5376] kthread+0x70e/0x8a0
[ 87.558458][ T5376] ret_from_fork+0x439/0x7d0
[ 87.560494][ T5376] ret_from_fork_asm+0x1a/0x30
[ 87.562533][ T5376]
[ 87.563595][ T5376] The buggy address belongs to the object at ffff888011b8cc80
[ 87.563595][ T5376] which belongs to the cache kmalloc-16 of size 16
[ 87.569280][ T5376] The buggy address is located 0 bytes inside of
[ 87.569280][ T5376] freed 16-byte region [ffff888011b8cc80, ffff888011b8cc90)
[ 87.575078][ T5376]
[ 87.576215][ T5376] The buggy address belongs to the physical page:
[ 87.579282][ T5376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b8c
[ 87.582998][ T5376] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 87.585957][ T5376] page_type: f5(slab)
[ 87.587695][ T5376] raw: 00fff00000000000 ffff88801a841640 dead000000000100 dead000000000122
[ 87.591208][ T5376] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 87.595019][ T5376] page dumped because: kasan: bad access detected
[ 87.598077][ T5376] page_owner tracks the page as allocated
[ 87.600780][ T5376] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5337, tgid 5337 (syz-executor), ts 84107514715, free_ts 84102291319
[ 87.609244][ T5376] post_alloc_hook+0x240/0x2a0
[ 87.611608][ T5376] get_page_from_freelist+0x21e4/0x22c0
[ 87.613907][ T5376] __alloc_pages_slowpath+0x2fe/0xce0
[ 87.615985][ T5376] __alloc_frozen_pages_noprof+0x319/0x370
[ 87.618525][ T5376] allocate_slab+0x65/0x370
[ 87.620732][ T5376] ___slab_alloc+0xbeb/0x1420
[ 87.623068][ T5376] __kmalloc_cache_node_noprof+0x29a/0x3d0
[ 87.626327][ T5376] hugetlb_cgroup_css_alloc+0x165/0xae0
[ 87.628794][ T5376] cgroup_apply_control_enable+0x3d4/0xa80
[ 87.631139][ T5376] cgroup_mkdir+0xc40/0xe60
[ 87.633195][ T5376] kernfs_iop_mkdir+0x20e/0x350
[ 87.635223][ T5376] vfs_mkdir+0x303/0x510
[ 87.637106][ T5376] do_mkdirat+0x247/0x590
[ 87.639005][ T5376] __x64_sys_mkdirat+0x87/0xa0
[ 87.641015][ T5376] do_syscall_64+0xfa/0x3b0
[ 87.642988][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.645543][ T5376] page last free pid 14 tgid 14 stack trace:
[ 87.648087][ T5376] __free_frozen_pages+0xbc4/0xd30
[ 87.650288][ T5376] __slab_free+0x303/0x3c0
[ 87.652259][ T5376] qlist_free_all+0x97/0x140
[ 87.654207][ T5376] kasan_quarantine_reduce+0x148/0x160
[ 87.656547][ T5376] __kasan_slab_alloc+0x22/0x80
[ 87.658620][ T5376] __kmalloc_cache_noprof+0x1be/0x3d0
[ 87.660982][ T5376] sta_info_insert_rcu+0x713/0x1940
[ 87.663348][ T5376] ieee80211_ibss_finish_sta+0x293/0x380
[ 87.665816][ T5376] ieee80211_ibss_work+0x221/0x1060
[ 87.667875][ T5376] cfg80211_wiphy_work+0x2bb/0x470
[ 87.670059][ T5376] process_scheduled_works+0xae1/0x17b0
[ 87.672524][ T5376] worker_thread+0x8a0/0xda0
[ 87.674531][ T5376] kthread+0x70e/0x8a0
[ 87.676204][ T5376] ret_from_fork+0x439/0x7d0
[ 87.678127][ T5376] ret_from_fork_asm+0x1a/0x30
[ 87.680071][ T5376]
[ 87.681170][ T5376] Memory state around the buggy address:
[ 87.683862][ T5376] ffff888011b8cb80: 00 00 fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[ 87.687371][ T5376] ffff888011b8cc00: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[ 87.690525][ T5376] >ffff888011b8cc80: fb fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[ 87.693734][ T5376] ^
[ 87.695471][ T5376] ffff888011b8cd00: 00 00 fc fc fa fb fc fc fa fb fc fc fc fc fc fc
[ 87.698864][ T5376] ffff888011b8cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.702454][ T5376] ==================================================================
[ 87.711266][ T5361] done
[ 87.723232][ T5361] bcachefs (loop0): delete_dead_inodes... done
[ 87.732232][ T5361] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
[ 87.736186][ T5361] bcachefs (loop0): check_extents_to_backpointers...
[ 87.737874][ T5361] bcachefs (loop0): scanning for missing backpointers in 2/128 buckets
[ 87.746811][ T5361] done
[ 87.750383][ T5361] bcachefs (loop0): check_inodes... done
[ 87.753661][ T5361] bcachefs (loop0): resume_logged_ops... done
[ 87.757060][ T5361] bcachefs (loop0): delete_dead_inodes... done
[ 87.762937][ T5361] bcachefs (loop0): done starting filesystem
[ 87.767676][ T5376] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 87.770704][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: bch-copygc/loop Not tainted syzkaller #0 PREEMPT(full)
[ 87.774686][ T5376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.779258][ T5376] Call Trace:
[ 87.781003][ T5376]
[ 87.782561][ T5376] dump_stack_lvl+0x99/0x250
[ 87.784965][ T5376] ? __asan_memcpy+0x40/0x70
[ 87.787157][ T5376] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.789341][ T5376] ? __pfx__printk+0x10/0x10
[ 87.791412][ T5376] vpanic+0x281/0x750
[ 87.793165][ T5376] ? preempt_schedule+0xae/0xc0
[ 87.795230][ T5376] ? __pfx_vpanic+0x10/0x10
[ 87.797145][ T5376] ? preempt_schedule_common+0x83/0xd0
[ 87.799706][ T5376] ? preempt_schedule+0xae/0xc0
[ 87.802208][ T5376] ? __pfx_preempt_schedule+0x10/0x10
[ 87.804972][ T5376] panic+0xb9/0xc0
[ 87.806737][ T5376] ? __pfx_panic+0x10/0x10
[ 87.808830][ T5376] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 87.811382][ T5376] ? bch2_copygc+0x105d/0x4510
[ 87.813545][ T5376] check_panic_on_warn+0x89/0xb0
[ 87.815726][ T5376] ? bch2_copygc+0x105d/0x4510
[ 87.817869][ T5376] end_report+0x78/0x160
[ 87.819803][ T5376] kasan_report+0x129/0x150
[ 87.822170][ T5376] ? bch2_copygc+0x105d/0x4510
[ 87.824863][ T5376] kasan_check_range+0x2b0/0x2c0
[ 87.827514][ T5376] bch2_copygc+0x105d/0x4510
[ 87.829584][ T5376] ? bch2_copygc+0x5d3/0x4510
[ 87.831718][ T5376] ? __lock_acquire+0xab9/0xd20
[ 87.833913][ T5376] ? __pfx_bch2_copygc+0x10/0x10
[ 87.836131][ T5376] ? bch2_copygc_wait_amount+0x424/0x490
[ 87.838573][ T5376] ? bch2_copygc_wait_amount+0x97/0x490
[ 87.840911][ T5376] ? __pfx_bch2_copygc_wait_amount+0x10/0x10
[ 87.843450][ T5376] ? bch2_copygc+0x5d3/0x4510
[ 87.845489][ T5376] ? bch2_copygc+0x5d3/0x4510
[ 87.847496][ T5376] bch2_copygc_thread+0x97a/0xe00
[ 87.849777][ T5376] ? bch2_copygc_thread+0x19e/0xe00
[ 87.852306][ T5376] ? __pfx_bch2_copygc_thread+0x10/0x10
[ 87.854791][ T5376] ? bch2_copygc_thread+0x461/0xe00
[ 87.857061][ T5376] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 87.859744][ T5376] ? __kthread_parkme+0x7b/0x200
[ 87.861809][ T5376] ? __kthread_parkme+0x1a1/0x200
[ 87.864005][ T5376] kthread+0x70e/0x8a0
[ 87.866066][ T5376] ? __pfx_bch2_copygc_thread+0x10/0x10
[ 87.868743][ T5376] ? __pfx_kthread+0x10/0x10
[ 87.870799][ T5376] ? _raw_spin_unlock_irq+0x23/0x50
[ 87.873001][ T5376] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.875264][ T5376] ? __pfx_kthread+0x10/0x10
[ 87.877287][ T5376] ret_from_fork+0x439/0x7d0
[ 87.879344][ T5376] ? __pfx_ret_from_fork+0x10/0x10
[ 87.881823][ T5376] ? __pfx_kthread+0x10/0x10
[ 87.884213][ T5376] ret_from_fork_asm+0x1a/0x30
[ 87.886788][ T5376]
[ 87.888603][ T5376] Kernel Offset: disabled
[ 87.890496][ T5376] Rebooting in 86400 seconds..