program: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000000380)={0x2020}, 0x2020) r1 = openat$cgroup_ro(r0, &(0x7f00000023c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000002400)={0x30, r3, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x7}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x999}]]}, 0x30}}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f00000002c0)={0x2, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xffffffff}, {0x9, 0x5, 0x81, 0xfffffff9}]}) r6 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x20) ftruncate(r6, 0x2008002) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r6, 0xc0bc5310, &(0x7f0000000300)) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) getpeername$ax25(r6, &(0x7f00000003c0)={{0x3, @netrom}, [@remote, @netrom, @remote, @remote, @netrom, @netrom, @bcast, @default]}, &(0x7f0000000240)=0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB='0'], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x3a6af000) fdatasync(r1) fallocate(r1, 0x10, 0x401, 0xce7) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r8, 0x0, 0x8000000000000000}, 0x18) set_mempolicy(0x2, &(0x7f0000000000)=0x1, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_mount_image$bcachefs(&(0x7f0000000080), &(0x7f0000000000)='./file1\x00', 0x800000, &(0x7f0000000180)=ANY=[@ANYBLOB="61636c2c76657273696f6e5f757067726164653d6e6f6e652c6e7f7265636f76658da7b02110ddea034d5ca372792c6669785f6572726f72733d7965732c6a6f75726e616c5f666c7573685f64697361626c65642c4943360cba59357672792c6a6f75726e616c5f7472616e73616374696f6e5f6e616d65732c7265636f6e7374727563745f616c6c6f632c6e"], 0x1, 0x5903, &(0x7f0000010b40)="$eJzs3W2QXFXdIPBzu3synZm8TAJIBJkMgSiCmglvhS+l0fWtAKlYWErYKAxkgtEkpJJBIKAEF1wowEJLS1E/oIXUotGiClaJlMjLJqyiFKtLbSG1uot+8CnkISWQh7J8nKdm+p5Oz52+c3t6ekICv18lc/ucvv0/5957+vb9n+6ZDgAAALwm7Ll+275zjvrAr744/NI1H/7ZpmtDb3m8vhpX6EuXV7xSPeRA6q4sGV9mx8WbrvrBnwcuft8v7+75/su71x27/vfvP+zi+z9z5q7bvv3Qi/Pv/eczRXHjeDpxfzl5Lgmh+vO9X//S7seOHKtLQgjlpG9HCIuSxQ8tSjIhBv8eQliXFpZk7rznpVPWjy2vval7Qv3CzHrG+2tbNR1n2/ddflL4w3vXXPebpT/+UdfOZ3fsXyWpNoynEBZc2Pj4rhDC3PT/mDja4niMg3Z1CKGn4XFnFPTruBb7vyKnfHS6nJMuewvixPuXZcqlzHrZctSVWfYUtDdTef1od70i8zLl7MlopvL6GesXpcufpssTpxm/HP8noZSESr37G5P9YyQ0HLckJOPHslovl+rHNqTbnyknmXIpUy53ZbZrvN10oJWTZGJ9XC9TH0/HlbT+2MZzdRPn5tS/Pl1W0yfqy7EcsjdqeifdqG/XuNivvVP05UAoNZyDmtXXD3x6MHrTut5k8aTHjDYR79u95ubl5bUP7+nL6Udyd5LGT9qKv/3Xi+Z96oc3XpZ9Xa/Hv7CUxi+1Ff+PZz3+/Pk3fu9bufFvjfHLbcU/+YGe58565Ppluftnb9w/lbbiDz3z6C1LD79oZ27/b4/xq23FX7Xr8e75+x54MLf/g3H/zG0r/tPv/OCf7nryvmdz44cYv6et+Gt3bflyd/++E3LjPxj3T2974+eFnac/1d//l4G8+E/E+PPbin/njtveccfCm87MPb6r4/7payv+2cfff928ffcdk3fuTG7v1CsnwGvTYek11g1pud08c6Ya8oVvDlRq13zz0v/zO9lQ5uJzrJ0FnYwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGEI076nx/6/x/ve66SlrvTG0+XastYPyeEZG4IYdvI0NaRDZsvGfjMpZdt3Ty0cWBoZGB488jWKwdOfcvA1uEtG4euHLt38K2n1B63OCS1ZXLMpLa7R0dHS30T62J7/+n4nX9Yfsa//DWEwSN+11/J7f+K2zbdcXiTnxnJqtH3bLrsnN+d9t10u/rSfvU16dfo6OhoyOnXv573jzu+uvfPJ4Qw+Lqp+vXo0+/+xYQOjVfsj5MqdYdah7qTnqb9qPc67U/cX5X1GzYOD069f8ceX87Zjv981bN/X3/FV/5R27/V3O1ocf/OXTW6sfSNNWf/+zeurlUU9euVOu5F+ztuRexf3H/VdH8vSLdrQc52VXK26/rfPPjkz4+68cUdYbDywtLJbRdtV1c6ALqS17fUbmyhJ1k0ob6arh+PeHzcipFNW1Zsu3L7WzdsGrpk+JLhzW9feerK0wdPO/20FeNbvqLD2x/bf2OL239gxtPCz+34afzZ2ngq6lfR/hjrV/H+aOxR3vOv59wvfe3ttz1yTq2iaJzHtevnk3TZM3acV4aG8TZ5XzXbrqL9EEIYaLYfnn/xzHDk/9lwXdF5qPHINP7MSFaNPrbsb9894ztL3lWrOCDn+cYOtXmer/d6f3/G91c1PR6jB+n+7Q7ldLt6m/Zr5WOPdN2856+fr/dvzpxwxdDIyNaVtZ/z0p7OS45u2q9sbdyupeM/yyHdLaE+TJuM1zFdoda/7Pkzrp7dq73pfb3J4qbblRXv273m5uXltQ/vydvTyd21FueG+bVl8oacNTdmHliud7hZ+wfr869ofPR/6Dv3fvzen5w6aXycXPtZtF1Jznb9+Mk7v/b9r/zXn3Ruuz707sf7/vZ/P728VnGonFfqvU77kzSeV04Ooej5tzQ0347c51+p+fYUPf+y7exfv3m8gUy5N5Tber6e/EDPc2c9cv2y3Ofr3lafr1dPKJULnq8Hy/jJPr+SysR+zN7za8JASVaN/vKGw3Y8dM3qo2oVReO6vnazcX1KC/lHznb94vyn+i8d+C//u3PnjR+85Z4Lfj+06gu1ivaPe+xLZ457Nd2/1Zz9W+91zDsb9+/bLr5047pa/cF7/ZsuC/KfeCrZduX2zw5t3Di8dVtr29Xq62lsJ7uX2309jWe3xQXbVZq0XbN3o5X91erzLfZ/Xdv7a+LzrTckbb0ubP/1onmf+uGNl/VNelTa0IWlNH6prfh/POvx58+/8Xvfyo1/a4xfaSv+0DOP3rL08It25sa/PUnjV9uKv2rX493z9z3wYG78wdj/uW3Ff/qdH/zTXU/e92xu/BDj97a3/1/YefpT/f1/yY3/RJK2M3aNFMI9L52yvlZOQlf6fIv96JrQr5AtJ5lyKVMuN5ZLtbnWegPlJJlYH9dL649t6Eszn8ipj1dh1SW15cuxHLI3pq4/2JQazv3N6ouuUwEAXu3i+//xGjS+/z+cXijlzzTAfjPNw5bkxI152P75nDkT7l+Sxo+Pj/OA/W8Lg2PLawdqF/rTfR8hPh+y85yxnROOmxij3XnOovn3ZZly7FdtvrzSkIemJuc1ldDC/Pvkdqaef89sfvH8+MANk7o10DBvlT1+XemMWbPPO2T6WxmLkDc+svNi8fMc/QvC6vH2Whwf2c/RxOOQ/RxNbOeozImz3c/RzHR8xG5PMT7Gu1z8/sbk4xem2L/7j1/zaNnjN43jXR1bf7bfn+3AvGHTU9qBmzec3ffDzEvmxE+fYAf7vGGsj9tRaXE+8eM59Z2aT4yni9ivvVP05UAwnwi8WsX8P75GjOX/Yxfg/5ZZr+g6NHvVGOPlfk6o3Lw/RXnH5M/p9bT1Or5215Yvd/fvOyH3OufBVj/3s2VCqafgcz9F+3F5ply4H3MmaIryvWw7Rfs9+7mM3jC/rf1+547b3nHHwpvOzN3vq2svpMX7/WsTSvML9vshkC80jy9feE3kC7M9f/aK5SPpB59mKx/5WE79dPORnkk36ts17pDLR7oObL8AgENHzP/r75+l+f//iyuk1xFFeeuJmXKMl5u35lyf5OWtH0mXV2TW701/o2K6181nH3//dfP23XdMbt5ye6t56H+bUOorzENnljfn5hGrO/N58dw8op5nzSxPzO1/PU+cWZ6eG7+ep88sj87dP/U8embzALnx6/MAh3qeWzBfl2ksFludr3vV5tHpr8/OVh59bk79dPPo3kk36ts1Th4NAPDKivl/vIyL+f8jmfVm+j57bl7Qoev27N8Dqcd/4kDllbOd98123jrbef1sz0sc6nnxbM8Lze482Ws+L04blRcDAHAwi/n/3LScn//PLD9plr91TchP5OdN48vPD5L8/FCf/5L/e1+8mPwfAODVLeb/8dce49//+x9pOft36+XpOfHl6fL0qcZPy3l65+fZgs8BvLLzAHP3r28eAACAV0LXeKY0+ffsP5kus79nn/d7+efnrN+qSnp5fNHI1uHhCy7bsm5oZPiCzZeuG952weVbN4yMDG+urTfTvDE3b0nzxq5QSfdH8/WyedvC9O8hLMz5ewjZ9WPYo8dvTP57CNlm5xb8HYH9x6+1/uYdv9IU6zcbH3nHOy/+J3LWj+rH/+JPn3zB+m0XbNi8YWTD0MYN24cnrjeWtfZM43sz426Z1velZn5MUpr+93d2ph+lSf3oSvdH3vezJ5l+LEp7sijv+w9y+v2r//XVzx0/+o+7Qhg8ovyGGe2/ZNXofz9v+CMje363Zaz/pSn7X18z7VfR95Vm14/bU9l46baRk9Zfetnm7DdKtifOZ5Tq5Vmaz0if/uUW5yfW5tRP93MK5Uk3Dk4tz08AADBBfP8/Xs/G9w+/kl5AxfrW8/SZvX+cm6cPtpanZ7+XrChPz64ft7fVPL06wzw9235Rnt5s/WZ5el7enRf/YznrT1fr42Rmn/PIHScXtjZOst9nUDROsutPd5wkMxwn2faLxkmz9ZuNk7zjnhf/oznr52l9PMzsczm54+HW1sbDmzPlovGQXX+646E0w/GQbb9oPDRbv9l4yDu+efHPyVm/VRPHx9jAGB8XwxdcfunWzzasN9vffzHz/s3u93+0q/X+z+7nvma//7P7ubLZ7//MPleW2/8nZjYT1nr/Z/f7Xdp1wOZr0w+bFX3+rGged01O/XTncedMunFwMo8Lr5yY/8e3e2L+f1O67PTbQIf+96T5HrOm8Tv0PWZF1zFez6do7CDg9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNd2VJePLPddv23fOUR/41ReHX7rmwz/bdO2brvrBnwcuft8v7+75/su71x27/vfvP+zi+z9z5q7bvv3Qi/Pv/eczhYH7xn9WTkyL1RCS55IQqj/f+/Uv7X7syLG6JIRQTvp2hLAoWfzQoiQTYfDvIYR19X5OvPOel05ZP7a89qbuCfULM0Gy2xV6y7E/jf0M4YrCLeIQVE3H2fZ9l58U/vDeNdf9ZumPf9S189kd+1dJqg3jKYQFFzY+viuEMDf9PyaOtiXxwelydQihp+FxZxT067gW+78ip3x0upyTLnsL4sT7l2XKpcx62XLUlVn2FLQ3U3n9aHe9IvMy5ezJaKby+hnrF6XLn6bLE6cZvxz/J6GUhEq9+xuT/WMkNBy3JCTjx7JaL5fqxzak258pJ5lyKVMud2W2a7zddKCVk2RifVwvUx9Px5W0/tjGc3UT5+bUvz5dVtMn6suxHLI3anon3ahv17jYr71T9OVAKDWcg5rV1w98ejB607reZPGkx4w2Ee/bvebm5eW1D+/py+lHcneSxk/air/914vmfeqHN162JC/+haU0fqmt+H886/Hnz7/xe9/KjX9rjF9uK/7JD/Q8d9Yj1y/L3T974/6ptBV/6JlHb1l6+EU7c/t/e4xfbSv+ql2Pd8/f98CDuf0fjPtnblvxn37nB/9015P3PZsbP8T4PW3FX7try5e7+/edkBv/wbh/etsbPy/sPP2p/v6/DOTFfyLGn99W/Dt33PaOOxbedGbu8V0d909fW/HPPv7+6+btu++YvHNncnunXjkBXpsOS6+xbkjL7eaZM9WQL3xzoFK75puX/p/fyYYyxtpZMIvxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4dfrt1ad+8rz3fHRNJQkhyVlntIl4X3nOqlUDbbQ79Myjtyw9/KKdjXVL2ogDAAAAFIt5eKleUw1LwuXJ3HB00/XjHMHRsZRMrM/OIcQ42TmCduOUOhSn3KE4lQ7F6epQnDkditPdoTjVgjjV0FqcuVPEqYyNihb70zNlf1qP09uhOPM6FGd+h+Is6FCchR2K0zdlnNbH4aIOxVncoTiHdSjO4R2Kc0SH4ryuQ3GO7FCc7JzydMfh/HTNo/LijN8oF8apJOX6Hc3m049M2zlmhu30FrQzv+j1uMV25rbYznGZx5Wm2U61xXbeOMN2khbbefMM2ykVtBPH7RXZ/sV2YqnF8X9lh+Js71CcqzoU5+oOxfl8h+J8oUNxrplhHIBWxfx/f77XF7or7wo96RknOwsQ892l4z8nv97lnZBivDdk6ucUxcsm6pl4S6fbv+wEQibeskx914R4lXo+MkW8amO85Zk7C7c3O6GQ6d+JmfruonjZiQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmEW/vfrUT573no+uCUkY+9fUaBPxvvKcVasG2mh395qbl5fXPrynsa670kYgAAAAoFDMw7vqNdXQXVkZupM5E9arpvMA1bRc7qst+xeE1WPLZKA0Xu5JFk35uEr6uBUjm7as2Hbl9rdu2DR0yfAlw5vfvvLUlacPnnb6aSvWb9g4PFj7GUJ3QbwQwvj0w7Yrt392aOPG4a3bapXZ/i9JH7ckLSfp4/rfFgbHltem/V9c0F5pUnuzd6P46AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/Brt2FyHnVfwA/z8zszHTb/LN/+jYNzWbIS4laNIlbSbV0HxAstEnIUpDZ6lqCTbC4aUKblFjHNmBbExShJRAiuTASi63Fm77YIvaFQKRGA24M0hbthV4orVbSkgtJGcnunNmZ2ZnMOpamjZ/PxTwz5/zO+T1nLha+zw4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDBmqqOTFRGx8YHkxCSLjW1DuJcNp+m5T76fvn57d8vDJ9e2TxWyPWxEQAAANBTzOEDjZFiKOSyIRuumv60NDRNhNncDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/O+Zqo5MVEbHxi9OQki61NQ6iHPZfJqW++j7xjtPfubV4eG/No+V+tgHAAAA6C3m8ExjpBhKYVkYSK5qqYvPBha1rW+vi/ssnmdd+7ODbnXL5ll3zTzrPtajbkP9uisAAADAR1/M/7nGyFAo5BZ0zf+9cn2sW9JWl61f+/mtAAAAAPDfifm/0BgphUKu1Mjr8837S9vq4vpe/7eP61d0Wd/r//nr61f/pwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAj46p6shEZXRsPJuEkHSpqXUQ57L5NC330XfNC4N/v+XIQ0ubxwq5PjYCAAAAeoo5fDZ6F0MhNxgGwsXTuX/4poNPf/HpZ0dCCDMxP58Puzbt2HH3mpnXWLf62JGB7x1961tz6lbPvJ63AwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+bqerIRGV0bPyiJISkS02tgziXzadpuY++r3/uC39+/ORzbzaPlfrYBwAAAOgt5vDZ7F8MpZAP+XDF9KfmrH9Wpm19t2cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIXjnm/c9/VNk5Ob7/bGG2+8abw533+ZAACA99uSkITaf+jKjef7rgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA+DqerIRGV0bLyYhJB0qal1EOey+TQt99E3ff54YcHpF15qHiv1sQ8AAADQW8zhs9m/GEphIAyEy6c/dXomMJ3/hz7AmwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+VKaqIxOV0bHxBUkISZeaWgdxLptP03IffR/bfeCzhxd+9+bmsUKuj40AAACAnmIOzzdGiqGQ+3gohKvrnydbFyTZ+rXzc4HZddtblg3Oe121ZV123uv2tJ0sVz/NzLpi3G9o5tpYV567rty0rhQa7cst68K+llULetxnAAAAgPMo5v9CY2QoFHKFppz7k5b6ITkXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOhiqjoyURkdG0+SEJIuNbUO4lw2n6blPvre95v/v+QrP927s3ms1Mc+AAAAQG8xh89m/2IohcXh/8Li6dwfhlrrY90/KmcOP/rPv6wMYdUVJ4Zz7dv+ML751es3vtj+EkKmtToTwsJ6v6RLv1//7tF7l9fOPB7CqsuzV8/pF87dr3XLtPZMZfP6HUdPbO/x5QAAAMAFIub/gcbIUCjk7uqa/2Py7pH/G6YD+MJ7d//8svprPZG3rcgM1ftluvT7/PIn/7Ri7d/eOpv/z9XvUwe2Hr6speHMSJskrY1u3bnhxHWHMvHUM/2zbf3j9/Klb775ry27Hjkz078YivXxRblO/ee+trkorU1m9o+ve29/tbV/rsv5H/rtSyd/uWjvu2f7v7NksNH/mnOc/9z9B299eN/1B45saO0fQih36v/2uzeHK/9w54Pt5x9s27j5m29+bZOktWNLTx1ae7B0Q2v/pK1//P5/dvKxfT9+5DvPxv7xtyIrl823f6at/yt7Lt398gMbF7X2z3Q5/4u3vTq8rfzt37ef/46WXXNd72Lu+Z+49qnbX9uU3t8+BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcGGZqo5MVEbHxjNJCEmXmloHcS6bT9NyH33fuOX427ft/dEPmsdKfewDAAAA9BZz+Gz2L4ZSyId8GJzO/c9UNq/fcfTE9jA0M5vUr7nJbffs+MSWbTvvuuM83TkAAAAwXzH/5xojQ6GQWx4G6vl/dOvODSeuO5SJ+T8T8/+WOyc3rwqNulf2XLr75Qc2Lmo8Jwhh+mcBxbN1n56tu+nG40On/vi1FR3r1szWHVt66tDag6UbYl1orlsdGs8nnrj2qdtf25Te37i/5rpPfnXbZP3xRNx38NaH911/4MiGxjnq18H6vrFuMrN/fN17+6uxLlu/FuvnBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADmmqqOTFRGx8ZDNoSkS02tgziXzadpuY++65b/4sFLTj+3uHmskOtjIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf7MDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWF/foJjaPs4wD+PLvJm202aZP2BaNimlZFqQeLgoheVFSkFSl4qhSptvYgCoKIUg+m0oqlKl4Eq5ciKqhRCgo2FkurpOK/4sWDCgrVg1CKAe1SPKhk95ntZrrj6qQK6ucDw5PnmZnv/GaeZ2ezAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/KMM9I0128M77m/ccs4NHz1614lHbnrn3m0XPfzqdxObrvtw7+BLJ2c2r9jy5fXLNu2/e8307ucP/TT81i9HewY/1GpWpW4thHg8hlB7d/aZx2Y+PmtuLIYQqnFkMoTRuPTQaMwlrP45hLC5Xef8nW+euHzLXLtt18C88SW5kPx9hXo1q6dlZH69/LvU0jrb2njwkvD1teu3f7r8jdf7p45Nnjok1jrWUwiLN3ae3x9CWJS2OdlqG8tOTu26EMJgx3lX9qjr/D9Y/6UF/XNT+7/U1nvkZPtX5vqV3HH5fqY/1w72uN5CFdVR9rhehnL9/MtooYrqzMZHU/t2alf9yfxqtsVQiaGvXf498dQaCR3zFkNszmWt3a+05zak+8/1Y65fyfWr/bn7al43LbRqjPPHs+Ny49nruC+Nr+h8V3dxa8H42amtpQ/qyawf8n+01E/7o31fTVlds79Ty9+h0vEO6jbenvg0GfU0Vo9LTzvn1y6yfTPrn7iwuuG9wyMFdcS9MeXHUvlbPxkduv21nQ+MFeVvrKT8Sqn8b9Ye+eG2nS88V5j/dJZfLZV/2YHB42vf37Gy8PnMZs+nr1T+HUc/eHL5/++c6jbXzfw9WX6tVP4100cGhhsHDhbWvzp7PotK5X919Y3fvvL5vmOF+SHLHyyVv2H6vqcGxhsXF+YfbH0U6s0VWmL9/Dh1xRfj499PFOV/lj3/4S75sWf+y5O7r3pxya41hetzXfZ8RkrVf/MF+7cPNfadV/TujHvO1DcnwH/TsvQ/1uOpX/Z35kJ1/F54dqKv9Q00lLbhM3mhnLnrLP4L8wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5jBw5IAAAAAAT9f92OQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgqAAD//2BzKEU=") [ 58.937318][ T5305] Bluetooth: hci0: command tx timeout [ 59.139152][ T5320] loop0: detected capacity change from 0 to 32768 [ 59.578266][ T5320] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fix_errors=yes,reconstruct_alloc,version_upgrade=none [ 59.587042][ T5320] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 59.590484][ T5320] bcachefs (loop0): Version upgrade required: [ 59.590484][ T5320] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 59.590484][ T5320] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags [ 59.590484][ T5320] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 59.629412][ T5320] bcachefs (loop0): dropping and reconstructing all alloc info [ 59.664799][ T5320] bcachefs (loop0): accounting_read... done [ 59.668167][ T5320] bcachefs (loop0): alloc_read... done [ 59.670575][ T5320] bcachefs (loop0): snapshots_read... done [ 59.673234][ T5320] bcachefs (loop0): check_allocations... done [ 60.568821][ T5320] bcachefs (loop0): going read-write [ 60.573310][ T5320] bcachefs (loop0): journal_replay... [ 61.530074][ T5305] Bluetooth: hci0: command tx timeout [ 61.578979][ T5320] done [ 61.580595][ T5320] bcachefs (loop0): check_alloc_info... done [ 61.606621][ T5320] bcachefs (loop0): check_lrus... done [ 61.609922][ T5320] bcachefs (loop0): check_btree_backpointers... done [ 61.613955][ T5320] bcachefs (loop0): check_backpointers_to_extents... done [ 61.618321][ T5320] bcachefs (loop0): check_extents_to_backpointers... [ 61.619083][ T5320] bcachefs (loop0): scanning for missing backpointers in 9/128 buckets [ 61.625825][ T5320] done [ 61.629791][ T5320] bcachefs (loop0): check_alloc_to_lru_refs... done [ 61.637582][ T5320] bcachefs (loop0): bucket_gens_init... done [ 61.647902][ T5320] bcachefs (loop0): check_snapshot_trees... done [ 61.653203][ T5320] bcachefs (loop0): check_snapshots... [ 61.654031][ T5320] snapshot points to missing/incorrect tree: [ 61.654046][ T5320] u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: is_subvol 1 deleted 0 parent 0 children 0 0 subvol 1 tree 0, fixing [ 61.665708][ T5320] snapshot points to missing/incorrect tree: [ 61.665717][ T5320] u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: is_subvol 1 deleted 0 parent 0 children 0 0 subvol 1 tree 0, fixing [ 61.679643][ T5320] done [ 61.686577][ T5320] bcachefs (loop0): check_subvols... done [ 61.691483][ T5320] bcachefs (loop0): check_subvol_children... done [ 61.695524][ T5320] bcachefs (loop0): delete_dead_snapshots... done [ 61.698807][ T5320] bcachefs (loop0): check_inodes... done [ 61.706551][ T5320] bcachefs (loop0): check_extents... done [ 61.710729][ T5320] bcachefs (loop0): check_indirect_extents... done [ 61.714212][ T5320] bcachefs (loop0): check_dirents... done [ 61.770597][ T5320] syz.0.0 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 61.775108][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-09352-g0c86b42439b6 #0 PREEMPT(full) [ 61.775126][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.775133][ T5320] Call Trace: [ 61.775138][ T5320] [ 61.775143][ T5320] dump_stack_lvl+0x241/0x360 [ 61.775163][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.775177][ T5320] ? __pfx__printk+0x10/0x10 [ 61.775187][ T5320] ? ___ratelimit+0x4db/0x6a0 [ 61.775247][ T5320] ? __pfx____ratelimit+0x10/0x10 [ 61.775257][ T5320] dump_header+0xdb/0x6e0 [ 61.775269][ T5320] oom_kill_process+0x3b8/0x950 [ 61.775280][ T5320] out_of_memory+0x1104/0x1400 [ 61.775300][ T5320] ? __pfx_out_of_memory+0x10/0x10 [ 61.775316][ T5320] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 61.775333][ T5320] __alloc_pages_may_oom+0x2a4/0x460 [ 61.775350][ T5320] ? __pfx___alloc_pages_may_oom+0x10/0x10 [ 61.775372][ T5320] __alloc_pages_slowpath+0x960/0x10b0 [ 61.775393][ T5320] ? __pfx___alloc_pages_slowpath+0x10/0x10 [ 61.775412][ T5320] __alloc_frozen_pages_noprof+0x4d1/0x7b0 [ 61.775425][ T5320] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 61.775441][ T5320] ? cpuset_nodemask_valid_mems_allowed+0x6a/0x80 [ 61.775455][ T5320] ? kasan_save_track+0x3f/0x80 [ 61.775470][ T5320] alloc_pages_mpol+0x339/0x690 [ 61.775486][ T5320] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 61.775503][ T5320] ? alloc_frozen_pages_noprof+0x8c/0x170 [ 61.775540][ T5320] allocate_slab+0xe9/0x3a0 [ 61.775553][ T5320] ___slab_alloc+0xc3b/0x1500 [ 61.775567][ T5320] ? __bch2_darray_resize_noprof+0xd2/0x290 [ 61.775581][ T5320] ? __bch2_darray_resize_noprof+0xd2/0x290 [ 61.775591][ T5320] __slab_alloc+0x58/0xa0 [ 61.775602][ T5320] __kvmalloc_node_noprof+0x3f4/0x5a0 [ 61.775617][ T5320] ? __bch2_darray_resize_noprof+0xd2/0x290 [ 61.775631][ T5320] __bch2_darray_resize_noprof+0xd2/0x290 [ 61.775644][ T5320] bch2_sb_downgrade_update+0x8d8/0xeb0 [ 61.775665][ T5320] ? __pfx_bch2_sb_downgrade_update+0x10/0x10 [ 61.775680][ T5320] ? bch2_sb_errors_from_cpu+0x24c/0x280 [ 61.775697][ T5320] bch2_write_super+0xe13/0x3d90 [ 61.775714][ T5320] ? __mutex_trylock_common+0x184/0x2e0 [ 61.775728][ T5320] ? bch2_run_recovery_passes+0x4a6/0xa90 [ 61.775739][ T5320] ? __pfx_bch2_write_super+0x10/0x10 [ 61.775754][ T5320] ? trace_contention_end+0x3c/0x120 [ 61.775764][ T5320] ? __mutex_lock+0x380/0x10c0 [ 61.775771][ T5320] ? mean_and_variance_weighted_get_mean+0x73/0xc0 [ 61.775785][ T5320] ? __bch2_time_stats_update+0x2c5/0x370 [ 61.775795][ T5320] ? bch2_run_recovery_passes+0x3f7/0xa90 [ 61.775801][ T5320] ? bch2_journal_flush_seq+0x226/0x2b0 [ 61.775811][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 61.775817][ T5320] ? __pfx_bch2_journal_flush_seq+0x10/0x10 [ 61.775831][ T5320] bch2_run_recovery_passes+0x4a6/0xa90 [ 61.775842][ T5320] bch2_fs_recovery+0x292a/0x3e20 [ 61.775857][ T5320] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 61.775867][ T5320] ? __lock_acquire+0xad5/0xd80 [ 61.775879][ T5320] ? __lock_acquire+0xad5/0xd80 [ 61.775890][ T5320] ? __lock_acquire+0xad5/0xd80 [ 61.775909][ T5320] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 61.775919][ T5320] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 61.775931][ T5320] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 61.775939][ T5320] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 61.775948][ T5320] ? llist_reverse_order+0x72/0x90 [ 61.775959][ T5320] bch2_fs_start+0x37c/0x620 [ 61.775971][ T5320] bch2_fs_get_tree+0x1270/0x18d0 [ 61.775989][ T5320] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 61.776008][ T5320] ? vfs_parse_monolithic_sep+0x427/0x460 [ 61.776020][ T5320] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 61.776031][ T5320] ? rcu_is_watching+0x15/0xb0 [ 61.776042][ T5320] ? apparmor_capable+0x13b/0x1b0 [ 61.776055][ T5320] vfs_get_tree+0x90/0x2b0 [ 61.776068][ T5320] do_new_mount+0x2cf/0xb70 [ 61.776080][ T5320] ? __pfx_do_new_mount+0x10/0x10 [ 61.776093][ T5320] __se_sys_mount+0x38c/0x400 [ 61.776106][ T5320] ? __pfx___se_sys_mount+0x10/0x10 [ 61.776115][ T5320] ? __x64_sys_mount+0x20/0xc0 [ 61.776122][ T5320] do_syscall_64+0xf3/0x230 [ 61.776129][ T5320] ? clear_bhb_loop+0x45/0xa0 [ 61.776139][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.776149][ T5320] RIP: 0033:0x7feb7ed8e90a [ 61.776160][ T5320] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.776168][ T5320] RSP: 002b:00007feb7fbcbe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 61.776207][ T5320] RAX: ffffffffffffffda RBX: 00007feb7fbcbef0 RCX: 00007feb7ed8e90a [ 61.776214][ T5320] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 00007feb7fbcbeb0 [ 61.776219][ T5320] RBP: 0000200000000080 R08: 00007feb7fbcbef0 R09: 0000000000800000 [ 61.776224][ T5320] R10: 0000000000800000 R11: 0000000000000246 R12: 0000200000000000 [ 61.776228][ T5320] R13: 00007feb7fbcbeb0 R14: 0000000000005903 R15: 0000200000000180 [ 61.776237][ T5320] [ 61.776241][ T5320] Mem-Info: [ 61.970256][ T5320] active_anon:1795 inactive_anon:313 isolated_anon:0 [ 61.970256][ T5320] active_file:269 inactive_file:37009 isolated_file:0 [ 61.970256][ T5320] unevictable:1768 dirty:0 writeback:0 [ 61.970256][ T5320] slab_reclaimable:7082 slab_unreclaimable:35384 [ 61.970256][ T5320] mapped:9294 shmem:2494 pagetables:456 [ 61.970256][ T5320] sec_pagetables:285 bounce:0 [ 61.970256][ T5320] kernel_misc_reclaimable:0 [ 61.970256][ T5320] free:28453 free_pcp:37 free_cma:0 [ 61.989456][ T5320] Node 0 active_anon:0kB inactive_anon:0kB active_file:12kB inactive_file:4kB unevictable:1896kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:1896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3000kB pagetables:684kB sec_pagetables:1088kB all_unreclaimable? yes [ 62.004082][ T5320] Node 0 DMA free:812kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:644kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:68kB local_pcp:68kB free_cma:0kB [ 62.014675][ T5320] lowmem_reserve[]: 0 110 110 110 110 [ 62.016891][ T5320] Node 0 DMA32 free:2080kB boost:0kB min:4180kB low:5224kB high:6268kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:12kB inactive_file:4kB unevictable:1252kB writepending:0kB present:770052kB managed:113472kB mlocked:0kB bounce:0kB free_pcp:80kB local_pcp:80kB free_cma:0kB [ 62.027932][ T5320] lowmem_reserve[]: 0 0 0 0 0 [ 62.029967][ T5320] Node 0 DMA: 1*4kB (U) 9*8kB (UE) 8*16kB (UE) 5*32kB (UE) 7*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 812kB [ 62.035401][ T5320] Node 0 DMA32: 0*4kB 2*8kB (ME) 1*16kB (U) 12*32kB (UE) 16*64kB (ME) 3*128kB (UM) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2080kB [ 62.041475][ T5320] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 62.045741][ T5320] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 62.049359][ T5320] 39849 total pagecache pages [ 62.051350][ T5320] 68 pages in swap cache [ 62.053053][ T5320] Free swap = 108312kB [ 62.054758][ T5320] Total swap = 124996kB [ 62.056462][ T5320] 393083 pages RAM [ 62.057968][ T5320] 0 pages HighMem/MovableOnly [ 62.059864][ T5320] 188156 pages reserved [ 62.061642][ T5320] 0 pages cma reserved [ 62.063131][ T5320] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz0,task=syz.0.0,pid=5320,uid=0 [ 62.068917][ T5320] Out of memory (oom_kill_allocating_task): Killed process 5319 (syz.0.0) total-vm:91612kB, anon-rss:1184kB, file-rss:33956kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 62.085347][ T5320] bcachefs (loop0): check_xattrs... done [ 62.093045][ T5320] bcachefs (loop0): check_root... done [ 62.096459][ T5320] bcachefs (loop0): check_unreachable_inodes... done [ 62.107889][ T5320] bcachefs (loop0): check_subvolume_structure... done [ 62.111549][ T5320] bcachefs (loop0): check_directory_structure... done [ 62.115541][ T5320] bcachefs (loop0): check_nlinks... [ 62.116391][ T5320] inode 536870914 type reg has wrong i_nlink (2780562353, should be 1), fixing [ 62.121648][ T5320] done [ 62.133447][ T5320] bcachefs (loop0): resume_logged_ops... done [ 62.135434][ T5320] bcachefs (loop0): delete_dead_inodes... done [ 62.146139][ T5320] bcachefs (loop0): set_fs_needs_rebalance... done [ 62.199102][ T5320] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 62.202739][ T5320] bcachefs (loop0): check_alloc_info... done [ 62.210287][ T5320] bcachefs (loop0): check_lrus... done [ 62.212500][ T5320] bcachefs (loop0): check_btree_backpointers... done [ 62.215542][ T5320] bcachefs (loop0): check_backpointers_to_extents... done [ 62.222286][ T5320] bcachefs (loop0): check_extents_to_backpointers... done [ 62.225351][ T5320] bcachefs (loop0): check_alloc_to_lru_refs... done [ 62.229235][ T5320] bcachefs (loop0): bucket_gens_init... done [ 62.232329][ T5320] bcachefs (loop0): check_snapshot_trees... done [ 62.234802][ T5320] bcachefs (loop0): check_snapshots... done [ 62.236891][ T5320] bcachefs (loop0): check_subvols... done [ 62.238763][ T5320] bcachefs (loop0): check_subvol_children... done [ 62.240950][ T5320] bcachefs (loop0): delete_dead_snapshots... done [ 62.244388][ T5320] bcachefs (loop0): check_inodes... done [ 62.246955][ T5320] bcachefs (loop0): check_extents... done [ 62.249905][ T5320] bcachefs (loop0): check_indirect_extents... done [ 62.252095][ T5320] bcachefs (loop0): check_dirents... done [ 62.255445][ T5320] bcachefs (loop0): check_xattrs... done [ 62.257476][ T5320] bcachefs (loop0): check_root... done [ 62.259173][ T5320] bcachefs (loop0): check_unreachable_inodes... done [ 62.261443][ T5320] bcachefs (loop0): check_subvolume_structure... done [ 62.263581][ T5320] bcachefs (loop0): check_directory_structure... done [ 62.265963][ T5320] bcachefs (loop0): check_nlinks... done [ 62.270747][ T5320] bcachefs (loop0): resume_logged_ops... done [ 62.272745][ T5320] bcachefs (loop0): delete_dead_inodes... done [ 62.274702][ T5320] bcachefs (loop0): set_fs_needs_rebalance... done [ 62.279838][ T5320] bcachefs (loop0): bch2_copygc_start(): error creating copygc thread EINTR [ 62.283159][ T5320] bcachefs (loop0): error starting copygc thread [ 62.285402][ T5320] bcachefs (loop0): bch2_fs_start(): error starting filesystem EINTR [ 62.288056][ T5320] bcachefs (loop0): shutting down [ 62.289716][ T5320] bcachefs (loop0): going read-only [ 62.291820][ T5320] bcachefs (loop0): finished waiting for writes to stop [ 62.294434][ T5320] bcachefs (loop0): flushing journal and stopping allocators, journal seq 31 [ 62.303897][ T5320] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 32 [ 62.308670][ T5320] bcachefs (loop0): clean shutdown complete, journal seq 33 [ 62.311971][ T5320] bcachefs (loop0): marking filesystem clean [ 62.333602][ T5320] bcachefs (loop0): shutdown complete [ 62.337525][ T1074] ================================================================== [ 62.340639][ T1074] BUG: KASAN: slab-use-after-free in percpu_ref_put+0xda/0x250 [ 62.343612][ T1074] Read of size 8 at addr ffff88801e5bc0b0 by task kworker/u4:9/1074 [ 62.346352][ T1074] [ 62.347313][ T1074] CPU: 0 UID: 0 PID: 1074 Comm: kworker/u4:9 Not tainted 6.14.0-syzkaller-09352-g0c86b42439b6 #0 PREEMPT(full) [ 62.347328][ T1074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 62.347335][ T1074] Workqueue: loop0 loop_workfn [ 62.347352][ T1074] Call Trace: [ 62.347358][ T1074] [ 62.347363][ T1074] dump_stack_lvl+0x241/0x360 [ 62.347379][ T1074] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.347391][ T1074] ? __virt_addr_valid+0x183/0x530 [ 62.347404][ T1074] ? rcu_is_watching+0x15/0xb0 [ 62.347415][ T1074] ? __virt_addr_valid+0x183/0x530 [ 62.347426][ T1074] ? lock_release+0x4e/0x3e0 [ 62.347441][ T1074] ? __virt_addr_valid+0x183/0x530 [ 62.347451][ T1074] ? __virt_addr_valid+0x183/0x530 [ 62.347463][ T1074] print_report+0x16e/0x5b0 [ 62.347476][ T1074] ? __virt_addr_valid+0x183/0x530 [ 62.347488][ T1074] ? __virt_addr_valid+0x183/0x530 [ 62.347499][ T1074] ? __virt_addr_valid+0x45f/0x530 [ 62.347510][ T1074] ? __phys_addr+0xba/0x170 [ 62.347521][ T1074] ? percpu_ref_put+0xda/0x250 [ 62.347531][ T1074] kasan_report+0x143/0x180 [ 62.347544][ T1074] ? percpu_ref_put+0xda/0x250 [ 62.347555][ T1074] ? percpu_ref_put+0x1f/0x250 [ 62.347564][ T1074] percpu_ref_put+0xda/0x250 [ 62.347574][ T1074] blk_update_request+0x5e5/0x1160 [ 62.347592][ T1074] blk_mq_end_request+0x3e/0x70 [ 62.347606][ T1074] loop_process_work+0x1bdf/0x21d0 [ 62.347622][ T1074] ? __pfx_loop_process_work+0x10/0x10 [ 62.347630][ T1074] ? __lock_acquire+0xad5/0xd80 [ 62.347648][ T1074] ? do_raw_spin_lock+0x151/0x370 [ 62.347661][ T1074] ? do_raw_spin_unlock+0x58/0x8b0 [ 62.347674][ T1074] ? look_up_lock_class+0x7b/0x170 [ 62.347685][ T1074] ? register_lock_class+0x54/0x330 [ 62.347700][ T1074] ? __lock_acquire+0xad5/0xd80 [ 62.347718][ T1074] ? process_scheduled_works+0x9cb/0x18e0 [ 62.347729][ T1074] process_scheduled_works+0xac3/0x18e0 [ 62.347744][ T1074] ? __pfx_process_scheduled_works+0x10/0x10 [ 62.347755][ T1074] ? assign_work+0x367/0x3d0 [ 62.347775][ T1074] worker_thread+0x870/0xd50 [ 62.347788][ T1074] ? __kthread_parkme+0x1a8/0x200 [ 62.347801][ T1074] ? __pfx_worker_thread+0x10/0x10 [ 62.347811][ T1074] kthread+0x7b7/0x940 [ 62.347824][ T1074] ? __pfx_worker_thread+0x10/0x10 [ 62.347835][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.347847][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.347859][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.347871][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.347883][ T1074] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.347898][ T1074] ? lockdep_hardirqs_on+0x9d/0x150 [ 62.347908][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.347920][ T1074] ret_from_fork+0x4b/0x80 [ 62.347931][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.347944][ T1074] ret_from_fork_asm+0x1a/0x30 [ 62.347957][ T1074] [ 62.347962][ T1074] [ 62.458531][ T1074] Allocated by task 5320: [ 62.460322][ T1074] kasan_save_track+0x3f/0x80 [ 62.462264][ T1074] __kasan_kmalloc+0x9d/0xb0 [ 62.464118][ T1074] __kmalloc_cache_noprof+0x236/0x370 [ 62.466198][ T1074] __bch2_dev_alloc+0x57/0xa60 [ 62.468153][ T1074] bch2_dev_alloc+0xd6/0x180 [ 62.470053][ T1074] bch2_fs_open+0x315f/0x32a0 [ 62.471792][ T1074] bch2_fs_get_tree+0x77b/0x18d0 [ 62.473703][ T1074] vfs_get_tree+0x90/0x2b0 [ 62.475417][ T1074] do_new_mount+0x2cf/0xb70 [ 62.477190][ T1074] __se_sys_mount+0x38c/0x400 [ 62.478832][ T1074] do_syscall_64+0xf3/0x230 [ 62.480526][ T1074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.482717][ T1074] [ 62.483619][ T1074] Freed by task 5320: [ 62.485135][ T1074] kasan_save_track+0x3f/0x80 [ 62.486885][ T1074] kasan_save_free_info+0x40/0x50 [ 62.488814][ T1074] __kasan_slab_free+0x59/0x70 [ 62.490615][ T1074] kfree+0x198/0x430 [ 62.492251][ T1074] kobject_put+0x22f/0x480 [ 62.494032][ T1074] bch2_fs_free+0x27b/0x3c0 [ 62.495859][ T1074] deactivate_locked_super+0xc4/0x130 [ 62.498038][ T1074] bch2_fs_get_tree+0xd41/0x18d0 [ 62.499917][ T1074] vfs_get_tree+0x90/0x2b0 [ 62.501725][ T1074] do_new_mount+0x2cf/0xb70 [ 62.503453][ T1074] __se_sys_mount+0x38c/0x400 [ 62.505321][ T1074] do_syscall_64+0xf3/0x230 [ 62.507064][ T1074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.509334][ T1074] [ 62.510264][ T1074] Last potentially related work creation: [ 62.512534][ T1074] kasan_save_stack+0x3f/0x60 [ 62.514356][ T1074] kasan_record_aux_stack+0xbf/0xd0 [ 62.516353][ T1074] insert_work+0x3e/0x330 [ 62.517788][ T1074] __queue_work+0xda3/0x10a0 [ 62.519566][ T1074] queue_work_on+0x1c4/0x380 [ 62.521402][ T1074] bch2_dev_do_invalidates+0x17a/0x1f0 [ 62.523535][ T1074] bch2_do_invalidates+0x29/0x60 [ 62.525441][ T1074] __bch2_fs_read_write+0x386/0x3b0 [ 62.527603][ T1074] bch2_run_recovery_pass+0xf0/0x1e0 [ 62.529574][ T1074] bch2_run_recovery_passes+0x2ad/0xa90 [ 62.531594][ T1074] bch2_fs_recovery+0x292a/0x3e20 [ 62.533428][ T1074] bch2_fs_start+0x37c/0x620 [ 62.535113][ T1074] bch2_fs_get_tree+0x1270/0x18d0 [ 62.537115][ T1074] vfs_get_tree+0x90/0x2b0 [ 62.538813][ T1074] do_new_mount+0x2cf/0xb70 [ 62.540565][ T1074] __se_sys_mount+0x38c/0x400 [ 62.542376][ T1074] do_syscall_64+0xf3/0x230 [ 62.544250][ T1074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.546665][ T1074] [ 62.547677][ T1074] Second to last potentially related work creation: [ 62.550225][ T1074] kasan_save_stack+0x3f/0x60 [ 62.551941][ T1074] kasan_record_aux_stack+0xbf/0xd0 [ 62.553782][ T1074] insert_work+0x3e/0x330 [ 62.555392][ T1074] __queue_work+0xda3/0x10a0 [ 62.557195][ T1074] queue_work_on+0x1c4/0x380 [ 62.559050][ T1074] bch2_dev_do_discards+0x17a/0x1f0 [ 62.561069][ T1074] bch2_do_discards+0x29/0x60 [ 62.562770][ T1074] __bch2_fs_read_write+0x37e/0x3b0 [ 62.564633][ T1074] bch2_run_recovery_pass+0xf0/0x1e0 [ 62.566461][ T1074] bch2_run_recovery_passes+0x2ad/0xa90 [ 62.568602][ T1074] bch2_fs_recovery+0x292a/0x3e20 [ 62.570450][ T1074] bch2_fs_start+0x37c/0x620 [ 62.572104][ T1074] bch2_fs_get_tree+0x1270/0x18d0 [ 62.573934][ T1074] vfs_get_tree+0x90/0x2b0 [ 62.575618][ T1074] do_new_mount+0x2cf/0xb70 [ 62.577411][ T1074] __se_sys_mount+0x38c/0x400 [ 62.579212][ T1074] do_syscall_64+0xf3/0x230 [ 62.580994][ T1074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.583300][ T1074] [ 62.584294][ T1074] The buggy address belongs to the object at ffff88801e5bc000 [ 62.584294][ T1074] which belongs to the cache kmalloc-4k of size 4096 [ 62.589568][ T1074] The buggy address is located 176 bytes inside of [ 62.589568][ T1074] freed 4096-byte region [ffff88801e5bc000, ffff88801e5bd000) [ 62.595016][ T1074] [ 62.597674][ T1074] The buggy address belongs to the physical page: [ 62.600194][ T1074] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e5b8 [ 62.603651][ T1074] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 62.607043][ T1074] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 62.609796][ T1074] page_type: f5(slab) [ 62.611354][ T1074] raw: 00fff00000000040 ffff88801b042140 ffffea00007d3600 dead000000000002 [ 62.614775][ T1074] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 62.617903][ T1074] head: 00fff00000000040 ffff88801b042140 ffffea00007d3600 dead000000000002 [ 62.621057][ T1074] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 62.624209][ T1074] head: 00fff00000000003 ffffea0000796e01 ffffffffffffffff 0000000000000000 [ 62.627220][ T1074] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 62.630490][ T1074] page dumped because: kasan: bad access detected [ 62.632926][ T1074] page_owner tracks the page as allocated [ 62.635204][ T1074] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 4219214766, free_ts 0 [ 62.642725][ T1074] post_alloc_hook+0x1f4/0x240 [ 62.644639][ T1074] get_page_from_freelist+0x3695/0x37e0 [ 62.646670][ T1074] __alloc_frozen_pages_noprof+0x2c5/0x7b0 [ 62.648941][ T1074] alloc_pages_mpol+0x339/0x690 [ 62.650870][ T1074] allocate_slab+0x8f/0x3a0 [ 62.652644][ T1074] ___slab_alloc+0xc3b/0x1500 [ 62.654473][ T1074] __slab_alloc+0x58/0xa0 [ 62.656208][ T1074] __kmalloc_cache_noprof+0x26a/0x370 [ 62.658391][ T1074] kobject_uevent_env+0x28b/0x8e0 [ 62.660417][ T1074] kset_register+0x1ab/0x210 [ 62.662269][ T1074] class_register+0x22d/0x380 [ 62.664202][ T1074] typec_init+0x83/0x100 [ 62.665963][ T1074] do_one_initcall+0x24a/0x940 [ 62.667857][ T1074] do_initcall_level+0x157/0x210 [ 62.669893][ T1074] do_initcalls+0x71/0xd0 [ 62.671749][ T1074] kernel_init_freeable+0x432/0x5d0 [ 62.673973][ T1074] page_owner free stack trace missing [ 62.676056][ T1074] [ 62.677062][ T1074] Memory state around the buggy address: [ 62.679259][ T1074] ffff88801e5bbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.682371][ T1074] ffff88801e5bc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.685583][ T1074] >ffff88801e5bc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.688647][ T1074] ^ [ 62.690742][ T1074] ffff88801e5bc100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.693823][ T1074] ffff88801e5bc180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.696945][ T1074] ================================================================== [ 62.715314][ T1074] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 62.718211][ T1074] CPU: 0 UID: 0 PID: 1074 Comm: kworker/u4:9 Not tainted 6.14.0-syzkaller-09352-g0c86b42439b6 #0 PREEMPT(full) [ 62.722713][ T1074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 62.726872][ T1074] Workqueue: loop0 loop_workfn [ 62.728817][ T1074] Call Trace: [ 62.730124][ T1074] [ 62.731334][ T1074] dump_stack_lvl+0x241/0x360 [ 62.733145][ T1074] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.735201][ T1074] ? __pfx__printk+0x10/0x10 [ 62.737046][ T1074] ? vscnprintf+0x5d/0x90 [ 62.738758][ T1074] panic+0x349/0x880 [ 62.740338][ T1074] ? check_panic_on_warn+0x21/0xb0 [ 62.742327][ T1074] ? __pfx_panic+0x10/0x10 [ 62.744000][ T1074] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 62.746296][ T1074] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 62.748821][ T1074] ? print_report+0x519/0x5b0 [ 62.750658][ T1074] check_panic_on_warn+0x86/0xb0 [ 62.752613][ T1074] ? percpu_ref_put+0xda/0x250 [ 62.754478][ T1074] end_report+0x77/0x160 [ 62.756106][ T1074] kasan_report+0x154/0x180 [ 62.757862][ T1074] ? percpu_ref_put+0xda/0x250 [ 62.759694][ T1074] ? percpu_ref_put+0x1f/0x250 [ 62.761767][ T1074] percpu_ref_put+0xda/0x250 [ 62.763668][ T1074] blk_update_request+0x5e5/0x1160 [ 62.765643][ T1074] blk_mq_end_request+0x3e/0x70 [ 62.767469][ T1074] loop_process_work+0x1bdf/0x21d0 [ 62.769416][ T1074] ? __pfx_loop_process_work+0x10/0x10 [ 62.771561][ T1074] ? __lock_acquire+0xad5/0xd80 [ 62.775601][ T1074] ? do_raw_spin_lock+0x151/0x370 [ 62.777728][ T1074] ? do_raw_spin_unlock+0x58/0x8b0 [ 62.779737][ T1074] ? look_up_lock_class+0x7b/0x170 [ 62.781816][ T1074] ? register_lock_class+0x54/0x330 [ 62.783919][ T1074] ? __lock_acquire+0xad5/0xd80 [ 62.785847][ T1074] ? process_scheduled_works+0x9cb/0x18e0 [ 62.788031][ T1074] process_scheduled_works+0xac3/0x18e0 [ 62.790274][ T1074] ? __pfx_process_scheduled_works+0x10/0x10 [ 62.792678][ T1074] ? assign_work+0x367/0x3d0 [ 62.794565][ T1074] worker_thread+0x870/0xd50 [ 62.796437][ T1074] ? __kthread_parkme+0x1a8/0x200 [ 62.798454][ T1074] ? __pfx_worker_thread+0x10/0x10 [ 62.800456][ T1074] kthread+0x7b7/0x940 [ 62.802104][ T1074] ? __pfx_worker_thread+0x10/0x10 [ 62.804098][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.805887][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.807661][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.809499][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.811286][ T1074] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.813311][ T1074] ? lockdep_hardirqs_on+0x9d/0x150 [ 62.815324][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.817115][ T1074] ret_from_fork+0x4b/0x80 [ 62.818843][ T1074] ? __pfx_kthread+0x10/0x10 [ 62.820684][ T1074] ret_from_fork_asm+0x1a/0x30 [ 62.822579][ T1074] [ 62.824233][ T1074] Kernel Offset: disabled [ 62.826064][ T1074] Rebooting in 86400 seconds..