program: socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket(0x11, 0x800000003, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000080)={@dev={0xac, 0x14, 0x14, 0xd}, @remote, 0x0, "3a3a550491c3dd60a3a90845b66619d1377158a9f662a8af01a4499e6cdea72b", 0x3, 0x92, 0xfffff000, 0x7}, 0x3c) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8, 0x6, 0x7e5}]}}]}, 0x38}}, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)=ANY=[@ANYBLOB="18001a00", @ANYRES16=r1, @ANYBLOB="010000000000000000003900000004000d80"], 0x18}, 0x1, 0x0, 0x0, 0x20004014}, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) (async) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x20, &(0x7f0000000000)=[@in={0x2, 0x4e24, @local}, @in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000240)=0x10) (async) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x20, &(0x7f0000000000)=[@in={0x2, 0x4e24, @local}, @in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000240)=0x10) syz_mount_image$bcachefs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1000001, &(0x7f0000000300)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c6572726f725f736166652c6a6f75726e616c5f7472616e73616374696f6e5f6e616d65736f6e5f757067726164653d6e6f6e652c736d61636b66736861743d2a2c6f626a5f747970653d28aa2900212c667521633d4b455845435f4b45564e454c5f434845434b2c657569643d00"/136, @ANYBLOB="54e247c79617426b09dd74f53e933283fd6480bf340fccfd4af2d70482b595d99ce84ce3caeb876e317cfaa6b634e7397889be79cfdb92117ddbf0d5d793e20d169c207992d2282aa9f62202a0c012675b4babb84572bbb58e0d11a0f7519dd563f7f0fbb7e7e46c5a3b53e4d9c621c7a75a2e1633490d042569a35a47e0150a79fa33adfd1ae67484c2d0963f27dfca", @ANYRESDEC=r0, @ANYRES64=0x0, @ANYRES32=r1], 0x0, 0x5968, &(0x7f0000005e40)="$eJzs3X+MXGXdKPDnzMzuTnf7Y1tACsh2KVQR1LaABH9Eq9dfASQ1GKXcKix0i9W2NG0RKCjFC14IYNBoFPUPJEguWA0JXKUSkB+35SpKuHrJGySvvi/6Jr5BXhqBhhhf+2Z3zjM7e3bOntnZWWjL55N2z5xnznyf5zznmTPn+8zsTgAAAOB1Yfe1W/aedeSHfvnl4Zev+ujPNlwd+sqj5dW4QX+6vOy1aiEzqZRZ76ksHF1mx8Wbr7jrT4MXfuAXd/f+4JVda45Z+7sPHnLh/Z87fect3334pTn3/uPZonrieDphbD15Pgmh+sCeb35l1+OHj5QlIYRy0r89hPnJgofnJ5kQy/4WQlhTb+f4O+95+eS1I8urb+gZVz4vE8R4f32rpuNs295LTwy/f/+qa3696Mc/6trx3PaxTZJqw3gKYe75jY/vCiHMSv+PiKNtYXxwulwZQuhteNxpBe06tsX2L81ZPypddqfLfeXJ4/Sly8WZ9ez5ILsedWWWvZNXFxq6qi157Wh3uyKzM+vZk9F05bUzls9Plz9NlydMMX45/k9CKQmVevPXJ2NjJDQctyQko8eyWl8vjdvnpOFYp+tJZr2UWS93ZfZrtN50oJWTZHx53C5THk/HlbT8mMZzdRNn55QfkS6r6RP1lbgesjdq+ibcqO/XqNiuPZO05dVQynlixfL6MRw5GA2vmX3JggmP2ddEvG/XqhuXlFc/srs/px3J3bWa+kZH0tTjb/vV/Nmf+eH1lyzMi39+KY1faiv+H8544oVzr7/tO7nxb47xy23FP+nB3ufPePTaxbn9syf2T6Wt+EPPPnbTokMv2JHb/ltj/Gpb8VfsfKJnzt4HH8pt/7LYP7Paiv/Muz/8xzufuu+5hvjjToFJiPF724q/euemr/YM7D0+t/0Pxf7pa2/8vLjj1KcHBv48mBf/yRh/Tlvx79h+y7tun3fD6bnHd2Xsn/624p953P3XzN5739F5587k1qm9cnZPaWuAg98h6SXjdel6u3nmdDXkC98erNSuA2NOM6eTFWWM1DN3BuMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Pp02In/9yP/+sn+5yvpek9645lSbRnLu0NIZoUQtmwd2rx13caLBj938SWbNw6tHxzaOji8cevmywdPeevg5uFN64cuH7l32dtOrj1uQUhqy+ToCXXv27dvX6l/fFms778dt+P3S07797+EsOyw3w5Uctu/9JYNtx/a5GdGsmLf+zZcctZv3/H9dL/603b157Qr5LTrP875++1f3/On40NY9obJ2vXYM+/9+bgGjRaMxUmVekKtQT1Jb9N21Fudtif2V2XtuvXDy4r7t5yzH//9iuf+tvayr/291r/V3P1osX9nrdi3vvStVWf+57eurBUsCDHm/nXci/o77kVsX+y/atrfc9P+npvT35Wc/br21w899cCR17+0PSyrvLhoYt1F+9WVDoCu5IiW6o019Cbzx5VX0+3j0YmPW7p1w6alWy7f9rZ1G4YuGr5oeOM7l5+y/NR/uy2EpaN7vrTD+x/rf1OL+//qnEfmfWH7T+PP1sZTUbuK+mOkXcX90diivOdf79lf+cY7b3n0rFpB0TiPW9fPJ+myd+Q4Lw8N421iXzXbr6J+CCEMNuuHF146PRz+T+uuKToPNR6Zxp8ZyYp9jy/+6/dP+97C99QKXpXzfGOD2jzP11s91p7R/qqmx2N/7d+eUE73q69pu5Y//mjXjbv/8sV6+7q7w2VDW7duXl77OTtt6ezkqKbtypbG/Vo0+rMc0m4J9WHaZLyO6Aq19mXPn3HzbK/2pff1JQsy93SP7ldWvHfXqhuXlFc/sjuvp5O7azXOCnNqy+SNOVuuzzywXG9ws/qnMj6S7fvP+Bj4yPfu/eS9Pzkltq87hNr4OKn2M2+/ekK9O5qO+x8/dcc3fvC1//mTzu3XR977RP9f//mzS2oFB8p5pd7qtD1J43nlpBCKnn+LQvP9yH3+lZrvT9HzL1vP2PbN4w1m1vtCOef52vz5Eu876cHe58949NrFuc/XPa0+X68ct1YueL7uL+On6Lwxc8+vcQMlWbHvF9cdsv3hq1YeWSsoGtf1rZuN65NbyDtz9uvn5z49cPHg//j/nTtv3PXWe8773dCKL9UK9pfjXk37t5rTv/VWx7yzsX/ffuHF69fUyvff6990WZD/xFPJlsu3fX5o/frhzVta269Wr7diPdlebvf1NJ7dFhTsV2nCfnX+xoqRq5S0xzr1fIvtX9N2f41/vvWFpK3XhW2/mj/7Mz+8/pL+CY9KKzq/lMYvtRX/D2c88cK519/2ndz4N8f4lbbiDz372E2LDr1gR278W5M0frWt+Ct2PtEzZ++DD+XGXxbbP6ut+M+8+8N/vPOp+57LjR9i/L72+v/FHac+PTDw59z4TyZpPSPXSCHc8/LJa2vrSehKn2+xHV3j2hWy60lmvZRZLzeul9Jr4FhBOUnGl8ft0vJjGtrSzKdyyuNVWHVhbflKXA/ZG5OX729KDef+ZuVF16kAAAe7+P5/vAaN7/8PpxdK+TMNMKYoD2u83SwPW5gTN+ZhY/M53ePuX5jGjI+P84ADbw/LRpZXD9Yu9Kc6zxmfD9l5zljP8ceOj9HuPGfR/PvizHpsV22+vNKQh6Ym5jWV0ML8+8R6Jp9/z+x+8fz44HUTmjXYMG+VPX5d6YxZs887ZNpbGYmQNz6y82Lx8xwDc8PK0fpaHB/Zz9HE45D9HE2s58jK+DNnu5+jme74iM2eZHyMNrn4/Y2Jxy9M0r9jx695tOzxm8Lxro5sn//+7OTzPq2+P3vgzxvO7Pth5iVz4qdPsP193jCWx/2otDif+Mmc8k7NJ8bTRWzXnkna8mownwgcrGL+H18jeirNU/6i69DsVWOMl/s5oXLz9hTlHRM/p9fb1uv46p2bvtozsPf43Ouch1r93M+mcWu9BZ/7KerHJZn1wn7MmaApyvey9RT1e/ZzGX1hTuz3N38jc99k/X7H9lvedfu8G07P7feVtRfS4n4fX+ucgn6XL+TE34/zhcrrKF+Y7ucYiubPXrN8JP3g00zlI5/IKZ9iPjLWpMwHtQ7YfKTr1W0XAHDgiPl//f2zSu0NuH/JbFeUt56QWY/xRvPWq8bKi65P8vLWj6XLyzLb96W/UTHV6+Yzj7v/mtl77zs6N2+5tdU89H+NW+svzEPntNXemDfn5hErO/N58dw8op5nTS9PzG1/PU+cXp6eG7+ep08vj87tn3oePb15gNz49XmAKee5cYjvJ3nuzM7XHbR5dPrrszOVR5+dUz7V9/X6Jtyo79coeTQAwGsr5v/1JCHN/x/NbDfd6/bcvKBD1+3ZvwdSj//kq5VXznTeN9N560zn9TM9L3Ggv/870/NCMztPJi9O10P2Rs3+nRc/cFe8JS8GADi4xfx/Vrqen/9PLz/Jzd/q+cnrLj9PQtguPz9g8vMDff5rZvP/+Gsohfn/2Mdj5P/7Tf4/Rv4PAHBwi/l//LXH+Pf//k+6nv279a/DPH3UxDx9/FWyPF2ePun4aTlPn+l5Np8DMA9QzDwAAMDBpWs0U5r4e/afTpfZ37PP+738c3O2b1Vl9HfsQ7hg6+bh4fMu2bRmaOvweRsvXjO85bxLN6/bunV4Y2276eaNuXlLmjd2hUraH823y+Zt89J3POfl/D2E7PYx7FGjNyb+Hb9stbMK/o7A2PFrrb15x680yfbNxkfe8c6L/6mc7aP68b/wsyedt3bLees2rtu6bmj9um3D47cbyVp7p/C9mbFbpvS9mZkfE5Sm/v2dnWlHaUI7utL+yPt+9iTTjvlpS+bnff9BTrt/+f++/oXj9v39zhCWHVZ+47T6L1mx73+fM/yxrbt/u2mk/aVJ21/fMm1X0feVZreP+1NZf/GWrSeuvfiSjdlvlGxPnM8o1ddnaD4jffqXW5yfWJ1TPoX5iTND459lzfn7rPuLlucnAAAYJ77/H69n4/uHX0svoGJ563n69N4/bnqNWxp7/7goT89+L1lRnp7dPu5vq3l6dZp5erb+ojy92fbN8vS8vDsv/idytp+q1sfJ9D7nkTufc35r4yT7fQZF4yS7/VTHSTLNcZKtv2icNNu+2TjJO+558T+es32e1sfD9D6Xkzsebm5tPLwls140HrLbT3U8lKY5HrL1F42HZts3Gw95xzcv/lk524+ZlXtPmDA+RgbG6LgYPu/Sizd/vmG7mf7+i+m3b2a//6Ndrbd/Zj/3NfPtn9nPlc18+6f3ubLc9j85vZmw1ts/s98H2a5Xbb42/bBZ0efPiuZxV+WUT/VzZt0TbuyfzOPCayfm//Htnpj/35AuO/020IH/PWmTvc51Tft17sD//P3MXsd4PZ+ksv2A13MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA1vRUFo4ud1+7Ze9ZR37ol18efvmqj/5sw9VvvuKuPw1e+IFf3N37g1d2rTlm7e8+eMiF93/u9J23fPfhl+bc+49nCwP31xYnpKvVEJLnkxCqD+z55ld2PX74SFkSQign/dtDmJ8seHh+komw7G8hhDXpyhGV8Xfe8/LJa0eWV9/QM658XiZIdr9CXzm2Z1w7w2WFe8QBqJqOs217Lz0x/P79q6759aIf/6hrx3PbxzZJqg3jKYS55zc+viuEMCv9PyKOtoXxwelyZQiht+FxpxW069gW2780Z/2odNmdLvsK4sT7F2fWS5ntsutRV2bZW1DfdOW1o93tiszOrGdPRtOV185YPj9d/jRdnjDF+OX02JSTUEpCpd789cnYGAkNxy0Jyej21fp6qX5sQ7r/mfUks17KrJe7Mvs1Wm860MpJMr48bpcpj6fjSlp+TOO5uomzc8qPSJfV9In6SlwP2Rs1fRNu1PdrVGzXnkna0qC7tc2mrtRwDmpWXj/w6cHoS8v6kgUTHrOviXjfrlU3LimvfmR3f047kruTNH7SVvxtv5o/+zM/vP6ShXnxzy+l8Uttxf/DGU+8cO71t30nN/7NMX65rfgnPdj7/BmPXrs4t3/2xP6ptBV/6NnHblp06AU7ctt/a4xfbSv+ip1P9MzZ++BDue1fFvtnVlvxn3n3h/9451P3PZcbP8T4vW3FX71z01d7BvYenxv/odg/fe2Nnxd3nPr0wMCfB/PiPxnjz2kr/h3bb3nX7fNuOD33+K6M/dPfVvwzj7v/mtl77zs679yZ3NqpV06A16dD0mus69L1dvPM6WrIF749WKld881O/8+plReliG0ZqWfuTAQGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCg9psrT/n0Oe/7+KpKEkKSs82+JuJ95e4VK9qpd+jZx25adOgFOxrLFrYTCAAAACgU8/BSvaQaFoZLk1nhqKbbxzmCo+JaMr48O4cwa2zLjsQpdShOuUNxKh2K09WhON0ditPToTjVgjjV0FqcWZPGKbXcnt4OxenrUJzZHYozp0Nx5nYozrwOxemfNE7r43B+h+Is6FCcQzoU59AOxTmsQ3He0KE4h3coTnZOearjcE665ZF5cUZvlAvjVJJy/Y5m8+mxnqOnWU9fi/UMTrOeWS3Wc2zmcaUp1lNtsZ43TbOepMV63jLNekoF9cRxe1m2fbGeuNbi+L+8Q3G2dSjOFR2Kc2WH4nyxQ3G+1KE4V00zDkCrYv4/lu/1h57Ke0JvesbJzgLEfHfR6M+Jr3d5J6QY742Z8u6ieNlEPRNv0VTbl51AyMRbnCnvGhevUs9HJolXbYy3JHNn4f5mJxQy7TshU95TFC87sQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+g3V57y6XPe9/FVIQkj/5ra10S8r9y9YsVgG/XuWnXjkvLqR3Y3lvVU2ggEAAAAFIp5eFe9pBp6KstDT9I9brtqOg9QTdfL/bXlwNywcmSZDJZG13uT+ZM+rpI+bunWDZuWbrl829vWbRi6aPii4Y3vXH7K8lOXvePUdyxdu2798LLazxB6xscbnSFojBdCGJ1+2HL5ts8PrV8/vHlLrTDb/oXp4xam60n6uIG3h2Ujy6vT9i8oaH9pQn0zd6P46AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/Be7dhvq1lkHAPw5SW6S3q0uY29ZWe9CX0bVoW29k07H7gHBwdaVXgaSTK+j2BaHt2vZ2lFn3C64zRZF2CiUSr9U6nBz+GVzboh7oVCZ1Yq3FtmG7oN+UDaddKMfpCPSm5zcJE2a21jWF3+/D+fk/J//8/zPcy4t/E8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH63p6uhEeWy8MhyFEPXIqXWRjKWzcVwaoO5XXtryg9zI8WWtsVxmgIUAAACAvpI+fKgZyYdcJh3S4dqZq0WhZSDM9v0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/gXntl9PV0Yny2HjlkiiEqMeUWhfJWDobx6UBbuPt95/97BsjI39vjRUHWAcAAADoL+nDU81IPhTD4jAUXduWl7wbWNAxvzMvWWfhHPM63x30yls8x7wb5pj38T55axrn7QEAAAAufEn/n2lGCiGXmd+z/+/X1yd513fkpRvnQX4rAAAAAPxvkv4/14wUQy5TbPbrc+33F3XkJfP7fW+fzF/aY36/7/PvbJx9Tw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF47p6uhEeWy8ko5CiHrk1LpIxtLZOC4NUHfly8P/vOPAY4taY7nMqXnR1ACLAwAAAG2SPny29c6HXGY4DIVLZvr+kdv2Pv+l518YDSHU2/xsNmxft3Xr/SvrxyRvxaEDQ98/+O63T8lbUT+esw0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnzXR1dKI8Nl6ZF4UQ9cipdZGMpbNxXBqg7luf/+Jfnz764jutseIA6wAAAAD9JX34bO+fD8WQDdlw9cxVa69/Uqpjfq93BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDF44FvPvSNdZOTG+734SL9cPnv63/p8+V+zuzDvI+yaNo/h9kP5/p/JgAA4Gy7PkShdoauWXuu7xoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfTFdHJ8pj45V8FELUI6fWRTKWzsZxaYC68UuHc/OPv/xqa6w4wDoAAABAf0kfPtv750MxDIWhcNXMVbd3AjP9f2GuFYbOzo0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA543p6uhEeWy8Mj8KIeqRU+siGUtn47g0QN2npvZ8bv9l37u9NZbLDLAQAAAA0FfSh2ebkXzIZT4RcuG6xvVk+4Qo3Th3fy8wO29L27ThOc+rts1Lz3nejo6dZRq7qc/LJ+sV6ufmvNKp80ot84qhWb7UNi/saps1v899BgAAADiHkv4/14wUQi6Ta+lzf9KWX9DnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9TFdHJ8pj45UoCqHW0JlT6yIZS2fjuDRA3Yd+e/mlX/3pzm2tseKgmwAAAABOK+nDo2YkH4phYfhYWDjT94dCPTrUGE3y/lU+sf/Jf/9tWQjLrz4ykum5/q/fuvWVzkMIqfakVAiXNepFhfahpN5v/vDkg0tqJ54OYflV6eu61ctP9a7XvmRcy4YQth48smUuTwgAAAAufEn/P9SMFEIuc98p/X8i6bzPqP+/7MGpX1zZODY68o4ZqUKjXqpHvS8sefYvS1f9492T/f/p6n16z6b9V7YVrEc6RHFtbNO2NUdu2pdKdl2vn+6onzyXL3/rnf9s3P7EiXr9fMg34gsy3eqfeuwwL65NpnZXVn+4u9peP9Nj/4/97tWjv1qw84OT9d+/frhZ/4bT7P/09YfvenzXzXsOrGmvH0Iodav/3ge3h2v+dO+jnfsf7li49cm3HjtEce3QomP7Vu0t3tJeP+qonzz/nx19atePn/juC0n95LciyxbPtX6qo/7rO66Yeu2RtQva66d67P+Vu98Y2Vz6zh87979+4P0/c+Nz97y5Ln64cwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODiMl0dnSiPjVdSUQhRj5xaF8lYOhvHpQHqvn3H4ffu3vmjH7bGigOsAwAAAPSX9OGzvX8+FEM2ZMPwTN//8/KGO7cePLIlFOqjUeOcmdz8wNZPbty87b71uXN06wAAAMAcJf1/phkphFxmSRhq9P9jm7atOXLTvlTS/6eS/n/jvZMblodm3us7rph67ZG1C5rvCUKY+VlA/mTeZ2bzbrv1cOHYn7++tGveytm8Q9Gxfav2Fm9J8kJr3orQfD/xzI3P3fPmuvjh5v215n3qa5sn19fjybrDdz2+6+Y9B9Y099E4DzfWTfImU7srqz/cXU3y0o1zvrHvvjYP9OcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvadHV0ojw2XgnpEKIeObUukrF0No5LA9RdveSXj156/MWFrbFcZoCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgv+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhv/5CpKriOICfOzPbjjO7uptBW9G6WlHYQ1IQUS8VFaERQk+GhKX5EAVBRGEPaWgkVvQSZL1IVFBtIRTkJokma/RPeumhggLrIRBpoRykh4rdOWecve5t8q4F1ecDw9lz7r3f+7v3nLk7FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Ffpr43MtIe2PdS6/fybP3ni3uOP3/r+A1sufeyNH8bW3/jx7sarJyY3LN349U2L1++9b+XEzpcO/DL47m9HegY/2m6Wx249hOxYFkL9g6nnn5z89NzpsSyEUD0r7nBgOMslrPg1hLChU+fsje8cv2rjdLtlR/+s8UW5kPx1hWY11dM2NLte/lvqcZ1taj1yefj2hjVbP1/y9lt940c3n9wlq3etpxAWrus+vi+EsCB+pqXVNpIOju3qEEKj67hretR10V+s/4qC/gWxTV+fZo+ctH1Zrl/J7ZfvJ325ttHjfPNVVEfZ/XoZyPXzD6P5KqozjQ/H9r3YLj/N/Gr6ZKGShVqn/Puzk2skdM1bFrKZuax3+pXO3IZ4/bl+lutXcv1qX+66Zs4bF1o1y2aPp/1y4+lxXIvjS7uf1XO4o2D8vNjW4xf1ROqH/B9tzVP+6FzXjFTX1J/U8k+odD2D5hrvTHycjGYca2Znn3LM73NI2ybXPH1Jde2Hh4YK6sh2ZzE/K5W/6bPhgbve3P7wSFH+ukrMr5TK/27V4Z/u3P7yi4X5z6X8aqn8K/c1jq06uG1Z4f2ZSvenVir/7iMfPbPknHvGC+vflfLrpfKvnzjcP9jat7+w/hXp/iwolf/Ndbd8//qXe44W5oeU3yiVv3biwWf7R1uXFebvT/enWW79/Dx+9Vejoz+OFeV/kfIHS+W/tnnnta8s2rGycH5Xp/szVCr/tov3bh1o7bmw6NmZ7TpT/zkB/p8Wx99YT8V++z3zYDjd98z56npfeGGs1v7NNxA/g2fyRDnT51n4N+YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAf7MABCQAAAICg/6/bESgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVAAAAP//C8Is7A==") [ 68.445073][ T5302] Bluetooth: hci0: command tx timeout [ 68.837556][ T5318] loop0: detected capacity change from 0 to 32768 [ 68.849681][ T5318] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [ 69.085769][ T5318] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only [ 69.085769][ T5318] allowing incompatible features above 0.0: (unknown version) [ 69.098209][ T5318] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 69.101426][ T5318] bcachefs (loop0): superblock requires following recovery passes to be run: [ 69.101426][ T5318] check_inodes,check_extents,check_dirents [ 69.110761][ T5318] bcachefs (loop0): invalid bkey in btree_node btree=extents level=0: u64s 7 type inline_data 536870912:8:U32_MAX len 0 ver 0: datalen 16: 73797a6b616c6c657273000000000000 [ 69.110778][ T5318] size == 0, deleting [ 69.119994][ T5318] bcachefs (loop0): flagging btree extents lost data [ 69.122757][ T5318] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 69.130364][ T5318] bcachefs (loop0): running explicit recovery pass check_allocations (8), currently at recovery_pass_empty (0) [ 69.134659][ T5318] bcachefs (loop0): running explicit recovery pass check_lrus (14), currently at recovery_pass_empty (0) [ 69.139294][ T5318] bcachefs (loop0): running explicit recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 69.144218][ T5318] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 69.152642][ T5318] bcachefs (loop0): error reading btree root btree=extents level=0: btree_node_read_error, fixing [ 69.159609][ T5318] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree inodes level 0/0 [ 69.159624][ T5318] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 69.159632][ T5318] node offset 0/24: incorrect min_key: got 0:0:U32_MAX should be POS_MIN, btree topology error: [ 69.174656][ T5318] bcachefs (loop0): flagging btree inodes lost data [ 69.178043][ T5318] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing [ 69.195028][ T5318] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0 [ 69.195042][ T5318] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 69.195049][ T5318] node offset 0/32 bset u64s 0: checksum error, type none: got should be , fixing [ 69.210545][ T5318] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 69.210545][ T5318] btree=freespace level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 69.223688][ T5318] bcachefs (loop0): scan_for_btree_nodes... [ 69.230549][ T5318] bcachefs (loop0): btree node scan found 2 nodes after overwrites [ 69.236587][ T5318] done [ 69.238592][ T5318] bcachefs (loop0): check_topology... [ 69.240740][ T5318] bcachefs (loop0): btree root extents unreadable, must recover from scan [ 69.248404][ T5318] bcachefs (loop0): no nodes found for btree extents, continuing [ 69.251955][ T5318] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 69.255898][ T5318] bcachefs (loop0): no nodes found for btree inodes, continuing [ 69.259149][ T5318] done [ 69.260751][ T5318] bcachefs (loop0): accounting_read... done [ 69.263940][ T5318] bcachefs (loop0): alloc_read... done [ 69.267534][ T5318] bcachefs (loop0): snapshots_read... done [ 69.270122][ T5318] bcachefs (loop0): check_allocations... [ 69.272284][ T5318] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 69.272299][ T5318] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 69.288328][ T5318] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 69.288341][ T5318] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 69.299107][ T5318] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 69.299119][ T5318] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 69.310210][ T5318] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 69.310223][ T5318] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 69.321402][ T5318] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 69.321415][ T5318] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 69.334669][ T5318] bcachefs (loop0): bucket 0:27 gen 0 has wrong data_type: got btree, should be need_discard, fixing [ 69.339250][ T5318] bcachefs (loop0): bucket 0:27 gen 0 data type need_discard has wrong dirty_sectors: got 256, should be 0, fixing [ 69.346008][ T5318] bcachefs (loop0): bucket 0:34 gen 0 has wrong data_type: got user, should be need_discard, fixing [ 69.350235][ T5318] bcachefs (loop0): bucket 0:34 gen 0 data type need_discard has wrong dirty_sectors: got 16, should be 0, fixing [ 69.355859][ T5318] bcachefs (loop0): bucket 0:38 gen 0 has wrong data_type: got btree, should be need_discard, fixing [ 69.360064][ T5318] bcachefs (loop0): bucket 0:38 gen 0 data type need_discard has wrong dirty_sectors: got 256, should be 0, fixing [ 69.366957][ T5318] done [ 69.371537][ T5318] bcachefs (loop0): going read-write [ 69.391308][ T5318] bcachefs (loop0): journal_replay... done [ 69.432720][ T5318] bcachefs (loop0): check_lrus... [ 69.433736][ T5318] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 69.433751][ T5318] u64s 5 type set 18446462598867058688:34:0 len 0 ver 0 [ 69.433757][ T5318] for u64s 13 type alloc_v4 0:34:0 len 0 ver 0: [ 69.433762][ T5318] gen 0 oldest_gen 0 data_type need_discard [ 69.433767][ T5318] journal_seq_nonempty 5 [ 69.433772][ T5318] journal_seq_empty 134217728 [ 69.433777][ T5318] need_discard 1 [ 69.433782][ T5318] need_inc_gen 1 [ 69.433786][ T5318] dirty_sectors 0 [ 69.433791][ T5318] stripe_sectors 0 [ 69.433796][ T5318] cached_sectors 0 [ 69.433801][ T5318] stripe 0 [ 69.433806][ T5318] stripe_redundancy 0 [ 69.433811][ T5318] io_time[READ] 1 [ 69.433816][ T5318] io_time[WRITE] 512 [ 69.433821][ T5318] fragmentation 0 [ 69.433826][ T5318] bp_start 8 [ 69.433831][ T5318] , fixing [ 69.496125][ T5318] done [ 69.498423][ T5318] bcachefs (loop0): check_backpointers_to_extents... [ 69.499106][ T5318] bcachefs (loop0): backpointer doesn't match btree node it points to: [ 69.499117][ T5318] u64s 9 type backpointer 0:7077888:0 len 0 ver 0: bucket=0:27:0 btree=extents level=1 data_type=btree suboffset=0 len=256 gen=0 pos=SPOS_MAX [ 69.499124][ T5318] u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing [ 69.515464][ T5318] bcachefs (loop0): backpointer doesn't match extent it points to: [ 69.515478][ T5318] u64s 9 type backpointer 0:8912896:0 len 0 ver 0: bucket=0:34:0 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=4099:8:U32_MAX [ 69.515485][ T5318] u64s 5 type deleted 4099:8:U32_MAX len 0 ver 0, fixing [ 69.528247][ T5318] bcachefs (loop0): backpointer doesn't match extent it points to: [ 69.528259][ T5318] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=536870913:24:U32_MAX [ 69.528267][ T5318] u64s 5 type deleted 536870913:24:U32_MAX len 0 ver 0, fixing [ 69.543161][ T5318] done [ 69.553758][ T5318] bcachefs (loop0): check_inodes... done [ 69.558404][ T5318] bcachefs (loop0): check_extents... done [ 69.561254][ T5318] bcachefs (loop0): check_dirents... [ 69.571231][ T5318] bcachefs (loop0): hash table key at wrong offset: btree dirents inode 4096 offset 189491840996961599, hashed to 68795212746880106 [ 69.571245][ T5318] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 69.584409][ T5318] bcachefs (loop0): hash table key at wrong offset: btree dirents inode 4096 offset 1896155912177158345, hashed to 35085515490358056 [ 69.584425][ T5318] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 69.595590][ T5318] bcachefs (loop0): hash table key at wrong offset: btree dirents inode 4096 offset 2695648408715017799, hashed to 3322038592476528830 [ 69.595603][ T5318] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 69.608584][ T5318] bcachefs (loop0): dirent points to missing inode: [ 69.608595][ T5318] u64s 7 type dirent 4096:3322038592476528830:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 69.616273][ T5318] bcachefs (loop0): hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 6287655538691643799 [ 69.616286][ T5318] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 69.628710][ T5318] bcachefs (loop0): dirent points to missing inode: [ 69.628718][ T5318] u64s 7 type dirent 4096:6287655538691643799:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 69.638430][ T5318] bcachefs (loop0): hash table key at wrong offset: btree dirents inode 4096 offset 8130059955150870709, hashed to 851866006260432107 [ 69.638439][ T5318] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 69.649337][ T5318] bcachefs (loop0): hash table key at wrong offset: btree dirents inode 4096 offset 9097378837824744618, hashed to 6331225265350904928 [ 69.649347][ T5318] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 69.660466][ T5318] bcachefs (loop0): hash table key at wrong offset: btree dirents inode 4098 offset 5675548428000973578, hashed to 3847204686676512778 [ 69.660480][ T5318] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing [ 69.671662][ T5318] bcachefs (loop0): hash table key at wrong offset: btree dirents inode 4098 offset 8977922886548783724, hashed to 3004007168038595019 [ 69.671675][ T5318] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing [ 69.681181][ T5318] done [ 69.683594][ T5318] bcachefs (loop0): resume_logged_ops... done [ 69.687276][ T5318] bcachefs (loop0): delete_dead_inodes... done [ 69.693444][ T5318] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 69.697500][ T5318] bcachefs (loop0): check_lrus... done [ 69.699699][ T5318] bcachefs (loop0): check_backpointers_to_extents... done [ 69.702942][ T5318] bcachefs (loop0): check_inodes... done [ 69.706887][ T5318] bcachefs (loop0): check_extents... done [ 69.709589][ T5318] bcachefs (loop0): check_dirents... [ 69.709874][ T5318] bcachefs (loop0): dirent points to missing inode: [ 69.709883][ T5318] u64s 7 type dirent 4096:35085515490358056:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 69.720349][ T5318] bcachefs (loop0): directory with missing backpointer [ 69.720360][ T5318] u64s 7 type dirent 4096:68795212746880106:U32_MAX len 0 ver 0: file0 -> 4098 type dir [ 69.720366][ T5318] inum: 4098:4294967295 [ 69.720372][ T5318] mode=40600 [ 69.720376][ T5318] flags=(4300000) [ 69.720381][ T5318] journal_seq=18 [ 69.720385][ T5318] hash_seed=e442b1f54fa0ad8d [ 69.720390][ T5318] hash_type=siphash [ 69.720395][ T5318] bi_size=0 [ 69.720399][ T5318] bi_sectors=0 [ 69.720404][ T5318] bi_version=0 [ 69.720409][ T5318] bi_atime=31031626331391887 [ 69.720413][ T5318] bi_ctime=31031626331391887 [ 69.720418][ T5318] bi_mtime=31031626331391887 [ 69.720423][ T5318] bi_otime=31031626331391887 [ 69.720427][ T5318] bi_uid=0 [ 69.720432][ T5318] bi_gid=0 [ 69.720437][ T5318] bi_nlink=0 [ 69.720442][ T5318] bi_generation=0 [ 69.720446][ T5318] bi_dev=0 [ 69.720451][ T5318] bi_data_checksum=0 [ 69.720456][ T5318] bi_compression=0 [ 69.720460][ T5318] bi_project=0 [ 69.720465][ T5318] bi_background_compression=0 [ 69.720470][ T5318] bi_data_replicas=0 [ 69.720475][ T5318] bi_promote_target=0 [ 69.720480][ T5318] bi_foreground_target=0 [ 69.720484][ T5318] bi_background_target=0 [ 69.720489][ T5318] bi_erasure_code=0 [ 69.720493][ T5318] bi_fields_set=0 [ 69.720498][ T5318] bi_dir=0 [ 69.720502][ T5318] bi_dir_offset=0 [ 69.720507][ T5318] bi_subvol=0 [ 69.720511][ T5318] bi_parent_subvol=0 [ 69.720516][ T5318] bi_nocow=0 [ 69.720520][ T5318] bi_depth=0 [ 69.720524][ T5318] bi_inodes_32bit=0 [ 69.720529][ T5318] bi_casefold=0, fixing [ 69.791527][ T5318] bcachefs (loop0): dirent points to missing inode: [ 69.791538][ T5318] u64s 8 type dirent 4096:851866006260432107:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 69.799471][ T5318] bcachefs (loop0): dirent points to missing inode: [ 69.799482][ T5318] u64s 8 type dirent 4096:6331225265350904928:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 69.807668][ T5318] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 2 should be 1 [ 69.812002][ T5318] bcachefs (loop0): directory 4096:4294967295 with wrong i_nlink: got 0, should be 1, fixing [ 69.817304][ T5318] bcachefs (loop0): dirent points to missing inode: [ 69.817312][ T5318] u64s 7 type dirent 4098:3004007168038595019:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing [ 69.824139][ T5318] bcachefs (loop0): dirent points to missing inode: [ 69.824149][ T5318] u64s 7 type dirent 4098:3847204686676512778:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing [ 69.834172][ T5318] ================================================================== [ 69.837342][ T5318] BUG: KASAN: use-after-free in bch2_check_dirents+0x1bac/0x2460 [ 69.840441][ T5318] Read of size 1 at addr ffff888055980198 by task syz.0.0/5318 [ 69.843278][ T5318] [ 69.844147][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 69.844162][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.844168][ T5318] Call Trace: [ 69.844174][ T5318] [ 69.844179][ T5318] dump_stack_lvl+0x189/0x250 [ 69.844197][ T5318] ? __virt_addr_valid+0x18c/0x540 [ 69.844212][ T5318] ? rcu_is_watching+0x15/0xb0 [ 69.844226][ T5318] ? __kasan_check_byte+0x12/0x40 [ 69.844237][ T5318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.844250][ T5318] ? rcu_is_watching+0x15/0xb0 [ 69.844263][ T5318] ? lock_release+0x4b/0x3e0 [ 69.844277][ T5318] ? __virt_addr_valid+0x18c/0x540 [ 69.844288][ T5318] ? __virt_addr_valid+0x469/0x540 [ 69.844300][ T5318] print_report+0xb4/0x290 [ 69.844312][ T5318] ? bch2_check_dirents+0x1bac/0x2460 [ 69.844323][ T5318] kasan_report+0x118/0x150 [ 69.844335][ T5318] ? bch2_check_dirents+0x1bac/0x2460 [ 69.844347][ T5318] bch2_check_dirents+0x1bac/0x2460 [ 69.844358][ T5318] ? desc_read+0x1b8/0x3f0 [ 69.844375][ T5318] ? __pfx_bch2_check_dirents+0x10/0x10 [ 69.844388][ T5318] ? __pfx__prb_read_valid+0x10/0x10 [ 69.844401][ T5318] ? __console_unlock+0x14c/0x1a0 [ 69.844411][ T5318] ? __pfx___console_unlock+0x10/0x10 [ 69.844422][ T5318] ? prb_read_valid+0x3c/0x60 [ 69.844435][ T5318] ? console_unlock+0x21b/0x270 [ 69.844443][ T5318] ? __pfx_console_unlock+0x10/0x10 [ 69.844454][ T5318] ? irq_work_queue+0xc3/0x140 [ 69.844468][ T5318] ? __pfx_vprintk_emit+0x10/0x10 [ 69.844483][ T5318] ? bch2_check_dirents+0x25d/0x2460 [ 69.844496][ T5318] bch2_run_recovery_pass+0xdf/0x1d0 [ 69.844506][ T5318] bch2_run_recovery_passes+0x2a0/0xdb0 [ 69.844519][ T5318] bch2_fs_recovery+0x26c8/0x37b0 [ 69.844538][ T5318] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 69.844559][ T5318] ? __lock_acquire+0xaac/0xd20 [ 69.844576][ T5318] ? percpu_ref_put+0x1e/0x230 [ 69.844588][ T5318] ? bch2_get_next_online_dev+0x2d/0x4d0 [ 69.844600][ T5318] ? bch2_fs_start+0x65b/0xae0 [ 69.844615][ T5318] ? up_write+0x1c4/0x420 [ 69.844625][ T5318] bch2_fs_start+0x70b/0xae0 [ 69.844640][ T5318] ? __pfx_bch2_fs_start+0x10/0x10 [ 69.844655][ T5318] ? percpu_ref_put+0x1e/0x230 [ 69.844667][ T5318] ? percpu_ref_put+0x1e/0x230 [ 69.844677][ T5318] ? percpu_ref_put+0x188/0x230 [ 69.844687][ T5318] bch2_fs_get_tree+0xd99/0x1340 [ 69.844703][ T5318] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 69.844718][ T5318] ? aa_get_newest_label+0xf7/0x5d0 [ 69.844728][ T5318] ? vfs_parse_monolithic_sep+0x2e3/0x310 [ 69.844744][ T5318] ? apparmor_capable+0x137/0x1b0 [ 69.844758][ T5318] vfs_get_tree+0x8f/0x2b0 [ 69.844770][ T5318] do_new_mount+0x24a/0xa40 [ 69.844784][ T5318] __se_sys_mount+0x317/0x410 [ 69.844797][ T5318] ? __pfx___se_sys_mount+0x10/0x10 [ 69.844810][ T5318] ? do_syscall_64+0xba/0x210 [ 69.844863][ T5318] ? __x64_sys_mount+0x20/0xc0 [ 69.844875][ T5318] do_syscall_64+0xf6/0x210 [ 69.844885][ T5318] ? clear_bhb_loop+0x45/0xa0 [ 69.844896][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.844928][ T5318] RIP: 0033:0x7f6cddd9010a [ 69.844939][ T5318] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.844949][ T5318] RSP: 002b:00007f6cda1f4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.844961][ T5318] RAX: ffffffffffffffda RBX: 00007f6cda1f4ef0 RCX: 00007f6cddd9010a [ 69.844968][ T5318] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 00007f6cda1f4eb0 [ 69.844974][ T5318] RBP: 0000200000000000 R08: 00007f6cda1f4ef0 R09: 0000000001000001 [ 69.844980][ T5318] R10: 0000000001000001 R11: 0000000000000246 R12: 0000200000000040 [ 69.844987][ T5318] R13: 00007f6cda1f4eb0 R14: 0000000000005968 R15: 0000200000000300 [ 69.844997][ T5318] [ 69.845001][ T5318] [ 69.986042][ T5318] The buggy address belongs to the physical page: [ 69.988358][ T5318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55980 [ 69.991567][ T5318] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 69.994232][ T5318] page_type: f0(buddy) [ 69.995873][ T5318] raw: 04fff00000000000 ffffea0001551808 ffff88805ffd6f08 0000000000000000 [ 69.999088][ T5318] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 70.002313][ T5318] page dumped because: kasan: bad access detected [ 70.004756][ T5318] page_owner tracks the page as freed [ 70.006715][ T5318] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5318, tgid 5316 (syz.0.0), ts 69691422407, free_ts 69833851545 [ 70.013019][ T5318] post_alloc_hook+0x1d8/0x230 [ 70.014860][ T5318] get_page_from_freelist+0x21ce/0x22b0 [ 70.016937][ T5318] __alloc_frozen_pages_noprof+0x181/0x370 [ 70.019165][ T5318] __alloc_pages_noprof+0xa/0x30 [ 70.021016][ T5318] ___kmalloc_large_node+0x85/0x200 [ 70.022715][ T5318] __kmalloc_large_node_noprof+0x18/0x90 [ 70.024708][ T5318] __kvmalloc_node_noprof+0x74/0x5e0 [ 70.026657][ T5318] btree_node_sort+0x65d/0x1790 [ 70.028429][ T5318] bch2_btree_post_write_cleanup+0x11f/0xab0 [ 70.030655][ T5318] bch2_btree_node_write_trans+0x17b/0x760 [ 70.032784][ T5318] __btree_node_flush+0x323/0x430 [ 70.034664][ T5318] bch2_btree_node_flush0+0x27/0x40 [ 70.036970][ T5318] journal_flush_pins+0x8e0/0xe90 [ 70.039472][ T5318] journal_flush_done+0x112/0x810 [ 70.042031][ T5318] bch2_journal_flush_pins+0xdc/0x250 [ 70.044732][ T5318] bch2_fs_recovery+0x2550/0x37b0 [ 70.046983][ T5318] page last free pid 5318 tgid 5316 stack trace: [ 70.049431][ T5318] __free_pages_ok+0x916/0xac0 [ 70.051367][ T5318] __folio_put+0x21b/0x2c0 [ 70.053016][ T5318] free_large_kmalloc+0x145/0x200 [ 70.054994][ T5318] btree_node_sort+0x1149/0x1790 [ 70.056825][ T5318] bch2_btree_post_write_cleanup+0x11f/0xab0 [ 70.058984][ T5318] bch2_btree_node_prep_for_write+0x341/0x660 [ 70.061180][ T5318] bch2_trans_lock_write+0x669/0xbb0 [ 70.063039][ T5318] __bch2_trans_commit+0x2cb3/0x8ae0 [ 70.064880][ T5318] bch2_check_dirents+0x19ae/0x2460 [ 70.066770][ T5318] bch2_run_recovery_pass+0xdf/0x1d0 [ 70.068640][ T5318] bch2_run_recovery_passes+0x2a0/0xdb0 [ 70.070618][ T5318] bch2_fs_recovery+0x26c8/0x37b0 [ 70.072627][ T5318] bch2_fs_start+0x70b/0xae0 [ 70.074668][ T5318] bch2_fs_get_tree+0xd99/0x1340 [ 70.076661][ T5318] vfs_get_tree+0x8f/0x2b0 [ 70.078503][ T5318] do_new_mount+0x24a/0xa40 [ 70.080280][ T5318] [ 70.081223][ T5318] Memory state around the buggy address: [ 70.083377][ T5318] ffff888055980080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.086612][ T5318] ffff888055980100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.089678][ T5318] >ffff888055980180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.092744][ T5318] ^ [ 70.094682][ T5318] ffff888055980200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.098004][ T5318] ffff888055980280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.101133][ T5318] ================================================================== [ 70.114184][ T5318] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.117088][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 70.122081][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.126035][ T5318] Call Trace: [ 70.127330][ T5318] [ 70.128390][ T5318] dump_stack_lvl+0x99/0x250 [ 70.130087][ T5318] ? __asan_memcpy+0x40/0x70 [ 70.131971][ T5318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.134083][ T5318] ? __pfx__printk+0x10/0x10 [ 70.135963][ T5318] panic+0x2db/0x790 [ 70.137588][ T5318] ? __pfx_panic+0x10/0x10 [ 70.139298][ T5318] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 70.141628][ T5318] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 70.144149][ T5318] ? print_memory_metadata+0x314/0x400 [ 70.146304][ T5318] ? bch2_check_dirents+0x1bac/0x2460 [ 70.148380][ T5318] check_panic_on_warn+0x89/0xb0 [ 70.150318][ T5318] ? bch2_check_dirents+0x1bac/0x2460 [ 70.152440][ T5318] end_report+0x78/0x160 [ 70.154195][ T5318] kasan_report+0x129/0x150 [ 70.156032][ T5318] ? bch2_check_dirents+0x1bac/0x2460 [ 70.158229][ T5318] bch2_check_dirents+0x1bac/0x2460 [ 70.160337][ T5318] ? desc_read+0x1b8/0x3f0 [ 70.161869][ T5318] ? __pfx_bch2_check_dirents+0x10/0x10 [ 70.163964][ T5318] ? __pfx__prb_read_valid+0x10/0x10 [ 70.165723][ T5318] ? __console_unlock+0x14c/0x1a0 [ 70.167522][ T5318] ? __pfx___console_unlock+0x10/0x10 [ 70.169391][ T5318] ? prb_read_valid+0x3c/0x60 [ 70.170977][ T5318] ? console_unlock+0x21b/0x270 [ 70.172944][ T5318] ? __pfx_console_unlock+0x10/0x10 [ 70.175024][ T5318] ? irq_work_queue+0xc3/0x140 [ 70.176978][ T5318] ? __pfx_vprintk_emit+0x10/0x10 [ 70.178980][ T5318] ? bch2_check_dirents+0x25d/0x2460 [ 70.181134][ T5318] bch2_run_recovery_pass+0xdf/0x1d0 [ 70.183285][ T5318] bch2_run_recovery_passes+0x2a0/0xdb0 [ 70.185613][ T5318] bch2_fs_recovery+0x26c8/0x37b0 [ 70.187718][ T5318] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 70.189733][ T5318] ? __lock_acquire+0xaac/0xd20 [ 70.191521][ T5318] ? percpu_ref_put+0x1e/0x230 [ 70.193461][ T5318] ? bch2_get_next_online_dev+0x2d/0x4d0 [ 70.195704][ T5318] ? bch2_fs_start+0x65b/0xae0 [ 70.197293][ T5318] ? up_write+0x1c4/0x420 [ 70.198911][ T5318] bch2_fs_start+0x70b/0xae0 [ 70.200759][ T5318] ? __pfx_bch2_fs_start+0x10/0x10 [ 70.202829][ T5318] ? percpu_ref_put+0x1e/0x230 [ 70.204547][ T5318] ? percpu_ref_put+0x1e/0x230 [ 70.206422][ T5318] ? percpu_ref_put+0x188/0x230 [ 70.208194][ T5318] bch2_fs_get_tree+0xd99/0x1340 [ 70.210081][ T5318] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 70.211963][ T5318] ? aa_get_newest_label+0xf7/0x5d0 [ 70.213902][ T5318] ? vfs_parse_monolithic_sep+0x2e3/0x310 [ 70.216060][ T5318] ? apparmor_capable+0x137/0x1b0 [ 70.218022][ T5318] vfs_get_tree+0x8f/0x2b0 [ 70.219766][ T5318] do_new_mount+0x24a/0xa40 [ 70.221439][ T5318] __se_sys_mount+0x317/0x410 [ 70.223200][ T5318] ? __pfx___se_sys_mount+0x10/0x10 [ 70.225170][ T5318] ? do_syscall_64+0xba/0x210 [ 70.227047][ T5318] ? __x64_sys_mount+0x20/0xc0 [ 70.228619][ T5318] do_syscall_64+0xf6/0x210 [ 70.230452][ T5318] ? clear_bhb_loop+0x45/0xa0 [ 70.232278][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.234560][ T5318] RIP: 0033:0x7f6cddd9010a [ 70.236096][ T5318] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.242543][ T5318] RSP: 002b:00007f6cda1f4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 70.245740][ T5318] RAX: ffffffffffffffda RBX: 00007f6cda1f4ef0 RCX: 00007f6cddd9010a [ 70.248811][ T5318] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 00007f6cda1f4eb0 [ 70.252007][ T5318] RBP: 0000200000000000 R08: 00007f6cda1f4ef0 R09: 0000000001000001 [ 70.255107][ T5318] R10: 0000000001000001 R11: 0000000000000246 R12: 0000200000000040 [ 70.258229][ T5318] R13: 00007f6cda1f4eb0 R14: 0000000000005968 R15: 0000200000000300 [ 70.261418][ T5318] [ 70.262918][ T5318] Kernel Offset: disabled [ 70.264621][ T5318] Rebooting in 86400 seconds..