program: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140), 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000580)=@newtfilter={0x94, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xf}, {0x0, 0x4}, {0x3, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x68, 0x2, [@TCA_U32_SEL={0x64, 0x5, {0x4, 0x40, 0x5, 0x40, 0x3, 0x0, 0x401, 0x0, [{0x40, 0x2, 0x6}, {0xe7, 0x8001, 0xffffff63, 0xb4a}, {0x4, 0xd3, 0x5}, {0x7, 0x6, 0x1ff, 0x1ff}, {0x6, 0x5, 0x426, 0xfffffff8}]}}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) (async) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000000)=0x7fffffff) (async) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000040)) (async) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0xa00, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) (async) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x818001, &(0x7f0000000100)=ANY=[@ANYBLOB='discard,acl,errors=continue,inline_data,fsck,nochanges,nocow,nocow_e\\abled,fix_errors=no,\x00'], 0x1, 0x5964, &(0x7f0000005b80)="$eJzs3X+QXFW9IPBzu3synZn8mAR4RJDJEMh7PHiaCb8K5dUz762/CpCKhaWEjcJAJhhNQioJQgJKcMGFAiy0tBT1D7SQWjRSVMEqkRL5sQmrKMXqUltIra7oVrmFLCmBSFmuszUz9/T03Ok7t6e7JyTw+RTM7XP69Pece+7pO/ecvpkOAAAAvCnsu3HbgfOPec9PPzv86nXv/+Gm60NveSy/Ggv0pdurX68WcjB1V5aMbbPj4h+u+c7vBy77t5/c1/Pt1/auO379r959xGUPfeKcPXd8/dFX5j/wt+eL4sbxdPJEOnkxCaH6o/1f/tzeJ48ezUtCCOWkb1cIi5LFjy5KMiEG/xJCWJcmfrtw8pP3v3ra+tHt9bd0T8rPFDPe3+Sq6TjbeeCqU8Kv/3XNDT9feu/3una/sGuiSFKtG08hLLik/vVd6f9z03QcbUvii9Pt6hBCT93rzipo1wlNtn9FTvrYdDsn3fYWxInPL8ukS5ly2XTUldn2FNTXrrx2tFquyLxMOnsyaldeO2P+onT7g3R78gzjl+P/SSgloVJr/sZkYoyEuuOWhGTsWFZr6VLt2IZ0/zPpJJMuZdLlrsx+jdWbDrRykkzOj+Uy+fF0XEnzj68/VzdwQU7+W9JtNX2jvhbTIftgXO+UB7X9GhPbtX+athwMpbpzUKP82jhLD0ZvmtebLJ7ympEG4nN719y6vLz2sX19Oe1I7kvS+MnYuJtp/J0/WzTvY9+9+colefEvKaXxS2PHYKbxf3PuUy9ddPO3vpYb//YYv9xS/FMf7nnx3MdvXJbXP3F49YZKS/GHnn/itqVHXro7t/13xv6vtnR8V+15qnv+gYcfyT2+g7F/5rYU/7mz3/u7e5558IXc+CHG72mpf9bu2fL57v4DJ+XGfyT2T29r4+fl3Wc+29//h4G8+E/H+PNbin/3rjveedfCW87JPb6rY//0tRT/vBMfumHegQePyzt3Jnd26jcnwJvTEek11k1perp5Zvc088x21c0XvjpQGb9unZf+P7+TFWUuPkfrWdDJ+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQQjjqlP/6vt9+uO/FSpruTh88Vxrfxvw5ISRzQwjbtg9t3b5h8+UDn7jiyq2bhzYODG0fGN68feuOgdP/aWDr8JaNQztGnx1822njr1sckvFtctyUurtHRkZKfZPzYn3/7sTdv15+1v/5YwiDR/2yv5Lb/hV3bLrryAY/M5JVI+/adOX5vzzjm+l+9aXt6mvQrpGRkZGQ067/e+Ff7/ri/t+fFMLg303Xriee+5cfT2rQWMZEnFSpO4w3qDvpadiOWqvT9sT+qqzfsHF4cPr+HX19OWc//v01L/xl/dVf+Ot4/1Zz96PJ/p27amRj6Strzvt/X7l2PKOoXbX9yLRrto97UX/HvYjti/1XTft7QbpfC3L2q5LT3zf+/JFnfnTMza/sCoOVl5dOrbtov7rSAdCVvKWpemMNPcmiSfnVtHw84vF1K7Zv2rJi246db9uwaejy4cuHN79j5ekrzxw848wzVozt+YoO73+s/++b3P9mx1O23pmNp4Wf2vWD+LO58VTUrqL+GG1XcX/Utyjv/ddzwee+9I47Hj9/PKNonMfStfdhuu0ZPc4rQ914m9pXjfarqB9CCAON+uGlV84JR/+PDTcUnYfqj0z9z4xk1ciTy/70zbO+seSfxzMOynm+vkEtnudrrZ5oz1h/VdPjMXKI9m93KKf71duwXSuffLzr1n1//HStfXPmhKuHtm/funL857y0pfOSYxu2K5sb92vp2M9ySLsl1IZpg/E6qiuMty97/ozFs73amz7XmyxuuF9Z8bm9a25dXl772L68nk7uG69xbpg/vk3emlNyY+aF5VqDG9V/qL7/Go6Pvol29b/vGw98+IHvnz5lfJw6/rNov5Kc/br3mbu/9O0v/Mfvd26/3vcvT/X96X9+fHnchcPjvFJrddqepP68cmoIRe+/paHxfuS+/0qN96fo/ZetZ6J843gDmXRvKBe/X6thyvv11Id7Xjz38RuX5b5f9zf7fr12Uqpc8H49VMZP9v2VVCa3Y/beX5MGSrJq5Cc3HbHr0etWHzOeUTSua6UbjevTmph/5OzXjy96tv+Kgf/w3zt33vjOP91/8a+GVn1mPKP14x7b0pnjXk37t5rTv7VWx3lnff++/bIrNq4bzz90r3/TbcH8J55Ktu3Y+cmhjRuHt25rbr+a/X0a68n2cqu/T+PZbXHBfpWm7NfsPWimv5p9v8X2r2u5vya/33pD0tJ13M6fLZr3se/efGXflFelFV1SSuOXWor/m3Ofeumim7/1tdz4t8f4lZbiDz3/xG1Lj7x0d278O5M0frWl+Kv2PNU9/8DDj+TGH4ztn9tS/OfOfu/v7nnmwRdy44cYv7e1/n9595nP9vf/ITf+00laz+g1Ugj3v3ra+vF0ErrS91tsR9ekdoVsOsmkS5l0uT5dGltrrdQqKCdJXX5duTT/+Lq2NPKRnPx4FVZdMr59LaZD9sH0+YeaUt25v1F+0XUqAMAbXfz8P16Dxs//h9MLpfyVBpjQ7jxsSU7cOA+bWM+ZM+n5JWn8+Pq4Dtj/9jA4ur1+YPxCf6afI8T3Q3adM9Zz0gmTY7S6zlm0/r4sk47tGl8vr9TNQ1NT5zWV0MT6+9R6pl9/z+x+8fr4wE1TmjVQt26VPX5d6YpZo/sdMu2tjEbIGx/ZdbF4P0f/grB6rL4mx0f2Ppp4HLL30cR6jsmcOFu9j6bd8RGbPc34GGty8ecbU49fmKZ/J45f42jZ4zeD410dLT/bn892YN2w4Snt4K0bNvF5WIP4zX4eVluXXDW1zHTx3yzrkq/PumFoet0w5sf9qDS5nvjhnPxm1hPr1+Xy1hPj6SK2a/80bTkYrCcCb1Rx/h9/R4zO/0cvwP+cKVd0HZq9aozxcu8TKjduT9G8Y+p9ej0t/R5fu2fL57v7D5yUe53zSLP3/WyZlOopuO+nqB+XZ9KF/ZizQNNovvfneydel62nqN+z92X0hvkt9fvdu+54510Lbzknt99Xj/8iLe73L01KzS/o98NgvtA4/httvuA+hsnxO3QfQ9H62es2H0lvfJqt+ciHcvJnen9Dz5QHtf0ac9jNR7oObrsAgMNHnP/XPj9L5///KxZIryOK5q0nZ9IxXu68Nef6JO9zyg+k26sz5XvTf1Ex0+vm80586IZ5Bx48Lnfecmez89D/NCnVVzgPbW/enDuPWN2Z+8Vz5xG1eVZ788Tc9tfmie3N03Pj1+bp7c2jc/unNo9ubx0gN35tHeBwn+cWrNdlKovJZtfr3rDz6PSfz87WPPqCnPyZzqN7pzyo7dcY82gAgNdXnP/Hy7g4/388U67dz9lz5wUdum7P/j2QWvynD9a8crbnfbM9b53tef1sr0sc7vPi2V4Xmt11sjf9vDit1LwYAIBDWZz/z03T+fP/9uYnjeZvXZPmJ+bnDeObnx8i8/PDff3L/N/n4sXM/wEA3tji/D/+s8f49//+S5rO/t168/Sc+Obp5unTjZ+m5+mdX2cL7gN4fdcB5k6Utw4AAMDroWtspjT139l/NN1m/5193r/LvyinfLMq6eXxpdu3Dg9ffOWWdUPbhy/efMW64W0XX7V1w/btw5vHy7U7b8ydt6Tzxq5QSfujcbnsvG1h+vcQFub8PYRs+Rj22LEHU/8eQrbauQV/R2Di+DXX3rzjV5qmfKPxkXe88+J/JKd8VDv+l3381IvXb7t4w+YN2zcMbdywc3hyudFZa88MvjczdsuMvi8182OK0sy/v7Mz7ShNaUdX2h9538+eZNqxKG3JorzvP8hp90//2xc/deLIX+8JYfCo8lvb6r9k1ch/vnD4A9v3/XLLaPvnTtv+Wsm0XUXfV5otH/ensvGKbdtPWX/FlZuz3yjZmrieUaqlZ2k9I337l5tcn1ibkz/T+xTKUx4cmppenwAAYJL4+X+8no2fH34hvYCK+c3P09v7/Dh3nj7Y3Dw9+71kRfP0bPm4v83O06ttztOz9RfN0xuVbzRPz5t358X/UE75mWp+nLR3n0fuOLmkuXGS/T6DonGSLT/TcZK0OU6y9ReNk0blG42TvOOeF/+DOeXzND8e2rsvJ3c83N7cePjHTLpoPGTLz3Q8lNocD9n6i8ZDo/KNxkPe8c2Lf35O+WZNHh+jA2NsXAxffNUVWz9ZV262v/+i/fbN7vd/tKr59s/ufV+z3/6Gnw8kebsQCzR7X9nst7+9+8py2/90eythzbd/dr/fpVUHbb02vdms6P6zonXcNTn5M13HnTPlwaHJOi68fuL8P37cE+f/t6TbTn8MdPh/T5rvMWsYv0PfY1Z0HeP3+TSVHQL8PgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoTndlydh2343bDpx/zHt++tnhV697/w83Xf8P13zn9wOX/dtP7uv59mt71x2//lfvPuKyhz5xzp47vv7oK/Mf+NvzhYH7xn5WTk6T1RCSF5MQqj/a/+XP7X3y6NG8JIRQTvp2hbAoWfzooiQTYfAvIYR1tXZOfvL+V09bP7q9/pbuSfkLM0Gy+xV6y7E99e0M4erCPeIwVE3H2c4DV50Sfv2va274+dJ7v9e1+4VdE0WSat14CmHBJfWv7wohzE3/HxVH25L44nS7OoTQU/e6swradUKT7V+Rkz423c5Jt70FceLzyzLpUqZcNh11ZbY9BfW1K68drZYrMi+Tzp6M2pXXzpi/KN3+IN2ePMP45fh/EkpJqNSavzGZGCOh7rglIRk7ltVaulQ7tiHd/0w6yaRLmXS5K7NfY/WmA62cJJPzY7lMfjwdV9L84+vP1Q1ckJP/lnRbTd+or8V0yD4Y1zvlQW2/xsR27Z+mLQdDqe4c1Ci/duDTg9Gb5vUmi6e8ZqSB+NzeNbcuL699bF9fTjuS+5I0ftJS/J0/WzTvY9+9+colefEvKaXxSy3F/825T7100c3f+lpu/Ntj/HJL8U99uOfFcx+/cVlu/+yP/VNpKf7Q80/ctvTIS3fntv/OGL/aUvxVe57qnn/g4Udy2z8Y+2duS/GfO/u9v7vnmQdfyI0fYvyeluKv3bPl8939B07Kjf9I7J/e1sbPy7vPfLa//w8DefGfjvHntxT/7l13vPOuhbeck3t8V8f+6Wsp/nknPnTDvAMPHpd37kzu7NRvToA3pyPSa6yb0nSr88x21c0XvjpQGb/mm5f+P7+TFWWM1rNgFuMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDG9ItrT//ohe/64JpKEkKSU2akgfhcec6qVQMt1Dv0/BO3LT3y0t31eUtaiAMAAAAUi/PwUi2nGpaEq5K54diG5eMawbExlUzOz64hxDjZNYJW45Q6FKfcoTiVDsXp6lCcOR2K092hONWCONXQXJy508SpjI6KJtvTM217mo/T26E48zoUZ36H4izoUJyFHYrTN22c5sfhog7FWdyhOEeMJ7vajXNkh9pzVIfi/F2H4hzdoTjZNeWZjsP5aclj8uKMPSgXxqkk5doTjdbTj07rOa7NenoL6plf9Pu4yXrmNlnPCZnXlWZYT7XJev6+zXqSJuv5xzbrKRXUE8ft1dn2xXpiqsnxv6NDcXa2F+d/x+utazrUnms7FOfTHYrzmQ7Fua7NOADNivP/ifleX+iu/HPoSc842VWAON9dOvZz6u+7vBNSjPfWTP6conjZiXom3tKZti+7gJCJtyyT3zUpXqU2H5kmXrU+3vLMk4X7m11QyLTv5Ex+d1G87MICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMyiX1x7+kcvfNcH14QkjP7X0EgD8bnynFWrBlqod++aW5eX1z62rz6vu9JCIAAAAKBQnId31XKqobuyMnQncyaVq6brANU0Xe4b3/YvCKtHt8lAaSzdkyya9nWV9HUrtm/asmLbjp1v27Bp6PLhy4c3v2Pl6SvPHDzjzDNWrN+wcXhw/GcI3QXxQghjyw/bduz85NDGjcNbt41nZtu/JH3dkjSdpK/rf3sYHN1en7Z/cUF9pSn17Xj27PGnJnI69KDg0AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/H927S5EzquMA/h5Z2ZnptvGrPRrGprNkI8StWgSt5Jq6b4gWGiTkKUgs9W1BJtgcdOENimxjk3AtiYoQksgRHJhJBZbizf9sEXsB4FIjQbcGKQt2gu9UFqtpCUXkjKS3TmzM5OZzDqWpk1/v4v3nTnnOeeZMxcL/3cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3ndT1ZGJyujY+GASQtKlptZBnMvm07TcR9+vPrf1h4XhU8ubxwq5PjYCAAAAeoo5fKAxUgyFXDZkw1XT7xafueTrE2E29wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB89U9WRicro2PjFSQhJl5paB3Eum0/Tch99X3/7ic+9Mjz89+axUh/7AAAAAL3FHJ5pjBRDKSwJA8lVLXXx2cCCtvXtdXGfhXOsa3920K1uyRzrrplj3Sd61K2r33cEAAAA+PCL+T/XGBkKhdy8rvm/V66PdYva6rL1ez+/FQAAAAD+PzH/FxojpVDIlRp5vXPe39l4H/P+4ra6uL7X/+3j+mVd1vf6f/7a+t3/6QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgw2OqOjJRGR0bzyYhJF1qah3EuWw+Tct99F31/OA/bzn84OLmsUKuj40AAACAnmIOn43exVDIDYaBcPF07h++6cBTX37qmZEQwkzMz+fDjg3btt29auYa61YePTzwgyNvfqexTaxbOXM9L4cDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADeU1PVkYnK6Nj4RUkISZeaWgdxLptP03IffV/7wpf++tiJZ99oHiv1sQ8AAADQW8zhs9m/GEohH/Lhiul3zVn/jEzb+m7PDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIALxz3fuu+bGyYnN97thRdeeNF4cb7/MgEAAO+1RSEJtf/RlevP96cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CKaqIxOV0bHxYhJC0qWm1kGcy+bTtNxH3/S5Y4V5p55/sXms1Mc+AAAAQG8xh89m/2IohYEwEC6fftfpmcB0/h96Hz8kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8IEyVR2ZqIyOjc9LQki61NQ6iHPZfJqW++j76K79nz80//s3N48Vcn1sBAAAAPQUc3i+MVIMhdwnQyFcXX8/2bogydbvnZ8LzK7b2rJscM7rqi3rsnNet7vtZLn6aWbWFeN+QzP3xrry2evKTetKodG+3LIu7G1ZNa/H5wwAAABwHsX8X2iMDIVCrtCUc3/WUj8k5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXUxVRyYqo2PjSRJC0qWm1kGcy+bTtNxH3/t+9/FLvvbzPdubx0p97AMAAAD0FnP4bPYvhlJYGD4WFk7n/jDUWh/r/lU5feiRf/9teQgrrjg+nGvf9sfxxW9eu/GF9ksImdbqTAjz6/2SLv1++4dH7l1aO/1YCCsuz159Vr9w7n6zarVyktaermxcu+3I8a29vx8AAAC4EMT8P9AYGQqF3F1d839M3j3yf8N0AJ9/765fXla/1hN524rMUL1fpku/Ly594i/LVv/jzTP5/1z9PrN/86HLWhrOjLRJ0tro5u3rjl93MBNPPdM/29Y/fi9f+fYb/9m04+HTM/2LoVgfX5Dr1P/sa5uL0tpkZt/4mnf3VVv757qc/8Hfv3ji1wv2vHOm/9uLBhv9rznH+c/df/DWh/Zev//wutb+IYRyp/5vvXNzuPJPdz7Qfv7Bto2bv/nma5skrR1dfPLg6gOlG1r7J2394/f/ixOP7v3pw997JvaPvxVZvmSu/TNt/V/efemul3auX9DaP9Pl/C/c9srwlvJ3/9h+/jtads11/RRnn//xa5+8/dUN6f3tUwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABeWqerIRGV0bDyThJB0qal1EOey+TQt99H39VuOvXXbnp/8qHms1Mc+AAAAQG8xh89m/2IohXzIh8Hp3P90ZePabUeObw1DM7NJ/Z6b3HLPtk9t2rL9rjvO0ycHAAAA5irm/1xjZCgUckvDQD3/j27evu74dQczMf9nYv7fdOfkxhWhUffy7kt3vbRz/YLGc4IQpn8WUDxT99nZuptuPDZ08s/fWNaxbtVs3dHFJw+uPlC6IdaF5rqVofF84vFrn7z91Q3p/Y3P11z36a9vmaw/noj7Dt760N7r9x9e1zhH/T5Y3zfWTWb2ja95d1811mXr92L93AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA2aaqIxOV0bHxkA0h6VJT6yDOZfNpWu6j75qlv3rgklPPLmweK+T62AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4L/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYb9+QuMo+ziAP89u8mabTdqkfcGomKZVUerBoiCiFxUVaUUKnipFqq09iIIgotSDqbRiqYoXweqliApqlIKCjcXSKqn4r3jxoIJC9SCUYkC7FA8q2X1mu5nuuDqpgvr5wPDkeWbmO7+Z59nZLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8oA31jzfbwjvsbt5xzw0eP3nXikZveuXfbRQ+/+t3Epus+3Dv40smZzSu2fHn9sk37714zvfv5Qz8Nv/XL0Z7BD7WaValbCyEejyHU3p195rGZj8+aG4shhGocmQxhNC49NBpzCat/DiFsbtc5f+ebJy7fMtdu2zUwb3xJLiR/X6FezeppGZlfL/8utbTOtjYevCR8fe367Z8uf+P1/qljk6cOibWO9RTC4o2d5/eHEBalbU622sayk1O7LoQw2HHelT3qOv8P1n9pQf/c1P4vtfUeOdn+lbl+JXdcvp/pz7WDPa63UEV1lD2ul6FcP/8yWqiiOrPx0dS+ndpVfzK/mm0xVGLoa5d/Tzy1RkLHvMUQm3NZa/cr7bkN6f5z/ZjrV3L9an/uvprXTQutGuP88ey43Hj2Ou5L4ys639Vd3FowfnZqa+mDejLrh/wfLfXT/mjfV1NW1+zv1PJ3qHS8g7qNtyc+TUY9jdXj0tPO+bWLbN/M+icurG547/BIQR1xb0z5sVT+1k9Gh25/becDY0X5Gyspv1Iq/5u1R364becLzxXmP53lV0vlX3Zg8Pja93esLHw+s9nz6SuVf8fRD55c/v87p7rNdTN/T5ZfK5V/zfSRgeHGgYOF9a/Ons+iUvlfXX3jt698vu9YYX7I8gdL5W+Yvu+pgfHGxYX5B1sfhXpzhZZYPz9OXfHF+Pj3E0X5n2XPf7hLfuyZ//Lk7qteXLJrTeH6XJc9n5FS9d98wf7tQ4195xW9O+OeM/XNCfDftCz9j/V46pf9nblQHb8Xnp3oa30DDaVt+ExeKGfuOov/wnwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDf2IEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeCgAA//9L2SYy") [ 74.833892][ T4685] Bluetooth: hci0: command tx timeout [ 74.900175][ T5337] Zero length message leads to an empty skb [ 75.349038][ T5338] loop0: detected capacity change from 0 to 32768 [ 75.689696][ T5338] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,fix_errors=no,nochanges,nojournal_transaction_names,read_only,nocow [ 75.689716][ T5338] allowing incompatible features above 0.0: (unknown version) [ 75.689722][ T5338] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 75.710723][ T5338] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 75.716202][ T5338] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 75.721563][ T5338] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=blacklist in superblock: invalid journal seq blacklist entry: bad size, fixing [ 75.746678][ T5338] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 75.746697][ T5338] has non ptr field, deleting [ 75.778864][ T5338] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 75.967932][ T5338] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 75.999643][ T5338] bcachefs (loop0): check_topology... done [ 76.011539][ T5338] bcachefs (loop0): accounting_read... done [ 76.016523][ T5338] bcachefs (loop0): alloc_read... done [ 76.021124][ T5338] bcachefs (loop0): snapshots_read... done [ 76.032572][ T5338] bcachefs (loop0): check_allocations... [ 76.035742][ T5338] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 76.035770][ T5338] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 76.077358][ T5338] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 76.077375][ T5338] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 76.111807][ T5338] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 76.111824][ T5338] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 76.142673][ T5338] bcachefs (loop0): bucket 0:28 data type btree ptr gen 0 missing in alloc btree [ 76.142690][ T5338] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 76.159922][ T5338] bcachefs (loop0): key version number higher than recorded 0 [ 76.159943][ T5338] u64s 5 type set 0:34:0 len 1 ver 8323072, not fixing [ 76.193804][ T5338] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 76.193828][ T5338] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 76.223742][ T5338] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 76.223758][ T5338] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 76.232776][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.232853][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.272605][ T5338] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 76.272620][ T5338] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing [ 76.305852][ T5338] bcachefs (loop0): bucket 0:37 data type btree ptr gen 0 missing in alloc btree [ 76.305868][ T5338] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing [ 76.341819][ T5338] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 76.341833][ T5338] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 76.364031][ T5338] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree [ 76.364048][ T5338] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 76.409433][ T5338] done [ 76.413322][ T5338] bcachefs (loop0): going read-write [ 76.441710][ T5338] bcachefs (loop0): journal_replay... done [ 76.527107][ T5338] bcachefs (loop0): check_alloc_info... [ 76.528805][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.528832][ T5338] device 0 buckets 9-16, fixing [ 76.596298][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.596315][ T5338] device 0 buckets 24-25, fixing [ 76.612640][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.612655][ T5338] device 0 buckets 26-28, fixing [ 76.620239][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.620254][ T5338] device 0 buckets 31-33, fixing [ 76.632862][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.632878][ T5338] device 0 buckets 34-36, fixing [ 76.658169][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.658185][ T5338] device 0 buckets 38-39, fixing [ 76.676658][ T5338] done [ 76.678163][ T5338] bcachefs (loop0): check_lrus... [ 76.679473][ T5338] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 76.679494][ T5338] u64s 5 type set 18446462598867058688:6597069766690:0 len 0 ver 0 [ 76.679502][ T5338] for u64s 5 type deleted 0:6597069766690:0 len 0 ver 0, fixing [ 76.728306][ T5338] done [ 76.729809][ T5338] bcachefs (loop0): check_btree_backpointers... [ 76.730658][ T5338] bcachefs (loop0): backpointer for nonexistent alloc key: 0:27:0 [ 76.730669][ T5338] u64s 9 type backpointer 0:7077888:0 len 0 ver 0: bucket=0:27:0 btree=extents level=1 data_type=btree suboffset=0 len=256 gen=0 pos=SPOS_MAX, fixing [ 76.770339][ T5338] bcachefs (loop0): backpointer for nonexistent alloc key: 0:31:0 [ 76.770355][ T5338] u64s 9 type backpointer 0:8126464:0 len 0 ver 0: bucket=0:31:0 btree=xattrs level=1 data_type=btree suboffset=0 len=256 gen=0 pos=SPOS_MAX, fixing [ 76.800657][ T5338] bcachefs (loop0): backpointer for nonexistent alloc key: 0:34:0 [ 76.800672][ T5338] u64s 9 type backpointer 0:8912896:0 len 0 ver 0: bucket=0:34:0 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=4099:8:U32_MAX, fixing [ 76.833335][ T5338] bcachefs (loop0): backpointer for nonexistent alloc key: 0:34:0 [ 76.833348][ T5338] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=536870913:24:U32_MAX, fixing [ 76.862708][ T5338] done [ 76.866766][ T4685] Bluetooth: hci0: command tx timeout [ 76.901058][ T5338] bcachefs (loop0): check_backpointers_to_extents... done [ 76.966471][ T5338] bcachefs (loop0): check_extents_to_backpointers... [ 76.967327][ T5338] bcachefs (loop0): scanning for missing backpointers in 2/128 buckets [ 76.984224][ T5338] done [ 76.987251][ T5338] bcachefs (loop0): check_alloc_to_lru_refs... done [ 76.990256][ T5338] bcachefs (loop0): check_snapshot_trees... done [ 77.010084][ T5338] bcachefs (loop0): check_snapshots... done [ 77.031045][ T5338] bcachefs (loop0): check_subvols... done [ 77.044259][ T5338] bcachefs (loop0): check_subvol_children... done [ 77.048139][ T5338] bcachefs (loop0): delete_dead_snapshots... done [ 77.051194][ T5338] bcachefs (loop0): check_inodes... done [ 77.073149][ T5338] bcachefs (loop0): check_extents... done [ 77.076082][ T5338] bcachefs (loop0): check_indirect_extents... done [ 77.078820][ T5338] bcachefs (loop0): check_dirents... [ 77.079106][ T5338] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, not deleting [ 77.117037][ T5338] bcachefs (loop0): key in missing inode, found keys: [ 77.117054][ T5338] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir [ 77.117060][ T5338] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg [ 77.117066][ T5338] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg [ 77.117071][ T5338] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 77.117076][ T5338] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir [ 77.117089][ T5338] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg [ 77.117095][ T5338] , fixing [ 77.239337][ T5338] bcachefs (loop0): hash table key at wrong offset: should be at 975495634863856918 [ 77.239367][ T5338] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 77.258971][ T5338] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:975495634863856918:U32_MAX len 0 ver 0: file0 -> 4098 type dir, not deleting [ 77.266346][ T5338] bcachefs (loop0): dirent points to missing inode: [ 77.266361][ T5338] u64s 7 type dirent 4096:975495634863856918:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 77.306406][ T5338] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, not deleting [ 77.331749][ T5338] bcachefs (loop0): hash table key at wrong offset: should be at 1627632106128969126 [ 77.331764][ T5338] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.361969][ T5338] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, not deleting [ 77.380279][ T5338] bcachefs (loop0): hash table key at wrong offset: should be at 8350139970710847366 [ 77.380294][ T5338] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.401337][ T5338] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, not deleting [ 77.419349][ T5338] bcachefs (loop0): hash table key at wrong offset: should be at 746361100708883002 [ 77.419364][ T5338] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 77.451347][ T5338] bcachefs (loop0): key in missing snapshot dirents u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, not deleting [ 77.476693][ T5338] bcachefs (loop0): hash table key at wrong offset: should be at 4335732571544234834 [ 77.476708][ T5338] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 77.486024][ T5338] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:8350139970710847366:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, not deleting [ 77.524103][ T5338] bcachefs (loop0): dirent points to missing inode: [ 77.524118][ T5338] u64s 7 type dirent 4096:8350139970710847366:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.561071][ T5338] ================================================================== [ 77.575485][ T5338] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 77.582183][ T5338] Read of size 1 at addr ffff888055bc0140 by task syz.0.0/5338 [ 77.587164][ T5338] [ 77.588666][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 77.588682][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.588689][ T5338] Call Trace: [ 77.588697][ T5338] [ 77.588702][ T5338] dump_stack_lvl+0x189/0x250 [ 77.588718][ T5338] ? __virt_addr_valid+0x1c8/0x5c0 [ 77.588729][ T5338] ? rcu_is_watching+0x15/0xb0 [ 77.588739][ T5338] ? __kasan_check_byte+0x12/0x40 [ 77.588750][ T5338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.588760][ T5338] ? rcu_is_watching+0x15/0xb0 [ 77.588769][ T5338] ? lock_release+0x4b/0x3e0 [ 77.588779][ T5338] ? __virt_addr_valid+0x1c8/0x5c0 [ 77.588789][ T5338] ? __virt_addr_valid+0x4a5/0x5c0 [ 77.588800][ T5338] print_report+0xd2/0x2b0 [ 77.588810][ T5338] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.588820][ T5338] kasan_report+0x118/0x150 [ 77.588832][ T5338] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.588846][ T5338] bch2_check_dirents+0x1fac/0x33f0 [ 77.588858][ T5338] ? bch2_check_dirents+0x2f1/0x33f0 [ 77.588869][ T5338] ? desc_read+0x1b8/0x3f0 [ 77.588880][ T5338] ? prb_first_seq+0xfd/0x1a0 [ 77.588890][ T5338] ? __pfx_bch2_check_dirents+0x10/0x10 [ 77.588900][ T5338] ? __pfx_prb_first_seq+0x10/0x10 [ 77.588911][ T5338] ? desc_read+0x1b8/0x3f0 [ 77.588921][ T5338] ? this_cpu_in_panic+0x4f/0x80 [ 77.588932][ T5338] ? _prb_read_valid+0xa07/0xa90 [ 77.588942][ T5338] ? console_flush_all+0x13a/0xc40 [ 77.588954][ T5338] ? up+0xde/0x150 [ 77.589084][ T5338] ? __console_unlock+0x14c/0x1a0 [ 77.589095][ T5338] ? __pfx___console_unlock+0x10/0x10 [ 77.589106][ T5338] ? bch2_trans_put+0x961/0x1220 [ 77.589118][ T5338] ? kfree+0x4d/0x440 [ 77.589130][ T5338] ? prb_read_valid+0x3c/0x60 [ 77.589139][ T5338] ? console_unlock+0x21b/0x270 [ 77.589150][ T5338] ? __pfx_console_unlock+0x10/0x10 [ 77.589163][ T5338] ? vprintk_emit+0x63e/0x7a0 [ 77.589179][ T5338] ? __bch2_print+0x176/0x220 [ 77.589191][ T5338] ? bch2_check_dirents+0x2f1/0x33f0 [ 77.589202][ T5338] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.589215][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.589230][ T5338] __bch2_run_recovery_passes+0x395/0x1010 [ 77.589247][ T5338] bch2_run_recovery_passes+0x184/0x210 [ 77.589259][ T5338] bch2_fs_recovery+0x2690/0x3a50 [ 77.589269][ T5338] ? check_noncircular+0xe0/0x160 [ 77.589283][ T5338] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 77.589295][ T5338] ? __lock_acquire+0xab9/0xd20 [ 77.589307][ T5338] ? __lock_acquire+0xab9/0xd20 [ 77.589318][ T5338] ? __lock_acquire+0xab9/0xd20 [ 77.589331][ T5338] ? bch2_fs_start+0x9fe/0xd90 [ 77.589342][ T5338] ? up_write+0x1c4/0x420 [ 77.589353][ T5338] ? bch2_fs_start+0x5c4/0xd90 [ 77.589364][ T5338] bch2_fs_start+0xa99/0xd90 [ 77.589375][ T5338] ? bch2_fs_start+0x5c4/0xd90 [ 77.589386][ T5338] ? __pfx_bch2_fs_start+0x10/0x10 [ 77.589402][ T5338] ? sget+0x267/0x620 [ 77.589414][ T5338] bch2_fs_get_tree+0xafc/0x14f0 [ 77.589429][ T5338] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 77.589443][ T5338] ? aa_get_newest_label+0xf7/0x5d0 [ 77.589457][ T5338] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 77.589473][ T5338] ? apparmor_capable+0x137/0x1b0 [ 77.589484][ T5338] vfs_get_tree+0x92/0x2b0 [ 77.589506][ T5338] do_new_mount+0x24a/0xa40 [ 77.589521][ T5338] __se_sys_mount+0x317/0x410 [ 77.589535][ T5338] ? __pfx___se_sys_mount+0x10/0x10 [ 77.589548][ T5338] ? do_syscall_64+0xbe/0x3b0 [ 77.589558][ T5338] ? __x64_sys_mount+0x20/0xc0 [ 77.589570][ T5338] do_syscall_64+0xfa/0x3b0 [ 77.589579][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.589592][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.589602][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 77.589612][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.589622][ T5338] RIP: 0033:0x7fc7d29900ca [ 77.589634][ T5338] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.589655][ T5338] RSP: 002b:00007fc7d37b7e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.589669][ T5338] RAX: ffffffffffffffda RBX: 00007fc7d37b7ef0 RCX: 00007fc7d29900ca [ 77.589676][ T5338] RDX: 00002000000000c0 RSI: 0000200000000180 RDI: 00007fc7d37b7eb0 [ 77.589682][ T5338] RBP: 00002000000000c0 R08: 00007fc7d37b7ef0 R09: 0000000000818001 [ 77.589688][ T5338] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000180 [ 77.589693][ T5338] R13: 00007fc7d37b7eb0 R14: 0000000000005964 R15: 0000200000000100 [ 77.589702][ T5338] [ 77.589706][ T5338] [ 77.965075][ T5338] The buggy address belongs to the physical page: [ 77.967589][ T5338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55bc0 [ 77.971011][ T5338] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 77.989206][ T5338] page_type: f0(buddy) [ 77.991199][ T5338] raw: 04fff00000000000 ffffea0001594808 ffff88805ffd6f08 0000000000000000 [ 77.995495][ T5338] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 77.999277][ T5338] page dumped because: kasan: bad access detected [ 78.002707][ T5338] page_owner tracks the page as freed [ 78.015985][ T5338] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5338, tgid 5336 (syz.0.0), ts 77450488386, free_ts 77560994708 [ 78.027913][ T5338] post_alloc_hook+0x240/0x2a0 [ 78.030051][ T5338] get_page_from_freelist+0x21e4/0x22c0 [ 78.032393][ T5338] __alloc_frozen_pages_noprof+0x181/0x370 [ 78.051558][ T5338] __alloc_pages_noprof+0xa/0x30 [ 78.054186][ T5338] ___kmalloc_large_node+0x85/0x210 [ 78.056596][ T5338] __kmalloc_large_node_noprof+0x18/0x90 [ 78.059049][ T5338] __kvmalloc_node_noprof+0x6d/0x5f0 [ 78.061395][ T5338] btree_node_sort+0x666/0x1760 [ 78.077066][ T5338] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.080853][ T5338] bch2_btree_node_prep_for_write+0x337/0x650 [ 78.083583][ T5338] bch2_trans_lock_write+0x669/0xba0 [ 78.087282][ T5338] __bch2_trans_commit+0x2773/0x8870 [ 78.089692][ T5338] bch2_str_hash_repair_key+0x2a2d/0x3fa0 [ 78.103784][ T5338] __bch2_str_hash_check_key+0xa65/0xd40 [ 78.106906][ T5338] bch2_check_dirents+0x2166/0x33f0 [ 78.111004][ T5338] __bch2_run_recovery_passes+0x395/0x1010 [ 78.116075][ T5338] page last free pid 5338 tgid 5336 stack trace: [ 78.126015][ T5338] __free_pages_ok+0xa44/0xc20 [ 78.130864][ T5338] __folio_put+0x21b/0x2c0 [ 78.135570][ T5338] free_large_kmalloc+0x145/0x200 [ 78.145942][ T5338] btree_node_sort+0x117f/0x1760 [ 78.149772][ T5338] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.170449][ T5338] bch2_btree_node_prep_for_write+0x337/0x650 [ 78.183339][ T5338] bch2_trans_lock_write+0x669/0xba0 [ 78.185739][ T5338] __bch2_trans_commit+0x2773/0x8870 [ 78.188054][ T5338] bch2_check_dirents+0x1c5c/0x33f0 [ 78.190227][ T5338] __bch2_run_recovery_passes+0x395/0x1010 [ 78.203827][ T5338] bch2_run_recovery_passes+0x184/0x210 [ 78.206432][ T5338] bch2_fs_recovery+0x2690/0x3a50 [ 78.208867][ T5338] bch2_fs_start+0xa99/0xd90 [ 78.212417][ T5338] bch2_fs_get_tree+0xafc/0x14f0 [ 78.227233][ T5338] vfs_get_tree+0x92/0x2b0 [ 78.229994][ T5338] do_new_mount+0x24a/0xa40 [ 78.231858][ T5338] [ 78.232856][ T5338] Memory state around the buggy address: [ 78.235193][ T5338] ffff888055bc0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.246797][ T5338] ffff888055bc0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.254452][ T5338] >ffff888055bc0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.257878][ T5338] ^ [ 78.277753][ T5338] ffff888055bc0180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.281374][ T5338] ffff888055bc0200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.284968][ T5338] ================================================================== [ 78.322256][ T5338] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 78.326472][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 78.332071][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.346089][ T5338] Call Trace: [ 78.347512][ T5338] [ 78.354432][ T5338] dump_stack_lvl+0x99/0x250 [ 78.356393][ T5338] ? __asan_memcpy+0x40/0x70 [ 78.358327][ T5338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.360554][ T5338] ? __pfx__printk+0x10/0x10 [ 78.379289][ T5338] panic+0x2db/0x790 [ 78.381063][ T5338] ? __pfx_panic+0x10/0x10 [ 78.383014][ T5338] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 78.385878][ T5338] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 78.393469][ T5338] ? print_memory_metadata+0x314/0x400 [ 78.396152][ T5338] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.404767][ T5338] check_panic_on_warn+0x89/0xb0 [ 78.406948][ T5338] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.413565][ T5338] end_report+0x78/0x160 [ 78.415311][ T5338] kasan_report+0x129/0x150 [ 78.417171][ T5338] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.419298][ T5338] bch2_check_dirents+0x1fac/0x33f0 [ 78.421405][ T5338] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.437548][ T5338] ? desc_read+0x1b8/0x3f0 [ 78.441119][ T5338] ? prb_first_seq+0xfd/0x1a0 [ 78.443586][ T5338] ? __pfx_bch2_check_dirents+0x10/0x10 [ 78.452567][ T5338] ? __pfx_prb_first_seq+0x10/0x10 [ 78.455756][ T5338] ? desc_read+0x1b8/0x3f0 [ 78.464599][ T5338] ? this_cpu_in_panic+0x4f/0x80 [ 78.466862][ T5338] ? _prb_read_valid+0xa07/0xa90 [ 78.469125][ T5338] ? console_flush_all+0x13a/0xc40 [ 78.471448][ T5338] ? up+0xde/0x150 [ 78.485467][ T5338] ? __console_unlock+0x14c/0x1a0 [ 78.487722][ T5338] ? __pfx___console_unlock+0x10/0x10 [ 78.490136][ T5338] ? bch2_trans_put+0x961/0x1220 [ 78.492459][ T5338] ? kfree+0x4d/0x440 [ 78.498180][ T5338] ? prb_read_valid+0x3c/0x60 [ 78.500348][ T5338] ? console_unlock+0x21b/0x270 [ 78.502403][ T5338] ? __pfx_console_unlock+0x10/0x10 [ 78.514836][ T5338] ? vprintk_emit+0x63e/0x7a0 [ 78.517008][ T5338] ? __bch2_print+0x176/0x220 [ 78.519135][ T5338] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.521451][ T5338] ? _raw_spin_unlock_irq+0x23/0x50 [ 78.528688][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.534799][ T5338] __bch2_run_recovery_passes+0x395/0x1010 [ 78.542831][ T5338] bch2_run_recovery_passes+0x184/0x210 [ 78.551397][ T5338] bch2_fs_recovery+0x2690/0x3a50 [ 78.554836][ T5338] ? check_noncircular+0xe0/0x160 [ 78.557307][ T5338] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 78.559762][ T5338] ? __lock_acquire+0xab9/0xd20 [ 78.566922][ T5338] ? __lock_acquire+0xab9/0xd20 [ 78.574974][ T5338] ? __lock_acquire+0xab9/0xd20 [ 78.580043][ T5338] ? bch2_fs_start+0x9fe/0xd90 [ 78.586507][ T5338] ? up_write+0x1c4/0x420 [ 78.590051][ T5338] ? bch2_fs_start+0x5c4/0xd90 [ 78.594768][ T5338] bch2_fs_start+0xa99/0xd90 [ 78.596846][ T5338] ? bch2_fs_start+0x5c4/0xd90 [ 78.598919][ T5338] ? __pfx_bch2_fs_start+0x10/0x10 [ 78.618185][ T5338] ? sget+0x267/0x620 [ 78.620030][ T5338] bch2_fs_get_tree+0xafc/0x14f0 [ 78.622254][ T5338] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 78.624853][ T5338] ? aa_get_newest_label+0xf7/0x5d0 [ 78.627244][ T5338] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 78.629838][ T5338] ? apparmor_capable+0x137/0x1b0 [ 78.650076][ T5338] vfs_get_tree+0x92/0x2b0 [ 78.665001][ T5338] do_new_mount+0x24a/0xa40 [ 78.666894][ T5338] __se_sys_mount+0x317/0x410 [ 78.672644][ T5338] ? __pfx___se_sys_mount+0x10/0x10 [ 78.679684][ T5338] ? do_syscall_64+0xbe/0x3b0 [ 78.687090][ T5338] ? __x64_sys_mount+0x20/0xc0 [ 78.691824][ T5338] do_syscall_64+0xfa/0x3b0 [ 78.695571][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.711683][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.718794][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 78.720914][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.728658][ T5338] RIP: 0033:0x7fc7d29900ca [ 78.733696][ T5338] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.752489][ T5338] RSP: 002b:00007fc7d37b7e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 78.759018][ T5338] RAX: ffffffffffffffda RBX: 00007fc7d37b7ef0 RCX: 00007fc7d29900ca [ 78.770659][ T5338] RDX: 00002000000000c0 RSI: 0000200000000180 RDI: 00007fc7d37b7eb0 [ 78.776048][ T5338] RBP: 00002000000000c0 R08: 00007fc7d37b7ef0 R09: 0000000000818001 [ 78.787725][ T5338] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000180 [ 78.796957][ T5338] R13: 00007fc7d37b7eb0 R14: 0000000000005964 R15: 0000200000000100 [ 78.800370][ T5338] [ 78.808066][ T5338] Kernel Offset: disabled [ 78.813879][ T5338] Rebooting in 86400 seconds..