program: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_SET_VRING_ERR(r0, 0x4001af84, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x100000}, &(0x7f00000001c0)=0x40) r2 = msgget$private(0x0, 0x80) r3 = geteuid() io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000005fc0)=[{&(0x7f0000005d00)=""/207, 0xcf}, {&(0x7f0000005e00)=""/159, 0x9f}, {&(0x7f0000005ec0)=""/247, 0xf7}], 0x3) lstat(&(0x7f0000000000)='./file1\x00', &(0x7f0000005b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getuid() mount$binderfs(&(0x7f0000006000), &(0x7f0000006040)='./binderfs\x00', &(0x7f0000006080), 0x1000000, &(0x7f00000060c0)={[{@max={'max', 0x3d, 0x7}}, {@stats}, {@stats}, {@stats}, {@stats}, {@stats}, {@max={'max', 0x3d, 0x7}}], [{@subj_type}]}) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r7, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) fchown(r6, r8, r9) r10 = getpgrp(0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000005c00)={0x0, 0x0}) msgctl$IPC_SET(r2, 0x1, &(0x7f0000005c80)={{0x0, r3, r4, r5, r9, 0x4, 0x1}, 0x0, 0x0, 0x3, 0xc622, 0xcf, 0x200, 0x45, 0x40, 0x40, 0x0, r10, r11}) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000100)=ANY=[@ANYBLOB='sb=0008,shard_inode_numbers,errors=continue,inline_data,direct_io,nochanges,prjquota,compression=none,version_upgrade=incompatible,\x00'], 0x1, 0x598b, &(0x7f00000001c0)="$eJzs3X+QHNV9IPDXM7Pa0a5+rAQOMpjVIqOEQGyt+FXYpGIll9gpIJRcpBzEyYYFrYhsSagkEZAgQeTABwW4cMqpBCd/EBemDltxUQUXo1AQfpzE2dgUFx91hamz77CvyleEQxVAR/l82dTu9Jud6Z3enp2ZFRJ8PiVtT7/p+b7Xr9/M9PdN704AAADgfeHQ7buOXHry73z3T8ffvuV3/37brWGwPFVejRsMpcsb360WcjT1V1ZMLbPj4ldu+sZPR675re88PPD1dw5uOm3zD3/7hGse//xFB+77q6ffWvzov7xaFDeOpzOn15PXkxCqTxz+8y8efP6kybIkhFBOhvaFsCxZ/vSyJBNi9OchhE3pSrnSfOcjb5+zeXJ56139TeVLM0GM9/e3ajrO9h654azwo9/ccNv3V37rb/v2v7ZvepOk2jCeQlhyVePj+9L/C9P1ONpWxAeny/UhhIGGx11Q0K4Pt9n+NTnrp6TLBelysCBOvH9VZr2U2S67HvVllgMF9XUrrx2dbldkUWY9+2LUrbx2xvJl6fLb6fLMOcYvx/9JKCWhUm/+1mR6jISG45aEZOpYVuvrpfqxDen+Z9aTzHops17uy+zXVL3pQCsnSXN53C5THl+OK2n5aY2v1S1cllP+wXRZTZ+o78T1kL1RMzjjRn2/psR2HZ6lLUdDqeE1qFV5fZylB2MwLRtMls94zEQL8b6DG+5eXd74zKGhnHYkDydp/GSqj+Yaf+/3li363DfvvD7v2CZXldL4pY7i//jiF9644s6vfXVFXvx7Y/xyR/HPfnLg9YufvX1VXv/E/RoMlY7ij7363D0rT7x6f27774/9X+3o+K478EL/4iNPPpV7fEdj/yzsqP2vXPjJnzz00mOv5cYPMf5AR/E3Htjxpf7hI2fkxn8q9s9gZ+Pnzf3nvzw8/LORvPgvxviLO4r/4L77Pv7A0rsuyj2+62P/DHUU/5LTH79t0ZHHTs19ft3fq3dOgPenE9JzrDvS9dnyzP5Z8sxuNeQLfzlSqZ23Lkr/L+5lRZmTz8l6lvQyPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEED5w1n/+1P/8zNDrlXS9P73xSqm2jOULQkgWhhB27R7buXvL9mtHPn/d9Tu3j20dGds9Mr599849I+f+2sjO8R1bx/ZM3jv6kXNqj1sektoyOXVG3f0TExOloeayWN+/OX3/j1Zf8L//KYTRD/xguJLb/jX3bXvgxBY/M5J1E5/Ydv2lPzjvb9L9GkrbNdSiXRMTExMhp13/5/JfPPBnh396RgijvzRbu5575Tf+oalBUwXTcVKl/lBrUH8y0LId9Van7Yn9Vdm8Zev46Oz9O/n4cs5+/NubXvv55hu//Ita/1Zz96PN/l24bmJr6S82XPL//+LmWkFRu+r7kWnXfB/3ov6OexHbF/uvmvb3knS/luTsVyWnv2///lMvPXHynW/tC6OVN1dO193f5n71pQOgL/lgW/XGGgaSZU3l1XT7eMTj49bs3rZjza49ez+yZdvYtePXjm//2Npz154/et75562Z2vM1Pd7/WP8vt7n/7Y6nbL1xPD3R1nha+kf7vh1/tjeeitpV1B+T47y4PxpblGnX4qmfC9dNDFz2xa987L5nL60VF43zuHX9eZguByaP89rQMN5m9lWr/SrqhxDCSKt+eOOti8JJ/23LbUWvQ41HpvFnRrJu4vlV//w3F/z1il+vFRyV1/nGBnX4Ol9v9XR7pvqrmh6PiWO0f/tDOd2vwZbtWvv8s313H/qnP663b8GCcOPY7t0719Z+Lkpbuig5pWW7sqVxv1ZO/SyHtFtCfZi2GK+T+kKtfdnXz7h5tlcH0/sGk+Ut9ysr3ndww92ryxufOZTX08nDtRoXxidu8qGcLbdmHliuN7hV/cfq869ofAx/6q8f/cyjf3fujPFxdu1n0X4lOfv1rZce/MrXv/zv/653+/Wp33hh6J//+x+urhUcL68r9Van7fl/Ew2vK2eHUPT8Wxla70fu86/Uen+Knn/Zeqa3bx1vJLM+GMrFz9dqmPF8PfvJgdcvfvb2VbnP18PtPl9vblorFzxfj5Xxk31+JZXmdszf86tpoCTrJr5zxwn7nr5l/cm1gqJxXd867aek8f3ynDbyj5z9+ocrXh6+buTf/dfevW5849ceufKHY+v+pFbQ+XGPbenNca+m/VvN6d96q2Pe2di/H73muq2bauXv+vlvTYvz33RZkP/El5Jde/Z+YWzr1vGdu9rbr3bfT2M92V7u9P00vrotL9iv0oz9mr8b7fRXu8+32P5NHfdX8/NtMCQdncft/d6yRZ/75p3XD814VFrRVaU0fqmj+D+++IU3rrjza1/NjX9vjF/pKP7Yq8/ds/LEq/fnxr8/SeNXO4q/7sAL/YuPPPlUbvzR2P6FHcV/5cJP/uShlx57LTd+iPEHO+v/N/ef//Lw8M9y47+YpPVMniOF8Mjb52yurSehL32+xXb0NbUrZNeTzHops15uXC/V5lrrFZSTpLk8bpeWn9bQllb+IKc8noVVV9SW78T1kL0xe/mxptRiTq2xvOg8FQDgvS5+/h/PQePn/+PpiVL+TANM6zYPW5ETN+Zh0/M5C5ruX5HGj4+P84DDHw2jk8tbR2on+nP9HCE+H7LznLGeMz7cHGMu85ylMD3PWTT/viqzHttVmy+vNOShqZl5TSW0Mf8+s57Z598zu188Pz5yx4xmjTTMW2WPX186Y9bqeodMeyuTEfLGR3ZeLF7PMbwkrJ+qr83xkb2OJh6H7HU0sZ6TMy+cnV5H0+34iM2eZXxMNbn4842Zxy/M0r/Tx691tOzxm8Pxrk5uP9+fz/Zg3rDlS9rRmzds4/OwFvHb/TysPi+5buY2s8V/v8xLHuvzhrE87kelzfnEz+SUtzOf2DgvlzefGF8uYrsOz9KWo8F8IvBeFfP/+B4xmf9PnoD/38x2Reeh2bPGGC/3OqFy6/YU5R0zr9Mb6Oh9fOOBHV/qHz5yRu55zlPtXvezo2ltoOC6n6J+XJ1ZL+zHnAmaonwvW09Rv2evyxgMizvq9wf33ffxB5bedVFuv6+vvZEW9/tXmtYWF/T7cZAvtI7/XssXXMfQHL9H1zEUzZ+9a/lIeuHTfOUjv59TPtfrGwZm3Kjv15TjLh/pO7rtAgCOHzH/r39+lub//yNukJ5HFOWtZ2bWY7zcvDXn/CQvb/29dHljZvvB9Dcq5nrefMnpj9+26Mhjp+bmLfe3m4f+h6a1ocI8tLu8OTePWN+b68Vz84h6ntVdnpjb/nqe2F2enhu/nqd3l0fn9k89j+5uHiA3fn0e4HjPcwvm6zKVxdV25+ves3l0+uuz85VHX5ZTPtc8erDhxr7m/ZoijwYAeHfF/D+exsX8/9nMdt1+zp6bF/TovD3790Dq8V88WnnlfOd98523zndeP9/zEsd7Xjzf80LzO0/2vs+L00rbyYtD835NOX7z4oVHrW0AAHQv5v/xLC4//+8uP2mVv/U15Sfy85bx5efHSH5+vM9/yf+Plc/FQ/N+TTl+838AAI4nMf+Pv/YY//7ff0rXs3+3Xp6eE/94yNMrQZ6eE/9o5OkPDbWTp/d+ni24DuDdnQdo+IjcPAAAAO+GvqlMaebv2X82XWZ/zz7v9/KvyNm+XZX09Pjq3TvHx6+8fsemsd3jV26/btP4ritv2Lll9+7x7bXtus0bc/OWNG/sC5W0P1pvl83blqZ/D2Fpzt9DyG4fw54ydWPm30PIVruw4O8ITB+/9tqbd/xKs2zfanzkHe+8+H+Qs31UP/7X/OHZV27edeWW7Vt2bxnbumXvePN2k1nrwBy+NzN2y5y+LzXzY4bS3L+/szftKM1oR1/aH3nfz55k2rEsbcmyvO8/yGn3d//Ln/3R6RO/eCiE0Q+UP9RV/yXrJv7j5eO/t/vQD3ZMtn/hrO2vb5m2q+j7SrPbx/2pbL1u1+6zNl93/fbsN0p2Js5nlOrr8zSfkT79y23OT2zMKZ/rdQrlGTeOTW3PTwAA0CR+/h/PZ+Pnh19OT6Bieft5enefH+fm6aPNeXreb51mv5esKE/Pbh/3t908vdplnp6tvyhPb7V9qzw9L+/Oi//7OdvPVfvjpLvrPHLHyVXtzedkv8+gaJxkt5/rOEm6HCfZ+ovGSavtW42TvOOeF//TOdvnaX88dHddTu54uLe98fCrmfWi8ZDdfq7jodTleMjWXzQeWm3fajzkHd+8+JfmbN+u5vExOTCmxsX4lTdct/MLDdvN9/dfdN+++f3+j0613/75ve5r/ts/v9eVzX/7u/v9r9z2v9jdTFj77Z/f73fp1FGbr00vNiu6/qxoHndDTvlc53EXzLhxbDKPC++emP/Hj3ti/n9Xuuz1x0DH//ek+R6zlvF79D1mRecx3s9nqewY4P0cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoD39lRVTy0O37zpy6cm/890/HX/7lt/9+223/spN3/jpyDW/9Z2HB77+zsFNp23+4W+fcM3jn7/owH1/9fRbix/9l1cLAw9N/aycma5WQ0heT0KoPnH4z7948PmTJsuSEEI5GdoXwrJk+dPLkkyE0Z+HEDbV29l85yNvn7N5cnnrXf1N5UszQbL7FQbLsT2N7QzhxsI94jhUTcfZ3iM3nBV+9Jsbbvv+ym/9bd/+1/ZNb5JUG8ZTCEuuanx8XwhhYfp/UhxtK+KD0+X6EMJAw+MuKGjXh9ts/5qc9VPS5YJ0OVgQJ96/KrNeatqqP/fxfZnlQEF93Sr1eLsiizLr2RejbuW1M5YvS5ffTpdnzjF+Of5PQikJlXrztybTYyQ0HLckJFPHslpfL9WPbUj3P7OeZNZLmfVyX2a/pupNB1o5SZrL43aZ8vhyXEnLT2t8rW7hspzyD6bLavpEfSeuh+yNmsEZN+r7NSW26/AsbTkaSjnP0lheP/DpwRhMywaT5TMeM9FCvO/ghrtXlzc+c2gopx3Jw0kaP+ko/t7vLVv0uW/eef2KvPhXldL4pY7i//jiF9644s6vfTU3/r0xfrmj+Gc/OfD6xc/eviq3fw7H/ql0FH/s1efuWXni1ftz239/jF/tKP66Ay/0Lz7y5FO57R+N/bOwo/ivXPjJnzz00mOv5cYPMf5AR/E3Htjxpf7hI2fkxn8q9s9gZ+Pnzf3nvzw8/LORvPgvxviLO4r/4L77Pv7A0rsuyj2+62P/DHUU/5LTH79t0ZHHTs177Uzu79U7J8D70wnpOdYd6XqneWa3GvKFvxyp1M75FqX/F/eyoozJepbMY3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6b/vHmcz97+Sc+vaGShJDkbDPRQryvvGDdupEO6h179bl7Vp549f7GshUdxAEAAACKxTy8VC+phhXhhmRhOKXl9nGO4JS4ljSXZ+cQYpzsHEGncUo9ilPuUZxKj+L09SjOgh7F6e9RnGpBnGpoL87CWeJUJkdFm+0ZmLU97ccZ7FGcRT2Ks7hHcZb0KM7SHsUZmjVO++NwWY/iLO9RnBN6FOfEHsX5QI/i/FKP4pzUozjZOeW5jsPF6ZYn58WZulEujFNJyvU7Ws2nn5TWc2qX9QwW1LO46P24zXoWtlnPhzOPK82xnmqb9fxyl/Ukbdbzq13WUyqoJ47bG7Pti/XEtTbH/54exdnbXZz/Fc+3bupRe27uUZw/7lGcP+lRnFu6jJNdB8gT8//pfG8o9Fd+PQykrzjZWYCY766c+jnz/S7vBSjG+1CmfEFRvGyinom3cq7ty04gZOKtypT3NcWr1PORWeJVG+OtztxZuL/ZCYVM+87MlPcXxctOLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPPrHm8/97OWf+PSGkITJfy1NtBDvKy9Yt26kg3oPbrh7dXnjM4cay/orHQQCAAAACsU8vK9eUg39lbWhP1nQtF01nQeopuvlodpyeElYP7lMRkpT6wPJslkfV0kft2b3th1rdu3Z+5Et28auHb92fPvH1p679vzR884/b83mLVvHR2s/Q+gviBdCmJp+2LVn7xfGtm4d37mrVpht/4r0cSvS9SR93PBHw+jk8ta0/csL6ivNqG/PyxfW7pou6dGNgkMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL+ya3chclb3H8DPMzM7M67m7/7xbQxmHWKUtJU2SdcSW3EfKFTQJGQRyoztVkJNqHRjgiaS2qkGqjahpaAEQkoumpJKtdIbX6qU+kIgxaYNdNNQVFov2osWbS1RclEiU3Z3zuzMZCaznYrR9PO5eJ6Zc37n/ObMxcL32QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAzddG5usjE9Uh5MQkh419S7iXDafpuUB+n75+a3fL4yeXN46VsgNsBEAAADQV8zhQ82RYijksiEbLp99t3Tmkm9MhPncDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/O+Zro1NVsYnqucnISQ9aupdxLlsPk3LA/R9450nP/Pq6OhfW8dKA+wDAAAA9BdzeKY5UgylcFUYSi5vq4vPBhZ3rO+si/ssWWBd57ODXnVXLbDumgXWfaxP3brGfUcAAACAj76Y/3PNkZFQyC3qmf/75fpYd2VHXbZxH+S3AgAAAMB/J+b/QnOkFAq5UjOvLzTvL+2oi+v7/d8+rr+6x/p+/89f27j7Pz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHRM18YmK+MT1WwSQtKjpt5FnMvm07Q8QN9VLwz//ZZDDy1tHSvkBtgIAAAA6Cvm8PnoXQyF3HAYCufP5v7Rm/Y//cWnnx0LIczF/Hw+7Niwbdvdq+ausW7lkUND3zv81rea28S6lXPXs3I4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfTVdG5usjE9Uz0tCSHrU1LuIc9l8mpYH6Pv6577w58ePP/dm61hpgH0AAACA/mIOn8/+xVAK+ZAPl86+a836MzId63s9MwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOHfd8476vb5ia2ni3F1544UXzxdn+ywQAALzfrgxJqP+HLlt/tj81AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwYTBdG5usjE9Ui0kISY+aehdxLptP0/IAfdPnjxYWnXzhpdax0gD7AAAAAP3FHD6f/YuhFIbCULhk9l23ZwKz+X/kA/yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIfKdG1ssjI+UV2UhJD0qKl3Eeey+TQtD9D3sZ37Pnvwwu/e3DpWyA2wEQAAANBXzOH55kgxFHIfD4VwReP9VPuCJNu4d38uML9ua9uy4QWvq7Wtyy543a6Ok+Uap5lbV4z7jczdm+vKp68rt6wrhWb7ctu6sKdt1aI+nzMAAADAWRTzf6E5MhIKuUJLzv1JW/2InAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9DBdG5usjE9UkySEpEdNvYs4l82naXmAvvf95v8v+MpPd29vHSsNsA8AAADQX8zh89m/GEphSfi/sGQ294eR9vpY94/KqYOP/vMvy0NYcemx0Vzntj+ML371+o0vdl5CyLRXZ0K4sNEv6dHv17979N5l9VOPh7DikuwVp/ULZ+43r14vJ2n9mcrGtdsOH9va//sBAACAc0HM/0PNkZFQyN3VM//H5N0n/zfNBvAL793584sb10Yi71iRKTR+Z5Dp0e/zy57809Wr//bWTP4/U79P7dt88OK2hnMjHZK0Pr55+7pj1x3IxFPPnTfb0T9+L1/65pv/2rTjkVNz/Yuh2BhfnOvW//Rrh/PS+lRmb3XNe3tr7f1zPc7/0G9fOv7Lxbvfnen/zpXDzf7XnOH8Z+4/fOvDe67fd2hde/8QQrlb/7ffvTlc9oc7H+w8/3DHxq3ffOu1Q5LWjyw9cWD1/tIN7f2Tjv7x+//Z8cf2/PiR7zwb+8ffiiy/aqH9Mx39X9l10c6XH1i/uL1/psf5X7zt1dEt5W//vvP8d7Ttmuv5KU4//xPXPnX7axvS+zunAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzi3TtbHJyvhENZOEkPSoqXcR57L5NC0P0PeNW46+fdvuH/2gdaw0wD4AAABAfzGHz2f/YiiFfMiH4dnc/0xl49pth49tDSNzs0njnpvacs+2T2zasv2uO87SJwcAAAAWKub/XHNkJBRyy8JQI/+Pb96+7th1BzIx/2di/t9059TGFaFZ98qui3a+/MD6xc3nBCHM/iygOFP36Zm66mzdTTceHTnxx69d3bVu1fx+R5aeOLB6f+mGWBda61aG5vOJJ6596vbXNqT3Nz9fa90nv7plqvF4Iu47fOvDe67fd2hd8xyN+3Bj31g3ldlbXfPe3lqsyzbuxca5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDTTdfGJivjE9WQDSHpUVPvIs5l82laHqDvmmW/ePCCk88taR0r5AbYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+zQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX26y9EqiqOA/g5M7PtuLOruxpkRetqRWEPSUFEvVRUhEYIPRkSluZDFAQRhT20hkZiRS9B1otEBdUWQkFukmixRv+klx4qKLAeApEWykV6qNjZc8bZ697GZi2oPh+4nD3n3vu9v3vPmTs7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL9Kb21psz20/cGp28676ZPH7zn+2C3v3b/1kkdf/2Fk4w0f7+l75cTEpuWbv75xycZ9964e3/XiwV8G3vntSD5/a1nwIzPNytSthxCPxRDq708+98TEp+dMj8UQQjUOjoYwFBcfHIqFhFW/hhA2teqcvfPt41dubl5/Z++s8UWFkOJ9hUY11zNjcHa9/LfU0zrbMvXwZeHb69dt+3zZW2/2jB0dPXlIrLetpxAWbmg/vyeEsCBt0/JqW5pPTu3aEEJf23lXd6jrwtOs//KS/vmpPSu1jQ45ef+KQr9SOK7Yz3oKbV+H681XWR3dHtdJf6FffBnNV1mdeXwote+mduVfzK/mLYZKDLVW+ffFk2sktM1bDLE5l/VWv9Ka25Duv9CPhX6l0K/2FO6red200Koxzh7PxxXG8+u4lsaXt7+r53B7yfi5qa2nD+qJ3A/FP2Y0TvmjdV9Nua7JP6nln1BpewfNNd6a+DQZjTTWiItPOef3OeR9E+ueuri6/oNDgyV1xD0x5cdCfu208rd8NtR/5xs7Hlpalr+hkvIrXdX/3ZrDP92x46UXSvOfzfnVrvKv2N93bM2H21eUPp/J/HxqXeXfdeSjp5edfffYXHPdzN+d8+td5V83frh3YGr/gdL6V+Xns6Cr/G+uvfn7177ce7Q0P+T8vq7y148/8Ezv8NSlpfkHZj4KjeYK7WL9/Dx21VfDwz+OlOV/kZ//wBz5sWP+q6O7rnl50c7VpetzbX4+g13Vf+tF+7b1T+29oOzdGXefqW9OgP+nJel/rCdTv9vfmfPV9nvh+ZHazDdQf9oGzuSFCqavs/BvzAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mAHDkgAAAAABP1/3Y5AAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCpAAAA//+6Nyi+") [ 75.891364][ T5337] Bluetooth: hci0: command tx timeout [ 76.012240][ T5356] binder: Unknown parameter 'subj_type' [ 76.490112][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.506006][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.604153][ T5356] loop0: detected capacity change from 0 to 32768 [ 76.786025][ T5356] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,prjquota,nochanges,nojournal_transaction_names,read_only,version_upgrade=incompatible [ 76.786054][ T5356] allowing incompatible features above 0.0: (unknown version) [ 76.786061][ T5356] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 76.841010][ T5356] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 76.846091][ T5356] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 76.853716][ T5356] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 76.853736][ T5356] has non ptr field, deleting [ 76.897843][ T5356] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 76.902615][ T5356] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 76.902615][ T5356] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 76.902615][ T5356] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 76.986532][ T5356] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version) [ 76.986532][ T5356] [ 77.085228][ T5356] bcachefs (loop0): accounting_read... done [ 77.137714][ T5356] bcachefs (loop0): alloc_read... done [ 77.140367][ T5356] bcachefs (loop0): snapshots_read... done [ 77.185901][ T5356] bcachefs (loop0): check_allocations... [ 77.206626][ T5356] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 77.206657][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 77.258604][ T5356] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 77.258619][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 8 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 77.288669][ T5356] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 77.288687][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 77.323431][ T5356] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 77.323447][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 77.355818][ T5356] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.362492][ T5356] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.372966][ T5356] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.404853][ T5356] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.409821][ T5356] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.427060][ T5356] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.446677][ T5356] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.464897][ T5356] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.480585][ T5356] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.492215][ T5356] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.508948][ T5356] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.519224][ T5356] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.532863][ T5356] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.538736][ T5356] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.545823][ T5356] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.556819][ T5356] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 77.565616][ T5356] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.580666][ T5356] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.598264][ T5356] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.608771][ T5356] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.614855][ T5356] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.614870][ T5356] Ratelimiting new instances of previous error [ 77.640717][ T5356] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.640742][ T5356] Ratelimiting new instances of previous error [ 77.680223][ T5356] done [ 77.696815][ T5356] bcachefs (loop0): going read-write [ 77.756726][ T5356] bcachefs (loop0): journal_replay... done [ 77.842469][ T5356] bcachefs (loop0): check_extents_to_backpointers... [ 77.844741][ T5356] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 77.865010][ T5356] done [ 77.882124][ T5356] bcachefs (loop0): check_subvols... done [ 77.885577][ T5356] bcachefs (loop0): check_inodes... done [ 77.888453][ T5356] bcachefs (loop0): check_dirents... [ 77.889542][ T5356] bcachefs (loop0): key in missing inode, found keys: [ 77.889567][ T5356] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir [ 77.889576][ T5356] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg [ 77.889584][ T5356] u64s 7 type 89 4096:2695648408715017799:U32_MAX len 0 ver 0: [ 77.889592][ T5356] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 77.889600][ T5356] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir [ 77.889608][ T5356] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg [ 77.889617][ T5356] , fixing [ 77.911685][ T4705] Bluetooth: hci0: command tx timeout [ 77.984872][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 5485894988672812549 [ 77.984889][ T5356] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 78.016839][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 1839290344830984407 [ 78.016868][ T5356] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 78.043363][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 2890143597535053283 [ 78.043379][ T5356] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 78.068686][ T5356] bcachefs (loop0): dirent points to missing inode: [ 78.068700][ T5356] u64s 7 type dirent 4096:5485894988672812549:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 78.092736][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 8612470646504284936 [ 78.092752][ T5356] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 78.122896][ T5356] bcachefs (loop0): dirent points to missing inode: [ 78.122911][ T5356] u64s 8 type dirent 4096:8612470646504284936:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 78.140648][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 4265063498197937048 [ 78.140672][ T5356] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 78.168698][ T5356] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 2 should be 0 [ 78.178306][ T5356] bcachefs (loop0): key in missing inode, found keys: [ 78.178321][ T5356] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk [ 78.178330][ T5356] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg [ 78.178338][ T5356] , fixing [ 78.238642][ T5356] bcachefs (loop0): key in missing inode, found keys: [ 78.238656][ T5356] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg [ 78.238664][ T5356] , fixing [ 78.272718][ T5356] bcachefs (loop0): check_dirents requires second pass [ 78.276823][ T5356] bcachefs (loop0): dirent points to missing inode: [ 78.276838][ T5356] u64s 7 type dirent 4096:1839290344830984407:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 78.296435][ T5356] ================================================================== [ 78.299704][ T5356] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 78.313265][ T5356] Read of size 1 at addr ffff888054943048 by task syz.0.0/5356 [ 78.316686][ T5356] [ 78.317757][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 78.317773][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.317781][ T5356] Call Trace: [ 78.317789][ T5356] [ 78.317796][ T5356] dump_stack_lvl+0x189/0x250 [ 78.317816][ T5356] ? __kasan_check_byte+0x12/0x40 [ 78.317832][ T5356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.317846][ T5356] ? lock_release+0x4b/0x3e0 [ 78.317865][ T5356] ? __virt_addr_valid+0x4a5/0x5c0 [ 78.317881][ T5356] print_report+0xca/0x240 [ 78.317893][ T5356] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.317905][ T5356] kasan_report+0x118/0x150 [ 78.317919][ T5356] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.317933][ T5356] bch2_check_dirents+0x1fac/0x33f0 [ 78.317946][ T5356] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.317965][ T5356] ? desc_read+0x1b8/0x3f0 [ 78.317980][ T5356] ? prb_first_seq+0xfd/0x1a0 [ 78.317991][ T5356] ? __pfx_bch2_check_dirents+0x10/0x10 [ 78.318002][ T5356] ? __pfx_prb_first_seq+0x10/0x10 [ 78.318013][ T5356] ? desc_read+0x1b8/0x3f0 [ 78.318024][ T5356] ? this_cpu_in_panic+0x4f/0x80 [ 78.318034][ T5356] ? _prb_read_valid+0xa07/0xa90 [ 78.318044][ T5356] ? console_flush_all+0x13a/0xc40 [ 78.318059][ T5356] ? up+0xde/0x150 [ 78.318129][ T5356] ? __console_unlock+0x14c/0x1a0 [ 78.318142][ T5356] ? __pfx___console_unlock+0x10/0x10 [ 78.318158][ T5356] ? prb_read_valid+0x3c/0x60 [ 78.318170][ T5356] ? console_unlock+0x21b/0x270 [ 78.318182][ T5356] ? __pfx_console_unlock+0x10/0x10 [ 78.318196][ T5356] ? vprintk_emit+0x63e/0x7a0 [ 78.318213][ T5356] ? __bch2_print+0x176/0x220 [ 78.318227][ T5356] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.318239][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.318252][ T5356] __bch2_run_recovery_passes+0x3ba/0x1060 [ 78.318271][ T5356] bch2_run_recovery_passes+0x184/0x210 [ 78.318284][ T5356] bch2_fs_recovery+0x2690/0x3a50 [ 78.318299][ T5356] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 78.318311][ T5356] ? __lock_acquire+0xab9/0xd20 [ 78.318327][ T5356] ? __mutex_trylock_common+0x153/0x260 [ 78.318339][ T5356] ? __lock_acquire+0xab9/0xd20 [ 78.318357][ T5356] ? __lock_acquire+0xab9/0xd20 [ 78.318381][ T5356] ? bch2_fs_start+0xa0f/0xda0 [ 78.318393][ T5356] ? up_write+0x1c4/0x420 [ 78.318405][ T5356] ? bch2_fs_start+0x5e7/0xda0 [ 78.318417][ T5356] bch2_fs_start+0xaaf/0xda0 [ 78.318429][ T5356] ? bch2_fs_start+0x5e7/0xda0 [ 78.318441][ T5356] ? __pfx_bch2_fs_start+0x10/0x10 [ 78.318459][ T5356] ? sget+0x267/0x620 [ 78.318472][ T5356] bch2_fs_get_tree+0xb39/0x1520 [ 78.318490][ T5356] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 78.318505][ T5356] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 78.318525][ T5356] vfs_get_tree+0x8f/0x2b0 [ 78.318538][ T5356] do_new_mount+0x2a2/0x9e0 [ 78.318554][ T5356] ? ns_capable+0x8a/0xf0 [ 78.318565][ T5356] ? __pfx_do_new_mount+0x10/0x10 [ 78.318578][ T5356] ? path_mount+0x61c/0xfe0 [ 78.318591][ T5356] ? user_path_at+0x44/0x60 [ 78.318604][ T5356] __se_sys_mount+0x317/0x410 [ 78.318620][ T5356] ? __pfx___se_sys_mount+0x10/0x10 [ 78.318636][ T5356] ? do_syscall_64+0xbe/0x3b0 [ 78.318649][ T5356] ? __x64_sys_mount+0x20/0xc0 [ 78.318664][ T5356] do_syscall_64+0xfa/0x3b0 [ 78.318675][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.318686][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.318717][ T5356] ? clear_bhb_loop+0x60/0xb0 [ 78.318730][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.318742][ T5356] RIP: 0033:0x7f46d099066a [ 78.318753][ T5356] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.318763][ T5356] RSP: 002b:00007f46d184fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 78.318777][ T5356] RAX: ffffffffffffffda RBX: 00007f46d184fef0 RCX: 00007f46d099066a [ 78.318786][ T5356] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f46d184feb0 [ 78.318793][ T5356] RBP: 00002000000000c0 R08: 00007f46d184fef0 R09: 0000000000818001 [ 78.318801][ T5356] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 78.318809][ T5356] R13: 00007f46d184feb0 R14: 000000000000598b R15: 0000200000000100 [ 78.318821][ T5356] [ 78.318826][ T5356] [ 78.702973][ T5356] The buggy address belongs to the physical page: [ 78.707649][ T5356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54943 [ 78.712245][ T5356] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 78.715243][ T5356] raw: 04fff00000000000 0000000000000000 ffffea00015250c8 0000000000000000 [ 78.718781][ T5356] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 78.722748][ T5356] page dumped because: kasan: bad access detected [ 78.727514][ T5356] page_owner tracks the page as freed [ 78.731164][ T5356] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5356, tgid 5355 (syz.0.0), ts 77079221977, free_ts 78296131292 [ 78.742487][ T5356] post_alloc_hook+0x240/0x2a0 [ 78.746014][ T5356] get_page_from_freelist+0x21e4/0x22c0 [ 78.750274][ T5356] __alloc_frozen_pages_noprof+0x181/0x370 [ 78.758053][ T5356] alloc_pages_mpol+0x232/0x4a0 [ 78.762227][ T5356] ___kmalloc_large_node+0x5f/0x1b0 [ 78.766363][ T5356] __kmalloc_large_node_noprof+0x18/0x90 [ 78.771554][ T5356] __kvmalloc_node_noprof+0x6d/0x5f0 [ 78.775439][ T5356] bch2_btree_node_read_done+0x32f6/0x5550 [ 78.780985][ T5356] btree_node_read_work+0x40e/0xe60 [ 78.783383][ T5356] bch2_btree_node_read+0x887/0x2a00 [ 78.791895][ T5356] bch2_btree_root_read+0x5f0/0x760 [ 78.794319][ T5356] read_btree_roots+0x2c6/0x840 [ 78.813135][ T5356] bch2_fs_recovery+0x261f/0x3a50 [ 78.815535][ T5356] bch2_fs_start+0xaaf/0xda0 [ 78.817981][ T5356] bch2_fs_get_tree+0xb39/0x1520 [ 78.820309][ T5356] vfs_get_tree+0x8f/0x2b0 [ 78.822334][ T5356] page last free pid 5356 tgid 5355 stack trace: [ 78.825282][ T5356] __free_pages_ok+0xa83/0xbe0 [ 78.829251][ T5356] free_large_kmalloc+0x13a/0x1f0 [ 78.836989][ T5356] btree_node_sort+0x117f/0x1760 [ 78.839651][ T5356] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.847940][ T5356] bch2_btree_node_prep_for_write+0x337/0x650 [ 78.850794][ T5356] bch2_trans_lock_write+0x669/0xba0 [ 78.856828][ T5356] __bch2_trans_commit+0x2773/0x8870 [ 78.859031][ T5356] bch2_check_dirents+0x1c5c/0x33f0 [ 78.861211][ T5356] __bch2_run_recovery_passes+0x3ba/0x1060 [ 78.863706][ T5356] bch2_run_recovery_passes+0x184/0x210 [ 78.879995][ T5356] bch2_fs_recovery+0x2690/0x3a50 [ 78.882087][ T5356] bch2_fs_start+0xaaf/0xda0 [ 78.884046][ T5356] bch2_fs_get_tree+0xb39/0x1520 [ 78.896318][ T5356] vfs_get_tree+0x8f/0x2b0 [ 78.898422][ T5356] do_new_mount+0x2a2/0x9e0 [ 78.900526][ T5356] __se_sys_mount+0x317/0x410 [ 78.902701][ T5356] [ 78.904104][ T5356] Memory state around the buggy address: [ 78.917081][ T5356] ffff888054942f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.922455][ T5356] ffff888054942f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.927360][ T5356] >ffff888054943000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.940774][ T5356] ^ [ 78.944108][ T5356] ffff888054943080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.962254][ T5356] ffff888054943100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.966821][ T5356] ================================================================== [ 79.022335][ T5356] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 79.034609][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 79.039858][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.049108][ T5356] Call Trace: [ 79.050794][ T5356] [ 79.052214][ T5356] dump_stack_lvl+0x99/0x250 [ 79.054524][ T5356] ? __asan_memcpy+0x40/0x70 [ 79.056734][ T5356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.059213][ T5356] ? __pfx__printk+0x10/0x10 [ 79.061316][ T5356] vpanic+0x281/0x750 [ 79.063171][ T5356] ? preempt_schedule+0xae/0xc0 [ 79.066602][ T5356] ? __pfx_vpanic+0x10/0x10 [ 79.069072][ T5356] ? preempt_schedule_common+0x83/0xd0 [ 79.071813][ T5356] ? preempt_schedule+0xae/0xc0 [ 79.074445][ T5356] ? __pfx_preempt_schedule+0x10/0x10 [ 79.078359][ T5356] panic+0xb9/0xc0 [ 79.081044][ T5356] ? __pfx_panic+0x10/0x10 [ 79.083130][ T5356] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 79.085915][ T5356] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.088337][ T5356] check_panic_on_warn+0x89/0xb0 [ 79.090562][ T5356] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.093731][ T5356] end_report+0x78/0x160 [ 79.096252][ T5356] kasan_report+0x129/0x150 [ 79.098138][ T5356] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.100340][ T5356] bch2_check_dirents+0x1fac/0x33f0 [ 79.102418][ T5356] ? bch2_check_dirents+0x2f1/0x33f0 [ 79.105647][ T5356] ? desc_read+0x1b8/0x3f0 [ 79.107938][ T5356] ? prb_first_seq+0xfd/0x1a0 [ 79.109931][ T5356] ? __pfx_bch2_check_dirents+0x10/0x10 [ 79.112434][ T5356] ? __pfx_prb_first_seq+0x10/0x10 [ 79.114973][ T5356] ? desc_read+0x1b8/0x3f0 [ 79.117157][ T5356] ? this_cpu_in_panic+0x4f/0x80 [ 79.119633][ T5356] ? _prb_read_valid+0xa07/0xa90 [ 79.122886][ T5356] ? console_flush_all+0x13a/0xc40 [ 79.126841][ T5356] ? up+0xde/0x150 [ 79.129603][ T5356] ? __console_unlock+0x14c/0x1a0 [ 79.132987][ T5356] ? __pfx___console_unlock+0x10/0x10 [ 79.136042][ T5356] ? prb_read_valid+0x3c/0x60 [ 79.138565][ T5356] ? console_unlock+0x21b/0x270 [ 79.140611][ T5356] ? __pfx_console_unlock+0x10/0x10 [ 79.142817][ T5356] ? vprintk_emit+0x63e/0x7a0 [ 79.144942][ T5356] ? __bch2_print+0x176/0x220 [ 79.147178][ T5356] ? bch2_check_dirents+0x2f1/0x33f0 [ 79.150016][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.152201][ T5356] __bch2_run_recovery_passes+0x3ba/0x1060 [ 79.154567][ T5356] bch2_run_recovery_passes+0x184/0x210 [ 79.157073][ T5356] bch2_fs_recovery+0x2690/0x3a50 [ 79.159625][ T5356] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 79.162734][ T5356] ? __lock_acquire+0xab9/0xd20 [ 79.164975][ T5356] ? __mutex_trylock_common+0x153/0x260 [ 79.167552][ T5356] ? __lock_acquire+0xab9/0xd20 [ 79.169807][ T5356] ? __lock_acquire+0xab9/0xd20 [ 79.173451][ T5356] ? bch2_fs_start+0xa0f/0xda0 [ 79.175773][ T5356] ? up_write+0x1c4/0x420 [ 79.177740][ T5356] ? bch2_fs_start+0x5e7/0xda0 [ 79.179990][ T5356] bch2_fs_start+0xaaf/0xda0 [ 79.182113][ T5356] ? bch2_fs_start+0x5e7/0xda0 [ 79.184328][ T5356] ? __pfx_bch2_fs_start+0x10/0x10 [ 79.186702][ T5356] ? sget+0x267/0x620 [ 79.188638][ T5356] bch2_fs_get_tree+0xb39/0x1520 [ 79.190991][ T5356] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 79.193454][ T5356] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 79.196224][ T5356] vfs_get_tree+0x8f/0x2b0 [ 79.198228][ T5356] do_new_mount+0x2a2/0x9e0 [ 79.200585][ T5356] ? ns_capable+0x8a/0xf0 [ 79.203172][ T5356] ? __pfx_do_new_mount+0x10/0x10 [ 79.206346][ T5356] ? path_mount+0x61c/0xfe0 [ 79.209126][ T5356] ? user_path_at+0x44/0x60 [ 79.211463][ T5356] __se_sys_mount+0x317/0x410 [ 79.213615][ T5356] ? __pfx___se_sys_mount+0x10/0x10 [ 79.216203][ T5356] ? do_syscall_64+0xbe/0x3b0 [ 79.218150][ T5356] ? __x64_sys_mount+0x20/0xc0 [ 79.220415][ T5356] do_syscall_64+0xfa/0x3b0 [ 79.222542][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.224897][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.227833][ T5356] ? clear_bhb_loop+0x60/0xb0 [ 79.229927][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.232886][ T5356] RIP: 0033:0x7f46d099066a [ 79.234913][ T5356] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.244275][ T5356] RSP: 002b:00007f46d184fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 79.248296][ T5356] RAX: ffffffffffffffda RBX: 00007f46d184fef0 RCX: 00007f46d099066a [ 79.252511][ T5356] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f46d184feb0 [ 79.256241][ T5356] RBP: 00002000000000c0 R08: 00007f46d184fef0 R09: 0000000000818001 [ 79.260049][ T5356] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 79.264381][ T5356] R13: 00007f46d184feb0 R14: 000000000000598b R15: 0000200000000100 [ 79.269746][ T5356] [ 79.271572][ T5356] Kernel Offset: disabled [ 79.273581][ T5356] Rebooting in 86400 seconds..