program:
prctl$PR_GET_SECUREBITS(0x1b) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x209, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0) (async)
prctl$PR_GET_SECUREBITS(0x1b) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x5}}], {0x14}}, 0x3c}}, 0x0)
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000480)={[{@inodes_32bit}, {@shared_inode_numbers}, {@errors_continue}, {@inline_data}, {@direct_io}, {@nochanges}, {@prjquota}, {@grpquota}, {@version_upgrade={'version_upgrade', 0x3d, 'incompatible'}}]}, 0x21, 0x5978, &(0x7f000000b5c0)="$eJzs3X2QHGX9IPCnZ2azk928bAL8iCCbJRBFULPhrVAsjZ5vBUjFwlLCRWEhG4wmIZUEIQEleOBBARZaWhr1D7SQOjRaVMEpkRJ5uYRTlOL0qCukTu/Qq/IKOVICOcrz3F/tTj+T2d7p7dnZWUjC51PJ9vQzPd/n208/09PPM7M7AQAAgNeFvTdu2X/+MR/41ReHX77uwz/bcH3oLY+VV+MGfeny6tcqQ15N3ZVFY8tsv3jzNT/488Bl7/vlPT3ff2XPmuPX/v79R1z2wGfO2b3z2w+/NPe+fz5bFDf2p5MPrCfPJyFUf77v61/a8/jRo2VJCKGc9O0IYUGy8OEFSSbE4N9DCGvSlXJl/J33vnza2tHl9bd0jyufnwmiv7++VdN+tn3/VaeEP7x31Q2/WfzjH3Xtem7HgU2SakN/CmHeJY2P70r/z07XY29bFB+cLleGEHoaHndWQV4ntJj/spz1Y9PlrHTZWxAn3r8ks17KbJddj7oyy56C+qYrL492tysyJ7OePRlNV16esXxBuvxpujx5ivHL8X8SSkmo1NNfnxzoI6HhuCUhGTuW1fp6qX5sQ7r/mfUks17KrJe7Mvs1Vm/a0cpJMr48bpcpj6fjSlp+fOO5uokLcsrfkC6r6RP1lbgesjdqeifcqO/XmJjXvklyeTWUGs5Bzcrr/Sw9GL1pWW+ycMJjRpqI9+1ZdevS8upH9vbl5JHck6Txk7E2mmr87b9eMOdTP7z5yrxjm1xSSuOX2or/x3OfeOGim7/3rUV58W+P8cttxT/1wZ7nz330xiV57RP3qzdUxs4tU40/9Oxjty0+8tJdufnfEdu/2tbxXbH7ie65+x98KPf4Dsb2mZ3bPs3qiOXPnP3BP9391P3P/b+8+CHG72kr/9W7N325u3//Sbn5PxTbp7e9/vPirjOf7u//y0Be/Cdj/Llt5X/Xjp3vvHP+LefkHt+VsX362sr/vBMfuGHO/vuPy31+3dGpV06A16cj0musm9L1ycaZ3ZOMM6erYbzwzYFK7bp1Tvp/bicrylx8jtYzr5PxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCEcNQp//lD//Pjfc9X0vXu9MYzpdoyls8KIZkdQtiydWjz1nUbLx/4zBVXbt44tH5gaOvA8Matm7cNnP7Wgc3Dm9YPbRu9d/Btp9UetzAktWVy3IS6u0dGRkp948tiff/mxF1/WHrW//5rCINH/a6/kpv/sp0b7jyyyc+MZMXIezZcef7vzvhuul99aV59TfIaGRkZCWleXZm8/s+F/7jzq/v+fFIIg/8yWV6PPfPuX4xLaKzgQJxUqTvUEupOeprmUc86zSe2V2XtuvXDg5O37+jjyznt+2+vee7va6/+yj9q7VvN3Y8W23f2ipH1pW+sOu//f+PaWkFRXvX9yOQ108e9qL3jXsT8YvtV0/ael+7XvJz9quS0942/eeipnx9z80s7wmDlxcUT6y7ar660A3Qlb2ip3lhDT7JgXHk13T4e8fi4ZVs3bFq2Zdv2t63bMHT58OXDG9+x/PTlZw6eceYZy8b2fFmH9z/W/6YW97/V/pStd2r9af7ndvw0/mytPxXlVdQeo3kVt0djRnnPv54LvvS1d+x89PxaQVE/j1vXn4fpsmf0OC8PDf1tYls126+idgghDDRrhxdeOicc/d/W3VB0Hmo8Mo0/M5IVI48v+dt3z/rOonfVClo9z2fzmtJ5vjGhNs/z9awP5DPWXtX0eIwcpO3bHcrpfvU2zWv544923br3r5+v5zdrVrh6aOvWzctrP+ekmc5Jjm2aV7Y07tfisZ/lkDZLqHfTJv01jL2O1/LLnj/j5tlW7U3v600WNt2vrHjfnlW3Li2vfmRvXksn99RqnB3m1pbJG3O2XJ95YLmecLP6D9bnX1H/6P/Qd+77+H0/OX1C/zi19rNov5Kc/frxU3d97ftf+fc/6dx+fejdT/T97b9/emmt4FA5r9SzTvNJGs8rp4ZQ9PxbHJrvR+7zr9R8f4qef9l6DmzfPN5AZr03lIufr9Uw4fl66oM9z5/76I1Lcp+v+1p9vl47bq1c8Hw9WPpP9vmVVMbnMXPPr3EdJVkx8subjtjx8HUrj6kVFPXr+tbN+vVpLYw/cvbrFxc93X/FwL/7r507b/zgrfde/PuhFV+oFbR/3GMunTnu1bR9qzntW886jjsb2/ftl12xfk2t/OC9/k2XBeOfeCrZsm37Z4fWrx/evKW1/Wr19TTWk23ldl9P49ltYcF+lSbs18zdaKW9Wn2+xfzXtN1e459vvSFp6zpu+68XzPnUD2++sm/Co9KKLiml8Uttxf/juU+8cNHN3/tWbvzbY/xKW/GHnn3stsVHXrorN/4dSRq/2lb8Fbuf6J67/8GHcuMPxvxntxX/mbM/+Ke7n7r/udz4Icbvba/9X9x15tP9/X/Jjf9kktYzeo0Uwr0vn7a2tp6MzQlWG/LoGpdXyK4nmfVSZr3cuF6qzbXWKygnyfjyuF1afnxDLs18Iqc8XoVVF9WWr8T1kL0xefnBptRw7m9WXnSdCgBwuIvv/8dr0Pj+/3B6oZQ/0wAHTHcctignbhyHHZjPmTXu/kVp/Pj4OA/Y//YwOLq8fqB2oT/V9xHi8yE7zxnrOemE8THanecsmn9fklmPedXmyysN49DUxHFNJbQw/z6xnsnn3zO7Xzw/PnDThLQGGuatssevK50xa/Z5h0y+ldEIef0jOy8WP8/RPy+sHKuvxf6R/RxNPA7Zz9HEeo7JnDjb/RzNdPtHTHuS/jGWcvH7GxOPX5ikfQ8cv+bRssdvCse7Orr9TL8/24F5w6antFdv3rCF98OaxG/1/bD6vOSKidtMFv/1Mi95sM8bxvK4H5UW5xM/nlPeynxi47xc3nxiPF3EvPZNksurwXwicLiK4//4GjE6/h+9AP+/me2KrkOzV40xXu7nhMrN8ykad0z8nF5PW6/jq3dv+nJ3//6Tcq9zHmr1cz+bxq31FHzup6gdl2bWC9sxZ4KmaLyXraeo3bOfy+gNc9tq97t27HznnfNvOSe33VfWXkiL2/1r49bmFrT7ITBeaB7/cBsvHOyfY9iZiX+IfI6haP7sNRuPpB98mqnxyMdyyqf6+YaeCTfq+zXmkBuPdI2eQwEAJorj//r7Z+n4/3/EDdKLuqJx68mZ9Rgvd9za1TyfvHHrR9Ll1Znte9PfqJjqdfN5Jz5ww5z99x+XO265o9Vx6H8Yt9ZXOA6d3rg5dxyxsjOfF88dR9THWdMbJ+bmXx8nTm+cnhu/Pk6f3jg6t33q4+jpzQPkxq/PAxza74sVztdlKourrc7XHbbj6PTXZ2dqHH1BTvlUx9G9E27U92vMoTiOBgA4nMTxf7yMi+P/RzPbTfd99txxQYeu27N/D6Qe/8lXa1zZxrhvdgih5XHfTI9bZ3pcP9PzEof6uHim54Vmdp7sdT8uTis1LgYA4GAWx//xs4L54//pjU+ajd+6xo1PDsLx+ZTelzU+bxr/sBmfH+rzX8b/3hcvZvwPAHB4i+P/+GuP8e///ad0Pft3643Tc+IbpxunT9Z/Wh6nd36eLfgcwGs7D9Dwi9jmAQAAeC10jY2UJv6e/SfTZfb37PN+L/+inO1bVUkvjy/dunl4+OIrN60Z2jp88cYr1gxvufiqzeu2bh3eWNtuuuPG3HFLOm7sCpW0PZpvlx23zU//HsL8nL+HkN0+hj127MbEv4eQrXZ2wd8ROHD8Wss37/iVGrevjt++Wf/IO9558T+Rs31UP/6XffrUi9duuXjdxnVb1w2tX7d9ePx2o6PWnil8b2Zslil9X2rmxwSlqX9/Z2fyKE3Ioyttj7zvZ08yeSxIM1mQ9/0HOXn/6r989XMnjvzj7hAGjyq/cVrtl6wY+Y8XDn9k697fbRrNf3Y2/1mN+dS3TPMq+r7S7PZxfyrrr9iy9ZS1V1y5MfuNku2J8xml+voMzWekT/9yi/MTq3PKp/o5hfKEGwenlucnAAAYJ77/H69n4/uHX0kvoGJ56+P06b1/nDtOH2xtnJ79XrKicXp2+7i/rY7Tq9Mcp2frLxqnN9u+2Tg9b9ydF/9jOdtPVev9ZHqf88jtJ5e01k+y32dQ1E+y20+1nyTT7CfZ+ov6SbPtm/WTvOOeF/+jOdvnab0/TO9zObn94fbW+sNbMutF/SG7/VT7Q2ma/SFbf1F/aLZ9s/6Qd3zz4p+fs32rxveP0Y4x1i+GL77qis2fbdhupr//Yvr5zez3f7Sr9fxn9nNfM5//zH6ubObzn97nynLzf3J6M2Gt5z+z3+/SrldtvjadvS76/FnRPO6qnPKpzuPOmnDj4GQeF147cfwf3+6J4/9b0mWn3wY69L8n7RD5HrNs/EPke8yKrmO8nk9S2UHA6zkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAa7ori8aWe2/csv/8Yz7wqy8Ov3zdh3+24fo3X/ODPw9c9r5f3tPz/Vf2rDl+7e/ff8RlD3zmnN07v/3wS3Pv++ezhYH7xn5WTk5XqyEkzychVH++7+tf2vP40aNlSQihnPTtCGFBsvDhBUkmwuDfQwhr6nmOv/Pel09bO7q8/pbuceXzM0Gy+xV6yzGfxjxDuLpwjzgEVdN+tn3/VaeEP7x31Q2/WfzjH3Xtem7HgU2SakN/CmHeJY2P7wohzE7/j4q9bVF8cLpcGULoaXjcWQV5ndBi/sty1o9Nl7PSZe+kUWbVby3JbF/KbJldj7oyy55J65u+vDza3a7InMx69mQ0XXl5xvIF6fKn6fLkKcYvx/9JKCWhUk9/fdJ49A8ctyQkY8eyWl8v1Y9tSPc/s55k1kuZ9XJXZr/G6k07WjlJxpfH7TLl8XRcScuPbzxXN3FBTvkb0mU1faK+EtdD9kZN74Qb9f0aE/PaN0kur4ZSwzmoWXn9wKcHozct600WTnjMSBPxvj2rbl1aXv3I3r6cPJJ7kjR+0lb87b9eMOdTP7z5ykV58S8ppfFLbcX/47lPvHDRzd/7Vm7822P8clvxT32w5/lzH71xSW777IvtU2kr/tCzj922+MhLd+Xmf0eMX20r/ordT3TP3f/gQ7n5D8b2md1W/GfO/uCf7n7q/udy44cYv6et+Kt3b/pyd//+k3LjPxTbp7e9/vPirjOf7u//y0Be/Cdj/Lltxb9rx8533jn/lnNyj+/K2D59bcU/78QHbpiz//7j8s6dyR2deuUEeH06Ir3Guildb3ecOV0N44VvDlRq13xz0v9zO1lRxmg982YwPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAh6ffXnv6Jy98z0dXVZIQkpxtRpqI95VnrVgx0Ea9Q88+dtviIy/d1Vi2qI04AAAAQLE4Di/VS6phUbgqmR2Obbp9nCM4Nq4l48uzcwgxTnaOoN04pQ7FKXcoTqVDcbo6FGdWh+J0dyhOtSBONbQWZ/YkcSqjvaLFfHomzaf1OL0dijOnQ3HmdijOvA7Fmd+hOH2Txmm9Hy7oUJyFHYpzRIfiHNmhOEd1KM6/dCjO0R2Kk51Tnmo/nJtueUxenLEb5cI4laRcv6PZfPrRaT3HTbOe3oJ65ha9HrdYz+wW6zkh87jSFOuptljPm6ZZT9JiPW+ZZj2lgnpiv706m1+sJ6612P+3dSjO9unF+V/xeuuaDuVzbYfifL5Dcb7QoTjXTTMOQKvi+P/AeK8vdFfeFXrSM052FiCOdxeP/Zz4epd3Qorx3pgpn1UULztQz8RbPNX8shMImXhLMuVd4+JV6uORSeJVG+MtzdxZuL/ZCYVMfidnyruL4qU7cGvzsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQUb+99vRPXviej64KSRj919RIE/G+8qwVKwbaqHfPqluXllc/srexrLvSRiAAAACgUByHd9VLqqG7sjx0J7PGbVdN5wGq6Xq5r7bsnxdWji6TgdLYek+yYNLHVdLHLdu6YdOyLdu2v23dhqHLhy8f3viO5acvP3PwjDPPWLZ23frhwdrPELoL4oUQxqYftmzb/tmh9euHN2+pFWbzX5Q+blG6nqSP6397GBxdXp/mv7CgvtKE+rY9fXbtrgMlHbpRcOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf2XX/kLkuuo4gJ87Mzsz3TbtSv9NQ7MZ8qdELZrEraRauhcEC20SshRktrqWYBMsbprQJiXWsQ3Y1gRFaAmESB6MxGJr8aV/bBH7h0CkRgNuDNIW7YM+KK1W0pIHSRnZ3TmzM5OZzDqWpo2fz8O9d879nfO7Zx4WvncWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjATVVHJiqjY+ODSQhJl5paB/FeNp+m5T76fuX5bT8oDJ9a0TxWyPWxEAAAANBTzOEDjZFiKOSyIRuumvm0ZPqQr98Ic7kfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4/zNVHZmojI6NX5iEkHSpqXUQ72XzaVruo+8b7zz52VeHh//WPFbqYx0AAACgt5jDM42RYiiFpWEguaqlLr4bWNg2v70urrNonnXt7w661S2dZ90186z7eI+69fXzzgAAAAAffTH/5xojQ6GQW9A1//fK9bFucVtdtn7u538FAAAAgP9NzP+FxkgpFHKlRl6fb95f0lYX5/f63T7OX95lfq/f89fVz36nBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICPjqnqyERldGw8m4SQdKmpdRDvZfNpWu6j7+oXBv9xy+GHljSPFXJ9LAQAAAD0FHP4XPQuhkJuMAyEC2dy//BNB57+0tPPjoQQZmN+Ph92bty+/e7Vs8dYt+ro4YHvH3nr241lYt2q2eM52RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC+mqqOTFRGx8YvSEJIutTUOoj3svk0LffR9/XPf/Evj5947s3msVIf6wAAAAC9xRw+l/2LoRTyIR+umPnUnPWnZdrmd3tnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJw/7vnmfd/YODm56W4XLly4aFyc679MAADA+21xSELtv3TlhnP91AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIfBVHVkojI6Nl5MQki61NQ6iPey+TQt99E3ff5YYcGpF15qHiv1sQ4AAADQW8zhc9m/GEphIAyEy2c+dXonMJP/hz7AhwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+VKaqIxOV0bHxBUkISZeaWgfxXjafpuU++j62a//nDl3yvZubxwq5PhYCAAAAeoo5PN8YKYZC7hOhEK6uf55snZBk6+fO7wXm5m1rmTY473nVlnnZec/b3bazXH03s/OKcb2h2XNjXvnMeeWmeaXQaF9umRf2tsxa0OM5AwAAAJxDMf8XGiNDoZArNOXcn7bUD8m5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAXU9WRicro2HiShJB0qal1EO9l82la7qPvfb/92EVf/dmeHc1jpT7WAQAAAHqLOXwu+xdDKSwKF4dFM7k/DLXWx7p/Vk4fevRff10Rwsorjg/n2pf9Ubz49es3vth+CCHTWp0J4ZJ6v6RLv9/8/tF7l9VOPx7CysuzV5/RL5y935xarZyktWcqm9ZtP3J8W+/vBwAAAM4HMf8PNEaGQiF3V7j44tkf/tvzf0zePfJ/w0wAv+TeXb+4rH6sJ/K2GZmhev7PdOn3hWVP/nn5mr+/NZ3/z9bv0/u3HLqspeHsSJskrY1u2bH++HUHM3HXs/2zbf3j9/Llb7357807Hzk9278YivXxhblO/c88trkgrU1m9o2vfW9ftbV/rsv+H/rdSyd+tXDPu9P931k82Oh/zVn2f/b+g7c+vPf6/YfXT3+a6x9CKHfq//a7N4cr/3jng+37H2xbuPmbbz62S2tHl5w8uOZA6YbW/Sdt/eP3//MTj+39ySPffTb2j/8rsmLpfPu3vHNK0toruy/d9fIDGxa29s902f+Lt706vLX8nT+07/+OllVzXZ+iTZLWnrj2qdtf25jef8ZXAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcF6Zqo5MVEbHxjNJCEmXmloH8V42n6blPvq+ccuxt2/b8+MfNo+V+lgHAAAA6C3m8LnsXwylkA/5MDiT+5+pbFq3/cjxbWFo9m5SP+cmt96z/ZObt+64645z9OQAAADAfMX8n2uMDIVCblkYqOf/0S071h+/7mAm5v9MzP+b75zctDI06l7Zfemulx/YsLDxniCEmX8LKE7XfWau7qYbjw2d/NPXl3esWz1Xd3TJyYNrDpRuiHWhuW5VaLyfeOLap25/bWN6f+P5mus+9bWtk/XXE3HdwVsf3nv9/sPrG/uonwfr68a6ycy+8bXv7avGumz9XKzvGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA401R1ZKIyOjYesiEkXWpqHcR72Xyalvvou3bZLx+86NRzi5rHCrk+FgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4D/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYb9+QuMo+ziAP89u8mabTdqkfcGomKZVUerBoiCiFxUVaUUKnipFqq09iIIgotSDqbRiqYoXweqliApqlIKCjcXSKqn4r3jxoIJC9SCUYkC7FA8q2X1mu5nuuDqpgvr5wPDkeWbmO7+Z59nZLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD/KQN9Ysz284/7GLefc8NGjd5145KZ37t120cOvfjex6boP9w6+dHJm84otX16/bNP+u9dM737+0E/Db/1ytGfwQ61mVerWQojHYwi1d2efeWzm47PmxmIIoRpHJkMYjUsPjcZcwuqfQwib23XO3/nmicu3zLXbdg3MG1+SC8nfV6hXs3paRubXy79LLa2zrY0HLwlfX7t++6fL33i9f+rY5KlDYq1jPYWweGPn+f0hhEVpm5OttrHs5NSuCyEMdpx3ZY+6zv+D9V9a0D83tf9Lbb1HTrZ/Za5fyR2X72f6c+1gj+stVFEdZY/rZSjXz7+MFqqozmx8NLVvp3bVn8yvZlsMlRj62uXfE0+tkdAxbzHE5lzW2v1Ke25Duv9cP+b6lVy/2p+7r+Z100Krxjh/PDsuN569jvvS+IrOd3UXtxaMn53aWvqgnsz6If9HS/20P9r31ZTVNfs7tfwdKh3voG7j7YlPk1FPY/W49LRzfu0i2zez/okLqxveOzxSUEfcG1N+LJW/9ZPRodtf2/nAWFH+xkrKr5TK/2btkR9u2/nCc4X5T2f51VL5lx0YPL72/R0rC5/PbPZ8+krl33H0gyeX///OqW5z3czfk+XXSuVfM31kYLhx4GBh/auz57OoVP5XV9/47Suf7ztWmB+y/MFS+Rum73tqYLxxcWH+wdZHod5coSXWz49TV3wxPv79RFH+Z9nzH+6SH3vmvzy5+6oXl+xaU7g+12XPZ6RU/TdfsH/7UGPfeUXvzrjnTH1zAvw3LUv/Yz2e+mV/Zy5Ux++FZyf6Wt9AQ2kbPpMXypm7zuK/MB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDf2IEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICnAgAA//+pNCK2")
[ 68.721287][ T4685] Bluetooth: hci0: command tx timeout
[ 69.410397][ T5337] loop0: detected capacity change from 0 to 32768
[ 69.625956][ T5337] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,grpquota,prjquota,nochanges,nojournal_transaction_names,read_only,version_upgrade=incompatible
[ 69.625975][ T5337] allowing incompatible features above 0.0: (unknown version)
[ 69.625982][ T5337] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 69.756704][ T5337] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 69.796094][ T5337] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing
[ 69.826882][ T5337] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:c0004000b compress none
[ 69.826900][ T5337] has non ptr field, deleting
[ 69.929263][ T5337] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 69.968270][ T5337] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete
[ 69.968270][ T5337] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive
[ 69.968270][ T5337] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents
[ 70.017979][ T5337] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version)
[ 70.017979][ T5337]
[ 70.105745][ T5337] bcachefs (loop0): btree node read error at btree snapshots level 0/0
[ 70.105782][ T5337] u64s 11 type btree_ptr_v2 POS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 251 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[ 70.105790][ T5337] loop0 node offset 0/251 bset u64s 0: incorrect max key SPOS_MAX
[ 70.105795][ T5337] flagging btree snapshots lost data
[ 70.105800][ T5337] running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[ 70.105806][ T5337] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[ 70.105813][ T5337] running recovery pass reconstruct_snapshots (21), currently at recovery_pass_empty (0)
[ 70.105820][ T5337] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[ 70.105826][ T5337] ret btree_node_read_validate_error
[ 70.225651][ T5337] bcachefs (loop0): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing
[ 70.261507][ T5337] bcachefs (loop0): check_topology...
[ 70.263544][ T5337] bcachefs (loop0): btree root snapshots unreadable, must recover from scan
[ 70.282896][ T5337] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding
[ 70.303792][ T5337] bcachefs (loop0): bch2_check_root(): error restart_recovery
[ 70.318412][ T5337] bcachefs (loop0): scan_for_btree_nodes...
[ 70.359511][ T5337] bcachefs (loop0): btree node scan found 7 nodes after overwrites
[ 70.372875][ T5337] done
[ 70.374532][ T5337] bcachefs (loop0): check_topology...
[ 70.374875][ T5337] bcachefs (loop0): btree root snapshots unreadable, must recover from scan
[ 70.394241][ T5337] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=snapshots level=0 POS_MIN - SPOS_MAX
[ 70.426002][ T5337] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[ 70.438510][ T5337] done
[ 70.440092][ T5337] bcachefs (loop0): accounting_read... done
[ 70.466936][ T5337] bcachefs (loop0): alloc_read... done
[ 70.472626][ T5337] bcachefs (loop0): snapshots_read... done
[ 70.497151][ T5337] bcachefs (loop0): check_allocations...
[ 70.499540][ T5337] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree
[ 70.499567][ T5337] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 8 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 70.547907][ T5337] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[ 70.547924][ T5337] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 70.603442][ T5337] bcachefs (loop0): bucket 0:32 data type btree ptr gen 0 missing in alloc btree
[ 70.603459][ T5337] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[ 70.635115][ T5337] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[ 70.635172][ T5337] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 70.661144][ T5337] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree
[ 70.661159][ T5337] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing
[ 70.709303][ T5337] bcachefs (loop0): bucket 0:0 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.716038][ T5337] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.735978][ T5337] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.757105][ T5337] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.778972][ T5337] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.791650][ T5337] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.806268][ T5337] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.826745][ T4685] Bluetooth: hci0: command tx timeout
[ 70.841702][ T5337] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.859691][ T5337] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.867482][ T5337] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.887776][ T5337] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.896491][ T5337] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.913201][ T5337] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.917354][ T5337] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.948979][ T5337] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.955475][ T5337] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.989584][ T5337] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.996097][ T5337] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing
[ 71.024402][ T5337] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing
[ 71.039953][ T5337] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 71.054837][ T5337] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing
[ 71.054851][ T5337] Ratelimiting new instances of previous error
[ 71.068513][ T5337] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 71.068528][ T5337] Ratelimiting new instances of previous error
[ 71.101711][ T5337] done
[ 71.111561][ T5337] bcachefs (loop0): going read-write
[ 71.184830][ T5337] bcachefs (loop0): journal_replay... done
[ 71.239694][ T5337] bcachefs (loop0): check_lrus... done
[ 71.247735][ T5337] bcachefs (loop0): check_backpointers_to_extents... done
[ 71.254374][ T5337] bcachefs (loop0): check_extents_to_backpointers...
[ 71.255100][ T5337] bcachefs (loop0): scanning for missing backpointers in 5/128 buckets
[ 71.279735][ T5337] done
[ 71.283845][ T5337] bcachefs (loop0): reconstruct_snapshots... done
[ 71.297817][ T5337] bcachefs (loop0): check_subvols... done
[ 71.304495][ T5337] bcachefs (loop0): check_inodes... done
[ 71.310907][ T5337] bcachefs (loop0): check_dirents...
[ 71.314135][ T5337] bcachefs (loop0): key in missing inode, found keys:
[ 71.314161][ T5337] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir
[ 71.314168][ T5337] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg
[ 71.314175][ T5337] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg
[ 71.314182][ T5337] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg
[ 71.314189][ T5337] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir
[ 71.314195][ T5337] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg
[ 71.314202][ T5337] , fixing
[ 71.394458][ T5337] bcachefs (loop0): hash table key at wrong offset: should be at 7080668750064661246
[ 71.394474][ T5337] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 71.425595][ T5337] bcachefs (loop0): hash table key at wrong offset: should be at 8551885081329109278
[ 71.425691][ T5337] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 71.448574][ T5337] bcachefs (loop0): hash table key at wrong offset: should be at 602655572970660168
[ 71.448604][ T5337] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 71.477615][ T5337] bcachefs (loop0): hash table key at wrong offset: should be at 1095825488253839032
[ 71.477816][ T5337] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 71.501726][ T5337] bcachefs (loop0): dirent points to missing inode:
[ 71.501742][ T5337] u64s 7 type dirent 4096:7080668750064661246:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 71.516547][ T5337] bcachefs (loop0): hash table key at wrong offset: should be at 2869857151003929749
[ 71.516563][ T5337] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing
[ 71.547315][ T5337] bcachefs (loop0): dirent points to missing inode:
[ 71.547329][ T5337] u64s 7 type dirent 4096:8551885081329109278:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 71.573980][ T5337] bcachefs (loop0): hash table key at wrong offset: should be at 3052328285722516286
[ 71.573996][ T5337] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing
[ 71.599085][ T5337] bcachefs (loop0): key in missing inode, found keys:
[ 71.599099][ T5337] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk
[ 71.599106][ T5337] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg
[ 71.599112][ T5337] , fixing
[ 71.645499][ T5337] bcachefs (loop0): key in missing inode, found keys:
[ 71.645513][ T5337] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg
[ 71.645519][ T5337] , fixing
[ 71.667913][ T5337] bcachefs (loop0): check_dirents requires second pass
[ 71.683492][ T5337] bcachefs (loop0): dirent points to missing inode:
[ 71.683508][ T5337] u64s 7 type dirent 4096:602655572970660168:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 71.708439][ T5337] bcachefs (loop0): dirent points to missing inode:
[ 71.708454][ T5337] u64s 7 type dirent 4096:1095825488253839032:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 71.746149][ T5337] ==================================================================
[ 71.754823][ T5337] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0
[ 71.772148][ T5337] Read of size 1 at addr ffff8880559e00e8 by task syz.0.0/5337
[ 71.780970][ T5337]
[ 71.782972][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full)
[ 71.782990][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 71.783055][ T5337] Call Trace:
[ 71.783066][ T5337]
[ 71.783073][ T5337] dump_stack_lvl+0x189/0x250
[ 71.783091][ T5337] ? __virt_addr_valid+0x1c8/0x5c0
[ 71.783106][ T5337] ? rcu_is_watching+0x15/0xb0
[ 71.783143][ T5337] ? __kasan_check_byte+0x12/0x40
[ 71.783157][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.783167][ T5337] ? rcu_is_watching+0x15/0xb0
[ 71.783177][ T5337] ? lock_release+0x4b/0x3e0
[ 71.783187][ T5337] ? __virt_addr_valid+0x1c8/0x5c0
[ 71.783199][ T5337] ? __virt_addr_valid+0x4a5/0x5c0
[ 71.783211][ T5337] print_report+0xd2/0x2b0
[ 71.783270][ T5337] ? bch2_check_dirents+0x1fac/0x33f0
[ 71.783282][ T5337] kasan_report+0x118/0x150
[ 71.783294][ T5337] ? bch2_check_dirents+0x1fac/0x33f0
[ 71.783308][ T5337] bch2_check_dirents+0x1fac/0x33f0
[ 71.783322][ T5337] ? bch2_check_dirents+0x2f1/0x33f0
[ 71.783334][ T5337] ? desc_read+0x1b8/0x3f0
[ 71.783802][ T5337] ? prb_first_seq+0xfd/0x1a0
[ 71.784301][ T5337] ? __pfx_bch2_check_dirents+0x10/0x10
[ 71.784319][ T5337] ? __pfx_prb_first_seq+0x10/0x10
[ 71.784334][ T5337] ? desc_read+0x1b8/0x3f0
[ 71.784398][ T5337] ? this_cpu_in_panic+0x4f/0x80
[ 71.784413][ T5337] ? _prb_read_valid+0xa07/0xa90
[ 71.784425][ T5337] ? console_flush_all+0x13a/0xc40
[ 71.784440][ T5337] ? up+0xde/0x150
[ 71.784722][ T5337] ? __console_unlock+0x14c/0x1a0
[ 71.784844][ T5337] ? __pfx___console_unlock+0x10/0x10
[ 71.784860][ T5337] ? prb_read_valid+0x3c/0x60
[ 71.784871][ T5337] ? console_unlock+0x21b/0x270
[ 71.784884][ T5337] ? __pfx_console_unlock+0x10/0x10
[ 71.784899][ T5337] ? vprintk_emit+0x63e/0x7a0
[ 71.784916][ T5337] ? __bch2_print+0x176/0x220
[ 71.784930][ T5337] ? bch2_check_dirents+0x2f1/0x33f0
[ 71.784943][ T5337] ? _raw_spin_unlock_irq+0x23/0x50
[ 71.784958][ T5337] ? lockdep_hardirqs_on+0x9c/0x150
[ 71.784976][ T5337] __bch2_run_recovery_passes+0x395/0x1010
[ 71.784998][ T5337] bch2_run_recovery_passes+0x184/0x210
[ 71.785013][ T5337] bch2_fs_recovery+0x2690/0x3a50
[ 71.785025][ T5337] ? check_noncircular+0xe0/0x160
[ 71.785041][ T5337] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 71.785054][ T5337] ? irqentry_exit+0x74/0x90
[ 71.785066][ T5337] ? preempt_schedule+0xae/0xc0
[ 71.785081][ T5337] ? preempt_schedule_common+0x83/0xd0
[ 71.785096][ T5337] ? preempt_schedule+0xae/0xc0
[ 71.785112][ T5337] ? __lock_acquire+0xab9/0xd20
[ 71.785125][ T5337] ? __lock_acquire+0xab9/0xd20
[ 71.785138][ T5337] ? bch2_fs_start+0x9fe/0xd90
[ 71.785150][ T5337] ? up_write+0x1c4/0x420
[ 71.785163][ T5337] ? bch2_fs_start+0x5c4/0xd90
[ 71.785175][ T5337] bch2_fs_start+0xa99/0xd90
[ 71.785188][ T5337] ? bch2_fs_start+0x5c4/0xd90
[ 71.785201][ T5337] ? __pfx_bch2_fs_start+0x10/0x10
[ 71.785219][ T5337] ? sget+0x267/0x620
[ 71.785232][ T5337] bch2_fs_get_tree+0xafc/0x14f0
[ 71.785252][ T5337] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 71.785268][ T5337] ? aa_get_newest_label+0xf7/0x5d0
[ 71.785283][ T5337] ? vfs_parse_monolithic_sep+0x2df/0x310
[ 71.785302][ T5337] ? apparmor_capable+0x137/0x1b0
[ 71.785315][ T5337] vfs_get_tree+0x92/0x2b0
[ 71.785329][ T5337] do_new_mount+0x24a/0xa40
[ 71.785346][ T5337] __se_sys_mount+0x317/0x410
[ 71.785362][ T5337] ? __pfx___se_sys_mount+0x10/0x10
[ 71.785379][ T5337] ? do_syscall_64+0xbe/0x3b0
[ 71.785389][ T5337] ? __x64_sys_mount+0x20/0xc0
[ 71.785404][ T5337] do_syscall_64+0xfa/0x3b0
[ 71.785413][ T5337] ? lockdep_hardirqs_on+0x9c/0x150
[ 71.785428][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.785439][ T5337] ? clear_bhb_loop+0x60/0xb0
[ 71.785450][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.785461][ T5337] RIP: 0033:0x7fced87900ca
[ 71.785475][ T5337] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 71.785485][ T5337] RSP: 002b:00007fced968be68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 71.785500][ T5337] RAX: ffffffffffffffda RBX: 00007fced968bef0 RCX: 00007fced87900ca
[ 71.785508][ T5337] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fced968beb0
[ 71.785516][ T5337] RBP: 00002000000000c0 R08: 00007fced968bef0 R09: 0000000000818001
[ 71.785523][ T5337] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 71.785531][ T5337] R13: 00007fced968beb0 R14: 0000000000005978 R15: 0000200000000480
[ 71.785542][ T5337]
[ 71.785547][ T5337]
[ 72.333258][ T5337] The buggy address belongs to the physical page:
[ 72.336239][ T5337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x559e0
[ 72.350682][ T5337] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 72.354229][ T5337] page_type: f0(buddy)
[ 72.356256][ T5337] raw: 04fff00000000000 ffffea0001598808 ffff88805ffd6f08 0000000000000000
[ 72.369487][ T5337] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000
[ 72.373739][ T5337] page dumped because: kasan: bad access detected
[ 72.379187][ T5337] page_owner tracks the page as freed
[ 72.389044][ T5337] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5337, tgid 5336 (syz.0.0), ts 71644762335, free_ts 71746062236
[ 72.395900][ T5337] post_alloc_hook+0x240/0x2a0
[ 72.397949][ T5337] get_page_from_freelist+0x21e4/0x22c0
[ 72.410738][ T5337] __alloc_frozen_pages_noprof+0x181/0x370
[ 72.413377][ T5337] __alloc_pages_noprof+0xa/0x30
[ 72.419020][ T5337] ___kmalloc_large_node+0x85/0x210
[ 72.421318][ T5337] __kmalloc_large_node_noprof+0x18/0x90
[ 72.428609][ T5337] __kvmalloc_node_noprof+0x6d/0x5f0
[ 72.439149][ T5337] btree_node_sort+0x666/0x1760
[ 72.442512][ T5337] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 72.449303][ T5337] bch2_btree_node_prep_for_write+0x337/0x650
[ 72.459455][ T5337] bch2_trans_lock_write+0x669/0xba0
[ 72.464010][ T5337] __bch2_trans_commit+0x2773/0x8870
[ 72.469242][ T5337] bch2_check_dirents+0x811/0x33f0
[ 72.472177][ T5337] __bch2_run_recovery_passes+0x395/0x1010
[ 72.476132][ T5337] bch2_run_recovery_passes+0x184/0x210
[ 72.479081][ T5337] bch2_fs_recovery+0x2690/0x3a50
[ 72.481699][ T5337] page last free pid 5337 tgid 5336 stack trace:
[ 72.508522][ T5337] __free_pages_ok+0xa44/0xc20
[ 72.512053][ T5337] __folio_put+0x21b/0x2c0
[ 72.514285][ T5337] free_large_kmalloc+0x145/0x200
[ 72.516463][ T5337] btree_node_sort+0x117f/0x1760
[ 72.524589][ T5337] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 72.534739][ T5337] bch2_btree_node_prep_for_write+0x337/0x650
[ 72.558403][ T5337] bch2_trans_lock_write+0x669/0xba0
[ 72.561161][ T5337] __bch2_trans_commit+0x2773/0x8870
[ 72.563359][ T5337] bch2_check_dirents+0x1c5c/0x33f0
[ 72.565788][ T5337] __bch2_run_recovery_passes+0x395/0x1010
[ 72.580288][ T5337] bch2_run_recovery_passes+0x184/0x210
[ 72.585824][ T5337] bch2_fs_recovery+0x2690/0x3a50
[ 72.606855][ T5337] bch2_fs_start+0xa99/0xd90
[ 72.610964][ T5337] bch2_fs_get_tree+0xafc/0x14f0
[ 72.613669][ T5337] vfs_get_tree+0x92/0x2b0
[ 72.616346][ T5337] do_new_mount+0x24a/0xa40
[ 72.618904][ T5337]
[ 72.620157][ T5337] Memory state around the buggy address:
[ 72.624752][ T5337] ffff8880559dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 72.631225][ T5337] ffff8880559e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 72.639587][ T5337] >ffff8880559e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 72.648172][ T5337] ^
[ 72.652101][ T5337] ffff8880559e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 72.656462][ T5337] ffff8880559e0180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 72.664160][ T5337] ==================================================================
[ 72.700759][ T5337] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 72.707063][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full)
[ 72.720969][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 72.729900][ T5337] Call Trace:
[ 72.734434][ T5337]
[ 72.740431][ T5337] dump_stack_lvl+0x99/0x250
[ 72.746764][ T5337] ? __asan_memcpy+0x40/0x70
[ 72.750254][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.769726][ T5337] ? __pfx__printk+0x10/0x10
[ 72.772329][ T5337] panic+0x2db/0x790
[ 72.774681][ T5337] ? __pfx_panic+0x10/0x10
[ 72.776967][ T5337] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 72.792145][ T5337] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 72.800734][ T5337] ? print_memory_metadata+0x314/0x400
[ 72.803208][ T5337] ? bch2_check_dirents+0x1fac/0x33f0
[ 72.805449][ T5337] check_panic_on_warn+0x89/0xb0
[ 72.813780][ T5337] ? bch2_check_dirents+0x1fac/0x33f0
[ 72.823187][ T5337] end_report+0x78/0x160
[ 72.825485][ T5337] kasan_report+0x129/0x150
[ 72.832490][ T5337] ? bch2_check_dirents+0x1fac/0x33f0
[ 72.835762][ T5337] bch2_check_dirents+0x1fac/0x33f0
[ 72.842693][ T5337] ? bch2_check_dirents+0x2f1/0x33f0
[ 72.845101][ T5337] ? desc_read+0x1b8/0x3f0
[ 72.857561][ T5337] ? prb_first_seq+0xfd/0x1a0
[ 72.859729][ T5337] ? __pfx_bch2_check_dirents+0x10/0x10
[ 72.862264][ T5337] ? __pfx_prb_first_seq+0x10/0x10
[ 72.864810][ T5337] ? desc_read+0x1b8/0x3f0
[ 72.867150][ T5337] ? this_cpu_in_panic+0x4f/0x80
[ 72.875898][ T5337] ? _prb_read_valid+0xa07/0xa90
[ 72.884243][ T5337] ? console_flush_all+0x13a/0xc40
[ 72.887435][ T5337] ? up+0xde/0x150
[ 72.893972][ T5337] ? __console_unlock+0x14c/0x1a0
[ 72.896282][ T5337] ? __pfx___console_unlock+0x10/0x10
[ 72.905329][ T5337] ? prb_read_valid+0x3c/0x60
[ 72.908767][ T5337] ? console_unlock+0x21b/0x270
[ 72.914553][ T5337] ? __pfx_console_unlock+0x10/0x10
[ 72.918641][ T5337] ? vprintk_emit+0x63e/0x7a0
[ 72.922218][ T5337] ? __bch2_print+0x176/0x220
[ 72.940503][ T5337] ? bch2_check_dirents+0x2f1/0x33f0
[ 72.952302][ T5337] ? _raw_spin_unlock_irq+0x23/0x50
[ 72.957201][ T5337] ? lockdep_hardirqs_on+0x9c/0x150
[ 72.965514][ T5337] __bch2_run_recovery_passes+0x395/0x1010
[ 72.968770][ T5337] bch2_run_recovery_passes+0x184/0x210
[ 72.979607][ T5337] bch2_fs_recovery+0x2690/0x3a50
[ 72.984882][ T5337] ? check_noncircular+0xe0/0x160
[ 72.988697][ T5337] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 72.995532][ T5337] ? irqentry_exit+0x74/0x90
[ 72.999528][ T5337] ? preempt_schedule+0xae/0xc0
[ 73.004442][ T5337] ? preempt_schedule_common+0x83/0xd0
[ 73.008965][ T5337] ? preempt_schedule+0xae/0xc0
[ 73.011296][ T5337] ? __lock_acquire+0xab9/0xd20
[ 73.013863][ T5337] ? __lock_acquire+0xab9/0xd20
[ 73.016470][ T5337] ? bch2_fs_start+0x9fe/0xd90
[ 73.022371][ T5337] ? up_write+0x1c4/0x420
[ 73.031860][ T5337] ? bch2_fs_start+0x5c4/0xd90
[ 73.037548][ T5337] bch2_fs_start+0xa99/0xd90
[ 73.040670][ T5337] ? bch2_fs_start+0x5c4/0xd90
[ 73.044062][ T5337] ? __pfx_bch2_fs_start+0x10/0x10
[ 73.049282][ T5337] ? sget+0x267/0x620
[ 73.051197][ T5337] bch2_fs_get_tree+0xafc/0x14f0
[ 73.053296][ T5337] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 73.055544][ T5337] ? aa_get_newest_label+0xf7/0x5d0
[ 73.057768][ T5337] ? vfs_parse_monolithic_sep+0x2df/0x310
[ 73.060232][ T5337] ? apparmor_capable+0x137/0x1b0
[ 73.062567][ T5337] vfs_get_tree+0x92/0x2b0
[ 73.066791][ T5337] do_new_mount+0x24a/0xa40
[ 73.068959][ T5337] __se_sys_mount+0x317/0x410
[ 73.071272][ T5337] ? __pfx___se_sys_mount+0x10/0x10
[ 73.074254][ T5337] ? do_syscall_64+0xbe/0x3b0
[ 73.077500][ T5337] ? __x64_sys_mount+0x20/0xc0
[ 73.081733][ T5337] do_syscall_64+0xfa/0x3b0
[ 73.086981][ T5337] ? lockdep_hardirqs_on+0x9c/0x150
[ 73.092639][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.096279][ T5337] ? clear_bhb_loop+0x60/0xb0
[ 73.100026][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.105112][ T5337] RIP: 0033:0x7fced87900ca
[ 73.108635][ T5337] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 73.120578][ T5337] RSP: 002b:00007fced968be68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 73.130019][ T5337] RAX: ffffffffffffffda RBX: 00007fced968bef0 RCX: 00007fced87900ca
[ 73.140458][ T5337] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fced968beb0
[ 73.149159][ T5337] RBP: 00002000000000c0 R08: 00007fced968bef0 R09: 0000000000818001
[ 73.155425][ T5337] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 73.163928][ T5337] R13: 00007fced968beb0 R14: 0000000000005978 R15: 0000200000000480
[ 73.172487][ T5337]
[ 73.175316][ T5337] Kernel Offset: disabled
[ 73.181059][ T5337] Rebooting in 86400 seconds..