program: r0 = socket$netlink(0x10, 0x3, 0xa) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=ANY=[@ANYBLOB="2800000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="80000200e180000008001b"], 0x28}}, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000140)=0x7) ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000340)=0xfc) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r10, 0x8010aebc, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x1}) ioctl$KVM_SIGNAL_MSI(r10, 0x4020aea5, &(0x7f0000000540)={0xf000, 0xffff1000, 0x2, 0x1, 0x9}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000b00)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000800", @ANYRES16=r5, @ANYBLOB="01002dbd7000fbdbdf250100000008000300", @ANYRES32=r11, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20008800}, 0x4) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wg0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000100)={'sit0\x00', 0x0, 0x7800, 0x10, 0x7, 0x10, {{0x9, 0x4, 0x0, 0x0, 0x24, 0x68, 0x0, 0xd, 0x4, 0x0, @broadcast, @rand_addr=0x64010101, {[@noop, @noop, @rr={0x7, 0xb, 0x2c, [@local, @rand_addr=0x64010101]}]}}}}}) syz_open_dev$usbfs(&(0x7f0000000580), 0xf, 0x208201) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f00000001c0)={0x240, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_FEATURES_WANTED={0x6c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x5f, 0x4, "8322db6f9f4f1c726046d1b7935f147dc180eef995f9b0f66e2b17a6631aad94bf5369145c62777446d11398b82b26cf8283c15b9ebc74500bd7f9cb248de9544d565ed64c1a03a6ac32702ecbfb0a7cf6f3bd4b344aef1e0bc1b7"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5}]}, @ETHTOOL_A_FEATURES_WANTED={0x94, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x44, 0x3, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'grpquota'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x6}, @ETHTOOL_A_BITSET_VALUE={0x43, 0x4, "d44bea1aff5821651c9644ad4f36e30034994eb83187eadacf93e5b6c81be56773dc430e26694b711c3a2c4663ccb78ebcea04a014309d33bd1be865689c26"}]}, @ETHTOOL_A_FEATURES_WANTED={0xd4, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x25, 0x4, "79aa5c8fe35932de5b642302f9c4b08dae03fe07529af777b8b182acf863c4053e"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x4b, 0x5, "d7d542dba744faf052d6f57e2994bf96e8843951b075d53102bbb53b7f693ec110a110552dd76c1908e790a6b0a74e8d321daf586704f172620195726ec5ad76a4ed2550a7eedb"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x3f, 0x5, "47879f47d9b9a4672bf4dc6f3f71bdf1a83fcad7c8a15f776a3b797ba298c09f47cb61a826e342b411e28e45a1566fe3d225ff6393fef1c80b8c18"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}]}, @ETHTOOL_A_FEATURES_WANTED={0x10, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_VALUE={0x4}]}, @ETHTOOL_A_FEATURES_WANTED={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x240}, 0x1, 0x0, 0x0, 0xc040}, 0x1) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000480)={[{@inodes_32bit}, {@shared_inode_numbers}, {@errors_continue}, {@inline_data}, {@direct_io}, {@nochanges}, {@prjquota}, {@grpquota}, {@version_upgrade={'version_upgrade', 0x3d, 'incompatible'}}]}, 0x21, 0x5978, &(0x7f000000b5c0)="$eJzs3X2QHGX9IPCnZ2azk928bAL8iCCbJRBFULPhrVAsjZ5vBUjFwlLCRWEhG4wmIZUEIQEleOBBARZaWhr1D7SQOjRaVMEpkRJ5uYRTlOL0qCukTu/Qq/IKOVICOcrz3F/tTj+T2d7p7dnZWUjC51PJ9vQzPd/n208/09PPM7M7AQAAgNeFvTdu2X/+MR/41ReHX77uwz/bcH3oLY+VV+MGfeny6tcqQ15N3ZVFY8tsv3jzNT/488Bl7/vlPT3ff2XPmuPX/v79R1z2wGfO2b3z2w+/NPe+fz5bFDf2p5MPrCfPJyFUf77v61/a8/jRo2VJCKGc9O0IYUGy8OEFSSbE4N9DCGvSlXJl/J33vnza2tHl9bd0jyufnwmiv7++VdN+tn3/VaeEP7x31Q2/WfzjH3Xtem7HgU2SakN/CmHeJY2P70r/z07XY29bFB+cLleGEHoaHndWQV4ntJj/spz1Y9PlrHTZWxAn3r8ks17KbJddj7oyy56C+qYrL492tysyJ7OePRlNV16esXxBuvxpujx5ivHL8X8SSkmo1NNfnxzoI6HhuCUhGTuW1fp6qX5sQ7r/mfUks17KrJe7Mvs1Vm/a0cpJMr48bpcpj6fjSlp+fOO5uokLcsrfkC6r6RP1lbgesjdqeifcqO/XmJjXvklyeTWUGs5Bzcrr/Sw9GL1pWW+ycMJjRpqI9+1ZdevS8upH9vbl5JHck6Txk7E2mmr87b9eMOdTP7z5ykV58S8ppfFLbcX/47lPvHDRzd/7Vm7822P8clvxT32w5/lzH71xSV77xO7VGypj55apxh969rHbFh956a7c/O+I7V9t6/iu2P1E99z9Dz6Ue3wHY/vMzm2fZnXE8mfO/uCf7n7q/uf+X178EOP3tJX/6t2bvtzdv/+k3Pwfiu3T217/eXHXmU/39/9lIC/+kzH+3Lbyv2vHznfeOf+Wc3KP78rYPn1t5X/eiQ/cMGf//cflnTuTOzr1ygnw+nREeo11U7o+2Tize5Jx5nQ1jBe+OVCpXbfOSf/P7WRFmYvP0XrmdTI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQQjjrlP3/of3687/lKut6d3nimVFvG8lkhJLNDCFu2Dm3eum7j5QOfueLKzRuH1g8MbR0Y3rh187aB0986sHl40/qhbaP3Dr7ttNrjFoaktkyOm1B398jISKlvfFms79+cuOsPS8/6338NYfCo3/VXcvNftnPDnUc2+ZmRrBh5z4Yrz//dGd9N96svzauvSV4jIyMjIc2rK5PX/7nwH3d+dd+fTwph8F8my+uxZ979i3EJjRUciJMqdYdaQt1JT9M86lmn+cT2qqxdt354cPL2HX18Oad9/+01z/197dVf+Uetfau5+9Fi+85eMbK+9I1V5/3/b1xbKyjKq74fmbxm+rgXtXfci5hfbL9q2t7z0v2al7NflZz2vvE3Dz3182NufmlHGKy8uHhi3UX71ZV2gK7kDS3VG2voSRaMK6+m28cjHh+3bOuGTcu2bNv+tnUbhi4fvnx44zuWn778zMEzzjxj2dieL+vw/sf639Ti/rfan7L1Tq0/zf/cjp/Gn631p6K8itpjNK/i9mjMKO/513PBl772jp2Pnl8rKOrncev68zBd9owe5+Whob9NbKtm+1XUDiGEgWbt8MJL54Sj/9u6G4rOQ41HpvFnRrJi5PElf/vuWd9Z9K5aQavn+WxeUzrPNybU5nm+nvWBfMbaq5oej5GDtH27Qzndr96meS1//NGuW/f+9fP1/GbNClcPbd26eXnt55w00znJsU3zypbG/Vo89rMc0mYJ9W7apL+GsdfxWn7Z82fcPNuqvel9vcnCpvuVFe/bs+rWpeXVj+zNa+nknlqNs8Pc2jJ5Y86W6zMPLNcTblb/wfr8K+of/R/6zn0fv+8np0/oH6fWfhbtV5KzXz9+6q6vff8r//4nnduvD737ib6//fdPL60VHCrnlXrWaT5J43nl1BCKnn+LQ/P9yH3+lZrvT9HzL1vPge2bxxvIrPeGcvHztRomPF9PfbDn+XMfvXFJ7vN1X6vP12vHrZULnq8HS//JPr+Syvg8Zu75Na6jJCtGfnnTETsevm7lMbWCon5d37pZvz6thfFHzn794qKn+68Y+Hf/tXPnjR+89d6Lfz+04gu1gvaPe8ylM8e9mrZvNad961nHcWdj+779sivWr6mVH7zXv+myYPwTTyVbtm3/7ND69cObt7S2X62+nsZ6sq3c7utpPLstLNiv0oT9mrkbrbRXq8+3mP+atttr/POtNyRtXcdt//WCOZ/64c1X9k14VFrRJaU0fqmt+H8894kXLrr5e9/KjX97jF9pK/7Qs4/dtvjIS3flxr8jSeNX24q/YvcT3XP3P/hQbvzBmP/stuI/c/YH/3T3U/c/lxs/xPi97bX/i7vOfLq//y+58Z9M0npGr5FCuPfl09bW1pOxOcFqQx5d4/IK2fUks17KrJcb10u1udZ6BeUkGV8et0vLj2/IpZlP5JTHq7DqotrylbgesjcmLz/YlBrO/c3Ki65TAQAOd/H9/3gNGt//H04vlPJnGuCA6Y7DFuXEjeOwA/M5s8bdvyiNHx8f5wH73x4GR5fXD9Qu9Kf6PkJ8PmTnOWM9J50wPka785xF8+9LMusxr9p8eaVhHJqaOK6phBbm3yfWM/n8e2b3i+fHB26akNZAw7xV9vh1pTNmzT7vkMm3Mhohr39k58Xi5zn654WVY/W12D+yn6OJxyH7OZpYzzGZE2e7n6OZbv+IaU/SP8ZSLn5/Y+LxC5O074Hj1zxa9vhN4XhXR7ef6fdnOzBv2PSU9urNG7bwfliT+K2+H1afl1wxcZvJ4r9e5iUP9nnDWB73o9LifOLHc8pbmU9snJfLm0+Mp4uY175Jcnk1mE8EDldx/B9fI0bH/6MX4P83s13RdWj2qjHGy/2cULl5PkXjjomf0+tp63V89e5NX+7u339S7nXOQ61+7mfTuLWegs/9FLXj0sx6YTvmTNAUjfey9RS1e/ZzGb1hblvtfteOne+8c/4t5+S2+8raC2lxu39t3NrcgnY/BMYLzeMfbuOFg/1zDDsz8Q+RzzEUzZ+9ZuOR9INPMzUe+VhO+VQ/39Az4UZ9v8YccuORrtFzKADARHH8X3//LB3//4+4QXpRVzRuPTmzHuPljlu7mueTN279SLq8OrN9b/obFVO9bj7vxAdumLP//uNyxy13tDoO/Q/j1voKx6HTGzfnjiNWdubz4rnjiPo4a3rjxNz86+PE6Y3Tc+PXx+nTG0fntk99HD29eYDc+PV5gEP7fbHC+bpMZXG11fm6w3Ycnf767EyNoy/IKZ/qOLp3wo36fo05FMfRAACHkzj+j5dxcfz/aGa76b7Pnjsu6NB1e/bvgdTjP/lqjSvbGPfNDiG0PO6b6XHrTI/rZ3pe4lAfF8/0vNDMzpO97sfFaaXGxQAAHMzi+D9+VjB//D+98Umz8VvXuPHJQTg+n9L7ssbnTeMfNuPzQ33+y/jf++LFjP8BAA5vcfwff+0x/v2//5SuZ/9uvXF6TnzjdOP0yfpPy+P0zs+zBZ8DeG3nARp+Eds8AAAAr4WusZHSxN+z/2S6zP6efd7v5V+Us32rKunl8aVbNw8PX3zlpjVDW4cv3njFmuEtF1+1ed3WrcMba9tNd9yYO25Jx41doZK2R/PtsuO2+enfQ5if8/cQstvHsMeO3Zj49xCy1c4u+DsCB45fa/nmHb9S4/bV8ds36x95xzsv/idyto/qx/+yT5968dotF6/buG7ruqH167YPj99udNTaM4XvzYzNMqXvS838mKA09e/v7EwepQl5dKXtkff97EkmjwVpJgvyvv8gJ+9f/Zevfu7EkX/cHcLgUeU3Tqv9khUj//HC4Y9s3fu7TaP5z87mP6sxn/qWaV5F31ea3T7uT2X9FVu2nrL2iis3Zr9Rsj1xPqNUX5+h+Yz06V9ucX5idU75VD+nUJ5w4+DU8vwEAADjxPf/4/VsfP/wK+kFVCxvfZw+vfePc8fpg62N07PfS1Y0Ts9uH/e31XF6dZrj9Gz9ReP0Zts3G6fnjbvz4n8sZ/upar2fTO9zHrn95JLW+kn2+wyK+kl2+6n2k2Sa/SRbf1E/abZ9s36Sd9zz4n80Z/s8rfeH6X0uJ7c/3N5af3hLZr2oP2S3n2p/KE2zP2TrL+oPzbZv1h/yjm9e/PNztm/V+P4x2jHG+sXwxVddsfmzDdvN9PdfTD+/mf3+j3a1nv/Mfu5r5vOf2c+VzXz+0/tcWW7+T05vJqz1/Gf2+13a9arN16az10WfPyuax12VUz7VedxZE24cnMzjwmsnjv/j2z1x/H9Luuz020CH/vekHSLfY5aNf4h8j1nRdYzX80kqOwh4PQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoTXdl0dhy741b9p9/zAd+9cXhl6/78M82XP/ma37w54HL3vfLe3q+/8qeNcev/f37j7jsgc+cs3vntx9+ae59/3y2MHDf2M/KyelqNYTk+SSE6s/3ff1Lex4/erQsCSGUk74dISxIFj68IMlEGPx7CGFNPc/xd9778mlrR5fX39I9rnx+Jkh2v0JvOebTmGcIVxfuEYegatrPtu+/6pTwh/euuuE3i3/8o65dz+04sElSbehPIcy7pPHxXSGE2en/UbG3LYoPTpcrQwg9DY87qyCvE1rMf1nO+rHpcla67J00yqz6rSWZ7UuZLbPrUVdm2TNpfdOXl0e72xWZk1nPnoymKy/PWL4gXf40XZ48xfjl+D8JpSRU6umvTxqP/oHjloRk7FhW6+ul+rEN6f5n1pPMeimzXu7K7NdYvWlHKyfJ+PK4XaY8no4rafnxjefqJi7IKX9DuqymT9RX4nrI3qjpnXCjvl9jYl77Jsnl1VBqOAc1K68f+PRg9KZlvcnCCY8ZaSLet2fVrUvLqx/Z25eTR3JPksZP2oq//dcL5nzqhzdfuSgv/iWlNH6prfh/PPeJFy66+Xvfyo1/e4xfbiv+qQ/2PH/uozcuyW2ffbF9Km3FH3r2sdsWH3nprtz874jxq23FX7H7ie65+x98KDf/wdg+s9uK/8zZH/zT3U/d/1xu/BDj97QVf/XuTV/u7t9/Um78h2L79LbXf17cdebT/f1/GciL/2SMP7et+Hft2PnOO+ffck7u8V0Z26evrfjnnfjADXP2339c3rkzuaNTr5wAr09HpNdYN6Xr7Y4zp6thvPDNgUrtmm9O+n9uJyvKGK1n3gzGBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8PTba0//5IXv+eiqShJCkrPNSBPxvvKsFSsG2qh36NnHblt85KW7GssWtREHAAAAKBbH4aV6STUsClcls8OxTbePcwTHxrVkfHl2DiHGyc4RtBun1KE45Q7FqXQoTleH4szqUJzuDsWpFsSphtbizJ4kTmW0V7SYT8+k+bQep7dDceZ0KM7cDsWZ16E48zsUp2/SOK33wwUdirOwQ3GO6FCcIzsU56gOxfmXDsU5ukNxsnPKU+2Hc9Mtj8mLM3ajXBinkpTrdzSbTz86ree4adbTW1DP3KLX4xbrmd1iPSdkHleaYj3VFut50zTrSVqs5y3TrKdUUE/st1dn84v1xLUW+/+2DsXZPr04/yteb13ToXyu7VCcz3cozhc6FOe6acYBaFUc/x8Y7/WF7sq7Qk96xsnOAsTx7uKxnxNf7/JOSDHeGzPls4riZQfqmXiLp5pfdgIhE29JprxrXLxKfTwySbxqY7ylmTsL9zc7oZDJ7+RMeXdRvHQHbm0eFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66rfXnv7JC9/z0VUhCaP/mhppIt5XnrVixUAb9e5ZdevS8upH9jaWdVfaCAQAAAAUiuPwrnpJNXRXlofuZNa47arpPEA1XS/31Zb988LK0WUyUBpb70kWTPq4Svq4ZVs3bFq2Zdv2t63bMHT58OXDG9+x/PTlZw6eceYZy9auWz88WPsZQndBvBDC2PTDlm3bPzu0fv3w5i21wmz+i9LHLUrXk/Rx/W8Pg6PL69P8FxbUV5pQ37anz67ddaCkQzcKDh0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwr+zaX4hcVx0H8HNnZmem26Zd6b9paDZD/pSoRZO4lVRL94JgoU1CloLMVtcSbILFTRPapMQ6tgHbmqAILYEQyYORWGwtvvSPLWL/EIjUaMCNQdqifdAHpdVKWvIgKSO7O2d2ZjKTWcfStPHzebj3zrm/c373zMPC984CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+4qerIRGV0bHwwCSHpUlPrIN7L5tO03Effrzy/7QeF4VMrmscKuT4WAgAAAHqKOXygMVIMhVw2ZMNVM5+WTB/y9RthLvcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/f6aqIxOV0bHxC5MQki41tQ7ivWw+Tct99H3jnSc/++rw8N+ax0p9rAMAAAD0FnN4pjFSDKWwNAwkV7XUxXcDC9vmt9fFdRbNs6793UG3uqXzrLtmnnUf71G3vn7eGQAAAOCjL+b/XGNkKBRyC7rm/165PtYtbqvL1s/9/K8AAAAA8L+J+b/QGCmFQq7UyOvzzftL2uri/F6/28f5y7vM7/V7/rr62e/0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDRMVUdmaiMjo1nkxCSLjW1DuK9bD5Ny330Xf3C4D9uOfzQkuaxQq6PhQAAAICeYg6fi97FUMgNhoFw4UzuH77pwNNfevrZkRDCbMzP58POjdu337169hjrVh09PPD9I299u7FMrFs1ezwnmwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN5XU9WRicro2PgFSQhJl5paB/FeNp+m5T76vv75L/7l8RPPvdk8VupjHQAAAKC3mMPnsn8xlEI+5MMVM5+as/60TNv8bu8MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPPHPd+87xsbJyc33e3ChQsXjYtz/ZcJAAB4vy0OSaj9l67ccK6fGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DCYqo5MVEbHxotJCEmXmloH8V42n6blPvqmzx8rLDj1wkvNY6U+1gEAAAB6izl8LvsXQykMhIFw+cynTu8EZvL/0Af4kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCHylR1ZKIyOja+IAkh6VJT6yDey+bTtNxH38d27f/coUu+d3PzWCHXx0IAAABATzGH5xsjxVDIfSIUwtX1z5OtE5Js/dz5vcDcvG0t0wbnPa/aMi8773m723aWq+9mdl4xrjc0e27MK585r9w0rxQa7cst88LellkLejxnAAAAgHMo5v9CY2QoFHKFppz705b6ITkXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOhiqjoyURkdG0+SEJIuNbUO4r1sPk3LffS977cfu+irP9uzo3ms1Mc6AAAAQG8xh89l/2IohUXh4rBoJveHodb6WPfPyulDj/7rrytCWHnF8eFc+7I/ihe/fv3GF9sPIWRaqzMhXFLvl3Tp95vfP3rvstrpx0NYeXn26jP6hbP3m1OrlZO09kxl07rtR45v6/39AAAAwPkg5v+BxshQKOTuChdfPPvDf3v+j8m7R/5vmAngl9y76xeX1Y/1RN42IzNUz/+ZLv2+sOzJPy9f8/e3pvP/2fp9ev+WQ5e1NJwdaZOktdEtO9Yfv+5gJu56tn+2rX/8Xr78rTf/vXnnI6dn+xdDsT6+MNep/5nHNhektcnMvvG17+2rtvbPddn/Q7976cSvFu55d7r/O4sHG/2vOcv+z95/8NaH916///D66U9z/UMI5U7933735nDlH+98sH3/g20LN3/zzcd2ae3okpMH1xwo3dC6/6Stf/z+f37isb0/eeS7z8b+8X9FViydb/+Wd05JWntl96W7Xn5gw8LW/pku+3/xtleHt5a/84f2/d/Rsmqu61O0SdLaE9c+dftrG9P7z/hqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzitT1ZGJyujYeCYJIelSU+sg3svm07TcR983bjn29m17fvzD5rFSH+sAAAAAvcUcPpf9i6EU8iEfBmdy/zOVTeu2Hzm+LQzN3k3q59zk1nu2f3Lz1h133XGOnhwAAACYr5j/c42RoVDILQsD9fw/umXH+uPXHczE/J+J+X/znZObVoZG3Su7L9318gMbFjbeE4Qw828Bxem6z8zV3XTjsaGTf/r68o51q+fqji45eXDNgdINsS40160KjfcTT1z71O2vbUzvbzxfc92nvrZ1sv56Iq47eOvDe6/ff3h9Yx/182B93Vg3mdk3vva9fdVYl62fi/V9AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnmqqOTFRGx8ZDNoSkS02tg3gvm0/Tch991y775YMXnXpuUfNYIdfHQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/IcdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NdPaBxlHwfw59lN3myzSZu0LxgV07QqSj1YFET0oqIirUjBU6VItbUHURBElHowlVYsVfEiWL0UUUGNUlCwsVhaJRX/FS8eVFCoHoRSDGiX4kElu89sN9MdVydVUD8fGJ48z8x85zfzPDubBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+EcZ6Btrtod33N+45ZwbPnr0rhOP3PTOvdsuevjV7yY2Xffh3sGXTs5sXrHly+uXbdp/95rp3c8f+mn4rV+O9gx+qNWsSt1aCPF4DKH27uwzj818fNbcWAwhVOPIZAijcemh0ZhLWP1zCGFzu875O988cfmWuXbbroF540tyIfn7CvVqVk/LyPx6+XeppXW2tfHgJeHra9dv/3T5G6/3Tx2bPHVIrHWspxAWb+w8vz+EsChtc7LVNpadnNp1IYTBjvOu7FHX+X+w/ksL+uem9n+prffIyfavzPUruePy/Ux/rh3scb2FKqqj7HG9DOX6+ZfRQhXVmY2Ppvbt1K76k/nVbIuhEkNfu/x74qk1EjrmLYbYnMtau19pz21I95/rx1y/kutX+3P31bxuWmjVGOePZ8flxrPXcV8aX9H5ru7i1oLxs1NbSx/Uk1k/5P9oqZ/2R/u+mrK6Zn+nlr9DpeMd1G28PfFpMupprB6XnnbOr11k+2bWP3FhdcN7h0cK6oh7Y8qPpfK3fjI6dPtrOx8YK8rfWEn5lVL536w98sNtO194rjD/6Sy/Wir/sgODx9e+v2Nl4fOZzZ5PX6n8O45+8OTy/9851W2um/l7svxaqfxrpo8MDDcOHCysf3X2fBaVyv/q6hu/feXzfccK80OWP1gqf8P0fU8NjDcuLsw/2Poo1JsrtMT6+XHqii/Gx7+fKMr/LHv+w13yY8/8lyd3X/Xikl1rCtfnuuz5jJSq/+YL9m8fauw7r+jdGfecqW9OgP+mZel/rMdTv+zvzIXq+L3w7ERf6xtoKG3DZ/JCOXPXWfwX5gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAbO3BAAgAAACDo/+t2BAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAAA//8QNCLG") [ 75.127793][ T5317] Bluetooth: hci0: command tx timeout [ 75.225608][ T5336] batman_adv: batadv0: Adding interface: ipvlan2 [ 75.228413][ T5336] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.242413][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.246550][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.250478][ T5336] batman_adv: batadv0: Interface activated: ipvlan2 [ 75.299609][ T5336] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.303920][ T5336] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.388282][ T5336] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.396378][ T5336] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.471422][ T5336] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.479883][ T5336] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.490060][ T5336] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.500258][ T5336] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.556436][ T5336] batman_adv: batadv0: Interface deactivated: ipvlan2 [ 75.618284][ T5337] sp0: Synchronizing with TNC [ 75.842817][ T5341] loop0: detected capacity change from 0 to 32768 [ 75.949994][ T5341] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,grpquota,prjquota,nochanges,nojournal_transaction_names,read_only,version_upgrade=incompatible [ 75.950013][ T5341] allowing incompatible features above 0.0: (unknown version) [ 75.950030][ T5341] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 76.015229][ T5341] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 76.019507][ T5341] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 76.039476][ T5341] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:c0004000b compress none [ 76.039496][ T5341] has non ptr field, deleting [ 76.064435][ T5341] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 76.067975][ T5341] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 76.067975][ T5341] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 76.067975][ T5341] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 76.103994][ T5341] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version) [ 76.103994][ T5341] [ 76.195166][ T5341] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing [ 76.210422][ T5341] bcachefs (loop0): btree node read error at btree snapshots level 0/0 [ 76.210455][ T5341] u64s 11 type btree_ptr_v2 POS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 251 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 76.210465][ T5341] loop0 node offset 0/251 bset u64s 0: incorrect max key SPOS_MAX [ 76.210472][ T5341] flagging btree snapshots lost data [ 76.210478][ T5341] running recovery pass reconstruct_snapshots (21), currently at recovery_pass_empty (0) [ 76.210486][ T5341] ret btree_node_read_validate_error [ 76.251352][ T5341] bcachefs (loop0): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing [ 76.276881][ T5341] bcachefs (loop0): check_topology... [ 76.277003][ T5341] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 76.292864][ T5341] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 76.298153][ T5341] bcachefs (loop0): bch2_check_root(): error restart_recovery [ 76.301454][ T5341] bcachefs (loop0): scan_for_btree_nodes... [ 76.325398][ T5345] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0: (unpack error) [ 76.325427][ T5345] invalid variable length fields, deleting [ 76.373549][ T5341] bcachefs (loop0): btree node scan found 6 nodes after overwrites [ 76.377268][ T5341] done [ 76.378510][ T5341] bcachefs (loop0): check_topology... [ 76.378592][ T5341] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 76.386878][ T5341] bcachefs (loop0): no nodes found for btree inodes, continuing [ 76.397751][ T5341] bcachefs (loop0): btree root snapshots unreadable, must recover from scan [ 76.408324][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.411156][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.422084][ T5341] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=snapshots level=0 POS_MIN - SPOS_MAX [ 76.426779][ T5341] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 76.453345][ T5341] done [ 76.454527][ T5341] bcachefs (loop0): accounting_read... done [ 76.471426][ T5341] bcachefs (loop0): alloc_read... done [ 76.475356][ T5341] bcachefs (loop0): snapshots_read... done [ 76.478564][ T5341] bcachefs (loop0): check_allocations... [ 76.480957][ T5341] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 76.480980][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 76.554836][ T5341] bcachefs (loop0): bucket 0:32 data type btree ptr gen 0 missing in alloc btree [ 76.554851][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 76.582853][ T5341] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 76.582868][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 76.607326][ T5341] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree [ 76.607341][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 76.633092][ T5341] bcachefs (loop0): bucket 0:0 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.637454][ T5341] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.653601][ T5341] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.661101][ T5341] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.682679][ T5341] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.686912][ T5341] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.702438][ T5341] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.706897][ T5341] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.722546][ T5341] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.726789][ T5341] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.744193][ T5341] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.748597][ T5341] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.765024][ T5341] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.769473][ T5341] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.812752][ T5341] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.816986][ T5341] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.830208][ T5341] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.845622][ T5341] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 76.850677][ T5341] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.869196][ T5341] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.881464][ T5341] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.881478][ T5341] Ratelimiting new instances of previous error [ 76.898903][ T5341] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.898914][ T5341] Ratelimiting new instances of previous error [ 76.928600][ T5341] done [ 76.938840][ T5341] bcachefs (loop0): going read-write [ 77.179882][ T5341] bcachefs (loop0): journal_replay... [ 77.207777][ T5317] Bluetooth: hci0: command tx timeout [ 77.276861][ T5341] done [ 77.283304][ T5341] bcachefs (loop0): check_lrus... done [ 77.286725][ T5341] bcachefs (loop0): check_backpointers_to_extents... done [ 77.290410][ T5341] bcachefs (loop0): check_extents_to_backpointers... [ 77.291056][ T5341] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 77.312853][ T5341] done [ 77.314294][ T5341] bcachefs (loop0): reconstruct_snapshots... done [ 77.317224][ T5341] bcachefs (loop0): check_subvols... done [ 77.319542][ T5341] bcachefs (loop0): check_inodes... done [ 77.333261][ T5341] bcachefs (loop0): check_dirents... [ 77.351591][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 3190323292376496539 [ 77.353448][ T5341] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 77.377774][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 7678008974099381334 [ 77.377800][ T5341] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.398087][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 4661933886024199734 [ 77.398101][ T5341] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.419944][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.419957][ T5341] u64s 7 type dirent 4096:3190323292376496539:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 77.437542][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 4082484112483784013 [ 77.437556][ T5341] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 77.462315][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.462328][ T5341] u64s 7 type dirent 4096:4661933886024199734:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.469480][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.469491][ T5341] u64s 7 type dirent 4096:7678008974099381334:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.488339][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 7128898108458351469 [ 77.488354][ T5341] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 77.508817][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 5093803475723447206 [ 77.508831][ T5341] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 77.530794][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 4430203757905896169 [ 77.530811][ T5341] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing [ 77.564556][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 7959886895306824490 [ 77.564570][ T5341] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing [ 77.583104][ T5341] bcachefs (loop0): check_dirents requires second pass [ 77.586414][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.586425][ T5341] u64s 7 type dirent 4096:4082484112483784013:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 77.611562][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.611576][ T5341] u64s 8 type dirent 4096:5093803475723447206:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 77.628348][ T5341] ================================================================== [ 77.631932][ T5341] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 77.635453][ T5341] Read of size 1 at addr ffff888055323048 by task syz.0.0/5341 [ 77.638920][ T5341] [ 77.640056][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) [ 77.640072][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.640079][ T5341] Call Trace: [ 77.640086][ T5341] [ 77.640092][ T5341] dump_stack_lvl+0x189/0x250 [ 77.640112][ T5341] ? __virt_addr_valid+0x1c8/0x5c0 [ 77.640125][ T5341] ? rcu_is_watching+0x15/0xb0 [ 77.640136][ T5341] ? __kasan_check_byte+0x12/0x40 [ 77.640151][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.640164][ T5341] ? rcu_is_watching+0x15/0xb0 [ 77.640177][ T5341] ? lock_release+0x4b/0x3e0 [ 77.640189][ T5341] ? __virt_addr_valid+0x1c8/0x5c0 [ 77.640203][ T5341] ? __virt_addr_valid+0x4a5/0x5c0 [ 77.640217][ T5341] print_report+0xd2/0x2b0 [ 77.640228][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.640241][ T5341] kasan_report+0x118/0x150 [ 77.640256][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.640271][ T5341] bch2_check_dirents+0x1fac/0x33f0 [ 77.640312][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 77.640326][ T5341] ? desc_read+0x1b8/0x3f0 [ 77.640341][ T5341] ? prb_first_seq+0xfd/0x1a0 [ 77.640352][ T5341] ? __pfx_bch2_check_dirents+0x10/0x10 [ 77.640364][ T5341] ? __pfx_prb_first_seq+0x10/0x10 [ 77.640376][ T5341] ? desc_read+0x1b8/0x3f0 [ 77.640390][ T5341] ? this_cpu_in_panic+0x4f/0x80 [ 77.640402][ T5341] ? _prb_read_valid+0xa07/0xa90 [ 77.640413][ T5341] ? console_flush_all+0x13a/0xc40 [ 77.640430][ T5341] ? up+0xde/0x150 [ 77.640479][ T5341] ? __console_unlock+0x14c/0x1a0 [ 77.640494][ T5341] ? __pfx___console_unlock+0x10/0x10 [ 77.640510][ T5341] ? prb_read_valid+0x3c/0x60 [ 77.640523][ T5341] ? console_unlock+0x21b/0x270 [ 77.640536][ T5341] ? __pfx_console_unlock+0x10/0x10 [ 77.640553][ T5341] ? vprintk_emit+0x63e/0x7a0 [ 77.640572][ T5341] ? __bch2_print+0x176/0x220 [ 77.640587][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 77.640601][ T5341] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.640617][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.640629][ T5341] __bch2_run_recovery_passes+0x395/0x1010 [ 77.640657][ T5341] bch2_run_recovery_passes+0x184/0x210 [ 77.640671][ T5341] bch2_fs_recovery+0x2690/0x3a50 [ 77.640684][ T5341] ? check_noncircular+0xe0/0x160 [ 77.640701][ T5341] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 77.640718][ T5341] ? __lock_acquire+0xab9/0xd20 [ 77.640738][ T5341] ? __lock_acquire+0xab9/0xd20 [ 77.640752][ T5341] ? __lock_acquire+0xab9/0xd20 [ 77.640769][ T5341] ? bch2_fs_start+0xa0f/0xda0 [ 77.640784][ T5341] ? up_write+0x1c4/0x420 [ 77.640797][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 77.640812][ T5341] bch2_fs_start+0xaaf/0xda0 [ 77.640826][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 77.640840][ T5341] ? __pfx_bch2_fs_start+0x10/0x10 [ 77.640859][ T5341] ? sget+0x267/0x620 [ 77.640873][ T5341] bch2_fs_get_tree+0xb39/0x1520 [ 77.640892][ T5341] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 77.640910][ T5341] ? aa_get_newest_label+0xf7/0x5d0 [ 77.640927][ T5341] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 77.640946][ T5341] ? apparmor_capable+0x137/0x1b0 [ 77.640959][ T5341] vfs_get_tree+0x92/0x2b0 [ 77.640974][ T5341] do_new_mount+0x24a/0xa40 [ 77.640990][ T5341] __se_sys_mount+0x317/0x410 [ 77.641008][ T5341] ? __pfx___se_sys_mount+0x10/0x10 [ 77.641024][ T5341] ? do_syscall_64+0xbe/0x3b0 [ 77.641035][ T5341] ? __x64_sys_mount+0x20/0xc0 [ 77.641051][ T5341] do_syscall_64+0xfa/0x3b0 [ 77.641061][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.641071][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.641082][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 77.641095][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.641106][ T5341] RIP: 0033:0x7fbec05900ca [ 77.641118][ T5341] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.641127][ T5341] RSP: 002b:00007fbec1454e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.641141][ T5341] RAX: ffffffffffffffda RBX: 00007fbec1454ef0 RCX: 00007fbec05900ca [ 77.641149][ T5341] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fbec1454eb0 [ 77.641157][ T5341] RBP: 00002000000000c0 R08: 00007fbec1454ef0 R09: 0000000000818001 [ 77.641165][ T5341] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 77.641172][ T5341] R13: 00007fbec1454eb0 R14: 0000000000005978 R15: 0000200000000480 [ 77.641184][ T5341] [ 77.641188][ T5341] [ 77.825580][ T5341] The buggy address belongs to the physical page: [ 77.828135][ T5341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55323 [ 77.831900][ T5341] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 77.835057][ T5341] raw: 04fff00000000000 0000000000000000 ffffea000154c8c8 0000000000000000 [ 77.838715][ T5341] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 77.842390][ T5341] page dumped because: kasan: bad access detected [ 77.845056][ T5341] page_owner tracks the page as freed [ 77.847305][ T5341] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5341, tgid 5335 (syz.0.0), ts 76207554718, free_ts 77628207927 [ 77.853629][ T5341] post_alloc_hook+0x240/0x2a0 [ 77.855629][ T5341] get_page_from_freelist+0x21e4/0x22c0 [ 77.857875][ T5341] __alloc_frozen_pages_noprof+0x181/0x370 [ 77.860128][ T5341] __alloc_pages_noprof+0xa/0x30 [ 77.862064][ T5341] ___kmalloc_large_node+0x85/0x210 [ 77.864006][ T5341] __kmalloc_large_node_noprof+0x18/0x90 [ 77.866395][ T5341] __kvmalloc_node_noprof+0x6d/0x5f0 [ 77.868348][ T5341] bch2_btree_node_read_done+0x3305/0x5520 [ 77.870521][ T5341] btree_node_read_work+0x426/0xe30 [ 77.872808][ T5341] bch2_btree_node_read+0x887/0x2a00 [ 77.875107][ T5341] bch2_btree_root_read+0x5f0/0x760 [ 77.877445][ T5341] read_btree_roots+0x2c6/0x840 [ 77.879238][ T5341] bch2_fs_recovery+0x261f/0x3a50 [ 77.881276][ T5341] bch2_fs_start+0xaaf/0xda0 [ 77.883301][ T5341] bch2_fs_get_tree+0xb39/0x1520 [ 77.885349][ T5341] vfs_get_tree+0x92/0x2b0 [ 77.887308][ T5341] page last free pid 5341 tgid 5335 stack trace: [ 77.890030][ T5341] __free_pages_ok+0xa44/0xc20 [ 77.891969][ T5341] __folio_put+0x21b/0x2c0 [ 77.893774][ T5341] free_large_kmalloc+0x145/0x200 [ 77.896097][ T5341] btree_node_sort+0x117f/0x1760 [ 77.898299][ T5341] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 77.900577][ T5341] bch2_btree_node_prep_for_write+0x337/0x650 [ 77.902891][ T5341] bch2_trans_lock_write+0x669/0xba0 [ 77.905152][ T5341] __bch2_trans_commit+0x2773/0x8870 [ 77.907248][ T5341] bch2_check_dirents+0x1c5c/0x33f0 [ 77.909270][ T5341] __bch2_run_recovery_passes+0x395/0x1010 [ 77.911640][ T5341] bch2_run_recovery_passes+0x184/0x210 [ 77.914135][ T5341] bch2_fs_recovery+0x2690/0x3a50 [ 77.916411][ T5341] bch2_fs_start+0xaaf/0xda0 [ 77.918502][ T5341] bch2_fs_get_tree+0xb39/0x1520 [ 77.920860][ T5341] vfs_get_tree+0x92/0x2b0 [ 77.922916][ T5341] do_new_mount+0x24a/0xa40 [ 77.924934][ T5341] [ 77.925986][ T5341] Memory state around the buggy address: [ 77.928479][ T5341] ffff888055322f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.931889][ T5341] ffff888055322f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.935413][ T5341] >ffff888055323000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.938838][ T5341] ^ [ 77.941660][ T5341] ffff888055323080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.945215][ T5341] ffff888055323100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.948719][ T5341] ================================================================== [ 78.151551][ T5341] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 78.154897][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) [ 78.160803][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.165318][ T5341] Call Trace: [ 78.166672][ T5341] [ 78.167974][ T5341] dump_stack_lvl+0x99/0x250 [ 78.170025][ T5341] ? __asan_memcpy+0x40/0x70 [ 78.172088][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.174437][ T5341] ? __pfx__printk+0x10/0x10 [ 78.176603][ T5341] panic+0x2db/0x790 [ 78.178511][ T5341] ? __pfx_panic+0x10/0x10 [ 78.180563][ T5341] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 78.183237][ T5341] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 78.186105][ T5341] ? print_memory_metadata+0x314/0x400 [ 78.188492][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.190995][ T5341] check_panic_on_warn+0x89/0xb0 [ 78.193320][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.195894][ T5341] end_report+0x78/0x160 [ 78.197826][ T5341] kasan_report+0x129/0x150 [ 78.199928][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.202338][ T5341] bch2_check_dirents+0x1fac/0x33f0 [ 78.204736][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.207102][ T5341] ? desc_read+0x1b8/0x3f0 [ 78.209057][ T5341] ? prb_first_seq+0xfd/0x1a0 [ 78.211063][ T5341] ? __pfx_bch2_check_dirents+0x10/0x10 [ 78.213385][ T5341] ? __pfx_prb_first_seq+0x10/0x10 [ 78.215582][ T5341] ? desc_read+0x1b8/0x3f0 [ 78.217549][ T5341] ? this_cpu_in_panic+0x4f/0x80 [ 78.219731][ T5341] ? _prb_read_valid+0xa07/0xa90 [ 78.221908][ T5341] ? console_flush_all+0x13a/0xc40 [ 78.224065][ T5341] ? up+0xde/0x150 [ 78.225678][ T5341] ? __console_unlock+0x14c/0x1a0 [ 78.227861][ T5341] ? __pfx___console_unlock+0x10/0x10 [ 78.230211][ T5341] ? prb_read_valid+0x3c/0x60 [ 78.232307][ T5341] ? console_unlock+0x21b/0x270 [ 78.234373][ T5341] ? __pfx_console_unlock+0x10/0x10 [ 78.236672][ T5341] ? vprintk_emit+0x63e/0x7a0 [ 78.238758][ T5341] ? __bch2_print+0x176/0x220 [ 78.240867][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.243530][ T5341] ? _raw_spin_unlock_irq+0x23/0x50 [ 78.245727][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.247996][ T5341] __bch2_run_recovery_passes+0x395/0x1010 [ 78.250661][ T5341] bch2_run_recovery_passes+0x184/0x210 [ 78.253245][ T5341] bch2_fs_recovery+0x2690/0x3a50 [ 78.255449][ T5341] ? check_noncircular+0xe0/0x160 [ 78.257788][ T5341] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 78.260220][ T5341] ? __lock_acquire+0xab9/0xd20 [ 78.262385][ T5341] ? __lock_acquire+0xab9/0xd20 [ 78.264525][ T5341] ? __lock_acquire+0xab9/0xd20 [ 78.266762][ T5341] ? bch2_fs_start+0xa0f/0xda0 [ 78.268860][ T5341] ? up_write+0x1c4/0x420 [ 78.270708][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 78.272942][ T5341] bch2_fs_start+0xaaf/0xda0 [ 78.274985][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 78.277171][ T5341] ? __pfx_bch2_fs_start+0x10/0x10 [ 78.279374][ T5341] ? sget+0x267/0x620 [ 78.281114][ T5341] bch2_fs_get_tree+0xb39/0x1520 [ 78.283360][ T5341] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 78.285694][ T5341] ? aa_get_newest_label+0xf7/0x5d0 [ 78.287956][ T5341] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 78.290404][ T5341] ? apparmor_capable+0x137/0x1b0 [ 78.292604][ T5341] vfs_get_tree+0x92/0x2b0 [ 78.294507][ T5341] do_new_mount+0x24a/0xa40 [ 78.296508][ T5341] __se_sys_mount+0x317/0x410 [ 78.298637][ T5341] ? __pfx___se_sys_mount+0x10/0x10 [ 78.300884][ T5341] ? do_syscall_64+0xbe/0x3b0 [ 78.302745][ T5341] ? __x64_sys_mount+0x20/0xc0 [ 78.304912][ T5341] do_syscall_64+0xfa/0x3b0 [ 78.306866][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.309144][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.311868][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 78.314070][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.316737][ T5341] RIP: 0033:0x7fbec05900ca [ 78.318753][ T5341] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.327335][ T5341] RSP: 002b:00007fbec1454e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 78.331051][ T5341] RAX: ffffffffffffffda RBX: 00007fbec1454ef0 RCX: 00007fbec05900ca [ 78.334622][ T5341] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fbec1454eb0 [ 78.338144][ T5341] RBP: 00002000000000c0 R08: 00007fbec1454ef0 R09: 0000000000818001 [ 78.341332][ T5341] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 78.344692][ T5341] R13: 00007fbec1454eb0 R14: 0000000000005978 R15: 0000200000000480 [ 78.348004][ T5341] [ 78.349725][ T5341] Kernel Offset: disabled [ 78.351886][ T5341] Rebooting in 86400 seconds..