program: r0 = getpid() perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xac, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9, 0xd, 0x0, 0x0, 0x0, 0x10}, r0, 0x0, 0xffffffffffffffff, 0x1) r1 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140), 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e00)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_DST_PORT={0x6}, @TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK={0x6}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000280)={0x84, @loopback, 0x0, 0x0, 'nq\x00'}, 0x2c) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000240)={[{@inodes_32bit}, {@shared_inode_numbers}, {@errors_continue}, {@grpquota}, {@nocow_enabled}, {@nochanges}, {@prjquota}, {@acl}, {@acl}]}, 0x1, 0x5989, &(0x7f00000002c0)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkIMpjVIlBCILZW/FBhk4o3ucROAaHkIuUgTjYsaEVkS0IliYAECSIHPijAhVNOJTj5g7gwddiKiyq4GIUy4ccJzsamuPioK0ydfYd9Vb7CHCoDOsrl817tTr/RbO/09uzMrH7A51PS9rw3Pd/37e43Pf3ezO4EAAAA3heeu2PnoctO+YPv/OX4O7f+4T9vvS0MlKfqq3GFwXR509HKkCOpt7J8apntF79x89d+Mnzt7337kf6vvntg4+mbfvD7J1z7xGcv3n//3z399qLHfvVaUdzYn84+XE7eSEKofuvgX3/+wAsnT9YlIYRyMrg3hKXJsqeXJpkQI78IIWxMC+XK9Dsffee8TZPL2+7unVa/JBNEf39/q6b9bM+hG88JP/zd9bd/b8U3/rFn3+t7D6+SVBv6UwiLr258fE/6vy8tx962PD44Xa4LIfQ3PO7CgrzOaDH/1TnlU9PlgnQ5UBAn3r8yUy5l1suWo57Msr+gvU7l5dHuekUWZsrZk1Gn8vKM9UvT5TfT5dlzjF+O/5NQSkKlnv6W5HAfCQ3HLQnJ1LGs1sul+rEN6fZnykmmXMqUyz2Z7ZpqN+1o5SSZXh/Xy9TH03ElrT+98VzdxOU59R9Il9X0ifpuLIfsjZqBGTfq2zUl5nVwllyOhFLDOahZfb2fpQdjIK0bSJbNeMxEE/G+A+vvWVXe8Mxzgzl5JI8kafxkah/NNf6e7y5d+Jmv33VD3rFNri6l8Uttxf/RJS++eeVdX/ny8rz498X45bbin/tk/xuXPHvHyrz9E7drIFTaij/22vP3rjjxmn25+T8Q93+1reM7uv/F3kWHnnwq9/iOxP3T11b+r1708R8//PLjr+fGDzF+f1vxN+zf/oXeoUNn5cZ/Ku6fgfb6z1v71r4yNPTT4bz4L8X4i9qK/9De+z/64JK7L849vuvi/hlsK/6lZz5x+8JDj5+W+/x6oFuvnADvTyek11h3puXZxpm9s4wzO9UwXvjb4UrtunVh+n9RNxvKXHxOtrO4m/EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRw0jn/+RP/81ODb1TScm9649VSbRnrF4SQ9IUQdu4a27Fr87brhj97/Q07to1tGR7bNTy+bdeO3cPn/9bwjvHtW8Z2T9478qHzao9bFpLaMjltRtu9ExMTpcHpdbG9f3Pmvh+uuvB//yyEkZO+P1TJzX/1/VsfPLHJz4xkdOJjW2+47PsX/EO6XYNpXoNN8pqYmJgIOXn9nyt++eBfHfzJWSGM/NpseT3/6u/8y7SEpioOx0mVekMtod6kv2ke9azTfOL+qmzavGV8ZPb9O/n4cs52/NubX//Fppu++Mva/q3mbkeL+7dvdGJL6W/WX/r//uaWWkVRXvXtyOQ138e9aH/HrYj5xf1XTff34nS7FudsVyVnf9/xvade/tYpd729N4xU3loxs+2i7epJO0BP8oGW2o0t9CdLp9VX0/XjEY+PW71r6/bVO3fv+dDmrWPXjV83vu0ja85fs3bkgrUXrJ7a8tVd3v7Y/q+3uP2t9qdsu3PrT0v+bO8348/W+lNRXkX7YzKv4v3RmFEmr0VTP/tGJ/ov//yXPnL/s5fVqov6eVy7/jxMl/2Tx3lNaOhvM/dVs+0q2g8hhOFm++HNty8OJ/+3zbcXnYcaj0zjz4xkdOKFlT//hwv/fvlv1yqOyHm+MaE2z/P1rA/nM7W/qunxmDhG929vKKfbNdA0rzUvPNtzz3M/+/N6fgsWhJvGdu3asab2c2Ga6cLk1KZ5ZWvjdq2Y+lkO6W4J9W7apL9O6gm1/LLnz7h6dq8OpPcNJMuabldWvO/A+ntWlTc881zenk4eqbXYF5+4yQdz1tySeWC5nnCz9o/V519R/xj6xN8/9qnH/un8Gf3j3NrPou1KcrbrGy8/9KWvfvHf/1P3tusTv/Pi4M//+5+uqlUcL+eVetZpPknjeeXcEIqefytC8+3Iff6Vmm9P0fMv287h9ZvHG86UB0K5+PlaDTOer+c+2f/GJc/esTL3+Xqw1efrLdNK5YLn67HSf7LPr6QyPY/5e35N6yjJ6MS37zxh79O3rjulVlHUr+trN+vX57Uw/sjZrn+58pWh64f/3X/t3nnja7/16FU/GBv9i1pF+8c95tKd415N9281Z//Ws47jzsb9++Frr9+ysVZ/1K9/a5pc/6bLgvFPPJXs3L3nc2Nbtozv2NnadrX6ehrbye7ldl9P49ltWcF2lWZs1/zdaGV/tfp8i/lvbHt/TX++DYSkreu4Pd9duvAzX7/rhsEZj0oburqUxi+1Ff9Hl7z45pV3feXLufHvi/ErbcUfe+35e1eceM2+3PgPJGn8alvxR/e/2Lvo0JNP5cYfifn3tRX/1Ys+/uOHX3789dz4IcYfaG//v7Vv7StDQz/Njf9SkrYzeY0UwqPvnLepVk5CT/p8i3n0TMsrZMtJplzKlMuN5VJtrrXeQDlJptfH9dL60xtyaeZPcurjVVh1eW35biyH7I3Z6481pYZzf7P6outUAID3uvj+f7wGje//j6cXSvkzDXBYp+Ow5Tlx4zjs8HzOgmn3L0/jx8fHecChD4eRyeVtw7UL/bm+jxCfD9l5ztjOWWdMjzGXec5SODzPWTT/vjJTjnnV5ssrDePQ1MxxTSW0MP8+s53Z598zm188Pz5854y0hhvmrbLHryedMWv2eYdMvpXJCHn9IzsvFj/PMbQ4rJtqr8X+kf0cTTwO2c/RxHZOyZw42/0cTaf9I6Y9S/+YSrn4/Y2Zxy/Msn8PH7/m0bLHbw7Huzq5/ny/P9uFecOmp7QjN2/YwvthTeK3+n5YfV5ydOY6s8V/v8xLHuvzhrE+bkelxfnET+XUtzKf2DgvlzefGE8XMa+Ds+RyJJhPBN6r4vg/vkZMjv8nL8D/b2a9ouvQ7FVjjJf7OaFy83yKxh0zP6fX39br+Ib927/QO3TorNzrnKda/dzP9mml/oLP/RTtx1WZcuF+zJmgKRrvZdsp2u/Zz2UMhEVt7feH9t7/0QeX3H1x7n5fV3shLd7vX5pWWlSw34+D8ULz+O+18YLPMUyP36XPMRTNnx218Uj6waf5Go/8cU79XD/f0D/jRn27phx345GeI5sXAHD86E3H//X3z9Lx//+IK6TXEUXj1rOzcdNl7rg15/okb9z6R+nypsz6A+lvVMz1uvnSM5+4feGhx0/LHbc80Oo49D9MKw0WjkM7GzfnjiPWdefz4rnjiPo4q7NxYm7+9XFiZ+P03Pj1cXpn4+jc/VMfR88+D9CTEz/OA+TGr88DHO/j3IL5ukxjsdjqfN17dhyd/vrsfI2jL8+pn+s4emDGjfp2TTGOBgA4uuL7//EyLo7/n82s1+n77Lnjgi5dt2f/Hkg9/ktHalzZ2fu/xeO++R63zve4fr7nJY73cfF8zwvN7zzZ+35cnDb6/hsX9x2x3AAA6Fwc/8eruPzxf2fjk2bjt55p4xPj86bxjc+PkfH58T7/dVTH/6Pv+fF/LIfsjZr37vgfAIDjSRz/x197jH//7z+l5ezfrTdOz4lvnG6cPlv/eWvf2ocHWxmnd3+eLfgcwNGdB2h4i9w8AAAAR0PP1Ehp5u/ZfzpdZn/PPu/38q/MWb9VlfTy+JpdO8bHr7ph+8axXeNXbbt+4/jOq27csXnXrvFttfU6HTfmjlvScWNPqKT7o/l62XHbkvTvISzJ+XsI2fVj2FOnbsz8ewjZZvsK/o7A4ePXWr55x680y/rN+kfe8c6L/yc560f143/tn5571aadV23etnnX5rEtm/eMT19vctTaP4fvzYy7ZU7fl5r5MUNp7t/f2Z08SjPy6En3R973syeZPJammSzN+/6DnLy/81/+6s/OnPjlwyGMnFT+YEf7Lxmd+I9XjP/Rrue+v30y/75Z86+vmeZV9H2l2fXj9lS2XL9z1zmbrr9hW/YbJdsT5zNK9fI8zWekT/9yi/MTG3Lq5/o5hfKMG8emlucnAACYJr7/H69n4/uHX0wvoGJ96+P0zt4/zh2nj0wfp+f91mn2e8mKxunZ9eP2tjpOr3Y4Ts+2XzROb7Z+s3F63rg7L/4f56w/V633k84+55HbT65ubT4n+30GRf0ku/5c+0nSYT/Jtl/UT5qt36yf5B33vPifzFk/T+v9obPP5eT2h/ta6w+/mSkX9Yfs+nPtD6UO+0O2/aL+ENcfb1i/WX/IO7558S/LWb9V0/vHZMeY6hfjV914/Y7PNaw3399/0Xl+8/v9H+1qPf/5/dzX/Oc/v58rm//8O/v9r9z8X+psJqz1/Of3+13adcTma9MPmxV9/qxoHnd9Tv1c53EXzLhxbDKPC0dPHP/Ht3vi+P/udNntt4GO/+9J8z1mTeN36XvMiq5jvJ7P0tgxwOs5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGt6K8unls/dsfPQZaf8wXf+cvydW//wn7fe9hs3f+0nw9f+3rcf6f/quwc2nr7pB79/wrVPfPbi/ff/3dNvL3rsV68VBh6c+lk5Oy1WQ0jeSEKofuvgX3/+wAsnT9YlIYRyMrg3hKXJsqeXJpkII78IIWys5zn9zkffOW/T5PK2u3un1S/JBMluVxgox3wa8wzhpsIt4jhUTfvZnkM3nhN++Lvrb//eim/8Y8++1/ceXiWpNvSnEBZf3fj4nhBCX/p/Uuxty+OD0+W6EEJ/w+MuLMjrjBbzX51TPjVdLkiXAwVx4v0rM+VSZr1sOerJLPsL2utUXh7trldkYaacPRl1Ki/PWL80XX4zXZ49x/jl+D8JpSRU6ulvSQ73kdBw3JKQTB3Lar1cqh/bkG5/ppxkyqVMudyT2a6pdtOOVk6S6fVxvUx9PB1X0vrTG8/VTVyeU/+BdFlNn6jvxnLI3qgZmHGjvl1TYl4HZ8nlSCg1nIOa1dcPfHowBtK6gWTZjMdMNBHvO7D+nlXlDc/05eWRPJKk8ZO24u/57tKFn/n6XTcsz4t/dSmNX2or/o8uefHNK+/6ypdz498X45fbin/uk/1vXPLsHSsH8+IfjPun0lb8sdeev3fFidfsy83/gRi/2lb80f0v9i469ORTufmPxP3T11b8Vy/6+I8ffvnx13Pjhxi/v634G/Zv/0Lv0KGzcuM/FffPQHv95619a18ZGvrpcF78l2L8RW3Ff2jv/R99cMndF+ce33Vx/wy2Ff/SM5+4feGhx0/LO3cmD3TrlRPg/emE9BrrzrTc7jizUw3jhb8drtSu+Ram/xd1s6GMyXYWz2N8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADem/71lvM/fcXHPrm+koSQ5Kwz0US8r7xgdHS4jXbHXnv+3hUnXrOvsW55G3EAAACAYnEcXqrXVMPycGPSF05tun6cIzg1lpLp9dk5hBgnO0fQbpxSl+KUuxSn0kKcvhbi9HQpnwVditPbpTjVgjjV0FqcvlniVCZ7RYv59M+aT+txBroUZ2GX4izqUpzFXYqzpEtxBmeN03o/XNqlOMu6FOeELsU5sUtxTupSnF+bW5zBvDgndymf7JzyXPvhonTNU/LiTN0oF8apJOX6Hc3m009O2zmtw3YGCtpZVPR63GI7fS22c0bmcaU5tlNtsZ1f77CdpMV2frPDdkoF7cR+e1M2v9hOLLXY/3d3Kc6ezuL8r3i9dXOX8rmlS3H+vEtx/qJLcW7tME62DJAnjv8Pj/cGQ2/lt0N/esbJzgLE8e6KqZ8zX+/yTkAx3gcz9QuK4mUH6pl4K+aaX3YCIRNvZaa+Z1q8Sn08Mku8amO8VZk7C7c3O6GQye/sTH1vUbzsxAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzKN/veX8T1/xsU+uD0mY/NfURBPxvvKC0dHhNto9sP6eVeUNzzzXWNdbaSMQAAAAUCiOw3vqNdXQW1kTepMF09arpvMA1bRcHqwthxaHdZPLZLg0Ve5Pls76uEr6uNW7tm5fvXP3ng9t3jp23fh149s+sub8NWtHLlh7wepNm7eMj9R+htBbEC+EMDX9sHP3ns+NbdkyvmNnrTKb//L0ccvTcpI+bujDYWRyeVua/7KC9koz2tv9ykW1uw7XdOlGwaEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/j+7dhci51X/Afw8M7Mz023z7/7p2zQ02yEvJWrRJG4l1dJ9QLDQJiFLQWaqawk2weKmCW1SYh3bgG1NUISWQIjkwkgsthZv+mKL2BcCkRoNuDFIW7QXeqG0WklLLiRlJLtzZmcmM5l1LE0bP5+L55k553fOb85cLHyfHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAzddG5usjE9Uh5MQkh419S7iXDafpuUB+n75+a3fL4yeXN46VsgNsBEAAADQV8zhQ82RYijksiEbrpx5t/j0Jd+YCHO5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+N8zXRubrIxPVC9MQkh61NS7iHPZfJqWB+j7xjtPfubV0dG/to6VBtgHAAAA6C/m8ExzpBhKYUkYSq5sq4vPBhZ2rO+si/ssmmdd57ODXnVL5ll3zTzrPtanbl3jviMAAADAR1/M/7nmyEgo5Bb0zP/9cn2su7qjLtu4D/JbAQAAAOC/E/N/oTlSCoVcqZnX55v3F3fUxfX9/m8f1y/rsb7f//PXNu7+Tw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHx3TtbHJyvhENZuEkPSoqXcR57L5NC0P0HfVC8N/v+XQQ4tbxwq5ATYCAAAA+oo5fC56F0MhNxyGwoUzuX/0pv1Pf/HpZ8dCCLMxP58POzZs23b3qtlrrFt55NDQ9w6/9a3mNrFu5ez1nBwOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4X03XxiYr4xPVC5IQkh419S7iXDafpuUB+r7+uS/8+fHjz73ZOlYaYB8AAACgv5jD57J/MZRCPuTD5TPvWrP+aZmO9b2eGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnj3u+cd/XN0xNbbzbCy+88KL54lz/ZQIAAN5vV4ck1P9DV6w/158aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4MJiujU1WxieqxSSEpEdNvYs4l82naXmAvunzRwsLTr7wUgghE8dKA50AAAAA6Cfm8LnsXwylMBSGwmUz77o9E5jJ/yMf4IcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPlSma2OTlfGJ6oIkhKRHTb2LOJfNp2l5gL6P7dz32YMXf/fm1rFCboCNAAAAgL5iDs83R4qhkPt4KISrGu+n2hck2ca9+3OBuXVb25YNz3tdrW1ddt7rdnWcLNc4zey6YtxvZPbeXFc+c125ZV0pNNuX29aFPW2rFvT5nAEAAADOoZj/C82RkVDIFVpy7k/a6kfkXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgh+na2GRlfKKaJCEkPWrqXcS5bD5NywP0ve83/3/RV366e3vrWGmAfQAAAID+Yg6fy/7FUAqLwv+FRTO5P4y018e6f1ROHXz0n39ZHsKKy4+N5jq3/WF88avXb3yx8xJCpr06E8LFjX5Jj36//t2j9y6tn3o8hBWXZa86o184e7859Xo5SevPVDau3Xb42Nb+3w8AAACcD2L+H2qOjIRC7q6e+T8m7z75v2kmgF98786fX9q4NhJ5x4pMofE7g0yPfp9f+uSflq3+21un8//Z+n1q3+aDl7Y1nB3pkKT18c3b1x277kAmnnr2vNmO/vF7+dI33/zXph2PnJrtXwzFxvjCXLf+Z147XJDWpzJ7q2ve21tr75/rcf6HfvvS8V8u3P3u6f7vXD3c7H/NWc5/9v7Dtz685/p9h9a19w8hlLv1f/vdm8MVf7jzwc7zD3ds3PrNt147JGn9yOITB1bvL93Q3j/p6B+//58df2zPjx/5zrOxf/ytyPIl8+2f6ej/yq5Ldr78wPqF7f0zPc7/4m2vjm4pf/v3nee/o23XXM9Pceb5n7j2qdtf25De3zkFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwfpmujU1WxieqmSSEpEdNvYs4l82naXmAvm/ccvTt23b/6AetY6UB9gEAAAD6izl8LvsXQynkQz4Mz+T+Zyob1247fGxrGJmdTRr33NSWe7Z9YtOW7XfdcY4+OQAAADBfMf/nmiMjoZBbGoYa+X988/Z1x647kIn5PxPz/6Y7pzauCM26V3ZdsvPlB9YvbD4nCGHmZwHF03Wfnqu76cajIyf++LVlXetWzdUdWXziwOr9pRtiXWitWxmazyeeuPap21/bkN7f/HytdZ/86papxuOJuO/wrQ/vuX7foXXNczTuw419Y91UZm91zXt7a7Eu27gXG+cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM40XRubrIxPVEM2hKRHTb2LOJfNp2l5gL5rlv7iwYtOPreodayQG2AjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Dc7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2K+f0DjKPg7gz7ObvNlmkzZpXzAqpmlVlHqwKIjoRUVFWpGCp0qRamsPoiCIKPVgKq1YquJFsHopooIapaBgY7G0Sir+K148qKBQPQilGNAuxYNKdp/ZbqY7rk6qoH4+MDx5npn5zm/meXY2CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8owz0jTXbwzvub9xyzg0fPXrXiUdueufebRc9/Op3E5uu+3Dv4EsnZzav2PLl9cs27b97zfTu5w/9NPzWL0d7Bj/Ualalbi2EeDyGUHt39pnHZj4+a24shhCqcWQyhNG49NBozCWs/jmEsLld5/ydb564fMtcu23XwLzxJbmQ/H2FejWrp2Vkfr38u9TSOtvaePCS8PW167d/uvyN1/unjk2eOiTWOtZTCIs3dp7fH0JYlLY52Woby05O7boQwmDHeVf2qOv8P1j/pQX9c1P7v9TWe+Rk+1fm+pXccfl+pj/XDva43kIV1VH2uF6Gcv38y2ihiurMxkdT+3ZqV/3J/Gq2xVCJoa9d/j3x1BoJHfMWQ2zOZa3dr7TnNqT7z/Vjrl/J9av9uftqXjcttGqM88ez43Lj2eu4L42v6HxXd3FrwfjZqa2lD+rJrB/yf7TUT/ujfV9NWV2zv1PL36HS8Q7qNt6e+DQZ9TRWj0tPO+fXLrJ9M+ufuLC64b3DIwV1xL0x5cdS+Vs/GR26/bWdD4wV5W+spPxKqfxv1h754badLzxXmP90ll8tlX/ZgcHja9/fsbLw+cxmz6evVP4dRz94cvn/75zqNtfN/D1Zfq1U/jXTRwaGGwcOFta/Ons+i0rlf3X1jd++8vm+Y4X5IcsfLJW/Yfq+pwbGGxcX5h9sfRTqzRVaYv38OHXFF+Pj308U5X+WPf/hLvmxZ/7Lk7uvenHJrjWF63Nd9nxGStV/8wX7tw819p1X9O6Me87UNyfAf9Oy9D/W46lf9nfmQnX8Xnh2oq/1DTSUtuEzeaGcuess/gvzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA3duCABAAAAEDQ/9ftCBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeCoAAP//iHIkBQ==") [ 68.733779][ T4706] Bluetooth: hci0: command tx timeout [ 69.521801][ T5358] loop0: detected capacity change from 0 to 32768 [ 69.767700][ T5358] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,grpquota,prjquota,nochanges,nojournal_transaction_names,read_only [ 69.767721][ T5358] allowing incompatible features above 0.0: (unknown version) [ 69.767729][ T5358] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 69.867510][ T5358] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 69.881837][ T5358] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 69.899365][ T5358] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 69.899399][ T5358] has non ptr field, deleting [ 69.956436][ T5358] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 69.973766][ T5358] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 69.973766][ T5358] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 69.973766][ T5358] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 70.284771][ T5358] bcachefs (loop0): accounting_read... done [ 70.299097][ T5358] bcachefs (loop0): alloc_read... done [ 70.311266][ T5358] bcachefs (loop0): snapshots_read... done [ 70.322034][ T5358] bcachefs (loop0): check_allocations... [ 70.325191][ T5358] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 70.325216][ T5358] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 70.357217][ T5358] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 70.357234][ T5358] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 8 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 70.387175][ T5358] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 70.387192][ T5358] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 70.406778][ T5358] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 70.406794][ T5358] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 70.436452][ T5358] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.442762][ T5358] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.451269][ T5358] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.456953][ T5358] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.466121][ T5358] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.472654][ T5358] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.481929][ T5358] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.491159][ T5358] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.497530][ T5358] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.509133][ T5358] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.527321][ T5358] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.542877][ T5358] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.556582][ T5358] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.563618][ T5358] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.573866][ T5358] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.589174][ T5358] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 70.596016][ T5358] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.603290][ T5358] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.610444][ T5358] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.617103][ T5358] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.629400][ T5358] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.629515][ T5358] Ratelimiting new instances of previous error [ 70.647946][ T5358] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.647963][ T5358] Ratelimiting new instances of previous error [ 70.680569][ T5358] done [ 70.686959][ T5358] bcachefs (loop0): going read-write [ 70.784936][ T4706] Bluetooth: hci0: command tx timeout [ 70.855111][ T5358] bcachefs (loop0): journal_replay... done [ 70.938289][ T5358] bcachefs (loop0): check_extents_to_backpointers... [ 70.951660][ T5358] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 70.965834][ T5358] done [ 70.974746][ T5358] bcachefs (loop0): check_subvols... done [ 70.981882][ T5358] bcachefs (loop0): check_inodes... done [ 70.987110][ T5358] bcachefs (loop0): check_dirents... [ 70.989409][ T5358] bcachefs (loop0): key in missing inode, found keys: [ 70.989433][ T5358] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir [ 70.989442][ T5358] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg [ 70.989450][ T5358] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg [ 70.989458][ T5358] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 70.989466][ T5358] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir [ 70.989475][ T5358] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg [ 70.989483][ T5358] , fixing [ 71.073175][ T5358] bcachefs (loop0): hash table key at wrong offset: should be at 8319751843860056138 [ 71.073192][ T5358] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 71.095906][ T5358] bcachefs (loop0): hash table key at wrong offset: should be at 2834274682532636875 [ 71.095936][ T5358] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 71.112541][ T5358] bcachefs (loop0): hash table key at wrong offset: should be at 8576031424950977177 [ 71.112557][ T5358] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 71.132958][ T5358] bcachefs (loop0): dirent points to missing inode: [ 71.132972][ T5358] u64s 7 type dirent 4096:2834274682532636875:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 71.156622][ T5358] bcachefs (loop0): hash table key at wrong offset: should be at 5025294023728897872 [ 71.156637][ T5358] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 71.170948][ T5358] bcachefs (loop0): dirent points to missing inode: [ 71.170962][ T5358] u64s 7 type dirent 4096:5025294023728897872:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 71.195744][ T5358] bcachefs (loop0): hash table key at wrong offset: should be at 1560920112139645803 [ 71.195763][ T5358] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 71.216810][ T5358] bcachefs (loop0): dirent points to missing inode: [ 71.216826][ T5358] u64s 7 type dirent 4096:8319751843860056138:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 71.232313][ T5358] bcachefs (loop0): dirent points to missing inode: [ 71.232326][ T5358] u64s 7 type dirent 4096:8576031424950977177:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 71.249132][ T5358] bcachefs (loop0): hash table key at wrong offset: should be at 7489177286010853553 [ 71.249149][ T5358] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 71.271174][ T5358] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 2 should be 1 [ 71.277980][ T5358] bcachefs (loop0): directory with wrong i_nlink: got 0, should be 1 [ 71.277994][ T5358] (disconnected), fixing [ 71.289945][ T5358] bcachefs (loop0): key in missing inode, found keys: [ 71.289960][ T5358] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk [ 71.289970][ T5358] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg [ 71.289979][ T5358] , fixing [ 71.326694][ T5358] bcachefs (loop0): key in missing inode, found keys: [ 71.326707][ T5358] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg [ 71.326716][ T5358] , fixing [ 71.360890][ T5358] bcachefs (loop0): check_dirents requires second pass [ 71.368960][ T5358] bcachefs (loop0): dirent points to missing inode: [ 71.368974][ T5358] u64s 8 type dirent 4096:1560920112139645803:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 71.386772][ T5358] bcachefs (loop0): dirent points to missing inode: [ 71.386785][ T5358] u64s 8 type dirent 4096:7489177286010853553:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 71.438270][ T5358] ================================================================== [ 71.452312][ T5358] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 71.460785][ T5358] Read of size 1 at addr ffff888054c63048 by task syz.0.0/5358 [ 71.485753][ T5358] [ 71.492544][ T5358] CPU: 0 UID: 0 PID: 5358 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 71.492564][ T5358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.492573][ T5358] Call Trace: [ 71.492582][ T5358] [ 71.492591][ T5358] dump_stack_lvl+0x189/0x250 [ 71.492611][ T5358] ? __kasan_check_byte+0x12/0x40 [ 71.492628][ T5358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.492645][ T5358] ? lock_release+0x4b/0x3e0 [ 71.492660][ T5358] ? __virt_addr_valid+0x4a5/0x5c0 [ 71.492677][ T5358] print_report+0xca/0x240 [ 71.492686][ T5358] ? bch2_check_dirents+0x1fac/0x33f0 [ 71.492697][ T5358] kasan_report+0x118/0x150 [ 71.492708][ T5358] ? bch2_check_dirents+0x1fac/0x33f0 [ 71.492718][ T5358] bch2_check_dirents+0x1fac/0x33f0 [ 71.492736][ T5358] ? bch2_check_dirents+0x2f1/0x33f0 [ 71.492748][ T5358] ? desc_read+0x1b8/0x3f0 [ 71.492763][ T5358] ? prb_first_seq+0xfd/0x1a0 [ 71.492773][ T5358] ? __pfx_bch2_check_dirents+0x10/0x10 [ 71.492782][ T5358] ? __pfx_prb_first_seq+0x10/0x10 [ 71.492794][ T5358] ? desc_read+0x1b8/0x3f0 [ 71.492805][ T5358] ? this_cpu_in_panic+0x4f/0x80 [ 71.492817][ T5358] ? _prb_read_valid+0xa07/0xa90 [ 71.492827][ T5358] ? console_flush_all+0x13a/0xc40 [ 71.492843][ T5358] ? up+0xde/0x150 [ 71.492899][ T5358] ? __console_unlock+0x14c/0x1a0 [ 71.492913][ T5358] ? __pfx___console_unlock+0x10/0x10 [ 71.492930][ T5358] ? prb_read_valid+0x3c/0x60 [ 71.492941][ T5358] ? console_unlock+0x21b/0x270 [ 71.492953][ T5358] ? __pfx_console_unlock+0x10/0x10 [ 71.492968][ T5358] ? vprintk_emit+0x63e/0x7a0 [ 71.492987][ T5358] ? __bch2_print+0x176/0x220 [ 71.493001][ T5358] ? bch2_check_dirents+0x2f1/0x33f0 [ 71.493014][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 71.493027][ T5358] __bch2_run_recovery_passes+0x3ba/0x1060 [ 71.493046][ T5358] bch2_run_recovery_passes+0x184/0x210 [ 71.493060][ T5358] bch2_fs_recovery+0x2690/0x3a50 [ 71.493076][ T5358] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 71.493090][ T5358] ? __lock_acquire+0xab9/0xd20 [ 71.493264][ T5358] ? __mutex_trylock_common+0x153/0x260 [ 71.493282][ T5358] ? __lock_acquire+0xab9/0xd20 [ 71.493301][ T5358] ? __lock_acquire+0xab9/0xd20 [ 71.493325][ T5358] ? bch2_fs_start+0xa0f/0xda0 [ 71.493340][ T5358] ? up_write+0x1c4/0x420 [ 71.493353][ T5358] ? bch2_fs_start+0x5e7/0xda0 [ 71.493365][ T5358] bch2_fs_start+0xaaf/0xda0 [ 71.493378][ T5358] ? bch2_fs_start+0x5e7/0xda0 [ 71.493391][ T5358] ? __pfx_bch2_fs_start+0x10/0x10 [ 71.493410][ T5358] ? sget+0x267/0x620 [ 71.493423][ T5358] bch2_fs_get_tree+0xb39/0x1520 [ 71.493442][ T5358] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 71.493461][ T5358] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 71.493482][ T5358] vfs_get_tree+0x8f/0x2b0 [ 71.493496][ T5358] do_new_mount+0x2a2/0x9e0 [ 71.493513][ T5358] ? ns_capable+0x8a/0xf0 [ 71.493524][ T5358] ? __pfx_do_new_mount+0x10/0x10 [ 71.493538][ T5358] ? path_mount+0x61c/0xfe0 [ 71.493553][ T5358] ? user_path_at+0x44/0x60 [ 71.493566][ T5358] __se_sys_mount+0x317/0x410 [ 71.493583][ T5358] ? __pfx___se_sys_mount+0x10/0x10 [ 71.493601][ T5358] ? do_syscall_64+0xbe/0x3b0 [ 71.493612][ T5358] ? __x64_sys_mount+0x20/0xc0 [ 71.493628][ T5358] do_syscall_64+0xfa/0x3b0 [ 71.493639][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 71.493652][ T5358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.493663][ T5358] ? clear_bhb_loop+0x60/0xb0 [ 71.493676][ T5358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.493689][ T5358] RIP: 0033:0x7fc33b79066a [ 71.493701][ T5358] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.493711][ T5358] RSP: 002b:00007fc33c5bde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 71.493725][ T5358] RAX: ffffffffffffffda RBX: 00007fc33c5bdef0 RCX: 00007fc33b79066a [ 71.493735][ T5358] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fc33c5bdeb0 [ 71.493743][ T5358] RBP: 00002000000000c0 R08: 00007fc33c5bdef0 R09: 0000000000818001 [ 71.493750][ T5358] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 71.493756][ T5358] R13: 00007fc33c5bdeb0 R14: 0000000000005989 R15: 0000200000000240 [ 71.493766][ T5358] [ 71.493770][ T5358] [ 71.922169][ T5358] The buggy address belongs to the physical page: [ 71.935025][ T5358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54c63 [ 71.945232][ T5358] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 71.964321][ T5358] raw: 04fff00000000000 0000000000000000 ffffea00015318c8 0000000000000000 [ 71.988824][ T5358] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 72.007460][ T5358] page dumped because: kasan: bad access detected [ 72.014915][ T5358] page_owner tracks the page as freed [ 72.024020][ T5358] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5358, tgid 5356 (syz.0.0), ts 70244674657, free_ts 71437953520 [ 72.054526][ T5358] post_alloc_hook+0x240/0x2a0 [ 72.063567][ T5358] get_page_from_freelist+0x21e4/0x22c0 [ 72.074127][ T5358] __alloc_frozen_pages_noprof+0x181/0x370 [ 72.084487][ T5358] alloc_pages_mpol+0x232/0x4a0 [ 72.092093][ T5358] ___kmalloc_large_node+0x5f/0x1b0 [ 72.108130][ T5358] __kmalloc_large_node_noprof+0x18/0x90 [ 72.117808][ T5358] __kvmalloc_node_noprof+0x6d/0x5f0 [ 72.127242][ T5358] bch2_btree_node_read_done+0x32f6/0x5550 [ 72.143137][ T5358] btree_node_read_work+0x40e/0xe60 [ 72.151268][ T5358] bch2_btree_node_read+0x887/0x2a00 [ 72.154150][ T5358] bch2_btree_root_read+0x5f0/0x760 [ 72.166834][ T5358] read_btree_roots+0x2c6/0x840 [ 72.169001][ T5358] bch2_fs_recovery+0x261f/0x3a50 [ 72.171292][ T5358] bch2_fs_start+0xaaf/0xda0 [ 72.186876][ T5358] bch2_fs_get_tree+0xb39/0x1520 [ 72.189309][ T5358] vfs_get_tree+0x8f/0x2b0 [ 72.191706][ T5358] page last free pid 5358 tgid 5356 stack trace: [ 72.211490][ T5358] __free_pages_ok+0xa83/0xbe0 [ 72.221603][ T5358] free_large_kmalloc+0x13a/0x1f0 [ 72.228661][ T5358] btree_node_sort+0x117f/0x1760 [ 72.234117][ T5358] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 72.245146][ T5358] bch2_btree_node_prep_for_write+0x337/0x650 [ 72.249810][ T5358] bch2_trans_lock_write+0x669/0xba0 [ 72.258291][ T5358] __bch2_trans_commit+0x2773/0x8870 [ 72.266891][ T5358] bch2_check_dirents+0x1c5c/0x33f0 [ 72.269479][ T5358] __bch2_run_recovery_passes+0x3ba/0x1060 [ 72.272207][ T5358] bch2_run_recovery_passes+0x184/0x210 [ 72.288527][ T5358] bch2_fs_recovery+0x2690/0x3a50 [ 72.290860][ T5358] bch2_fs_start+0xaaf/0xda0 [ 72.293091][ T5358] bch2_fs_get_tree+0xb39/0x1520 [ 72.295164][ T5358] vfs_get_tree+0x8f/0x2b0 [ 72.297061][ T5358] do_new_mount+0x2a2/0x9e0 [ 72.299002][ T5358] __se_sys_mount+0x317/0x410 [ 72.300929][ T5358] [ 72.301941][ T5358] Memory state around the buggy address: [ 72.304217][ T5358] ffff888054c62f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.323340][ T5358] ffff888054c62f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.326643][ T5358] >ffff888054c63000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.329948][ T5358] ^ [ 72.332874][ T5358] ffff888054c63080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.336699][ T5358] ffff888054c63100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.340130][ T5358] ================================================================== [ 72.402753][ T5358] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 72.418433][ T5358] CPU: 0 UID: 0 PID: 5358 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 72.422224][ T5358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.441724][ T5358] Call Trace: [ 72.443320][ T5358] [ 72.444757][ T5358] dump_stack_lvl+0x99/0x250 [ 72.446932][ T5358] ? __asan_memcpy+0x40/0x70 [ 72.449168][ T5358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.451564][ T5358] ? __pfx__printk+0x10/0x10 [ 72.453628][ T5358] vpanic+0x281/0x750 [ 72.455325][ T5358] ? preempt_schedule+0xae/0xc0 [ 72.470380][ T5358] ? __pfx_vpanic+0x10/0x10 [ 72.472335][ T5358] ? preempt_schedule_common+0x83/0xd0 [ 72.474861][ T5358] ? preempt_schedule+0xae/0xc0 [ 72.489873][ T5358] ? __pfx_preempt_schedule+0x10/0x10 [ 72.492090][ T5358] panic+0xb9/0xc0 [ 72.493850][ T5358] ? __pfx_panic+0x10/0x10 [ 72.496146][ T5358] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 72.501264][ T5358] ? bch2_check_dirents+0x1fac/0x33f0 [ 72.503797][ T5358] check_panic_on_warn+0x89/0xb0 [ 72.521004][ T5358] ? bch2_check_dirents+0x1fac/0x33f0 [ 72.523224][ T5358] end_report+0x78/0x160 [ 72.525103][ T5358] kasan_report+0x129/0x150 [ 72.527139][ T5358] ? bch2_check_dirents+0x1fac/0x33f0 [ 72.529344][ T5358] bch2_check_dirents+0x1fac/0x33f0 [ 72.531476][ T5358] ? bch2_check_dirents+0x2f1/0x33f0 [ 72.534478][ T5358] ? desc_read+0x1b8/0x3f0 [ 72.538394][ T5358] ? prb_first_seq+0xfd/0x1a0 [ 72.540396][ T5358] ? __pfx_bch2_check_dirents+0x10/0x10 [ 72.542602][ T5358] ? __pfx_prb_first_seq+0x10/0x10 [ 72.544733][ T5358] ? desc_read+0x1b8/0x3f0 [ 72.562337][ T5358] ? this_cpu_in_panic+0x4f/0x80 [ 72.565012][ T5358] ? _prb_read_valid+0xa07/0xa90 [ 72.568346][ T5358] ? console_flush_all+0x13a/0xc40 [ 72.571318][ T5358] ? up+0xde/0x150 [ 72.572897][ T5358] ? __console_unlock+0x14c/0x1a0 [ 72.574984][ T5358] ? __pfx___console_unlock+0x10/0x10 [ 72.577261][ T5358] ? prb_read_valid+0x3c/0x60 [ 72.579227][ T5358] ? console_unlock+0x21b/0x270 [ 72.581248][ T5358] ? __pfx_console_unlock+0x10/0x10 [ 72.583314][ T5358] ? vprintk_emit+0x63e/0x7a0 [ 72.601868][ T5358] ? __bch2_print+0x176/0x220 [ 72.603868][ T5358] ? bch2_check_dirents+0x2f1/0x33f0 [ 72.606931][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 72.611901][ T5358] __bch2_run_recovery_passes+0x3ba/0x1060 [ 72.614560][ T5358] bch2_run_recovery_passes+0x184/0x210 [ 72.616936][ T5358] bch2_fs_recovery+0x2690/0x3a50 [ 72.621830][ T5358] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 72.627134][ T5358] ? __lock_acquire+0xab9/0xd20 [ 72.629901][ T5358] ? __mutex_trylock_common+0x153/0x260 [ 72.635283][ T5358] ? __lock_acquire+0xab9/0xd20 [ 72.638188][ T5358] ? __lock_acquire+0xab9/0xd20 [ 72.640552][ T5358] ? bch2_fs_start+0xa0f/0xda0 [ 72.646521][ T5358] ? up_write+0x1c4/0x420 [ 72.648618][ T5358] ? bch2_fs_start+0x5e7/0xda0 [ 72.657160][ T5358] bch2_fs_start+0xaaf/0xda0 [ 72.659380][ T5358] ? bch2_fs_start+0x5e7/0xda0 [ 72.665777][ T5358] ? __pfx_bch2_fs_start+0x10/0x10 [ 72.668126][ T5358] ? sget+0x267/0x620 [ 72.670159][ T5358] bch2_fs_get_tree+0xb39/0x1520 [ 72.672467][ T5358] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 72.689866][ T5358] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 72.693924][ T5358] vfs_get_tree+0x8f/0x2b0 [ 72.698499][ T5358] do_new_mount+0x2a2/0x9e0 [ 72.702462][ T5358] ? ns_capable+0x8a/0xf0 [ 72.705855][ T5358] ? __pfx_do_new_mount+0x10/0x10 [ 72.709599][ T5358] ? path_mount+0x61c/0xfe0 [ 72.712914][ T5358] ? user_path_at+0x44/0x60 [ 72.719690][ T5358] __se_sys_mount+0x317/0x410 [ 72.724052][ T5358] ? __pfx___se_sys_mount+0x10/0x10 [ 72.727540][ T5358] ? do_syscall_64+0xbe/0x3b0 [ 72.730295][ T5358] ? __x64_sys_mount+0x20/0xc0 [ 72.733468][ T5358] do_syscall_64+0xfa/0x3b0 [ 72.737093][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 72.739960][ T5358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.745544][ T5358] ? clear_bhb_loop+0x60/0xb0 [ 72.749992][ T5358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.753416][ T5358] RIP: 0033:0x7fc33b79066a [ 72.758615][ T5358] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.788858][ T5358] RSP: 002b:00007fc33c5bde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 72.792451][ T5358] RAX: ffffffffffffffda RBX: 00007fc33c5bdef0 RCX: 00007fc33b79066a [ 72.795971][ T5358] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fc33c5bdeb0 [ 72.799370][ T5358] RBP: 00002000000000c0 R08: 00007fc33c5bdef0 R09: 0000000000818001 [ 72.802758][ T5358] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 72.821151][ T5358] R13: 00007fc33c5bdeb0 R14: 0000000000005989 R15: 0000200000000240 [ 72.824642][ T5358] [ 72.826480][ T5358] Kernel Offset: disabled [ 72.828483][ T5358] Rebooting in 86400 seconds..