program: r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0xe}, @TCA_FQ_CODEL_LIMIT={0x8}]}}]}, 0x48}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000300)=ANY=[@ANYBLOB="7265636f766572795f706073735f6c6173743d636865636b5f616c6c6f635f746f5f6c72755f726566732c6d756d3d6372633332632c6572726f72733d636f6e74696e75652c696e6c696e655f646174613c7374725f686173683d736970686163682c6e6f6368616e6765732c6e6f636f772c6e6f6578636c2c6e6f636f772c009de64b13c7fe6458bcd6d2d7793dd0d582fa215cdb447daefca877f332de059c1ce3af538bd2704deba5435b74a9d2603c05922ff0efdfdcde03b87b29fa1c67cc652304af76370c95a26cb157"], 0x1, 0x59cb, &(0x7f0000005dc0)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkIMpjVIlBCILZW/CpsUrGSS+wUEEouUg7iZMOCVkT2SqgkEZAgQeSAgwJcOOVUAskf2IWpw1ZcVMHFKJQxP07ibGyKs4+6wtTZd9hX5SvMoTKgo3w+b2p3+s3O9k5vz87OCkl8PiVtT7/p+b7Xr9/09PfN7E4AAADgfeHA7TsOXXrSH33nr0feueWP/2XLraGvPFFejRv0p8sb36sWcjh1V5ZPLLPj4rdu+upPB6/5g28/2vuVd/dvPHXTD//wuGue/OxF++7/h2feXvT4r18rihvH05mT68kbSQjVbx782zv2v3DieFkSQign/XtCWJose2Zpkgkx9MsQwsZ0pVyZeudj75yzaXx5693dU8qXZILkjffBuIHxfkyrpuNs96Ebzgo/+v31t31vxdf/qWvv63smN0mqDeMphMVXNT6+K4TQ0zBe4iBdnllfF0LobXjcBQXtOq3F9q/OWT85XS5Il30FceL9KzPrpcx22fWoK7PsLahvrvLa0e52RRZm1rMno7nKa2csX5ouv5Euz5xl/HL8n4RSEir15o8mk2MkNBy3JCQTx7JaXy/Vj21I9z+znmTWS5n1cldmvybqTQdaOUmmlsftMuXxdFxJy09tvDZp4rKc8g+ky2r6RH03rofsjZq+aTfq+zUhtuvgDG05HMb7qXuG8vo4Sw9GX1rWlyyb9pixJuJ9+9ffs6q84dkD/TntSB5N0vjJRB/NNv7u7y5d+Jmv3XX98rz4V5XS+KW24v/44hffvOKuLz+QG/++GL/cVvyzn+p94+Lnbl+Z1z9xePWFSlvxh197/t4Vx1+9N7f9D8b+r7YVf+2+F7sXHXrq6dzjOxT7p6et+K9e+PGfPPLyE6/nxg8xfm9b8Tfs2/b57oFDZ+TGfzr2T1974+etvee/MjDws8G8+C/F+Ivaiv/wnvs/+tCSuy/KPb7rYv/0txX/ktOfvG3hoSdOyTt3Jg926pUT4P3puPQa6850faY8s3uGPHOuGvKFvx+s1K5bF6b/F3WyoszF53g9izsZHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCCCec9Z8/8T8/1f9GJV3vTm+8WqotY/mCEJKeEMKOncPbd27eeu3gZ6+7fvvW4dHB4Z2DI6Ol7bsGz/2dwe0j20aHd43fO/Shc2qPWxaS2jI5ZVrd3WNjY6X+qWWxvn9z+t4frbrgf/88hKETfjBQyW3/6vu3PHR8k58Zydqxj225/tIfnPeldL/603b1N2nX2NjYWMhp1/+5/FcP/c3Bn54RwtBvzNSu51/9vW9NadBEwWScVKk71BrUnfQ2bUe91Wl7Yn9VNm0eHRmauX/HH1/O2Y9/e9Prv9x04xd+Vevfau5+tNi/PWvHRkt/t/6S//93N9cKitpV349Mu+b7uBf1d9yL2L7Yf9W0vxen+7U4Z78qOf19+/eefvmbJ9319p4wVHlrxfS6i/arKx0AXckHWqo31tCbLJ1SXk23j0c8Pm71zi3bVu/YtftDm7cMXzty7cjWj6w5d835Q+edf97qiT1f3eH9j/X/Zov73+p4ytY7u/G05C/2fCP+bG08FbWrqD/G21XcH40tynv+9V52xxc/cv9zl9YKisZ53Lr+PEyXvePHeU1oGG/T+6rZfhX1QwhhsFk/vPn2ReHE/7b5tqLzUOORafyZkawde2HlL750wT8u/91awWE5zzc2qM3zfL3Vk+2Z6K9qejzGjtD+7Q7ldL/6mrZrzQvPdd1z4Od/WW/fggXhxuGdO7evqf1cmLZ0YXJy03ZlS+N+rZj4WQ5pt4T6MG0yXsd1hVr7sufPuHm2V/vS+/qSZU33Kyvet3/9PavKG549kNfTyaO1GnvCotoy+WDOlqOZB5brDW5W/5H6/CsaHwOf+MfHP/X4P587bXycXftZtF9Jzn59/eWHv/iVL/z7f+7cfn3i917s/8V///NVtYLOnVeeu7tZuzp1Xqm3Om1P0nheOTuEouffitB8P3Kff6WmYQqff9l6JrdvHm8ws94XysXP12qY9nw9+6neNy5+7vaVuc/Xg60+X2+eslYueL4eKa9L2edXUpnajvl7fk0ZKMnasW/fedyeZ25Zd1KtoGhc17duNq7PaSH/yNmvb13xysB1g//uv3buvPHV33nsyh8Or/2rWkH7xz22pTPHvZr2bzWnf+utjnlnY/9++JrrRjfWyo/c6990WZD/xFPJjl27Pzc8OjqyfUdr+9Xq62msJ9vLrY6fVZnX03h2W5bdr9LU/SpN26/5u9FKf7X6fIvt39hmf2Wfb30haes6bvd3ly78zNfuur5/2qPSiq4qpfFLbcX/8cUvvnnFXV9+IDf+fTF+pa34w689f++K46/emxv/wRi/2lb8tfte7F506Kmnc+MPxfg9bcV/9cKP/+SRl594PTd+iPH72uv/t/ae/8rAwM9y47+UpPWMXyOF8Ng752yqrSehKz2PxHZ0TWlXyK4nmfVSZr3cuF6qzbXWKygnydTyuF1afmpDW5r5s5zyeBVWXV5bvhvXQ/bGzOVHmlLDub9ZedF1KgDAsS6+/x+vQeP7/yPphVL+TANMmmsetjwnbszDJudzFky5f3kaPz4+zgMOfDgMjS9vHaxd6M/2fYT4fMjOc8Z6zjhtaox25zmL5t9XZtZju2rz5ZWGPDQ1Pa+phBbm36fXM/P8e2b3i+fHB++c1qzBhvm47PHrSmfMmn3eIdPeyniEvPGRne+Ln+cYWBzWTdTX4vjIfo4mHofs52hiPSdlTpztfo5mruMjNnuG8THR5OL3N6YfvzBD/04ev+bRssdvFse7Or79fL8/24F5w6antMM3b9jC+2FN4rf6flh9XnLt9G1mil88LxnjH93zkkf6vGEsj/tRaXE+8VM55a3MJzbOy+XNJ8bTRWzXwRnacjiYTwSOVTH/j68R4/n/+AX4/81sV3Qdmr1qjPFyPydUbt6eorxj+uf0ett6Hd+wb9vnuwcOnZF7nfN0q5/72TZlrbfgcz9F/bgqs17YjzkTNEX5Xraeon7Pfi6jLyxqq98f3nP/Rx9acvdFuf2+rvZCWtzvX5yytqig34+CfKF5/GMtX+j45xiOjXxhvufP3rN8JP3g03zlI3+aUz7bzzf0TrtR368JR10+0nV42wUAHD1i/l9//yzN//9H3CC9jijKW8/MrMd4uXlrzvVJXt76J+nyxsz2felvVMz2uvmS05+8beGhJ07JzVsebDUP/Q9T1voL89C55c25ecS6znxePDePqOdZbeeJlfE8Mbf99Txxbnl6bvx6nj63PDq3f+p59NzmAXLjX3WsfF4/f75uooZMZXG11fm6YzaPTn99dr7y6MtyymebR/dNu1HfrwnyaACA91bM/+NlXMz/n8tsN9f32XPzgrletyd5f/Enjf/S4cor5zvvm++8dW7v/xbn9fM9L3G058XzPS80v/Nk7/u8OK1UXgwAwJEs5v896Xp+/j+3/KRZ/tY1JT+RnzeNLz8/QvLzI3T+K33fOvv3cOvx6/Nf8n/vixfL5P/d2XL5PwDA0S3m//HXHuPf//tP6Xr279a3kKd/qTGliPfJ0+XpQZ7eQp7e+Xm24HMA7+08QM/k9kfpPMC0cvMAAABHl66JTGn679l/Ol1mf88+7/fyr8jZvlWV9PL46p3bR0auvH7bxuGdI1duvW7jyI4rb9i+eefOka217eaaN+bmLWne2BUqaX803y6bty1J/x7Ckpy/h5DdPoY9eeLG9L+HkK22p+DvCEwev9bam3f8SjNs32x85B3vvPh/lrN9VD/+1/z52Vdu2nHl5q2bd24eHt28e2TqduNZa+8svjczdsusvi8182Oa0uy/v7Mz7ShNa0dX2h9538+eZNqxNG3J0rzvP8hp93f+y9/8xeljv3okhKETyh+cU/8la8f+4+Ujf7LzwA+2jbe/Z8b217dM21X0faXZ7eP+VEav27HzrE3XXb81+42S7YnzGaX6+jzNZ6RP/3KL8xMbcspn+zmF8rQbR6aW5ycAAJgivv8fr2fj+4dfSC+gYnnrefrc3j/OzdOHWsvTs99LVpSnZ7eP+9tqnl6dY56erb8oT2+2fbM8PS/vzov/pznbz1br42Run/PIHSdXtTZOst9nUDROstvPdpwkxeNkQc4uNa2/aJw0277ZOMk77nnxP5mzfZ7Wx8PcPpeTOx7ua208/HZmvWg8ZLef7XgozfG8ka2/aDw0277ZeMg7vnnxL83ZvlVTx8f4wJgYFyNX3nDd9s81bDff338x9/bN7/d/tKv19s/v577mv/3z+7my+W//3D5Xltv+l+Y2E9Z6++f3+13addjma9NX76LPnxXN467PKZ/tPO6CaTeOTOZx4b0T8//4dk/M/+9Ol51+G+jo/54032PWNH6Hvses6DrG6/kMlR0BOvN6foS/+QwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQAd2V5RPLA7fvOHTpSX/0nb8eeeeWP/6XLbf+1k1f/engNX/w7Ud7v/Lu/o2nbvrhHx53zZOfvWjf/f/wzNuLHv/1a4WB+yd+Vs5MV6shJG8kIVS/efBv79j/wonjZUkIoZz07wlhabLsmaVJJsLQL0MIG+vtnHrnY++cs2l8eevd3VPKl2SCZPcr9JVjexrbGcKNhXvEUaiajrPdh244K/zo99ff9r0VX/+nrr2v75ncJKk2jKcQFl/V+PiuEEJP+n9cHG3L44PT5boQQm/D4y4oaNdpLbZ/dc76yelyQbrsK4gT71+ZWS/Vt0gy61N1ZZa9BfXNVV472t2uyMLMevZkNFd57YzlS9PlN9LlmbOMX47/k1BKQqXe/NFkcoyEhuOWhGTiWFbr66X6sQ3p/mfWk8x6KbNeblj/f6U4NtOBVk4mx1dje0qZ8ng6rqTlpzaeq5u4LKf8A+mymj5R343rIXujpm/ajfp+TYjtOjhDWw6HUsM5qFl5/cCnB6MvLetLlk17zFgT8b796+9ZVd7w7IH+nHYkjyZp/KSt+Lu/u3ThZ7521/XL8+JfVUrjl9qK/+OLX3zziru+/EBu/Pti/HJb8c9+qveNi5+7fWVu/xyM/VNpK/7wa8/fu+L4q/fmtv/BGL/aVvy1+17sXnToqadz2z8U+6enrfivXvjxnzzy8hOv58YPMX5vW/E37Nv2+e6BQ2fkxn869k9fe+Pnrb3nvzIw8LPBvPgvxfiL2or/8J77P/rQkrsvyj2+62L/9LcV/5LTn7xt4aEnTsk7dyYPduqVE+D96bj0GuvOdL3dPHOuGvKFvx+s1K75Fqb/F3WyoozxehbPY3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI5N37/53E9f/rFPrq8kISQ524w1Ee8rL1i7drCNeodfe/7eFcdfvbexbHkbcQAAAIBiMQ8v1UuqYXm4IekJJzfdPs4RnBzXJgq66+XZOYQYJztH0DxOKIxT6lCccofiVDoUp6tDcRZ0KE53h+JUC+JUQ2txemaIUxkfFS22p3fG9rQep69DcRZ2KM6iDsVZ3KE4SzoUp3/GOK2Pw6UdirOsQ3GO61Cc4zsU54QOxfmNDsU5sUNxsnPKsx2Hi9ItT8qLM3GjXBinkpTrdzSbTz8xreeUOdbTV1DPoqLX4xbr6WmxntMyjyvNsp5qi/X85hzrSVqs57fnWE+poJ44bm/Mti/WE9cm6+lpVk+Msys/zgOzeR7tbr09zeL8r3i9ddPc4tTbc3OH4vxlh+L8VYfi3DLHOACtivn/ZL7XH7orvxt60zNOdhYg5rsrQrgjafJ6l3dCivE+mClfMBmv6evntEQ9E29Ffvuax8tOIGTircyUd02JV6nnIzPEqzbGW5W5s3B/sxMKmfadmSnvLoqXnVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHn0/ZvP/fTlH/vk+pCE8X9NjTUR7ysvWLt2sI1696+/Z1V5w7MHGsu6K20EAgAAAArFPLyrXlIN3ZU1oTtZMGW7ajoPUE3Xy/215cDisG58mQyWJtZ7k6UzPq6SPm71zi3bVu/YtftDm7cMXzty7cjWj6w5d835Q+edf97qTZtHR4ZqP0PoLogXQpiYftixa/fnhkdHR7bvqBWOt7+n4XHL08ctT9eT9HEDHw5D48tb0/YvK6ivNK2+Xa9cWLtrsqRDNwoPHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAv7JrdyFyneUDwN8zMzsz3Tb/7p9+TUOzHfJRohZN4lZSLd0DgoU2CVkKMlNdS7AJFjdNaJMS69hGbGuCIrQEQiQXRmKxtYjQD1vEfhCI1GjAjUHaor3QC6XVSlpyISkjOztnvjKTWceSTeLvd3E+nvd53+e852LhOTsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwlk1XxiZL4xPl4SiEqEdOtYtkLJ2N4+IAdb/44tbv5UZPLm+N5TIDLAQAAAD0lfThQ41IPuQy6ZAOV9fuFs8csvWB0Oz7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/z3TlbHJ0vhE+eIohKhHTrWLZCydjePiAHXfeu/pT70+OvrX1lhhgHUAAACA/pI+PNWI5EMhLAlD0dVtecm3gYUd8zvzknUWzTGv89tBr7wlc8y7bo55H+mTt65+3hEAAADg/Jf0/5lGZCTkMgt69v/9+vok79qOvHT4Zu08yG8FAAAAgP9O0v/nGpFCyGUKIV2/m2u/v7gjL5nf7//2yfxlPeb3+3/+2vrZ/+kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4PwxXRmbLI1PlNNRCFGPnGoXyVg6G8fFAequemn477cdemRxayyXGWAhAAAAoK+kD2+23vmQywyHoXBxre8fvWX/s59/9vmxEMJsm5/Nhh0btm27d9XsMclbeeTQ0HcPv/ONxjJJ3srZ47xsDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+FBNV8YmS+MT5YuiEKIeOdUukrF0No6LA9R98zOf+/OTx194uzVWGGAdAAAAoL+kD2/2/vlQCNmQDVfW7lp7/Rmpjvm9vhkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF477vvbAVzdMTW2818V5fhGFEFoi2fl+Hhfn98V8/2UCAAA+bNeGKFT/Q1etn++nBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzgXTlbHJ0vhEOR+FEPXIqXaRjKWzcRwPUDd+8WhuwcmXXmmNFQZYBwAAAOgv6cObvX8+FMJQGApX1O66fROo9f8jZ/EhAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHPKdGVssjQ+UV4QhRD1yKl2kYyls3FcHKDuEzv3ffrgpd+5tTWWywywEAAAANBX0odnG5F8yGU+GnLhmvr9VPuEKF0/d/8u0Jy3tW3acPu8bOfk5rxK27z0nOvt6thZ82PCTF4+WW9k9tyYVzx9XrH2FmbnFUKjfLFtXtjTNmtBn+cMAAAAMI+S/j/XiIyEXCbX0uf+uC1/pGef+7NNZ/O5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBzz3RlbLI0PlGOohCiHjnVLpKxdDaOiwPUfeA3/3/Jl36ye3trrDDAOgAAAEB/SR/e7P3zoRAWhf8Li2p9fxhpz0/y/lE6dfDxf/5leQgrrjw2mulc9gfJxa/evPnlzkMIqfbsVAiX1utFPer9+neP37+0eurJEFZckb7mtHrhzPXal4yrz5U2rt12+NjWPi8HAAAALgQzzXW9/x9qBEdCLnNPz/4/6bz79P8NtQb80vt3/vzy+rHekXfMSI3U66V61Pvs0qf/tGz1396Z6f/PVO8T+zYfvLyt4Gykc+dxdXzz9nXHbjiQSnY9Wz/dUT95L1/4+tv/2rTjsVOz9fMhX48vzHSrf/qxw0VxdSq1t7zmg72V9vqZHvt/5LevHP/lwt3vz9R/79rhRv3rzrD/M9cfvv3RPTfuO7SuvX4Iodit/rvv3xqu+sPdD3fuf7hj4dY333rsEMXVI4tPHFi9v3BTe/2oo37y/n96/Ik9P3rs288n9ZPfiixfMtf6qY76r+26bOerD61f2F4/1WP/L9/x+uiW4rd+37n/u9pWzfR8itP3/9T1z9z5xob4wc4hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC8t0ZWyyND5RTkUhRD1yql0kY+lsHBcHqPvWbUffvWP3D7/fGisMsA4AAADQX9KHN3v/fCiEbMiG4Vrf/1xp49pth49tDSOzo1H9nJnact+2j23asv2eu+bpyQEAAIC5Svr/TCMyEnKZpWGo3v+Pb96+7tgNB1JJ/59K+v9Nd09tXBEaea/tumznqw+tX9j4ThBC7WcB+Zm8Tzbzbrn56MiJP35lWde8Vc28I4tPHFi9v3BTkhda81aGxveJp65/5s43NsQPNp6vNe/jX94yVf88kaw7fPuje27cd2hdYx/183B93SRvKrW3vOaDvZUkL10/5+v7BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABON10ZmyyNT5RDOoSoR061i2QsnY3j4gB11yz9xcOXnHxhUWsslxlgIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4N/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYb/+QqSq4jiAnzOz2447u7qrQVa0rlYU9pAURNRLRUVohNCTIWFpPkRBEFHYQ2toJFb0EmS9SFRQbSEU5CaJFmv0T3rpoYIC6yEQaaEcpIeMmTl3nL3ubequBdXnA3fPnHPv/d7fvffMvTsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCvMtC3tNUe2v5g47bzbvrk8XuOP3bLe/dvveTR138Y33jDx3sGXzkxvWn55q9vXLJx372rp3a9ePCX4Xd+O9Iz+JF2szJ1ayHEYzGE2vszzz0x/ek5zbEYQqjGkYkQRuPig6Mxl7Dq1xDCpk6ds1e+ffzKzc12686BWeOLciH58wr1alZP28jsevlvqaV5tqXx8GXh2+vXbft82Vtv9k8enTi1Sax1zacQFm7o3r8/hLAgLU3ZbFua7ZzatSGEwa79ru5R14XNPycHetZ/eUH//NSeldp6j5xs/Ypcv5LbLt/P9OfawR7Hm6+iOspu18tQrp9/GM1XUZ3Z+Ghq303tyr+YX82WGCox9HXKvy+emiOh677FEFv3stbpVzr3NqTzz/Vjrl/J9av9ufNqHTdNtGqMs8ez7XLj2eO4L40v735Wz+H2gvFzU1tLX9QTWT/kP7TVT/vQOa+WrK6ZP6jln1DpegbNNd658elm1NNYPS4+bZ+Tc8jWTa976uLq+g8OjRTUEffElB9L5W/5bHTozjd2PLS0KH9DJeVXSuV/t+bwT3fseOmFwvxns/xqqfwr9g8eW/Ph9hWF12cmuz59pfLvOvLR08vOvnuy6A0Rd2f5ta782p/Ov27q8MBwY/+BwvpXZddnQan6v7n25u9f+3Lv0cL8kOUPlspfP/XAMwNjjUsL8w+0vwr11gwtMX9+nrzqq7GxH8eL8r/Irv/wHPmxZ/6rE7uueXnRztWF83Ntdn1GStV/60X7tg019l5Q9OyMu8/UmxPg/2lJ+h/rydQv+ztzvrp+Lzw/3td+Aw2lZfhMHiineZyFf2M+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zg4ckAAAAAAI+v+6HYECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATwUAAP//i60U7g==") syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) [ 75.629167][ T[ 75.292983][ T5317] Bluetooth: hci0: command tx timeout [ 75.668933][ T5338] loop0: detected capacity change from 0 to 32768 [ 75.833507][ T5338] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nochanges,nojournal_transaction_names,noexcl,read_only,nocow [ 75.833521][ T5338] allowing incompatible features above 0.0: (unknown version) [ 75.833526][ T5338] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 75.871175][ T5338] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 75.877540][ T5338] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 75.884265][ T5338] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 75.884284][ T5338] has non ptr field, deleting [ 75.898319][ T5338] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 75.901790][ T5338] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 75.901790][ T5338] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 75.901790][ T5338] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 75.970528][ T5338] bcachefs (loop0): btree node read error at btree inodes level 0/0 [ 75.970561][ T5338] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 75.970568][ T5338] loop0 node offset 16/24: btree node data missing: expected 24 sectors, found 16 [ 75.970573][ T5338] repair success (rewriting node) [ 75.994613][ T5338] bcachefs (loop0): btree node read error at btree subvolumes level 0/0 [ 75.994629][ T5338] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0 [ 75.994638][ T5338] loop0 node offset 0/16 bset u64s 0: invalid bkey format: field 2 too large: 18446744073709551615 + 0 > 4294967295 [ 75.994646][ T5338] u64s 3 fields 64:0, 64:0, 64:0, 0:0, 0:0, 0:0 [ 75.994652][ T5338] flagging btree subvolumes lost data [ 75.994658][ T5338] running recovery pass check_lrus (14), currently at recovery_pass_empty (0) [ 75.994667][ T5338] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 75.994674][ T5338] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 75.994682][ T5338] ret btree_node_read_validate_error [ 76.033637][ T5338] bcachefs (loop0): error reading btree root btree=subvolumes level=0: btree_node_read_error, fixing [ 76.044099][ T5338] bcachefs (loop0): invalid bkey in btree_node btree=freespace level=0: u64s 5 type 129 0:32:0 len 0 ver 0 [ 76.044132][ T5338] size == 0, deleting [ 76.051452][ T5338] bcachefs (loop0): error reading btree root btree=freespace level=0: btree_node_read_error, fixing [ 76.059907][ T5338] bcachefs (loop0): check_topology... [ 76.060126][ T5338] bcachefs (loop0): btree root subvolumes unreadable, must recover from scan [ 76.067687][ T5338] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 76.072495][ T5338] bcachefs (loop0): bch2_check_root(): error restart_recovery [ 76.075717][ T5338] bcachefs (loop0): scan_for_btree_nodes... [ 76.090045][ T5338] bcachefs (loop0): btree node scan found 6 nodes after overwrites [ 76.098949][ T5338] done [ 76.100280][ T5338] bcachefs (loop0): check_topology... [ 76.100583][ T5338] bcachefs (loop0): btree root subvolumes unreadable, must recover from scan [ 76.107536][ T5338] bcachefs (loop0): no nodes found for btree subvolumes, continuing [ 76.111671][ T5338] done [ 76.112850][ T5338] bcachefs (loop0): accounting_read... done [ 76.117674][ T5338] bcachefs (loop0): alloc_read... done [ 76.120568][ T5338] bcachefs (loop0): snapshots_read... done [ 76.124055][ T5338] bcachefs (loop0): check_allocations... [ 76.128772][ T5338] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 76.128800][ T5338] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 76.144238][ T5338] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 76.144252][ T5338] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 76.158842][ T5338] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 76.158854][ T5338] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 76.170609][ T5338] bcachefs (loop0): bucket 0:32 gen 0 different types of data in same bucket: journal, btree [ 76.170626][ T5338] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 76.187436][ T5338] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong dirty_sectors: got 256, should be 224, fixing [ 76.193651][ T5338] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong cached_sectors: got 458752, should be 0, fixing [ 76.199984][ T5338] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.204212][ T5338] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.210072][ T5338] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.214139][ T5338] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.220686][ T5338] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.225132][ T5338] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.230231][ T5338] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.234255][ T5338] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.241111][ T5338] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.245211][ T5338] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.250039][ T5338] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.254292][ T5338] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.259567][ T5338] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.263700][ T5338] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.269099][ T5338] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.273229][ T5338] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 32, fixing [ 76.278791][ T5338] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.282959][ T5338] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.288700][ T5338] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.294414][ T5338] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.294427][ T5338] Ratelimiting new instances of previous error [ 76.303680][ T5338] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.303700][ T5338] Ratelimiting new instances of previous error [ 76.328886][ T5338] done [ 76.330453][ T5338] bcachefs (loop0): going read-write [ 76.479965][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.482933][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.494582][ T13] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 76.494608][ T13] u64s 5 type deleted 0:9:0 len 0 ver 0, , continuing [ 76.499154][ T5338] bcachefs (loop0): journal_replay... [ 76.522572][ T13] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 76.522600][ T13] u64s 5 type deleted 0:11:0 len 0 ver 0, , continuing [ 76.536774][ T13] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 76.536784][ T13] u64s 5 type deleted 0:12:0 len 0 ver 0, , continuing [ 76.556607][ T1035] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 76.556621][ T1035] u64s 5 type deleted 0:25:0 len 0 ver 0, , continuing [ 76.570213][ T5338] done [ 76.571894][ T5338] bcachefs (loop0): check_alloc_info... [ 76.573570][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.573594][ T5338] device 0 buckets 10-11, fixing [ 76.584177][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.584192][ T5338] device 0 buckets 13-16, fixing [ 76.591448][ T5338] bcachefs (loop0): bucket incorrectly unset in need_discard btree [ 76.591458][ T5338] u64s 13 type alloc_v4 0:27:0 len 0 ver 0: [ 76.591464][ T5338] gen 1 oldest_gen 0 data_type need_discard [ 76.591470][ T5338] journal_seq_nonempty 4 [ 76.591476][ T5338] journal_seq_empty 0 [ 76.591482][ T5338] need_discard 1 [ 76.591487][ T5338] need_inc_gen 1 [ 76.591493][ T5338] dirty_sectors 0 [ 76.591498][ T5338] stripe_sectors 0 [ 76.591503][ T5338] cached_sectors 0 [ 76.591508][ T5338] stripe 0 [ 76.591512][ T5338] stripe_redundancy 0 [ 76.591515][ T5338] io_time[READ] 1 [ 76.591518][ T5338] io_time[WRITE] 256 [ 76.591522][ T5338] fragmentation 0 [ 76.591525][ T5338] bp_start 8 [ 76.591528][ T5338] , fixing [ 76.640196][ T5338] bcachefs (loop0): incorrect gen in bucket_gens btree (got 0 should be 1) [ 76.640211][ T5338] u64s 13 type alloc_v4 0:27:0 len 0 ver 0: [ 76.640217][ T5338] gen 1 oldest_gen 0 data_type need_discard [ 76.640223][ T5338] journal_seq_nonempty 4 [ 76.640229][ T5338] journal_seq_empty 0 [ 76.640235][ T5338] need_discard 1 [ 76.640240][ T5338] need_inc_gen 1 [ 76.640246][ T5338] dirty_sectors 0 [ 76.640253][ T5338] stripe_sectors 0 [ 76.640258][ T5338] cached_sectors 0 [ 76.640264][ T5338] stripe 0 [ 76.640272][ T5338] stripe_redundancy 0 [ 76.640278][ T5338] io_time[READ] 1 [ 76.640284][ T5338] io_time[WRITE] 256 [ 76.640289][ T5338] fragmentation 0 [ 76.640295][ T5338] bp_start 8 [ 76.640301][ T5338] , fixing [ 76.701951][ T13] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 76.701973][ T13] u64s 5 type deleted 0:35:0 len 0 ver 0, , continuing [ 76.715740][ T1035] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 76.715756][ T1035] u64s 5 type deleted 0:40:0 len 0 ver 0, , continuing [ 76.724461][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.724475][ T5338] device 0 buckets 29-31, fixing [ 76.733287][ T5338] bcachefs (loop0): bucket incorrectly unset in need_discard btree [ 76.733300][ T5338] u64s 13 type alloc_v4 0:31:0 len 0 ver 0: [ 76.733306][ T5338] gen 0 oldest_gen 0 data_type need_discard [ 76.733312][ T5338] journal_seq_nonempty 4 [ 76.733317][ T5338] journal_seq_empty 0 [ 76.733322][ T5338] need_discard 1 [ 76.733328][ T5338] need_inc_gen 1 [ 76.733333][ T5338] dirty_sectors 0 [ 76.733338][ T5338] stripe_sectors 0 [ 76.733344][ T5338] cached_sectors 0 [ 76.733349][ T5338] stripe 0 [ 76.733354][ T5338] stripe_redundancy 0 [ 76.733360][ T5338] io_time[READ] 1 [ 76.733365][ T5338] io_time[WRITE] 512 [ 76.733371][ T5338] fragmentation 0 [ 76.733376][ T5338] bp_start 8 [ 76.733381][ T5338] , fixing [ 76.779718][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.779730][ T5338] device 0 buckets 33-34, fixing [ 76.788683][ T5338] bcachefs (loop0): bucket incorrectly unset in need_discard btree [ 76.788704][ T5338] u64s 13 type alloc_v4 0:34:0 len 0 ver 0: [ 76.788714][ T5338] gen 0 oldest_gen 0 data_type need_discard [ 76.788719][ T5338] journal_seq_nonempty 5 [ 76.788725][ T5338] journal_seq_empty 134217728 [ 76.788730][ T5338] need_discard 1 [ 76.788735][ T5338] need_inc_gen 1 [ 76.788741][ T5338] dirty_sectors 0 [ 76.788746][ T5338] stripe_sectors 0 [ 76.788753][ T5338] cached_sectors 0 [ 76.788759][ T5338] stripe 0 [ 76.788766][ T5338] stripe_redundancy 0 [ 76.788771][ T5338] io_time[READ] 1 [ 76.788789][ T5338] io_time[WRITE] 512 [ 76.788794][ T5338] fragmentation 0 [ 76.788800][ T5338] bp_start 8 [ 76.788805][ T5338] , fixing [ 76.838743][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.838756][ T5338] device 0 buckets 36-37, fixing [ 76.844880][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.844893][ T5338] device 0 buckets 39-40, fixing [ 76.852555][ T5338] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.852573][ T5338] device 0 buckets 43-120, fixing [ 76.860391][ T5338] done [ 76.861957][ T5338] bcachefs (loop0): check_lrus... [ 76.863135][ T5338] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 76.863146][ T5338] u64s 5 type set 18446462598867058688:6597069766690:0 len 0 ver 0 [ 76.863152][ T5338] for u64s 5 type deleted 0:6597069766690:0 len 0 ver 0, fixing [ 76.880214][ T5338] done [ 76.881886][ T5338] bcachefs (loop0): check_backpointers_to_extents... done [ 76.887932][ T5338] bcachefs (loop0): check_extents_to_backpointers... [ 76.888914][ T5338] bcachefs (loop0): scanning for missing backpointers in 3/128 buckets [ 76.901245][ T5338] done [ 76.903292][ T5338] bcachefs (loop0): check_subvols... done [ 76.913371][ T5338] bcachefs (loop0): check_inodes... [ 76.913574][ T5338] bcachefs (loop0): directory 4096:4294967295 with nonzero i_size -6917529027641081856, fixing [ 76.931290][ T5338] bcachefs (loop0): reconstructing subvol 1 with root inode 4096 [ 76.935488][ T5338] bcachefs (loop0): reconstructing subvol 1 with root inode 4096 [ 76.941157][ T5338] bcachefs (loop0): reconstruct_subvol(): error getting snapshot tree 0 ENOENT_bkey_type_mismatch [ 76.948581][ T5338] bcachefs (loop0): reconstructing subvol 1 with root inode 4096 [ 76.952194][ T5338] bcachefs (loop0): reconstruct_subvol(): error getting snapshot tree 0 ENOENT_bkey_type_mismatch [ 76.962092][ T5338] bcachefs (loop0): reconstructing subvol 1 with root inode 4096 [ 76.965680][ T5338] bcachefs (loop0): reconstruct_subvol(): error getting snapshot tree 0 ENOENT_bkey_type_mismatch [ 76.974430][ T5338] done [ 76.976634][ T5338] bcachefs (loop0): check_dirents... [ 76.977429][ T5338] bcachefs (loop0): dirent points to missing inode: [ 76.977440][ T5338] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 76.991193][ T5338] bcachefs (loop0): dirent points to missing inode: [ 76.991212][ T5338] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.001274][ T5338] bcachefs (loop0): dirent points to missing inode: [ 77.001309][ T5338] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.357007][ T5317] Bluetooth: hci0: command tx timeout [ 78.001052][ T5338] bcachefs (loop0): dirent points to missing inode: [ 78.001069][ T5338] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 78.010743][ T5338] ================================================================== [ 78.014301][ T5338] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 78.017658][ T5338] Read of size 1 at addr ffff8880552400e8 by task syz.0.0/5338 [ 78.020755][ T5338] [ 78.022016][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 78.022034][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.022042][ T5338] Call Trace: [ 78.022049][ T5338] [ 78.022055][ T5338] dump_stack_lvl+0x189/0x250 [ 78.022080][ T5338] ? __virt_addr_valid+0x1c8/0x5c0 [ 78.022093][ T5338] ? rcu_is_watching+0x15/0xb0 [ 78.022102][ T5338] ? __kasan_check_byte+0x12/0x40 [ 78.022112][ T5338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.022121][ T5338] ? rcu_is_watching+0x15/0xb0 [ 78.022129][ T5338] ? lock_release+0x4b/0x3e0 [ 78.022137][ T5338] ? __virt_addr_valid+0x1c8/0x5c0 [ 78.022146][ T5338] ? __virt_addr_valid+0x4a5/0x5c0 [ 78.022158][ T5338] print_report+0xd2/0x2b0 [ 78.022169][ T5338] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.022181][ T5338] kasan_report+0x118/0x150 [ 78.022196][ T5338] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.022210][ T5338] bch2_check_dirents+0x1fac/0x33f0 [ 78.022224][ T5338] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.022238][ T5338] ? desc_read+0x1b8/0x3f0 [ 78.022252][ T5338] ? prb_first_seq+0xfd/0x1a0 [ 78.022264][ T5338] ? __pfx_bch2_check_dirents+0x10/0x10 [ 78.022275][ T5338] ? __pfx_prb_first_seq+0x10/0x10 [ 78.022288][ T5338] ? desc_read+0x1b8/0x3f0 [ 78.022301][ T5338] ? this_cpu_in_panic+0x4f/0x80 [ 78.022313][ T5338] ? _prb_read_valid+0xa07/0xa90 [ 78.022325][ T5338] ? console_flush_all+0x13a/0xc40 [ 78.022340][ T5338] ? up+0xde/0x150 [ 78.022399][ T5338] ? __console_unlock+0x14c/0x1a0 [ 78.022414][ T5338] ? __pfx___console_unlock+0x10/0x10 [ 78.022430][ T5338] ? prb_read_valid+0x3c/0x60 [ 78.022443][ T5338] ? console_unlock+0x21b/0x270 [ 78.022456][ T5338] ? __pfx_console_unlock+0x10/0x10 [ 78.022471][ T5338] ? vprintk_emit+0x63e/0x7a0 [ 78.022489][ T5338] ? __bch2_print+0x176/0x220 [ 78.022503][ T5338] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.022516][ T5338] ? _raw_spin_unlock_irq+0x23/0x50 [ 78.022531][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.022548][ T5338] __bch2_run_recovery_passes+0x392/0x1010 [ 78.022568][ T5338] bch2_run_recovery_passes+0x184/0x210 [ 78.022582][ T5338] bch2_fs_recovery+0x2690/0x3a50 [ 78.022593][ T5338] ? check_noncircular+0xe0/0x160 [ 78.022611][ T5338] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 78.022626][ T5338] ? __lock_acquire+0xab9/0xd20 [ 78.022639][ T5338] ? __lock_acquire+0xab9/0xd20 [ 78.022651][ T5338] ? __lock_acquire+0xab9/0xd20 [ 78.022667][ T5338] ? bch2_fs_start+0xa0f/0xda0 [ 78.022680][ T5338] ? up_write+0x1c4/0x420 [ 78.022694][ T5338] ? bch2_fs_start+0x5e7/0xda0 [ 78.022707][ T5338] bch2_fs_start+0xaaf/0xda0 [ 78.022721][ T5338] ? bch2_fs_start+0x5e7/0xda0 [ 78.022734][ T5338] ? __pfx_bch2_fs_start+0x10/0x10 [ 78.022752][ T5338] ? sget+0x267/0x620 [ 78.022764][ T5338] bch2_fs_get_tree+0xb39/0x1520 [ 78.022782][ T5338] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 78.022799][ T5338] ? aa_get_newest_label+0xf7/0x5d0 [ 78.022814][ T5338] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 78.022833][ T5338] ? apparmor_capable+0x137/0x1b0 [ 78.022846][ T5338] vfs_get_tree+0x92/0x2b0 [ 78.022866][ T5338] do_new_mount+0x24a/0xa40 [ 78.022882][ T5338] __se_sys_mount+0x317/0x410 [ 78.022897][ T5338] ? __pfx___se_sys_mount+0x10/0x10 [ 78.022913][ T5338] ? do_syscall_64+0xbe/0x3b0 [ 78.022924][ T5338] ? __x64_sys_mount+0x20/0xc0 [ 78.022938][ T5338] do_syscall_64+0xfa/0x3b0 [ 78.022949][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.022965][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.022976][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 78.022988][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.022999][ T5338] RIP: 0033:0x7f181d9900ca [ 78.023027][ T5338] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.023037][ T5338] RSP: 002b:00007f181e8aee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 78.023049][ T5338] RAX: ffffffffffffffda RBX: 00007f181e8aeef0 RCX: 00007f181d9900ca [ 78.023063][ T5338] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f181e8aeeb0 [ 78.023071][ T5338] RBP: 00002000000000c0 R08: 00007f181e8aeef0 R09: 0000000000818001 [ 78.023079][ T5338] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 78.023087][ T5338] R13: 00007f181e8aeeb0 R14: 00000000000059cb R15: 0000200000000300 [ 78.023098][ T5338] [ 78.023102][ T5338] [ 78.212666][ T5338] The buggy address belongs to the physical page: [ 78.215397][ T5338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55240 [ 78.219149][ T5338] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 78.222109][ T5338] page_type: f0(buddy) [ 78.223814][ T5338] raw: 04fff00000000000 ffff88805ffd6f08 ffff88805ffd6f08 0000000000000000 [ 78.227267][ T5338] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 78.230880][ T5338] page dumped because: kasan: bad access detected [ 78.233417][ T5338] page_owner tracks the page as freed [ 78.235415][ T5338] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5350, tgid 5350 (bch-reclaim/loo), ts 77016564396, free_ts 78010665045 [ 78.242316][ T5338] post_alloc_hook+0x240/0x2a0 [ 78.244368][ T5338] get_page_from_freelist+0x21e4/0x22c0 [ 78.246940][ T5338] __alloc_frozen_pages_noprof+0x181/0x370 [ 78.249568][ T5338] __alloc_pages_noprof+0xa/0x30 [ 78.251778][ T5338] ___kmalloc_large_node+0x85/0x210 [ 78.253970][ T5338] __kmalloc_large_node_noprof+0x18/0x90 [ 78.256375][ T5338] __kvmalloc_node_noprof+0x6d/0x5f0 [ 78.258748][ T5338] btree_node_sort+0x666/0x1760 [ 78.260788][ T5338] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.263262][ T5338] bch2_btree_node_write_trans+0x17b/0x760 [ 78.265689][ T5338] __btree_node_flush+0x323/0x430 [ 78.267806][ T5338] bch2_btree_node_flush0+0x27/0x40 [ 78.270017][ T5338] journal_flush_pins+0x8e0/0xe90 [ 78.272140][ T5338] __bch2_journal_reclaim+0x8e9/0xea0 [ 78.274296][ T5338] bch2_journal_reclaim_thread+0x177/0x4f0 [ 78.276723][ T5338] kthread+0x70e/0x8a0 [ 78.278481][ T5338] page last free pid 5338 tgid 5337 stack trace: [ 78.280927][ T5338] __free_pages_ok+0xa44/0xc20 [ 78.282972][ T5338] __folio_put+0x21b/0x2c0 [ 78.284839][ T5338] free_large_kmalloc+0x145/0x200 [ 78.287055][ T5338] btree_node_sort+0x117f/0x1760 [ 78.289165][ T5338] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.291772][ T5338] bch2_btree_node_prep_for_write+0x337/0x650 [ 78.294610][ T5338] bch2_trans_lock_write+0x669/0xba0 [ 78.296897][ T5338] __bch2_trans_commit+0x2773/0x8870 [ 78.299455][ T5338] bch2_check_dirents+0x1c5c/0x33f0 [ 78.302194][ T5338] __bch2_run_recovery_passes+0x392/0x1010 [ 78.305161][ T5338] bch2_run_recovery_passes+0x184/0x210 [ 78.307898][ T5338] bch2_fs_recovery+0x2690/0x3a50 [ 78.310332][ T5338] bch2_fs_start+0xaaf/0xda0 [ 78.312750][ T5338] bch2_fs_get_tree+0xb39/0x1520 [ 78.315568][ T5338] vfs_get_tree+0x92/0x2b0 [ 78.318106][ T5338] do_new_mount+0x24a/0xa40 [ 78.320068][ T5338] [ 78.321185][ T5338] Memory state around the buggy address: [ 78.323855][ T5338] ffff88805523ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.328036][ T5338] ffff888055240000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.332298][ T5338] >ffff888055240080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.336356][ T5338] ^ [ 78.339774][ T5338] ffff888055240100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.343688][ T5338] ffff888055240180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.347367][ T5338] ================================================================== [ 78.375107][ T5338] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 78.378881][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 78.384040][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.389350][ T5338] Call Trace: [ 78.390949][ T5338] [ 78.392452][ T5338] dump_stack_lvl+0x99/0x250 [ 78.394717][ T5338] ? __asan_memcpy+0x40/0x70 [ 78.397195][ T5338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.399763][ T5338] ? __pfx__printk+0x10/0x10 [ 78.402066][ T5338] panic+0x2db/0x790 [ 78.403988][ T5338] ? __pfx_panic+0x10/0x10 [ 78.406157][ T5338] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 78.409162][ T5338] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 78.412050][ T5338] ? print_memory_metadata+0x314/0x400 [ 78.414794][ T5338] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.417580][ T5338] check_panic_on_warn+0x89/0xb0 [ 78.420062][ T5338] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.423047][ T5338] end_report+0x78/0x160 [ 78.425122][ T5338] kasan_report+0x129/0x150 [ 78.427279][ T5338] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.430058][ T5338] bch2_check_dirents+0x1fac/0x33f0 [ 78.432622][ T5338] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.435234][ T5338] ? desc_read+0x1b8/0x3f0 [ 78.437579][ T5338] ? prb_first_seq+0xfd/0x1a0 [ 78.439827][ T5338] ? __pfx_bch2_check_dirents+0x10/0x10 [ 78.442280][ T5338] ? __pfx_prb_first_seq+0x10/0x10 [ 78.444911][ T5338] ? desc_read+0x1b8/0x3f0 [ 78.447041][ T5338] ? this_cpu_in_panic+0x4f/0x80 [ 78.449570][ T5338] ? _prb_read_valid+0xa07/0xa90 [ 78.451829][ T5338] ? console_flush_all+0x13a/0xc40 [ 78.454399][ T5338] ? up+0xde/0x150 [ 78.456218][ T5338] ? __console_unlock+0x14c/0x1a0 [ 78.458907][ T5338] ? __pfx___console_unlock+0x10/0x10 [ 78.461449][ T5338] ? prb_read_valid+0x3c/0x60 [ 78.463790][ T5338] ? console_unlock+0x21b/0x270 [ 78.466209][ T5338] ? __pfx_console_unlock+0x10/0x10 [ 78.468802][ T5338] ? vprintk_emit+0x63e/0x7a0 [ 78.471409][ T5338] ? __bch2_print+0x176/0x220 [ 78.473806][ T5338] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.476469][ T5338] ? _raw_spin_unlock_irq+0x23/0x50 [ 78.479060][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.481715][ T5338] __bch2_run_recovery_passes+0x392/0x1010 [ 78.484586][ T5338] bch2_run_recovery_passes+0x184/0x210 [ 78.487449][ T5338] bch2_fs_recovery+0x2690/0x3a50 [ 78.490388][ T5338] ? check_noncircular+0xe0/0x160 [ 78.493007][ T5338] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 78.495520][ T5338] ? __lock_acquire+0xab9/0xd20 [ 78.498214][ T5338] ? __lock_acquire+0xab9/0xd20 [ 78.501038][ T5338] ? __lock_acquire+0xab9/0xd20 [ 78.503497][ T5338] ? bch2_fs_start+0xa0f/0xda0 [ 78.506080][ T5338] ? up_write+0x1c4/0x420 [ 78.508359][ T5338] ? bch2_fs_start+0x5e7/0xda0 [ 78.510908][ T5338] bch2_fs_start+0xaaf/0xda0 [ 78.513373][ T5338] ? bch2_fs_start+0x5e7/0xda0 [ 78.516058][ T5338] ? __pfx_bch2_fs_start+0x10/0x10 [ 78.518749][ T5338] ? sget+0x267/0x620 [ 78.520807][ T5338] bch2_fs_get_tree+0xb39/0x1520 [ 78.523572][ T5338] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 78.526384][ T5338] ? aa_get_newest_label+0xf7/0x5d0 [ 78.529144][ T5338] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 78.532099][ T5338] ? apparmor_capable+0x137/0x1b0 [ 78.534571][ T5338] vfs_get_tree+0x92/0x2b0 [ 78.536936][ T5338] do_new_mount+0x24a/0xa40 [ 78.539279][ T5338] __se_sys_mount+0x317/0x410 [ 78.541768][ T5338] ? __pfx___se_sys_mount+0x10/0x10 [ 78.544473][ T5338] ? do_syscall_64+0xbe/0x3b0 [ 78.546892][ T5338] ? __x64_sys_mount+0x20/0xc0 [ 78.549388][ T5338] do_syscall_64+0xfa/0x3b0 [ 78.551549][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.553997][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.557085][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 78.559519][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.562650][ T5338] RIP: 0033:0x7f181d9900ca [ 78.564788][ T5338] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.573089][ T5338] RSP: 002b:00007f181e8aee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 78.577134][ T5338] RAX: ffffffffffffffda RBX: 00007f181e8aeef0 RCX: 00007f181d9900ca [ 78.580700][ T5338] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f181e8aeeb0 [ 78.584503][ T5338] RBP: 00002000000000c0 R08: 00007f181e8aeef0 R09: 0000000000818001 [ 78.588075][ T5338] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 78.591255][ T5338] R13: 00007f181e8aeeb0 R14: 00000000000059cb R15: 0000200000000300 [ 78.594512][ T5338] [ 78.596168][ T5338] Kernel Offset: disabled [ 78.598004][ T5338] Rebooting in 86400 seconds..