program: pipe(&(0x7f0000000040)={0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r1, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x400, 0x0, 0x3}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x0, r0, 0x0}]) r2 = socket(0x10, 0x80002, 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000020}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x2, 0x9, 0xc00, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x65}}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x18}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000040}, 0x4090) io_setup(0x7, &(0x7f0000000340)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r4], 0x44}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0x0, &(0x7f0000000100)}], 0x1, 0x80080) r5 = socket$inet_smc(0x2b, 0x1, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = dup(r7) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x277, 0x0, 0x1}]}) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000080)={0x84, @loopback, 0x0, 0x0, 'sh\x00', 0x3d, 0xffffffff, 0x1e}, 0x2c) prctl$PR_MCE_KILL(0x21, 0x1, 0x2) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400070000000900020073797a3100000000050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r13 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r13, 0x4068aea3, &(0x7f0000000140)={0xbc, 0x0, 0xd}) r14 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet_sctp(r14, &(0x7f0000001680)=[{&(0x7f0000000000)=@in={0x2, 0xfffc, @loopback}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000040)="9e", 0x1}], 0x1}], 0x1, 0xfc) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000480)=ANY=[@ANYBLOB='inodes_32bit,shard_inode_numbers,errors=continue,inline_data,direct_io,nochal\b\x00\x00\x00prjquota,grpquota,version_upgrade=in|ompatible,\x00'], 0x21, 0x5978, &(0x7f000000b5c0)="$eJzs3X2QHGX9IPCnZ2azk928bAL8iCCbJRBFULPhrVAsjZ5vBUjFwlLCRWEhG4wmIZUEIQEleOBBARZaWhr1D7SQOjRaVMEpkRJ5uYRTlOL0qCukTu/Qq/IKOVICOcrz3F/tTj+T2d7p7dnZWUjC51PJ9vQzPd/n208/09PPM7M7AQAAgNeFvTdu2X/+MR/41ReHX77uwz/bcH3oLY+VV+MGfeny6tcqQ15N3ZVFY8tsv3jzNT/488Bl7/vlPT3ff2XPmuPX/v79R1z2wGfO2b3z2w+/NPe+fz5bFDf2p5MPrCfPJyFUf77v61/a8/jRo2VJCKGc9O0IYUGy8OEFSSbE4N9DCGvSlXJl/J33vnza2tHl9bd0jyufnwmiv7++VdN+tn3/VaeEP7x31Q2/WfzjH3Xtem7HgU2SakN/CmHeJY2P70r/z07XY29bFB+cLleGEHoaHndWQV4ntJj/spz1Y9PlrHTZWxAn3r8ks17KbJddj7oyy56C+qYrL492tysyJ7OePRlNV16esXxBuvxpujx5ivHL8X8SSkmo1NNfnxzoI6HhuCUhGTuW1fp6qX5sQ7r/mfUks17KrJe7Mvs1Vm/a0cpJMr48bpcpj6fjSlp+fOO5uokLcsrfkC6r6RP1lbgesjdqeifcqO/XmJjXvklyeTWUGs5Bzcrr/Sw9GL1pWW+ycMJjRpqI9+1ZdevS8upH9vbl5JHck6Txk7E2mmr87b9eMOdTP7z5ykV58S8ppfFLbcX/47lPvHDRzd/7Vm7822P8clvxT32w5/lzH71xSV77xO7VGypj55apxh969rHbFh956a7c/O+I7V9t6/iu2P1E99z9Dz6Ue3wHY/vMzm2fZnXE8mfO/uCf7n7q/uf+X178EOP3tJX/6t2bvtzdv/+k3Pwfiu3T217/eXHXmU/39/9lIC/+kzH+3Lbyv2vHznfeOf+Wc3KP78rYPn1t5X/eiQ/cMGf//cflnTuTOzr1ygnw+nREeo11U7o+2Tize5Jx5nQ1jBe+OVCpXbfOSf/P7WRFmYvP0XrmdTI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQQjjrlP3/of3687/lKut6d3nimVFvG8lkhJLNDCFu2Dm3eum7j5QOfueLKzRuH1g8MbR0Y3rh187aB0986sHl40/qhbaP3Dr7ttNrjFoaktkyOm1B398jISKlvfFms79+cuOsPS8/6338NYfCo3/VXcvNftnPDnUc2+ZmRrBh5z4Yrz//dGd9N96svzauvSV4jIyMjIc2rK5PX/7nwH3d+dd+fTwph8F8my+uxZ979i3EJjRUciJMqdYdaQt1JT9M86lmn+cT2qqxdt354cPL2HX18Oad9/+01z/197dVf+Uetfau5+9Fi+85eMbK+9I1V5/3/b1xbKyjKq74fmbxm+rgXtXfci5hfbL9q2t7z0v2al7NflZz2vvE3Dz3182NufmlHGKy8uHhi3UX71ZV2gK7kDS3VG2voSRaMK6+m28cjHh+3bOuGTcu2bNv+tnUbhi4fvnx44zuWn778zMEzzjxj2dieL+vw/sf639Ti/rfan7L1Tq0/zf/cjp/Gn631p6K8itpjNK/i9mjMKO/513PBl772jp2Pnl8rKOrncev68zBd9owe5+Whob9NbKtm+1XUDiGEgWbt8MJL54Sj/9u6G4rOQ41HpvFnRrJi5PElf/vuWd9Z9K5aQavn+WxeUzrPNybU5nm+nvWBfMbaq5oej5GDtH27Qzndr96meS1//NGuW/f+9fP1/GbNClcPbd26eXnt55w00znJsU3zypbG/Vo89rMc0mYJ9W7apL+GsdfxWn7Z82fcPNuqvel9vcnCpvuVFe/bs+rWpeXVj+zNa+nknlqNs8Pc2jJ5Y86W6zMPLNcTblb/wfr8K+of/R/6zn0fv+8np0/oH6fWfhbtV5KzXz9+6q6vff8r//4nnduvD737ib6//fdPL60VHCrnlXrWaT5J43nl1BCKnn+LQ/P9yH3+lZrvT9HzL1vPge2bxxvIrPeGcvHztRomPF9PfbDn+XMfvXFJ7vN1X6vP12vHrZULnq8HS//JPr+Syvg8Zu75Na6jJCtGfnnTETsevm7lMbWCon5d37pZvz6thfFHzn794qKn+68Y+Hf/tXPnjR+89d6Lfz+04gu1gvaPe8ylM8e9mrZvNad961nHcWdj+779sivWr6mVH7zXv+myYPwTTyVbtm3/7ND69cObt7S2X62+nsZ6sq3c7utpPLstLNiv0oT9mrkbrbRXq8+3mP+atttr/POtNyRtXcdt//WCOZ/64c1X9k14VFrRJaU0fqmt+H8894kXLrr5e9/KjX97jF9pK/7Qs4/dtvjIS3flxr8jSeNX24q/YvcT3XP3P/hQbvzBmP/stuI/c/YH/3T3U/c/lxs/xPi97bX/i7vOfLq//y+58Z9M0npGr5FCuPfl09bW1pOxOcFqQx5d4/IK2fUks17KrJcb10u1udZ6BeUkGV8et0vLj2/IpZlP5JTHq7DqotrylbgesjcmLz/YlBrO/c3Ki65TAQAOd/H9/3gNGt//H04vlPJnGuCA6Y7DFuXEjeOwA/M5s8bdvyiNHx8f5wH73x4GR5fXD9Qu9Kf6PkJ8PmTnOWM9J50wPka785xF8+9LMusxr9p8eaVhHJqaOK6phBbm3yfWM/n8e2b3i+fHB26akNZAw7xV9vh1pTNmzT7vkMm3Mhohr39k58Xi5zn654WVY/W12D+yn6OJxyH7OZpYzzGZE2e7n6OZbv+IaU/SP8ZSLn5/Y+LxC5O074Hj1zxa9vhN4XhXR7ef6fdnOzBv2PSU9urNG7bwfliT+K2+H1afl1wxcZvJ4r9e5iUP9nnDWB73o9LifOLHc8pbmU9snJfLm0+Mp4uY175Jcnk1mE8EDldx/B9fI0bH/6MX4P83s13RdWj2qjHGy/2cULl5PkXjjomf0+tp63V89e5NX+7u339S7nXOQ61+7mfTuLWegs/9FLXj0sx6YTvmTNAUjfey9RS1e/ZzGb1hblvtfteOne+8c/4t5+S2+8raC2lxu39t3NrcgnY/BMYLzeMfbuOFg/1zDDsz8Q+RzzEUzZ+9ZuOR9INPMzUe+VhO+VQ/39Az4UZ9v8YccuORrtFzKADARHH8X3//LB3//4+4QXpRVzRuPTmzHuPljlu7mueTN279SLq8OrN9b/obFVO9bj7vxAdumLP//uNyxy13tDoO/Q/j1voKx6HTGzfnjiNWdubz4rnjiPo4a3rjxNz86+PE6Y3Tc+PXx+nTG0fntk99HD29eYDc+PV5gEP7fbHC+bpMZXG11fm6w3Ycnf767EyNoy/IKZ/qOLp3wo36fo05FMfRAACHkzj+j5dxcfz/aGa76b7Pnjsu6NB1e/bvgdTjP/lqjSvbGPfNDiG0PO6b6XHrTI/rZ3pe4lAfF8/0vNDMzpO97sfFaaXGxQAAHMzi+D9+VjB//D+98Umz8VvXuPHJQTg+n9L7ssbnTeMfNuPzQ33+y/jf++LFjP8BAA5vcfwff+0x/v2//5SuZ/9uvXF6TnzjdOP0yfpPy+P0zs+zBZ8DeG3nARp+Eds8AAAAr4WusZHSxN+z/2S6zP6efd7v5V+Us32rKunl8aVbNw8PX3zlpjVDW4cv3njFmuEtF1+1ed3WrcMba9tNd9yYO25Jx41doZK2R/PtsuO2+enfQ5if8/cQstvHsMeO3Zj49xCy1c4u+DsCB45fa/nmHb9S4/bV8ds36x95xzsv/idyto/qx/+yT5968dotF6/buG7ruqH167YPj99udNTaM4XvzYzNMqXvS838mKA09e/v7EwepQl5dKXtkff97EkmjwVpJgvyvv8gJ+9f/Zevfu7EkX/cHcLgUeU3Tqv9khUj//HC4Y9s3fu7TaP5z87mP6sxn/qWaV5F31ea3T7uT2X9FVu2nrL2iis3Zr9Rsj1xPqNUX5+h+Yz06V9ucX5idU75VD+nUJ5w4+DU8vwEAADjxPf/4/VsfP/wK+kFVCxvfZw+vfePc8fpg62N07PfS1Y0Ts9uH/e31XF6dZrj9Gz9ReP0Zts3G6fnjbvz4n8sZ/upar2fTO9zHrn95JLW+kn2+wyK+kl2+6n2k2Sa/SRbf1E/abZ9s36Sd9zz4n80Z/s8rfeH6X0uJ7c/3N5af3hLZr2oP2S3n2p/KE2zP2TrL+oPzbZv1h/yjm9e/PNztm/V+P4x2jHG+sXwxVddsfmzDdvN9PdfTD+/mf3+j3a1nv/Mfu5r5vOf2c+VzXz+0/tcWW7+T05vJqz1/Gf2+13a9arN16az10WfPyuax12VUz7VedxZE24cnMzjwmsnjv/j2z1x/H9Luuz020CH/vekHSLfY5aNf4h8j1nRdYzX80kqOwh4PQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoTXdl0dhy741b9p9/zAd+9cXhl6/78M82XP/ma37w54HL3vfLe3q+/8qeNcev/f37j7jsgc+cs3vntx9+ae59/3y2MHDf2M/KyelqNYTk+SSE6s/3ff1Lex4/erQsCSGUk74dISxIFj68IMlEGPx7CGFNPc/xd9778mlrR5fX39I9rnx+Jkh2v0JvOebTmGcIVxfuEYegatrPtu+/6pTwh/euuuE3i3/8o65dz+04sElSbehPIcy7pPHxXSGE2en/UbG3LYoPTpcrQwg9DY87qyCvE1rMf1nO+rHpcla67J00yqz6rSWZ7UuZLbPrUVdm2TNpfdOXl0e72xWZk1nPnoymKy/PWL4gXf40XZ48xfjl+D8JpSRU6umvTxqP/oHjloRk7FhW6+ul+rEN6f5n1pPMeimzXu7K7NdYvWlHKyfJ+PK4XaY8no4rafnxjefqJi7IKX9DuqymT9RX4nrI3qjpnXCjvl9jYl77Jsnl1VBqOAc1K68f+PRg9KZlvcnCCY8ZaSLet2fVrUvLqx/Z25eTR3JPksZP2oq//dcL5nzqhzdfuSgv/iWlNH6prfh/PPeJFy66+Xvfyo1/e4xfbiv+qQ/2PH/uozcuyW2ffbF9Km3FH3r2sdsWH3nprtz874jxq23FX7H7ie65+x98KDf/wdg+s9uK/8zZH/zT3U/d/1xu/BDj97QVf/XuTV/u7t9/Um78h2L79LbXf17cdebT/f1/GciL/2SMP7et+Hft2PnOO+ffck7u8V0Z26evrfjnnfjADXP2339c3rkzuaNTr5wAr09HpNdYN6Xr7Y4zp6thvPDNgUrtmm9O+n9uJyvKGK1n3gzGBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8PTba0//5IXv+eiqShJCkrPNSBPxvvKsFSsG2qh36NnHblt85KW7GssWtREHAAAAKBbH4aV6STUsClcls8OxTbePcwTHxrVkfHl2DiHGyc4RtBun1KE45Q7FqXQoTleH4szqUJzuDsWpFsSphtbizJ4kTmW0V7SYT8+k+bQep7dDceZ0KM7cDsWZ16E48zsUp2/SOK33wwUdirOwQ3GO6FCcIzsU56gOxfmXDsU5ukNxsnPKU+2Hc9Mtj8mLM3ajXBinkpTrdzSbTz86ree4adbTW1DP3KLX4xbrmd1iPSdkHleaYj3VFut50zTrSVqs5y3TrKdUUE/st1dn84v1xLUW+/+2DsXZPr04/yteb13ToXyu7VCcz3cozhc6FOe6acYBaFUc/x8Y7/WF7sq7Qk96xsnOAsTx7uKxnxNf7/JOSDHeGzPls4riZQfqmXiLp5pfdgIhE29JprxrXLxKfTwySbxqY7ylmTsL9zc7oZDJ7+RMeXdRvHQHbm0eFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66rfXnv7JC9/z0VUhCaP/mhppIt5XnrVixUAb9e5ZdevS8upH9jaWdVfaCAQAAAAUiuPwrnpJNXRXlofuZNa47arpPEA1XS/31Zb988LK0WUyUBpb70kWTPq4Svq4ZVs3bFq2Zdv2t63bMHT58OXDG9+x/PTlZw6eceYZy9auWz88WPsZQndBvBDC2PTDlm3bPzu0fv3w5i21wmz+i9LHLUrXk/Rx/W8Pg6PL69P8FxbUV5pQ37anz67ddaCkQzcKDh0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwr+zaX4hcVx0H8HNnZmem26Zd6b9paDZD/pSoRZO4lVRL94JgoU1CloLMVtcSbILFTRPapMQ6tgHbmqAILYEQyYORWGwtvvSPLWL/EIjUaMCNQdqifdAHpdVKWvIgKSO7O2d2ZjKTWcfStPHzebj3zrm/c373zMPC984CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+4qerIRGV0bHwwCSHpUlPrIN7L5tO03Effrzy/7QeF4VMrmscKuT4WAgAAAHqKOXygMVIMhVw2ZMNVM5+WTB/y9RthLvcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/f6aqIxOV0bHxC5MQki41tQ7ivWw+Tct99H3jnSc/++rw8N+ax0p9rAMAAAD0FnN4pjFSDKWwNAwkV7XUxXcDC9vmt9fFdRbNs6793UG3uqXzrLtmnnUf71G3vn7eGQAAAOCjL+b/XGNkKBRyC7rm/165PtYtbqvL1s/9/K8AAAAA8L+J+b/QGCmFQq7UyOvzzftL2uri/F6/28f5y7vM7/V7/rr62e/0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDRMVUdmaiMjo1nkxCSLjW1DuK9bD5Ny330Xf3C4D9uOfzQkuaxQq6PhQAAAICeYg6fi97FUMgNhoFw4UzuH77pwNNfevrZkRDCbMzP58POjdu337169hjrVh09PPD9I299u7FMrFs1ezwnmwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN5XU9WRicro2PgFSQhJl5paB/FeNp+m5T76vv75L/7l8RPPvdk8VupjHQAAAKC3mMPnsn8xlEI+5MMVM5+as/60TNv8bu8MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPPHPd+87xsbJyc33e3ChQsXjYtz/ZcJAAB4vy0OSaj9l67ccK6fGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DCYqo5MVEbHxotJCEmXmloH8V42n6blPvqmzx8rLDj1wkvNY6U+1gEAAAB6izl8LvsXQykMhIFw+cynTu8EZvL/0Af4kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCHylR1ZKIyOja+IAkh6VJT6yDey+bTtNxH38d27f/coUu+d3PzWCHXx0IAAABATzGH5xsjxVDIfSIUwtX1z5OtE5Js/dz5vcDcvG0t0wbnPa/aMi8773m723aWq+9mdl4xrjc0e27MK585r9w0rxQa7cst88LellkLejxnAAAAgHMo5v9CY2QoFHKFppz705b6ITkXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOhiqjoyURkdG0+SEJIuNbUO4r1sPk3LffS977cfu+irP9uzo3ms1Mc6AAAAQG8xh89l/2IohUXh4rBoJveHodb6WPfPyulDj/7rrytCWHnF8eFc+7I/ihe/fv3GF9sPIWRaqzMhXFLvl3Tp95vfP3rvstrpx0NYeXn26jP6hbP3m1OrlZO09kxl07rtR45v6/39AAAAwPkg5v+BxshQKOTuChdfPPvDf3v+j8m7R/5vmAngl9y76xeX1Y/1RN42IzNUz/+ZLv2+sOzJPy9f8/e3pvP/2fp9ev+WQ5e1NJwdaZOktdEtO9Yfv+5gJu56tn+2rX/8Xr78rTf/vXnnI6dn+xdDsT6+MNep/5nHNhektcnMvvG17+2rtvbPddn/Q7976cSvFu55d7r/O4sHG/2vOcv+z95/8NaH916///D66U9z/UMI5U7933735nDlH+98sH3/g20LN3/zzcd2ae3okpMH1xwo3dC6/6Stf/z+f37isb0/eeS7z8b+8X9FViydb/+Wd05JWntl96W7Xn5gw8LW/pku+3/xtleHt5a/84f2/d/Rsmqu61O0SdLaE9c+dftrG9P7z/hqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzitT1ZGJyujYeCYJIelSU+sg3svm07TcR983bjn29m17fvzD5rFSH+sAAAAAvcUcPpf9i6EU8iEfBmdy/zOVTeu2Hzm+LQzN3k3q59zk1nu2f3Lz1h133XGOnhwAAACYr5j/c42RoVDILQsD9fw/umXH+uPXHczE/J+J+X/znZObVoZG3Su7L9318gMbFjbeE4Qw828Bxem6z8zV3XTjsaGTf/r68o51q+fqji45eXDNgdINsS40160KjfcTT1z71O2vbUzvbzxfc92nvrZ1sv56Iq47eOvDe6/ff3h9Yx/182B93Vg3mdk3vva9fdVYl62fi/V9AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnmqqOTFRGx8ZDNoSkS02tg3gvm0/Tch991y775YMXnXpuUfNYIdfHQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/IcdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NdPaBxlHwfw59lN3myzSZu0LxgV07QqSj1YFET0oqIirUjBU6VItbUHURBElHowlVYsVfEiWL0UUUGNUlCwsVhaJRX/FS8eVFCoHoRSDGiX4kElu89sN9MdVydVUD8fGJ48z8x85zfzPDubBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+EcZ6Btrtod33N+45ZwbPnr0rhOP3PTOvdsuevjV7yY2Xffh3sGXTs5sXrHly+uXbdp/95rp3c8f+mn4rV+O9gx+qNWsSt1aCPF4DKH27uwzj818fNbcWAwhVOPIZAijcemh0ZhLWP1zCGFzu875O988cfmWuXbbroF540tyIfn7CvVqVk/LyPx6+XeppXW2tfHgJeHra9dv/3T5G6/3Tx2bPHVIrHWspxAWb+w8vz+EsChtc7LVNpadnNp1IYTBjvOu7FHX+X+w/ksL+uem9n+prffIyfavzPUruePy/Ux/rh3scb2FKqqj7HG9DOX6+ZfRQhXVmY2Ppvbt1K76k/nVbIuhEkNfu/x74qk1EjrmLYbYnMtau19pz21I95/rx1y/kutX+3P31bxuWmjVGOePZ8flxrPXcV8aX9H5ru7i1oLxs1NbSx/Uk1k/5P9oqZ/2R/u+mrK6Zn+nlr9DpeMd1G28PfFpMupprB6XnnbOr11k+2bWP3FhdcN7h0cK6oh7Y8qPpfK3fjI6dPtrOx8YK8rfWEn5lVL536w98sNtO194rjD/6Sy/Wir/sgODx9e+v2Nl4fOZzZ5PX6n8O45+8OTy/9851W2um/l7svxaqfxrpo8MDDcOHCysf3X2fBaVyv/q6hu/feXzfccK80OWP1gqf8P0fU8NjDcuLsw/2Poo1JsrtMT6+XHqii/Gx7+fKMr/LHv+w13yY8/8lyd3X/Xikl1rCtfnuuz5jJSq/+YL9m8fauw7r+jdGfecqW9OgP+mZel/rMdTv+zvzIXq+L3w7ERf6xtoKG3DZ/JCOXPXWfwX5gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAbO3BAAgAAACDo/+t2BAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAAA//8QNCLG") [ 75.560413][ T5317] Bluetooth: hci0: command tx timeout [ 75.621878][ T5337] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 75.639469][ T5337] Zero length message leads to an empty skb [ 75.668215][ T5315] IPVS: starting estimator thread 0... [ 75.770289][ T5339] IPVS: using max 56 ests per chain, 134400 per kthread [ 75.787671][ T5341] IPVS: sh: SCTP 127.0.0.1:0 - no destination available [ 76.182360][ T5341] loop0: detected capacity change from 0 to 32768 [ 76.355679][ T5341] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only [ 76.355700][ T5341] allowing incompatible features above 0.0: (unknown version) [ 76.355707][ T5341] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 76.438006][ T5341] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 76.456860][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.461692][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.468292][ T5341] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 76.476596][ T5341] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:c0004000b compress none [ 76.476615][ T5341] has non ptr field, deleting [ 76.492709][ T5341] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 76.496447][ T5341] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 76.496447][ T5341] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 76.496447][ T5341] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 76.556564][ T5341] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing [ 76.621338][ T5341] bcachefs (loop0): btree node read error at btree snapshots level 0/0 [ 76.621379][ T5341] u64s 11 type btree_ptr_v2 POS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 251 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 76.621391][ T5341] loop0 node offset 0/251 bset u64s 0: incorrect max key SPOS_MAX [ 76.621399][ T5341] flagging btree snapshots lost data [ 76.621406][ T5341] running recovery pass reconstruct_snapshots (21), currently at recovery_pass_empty (0) [ 76.621416][ T5341] ret btree_node_read_validate_error [ 76.688071][ T5341] bcachefs (loop0): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing [ 76.696821][ T5341] bcachefs (loop0): check_topology... [ 76.696934][ T5341] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 76.705937][ T5341] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 76.713715][ T5341] bcachefs (loop0): bch2_check_root(): error restart_recovery [ 76.717339][ T5341] bcachefs (loop0): scan_for_btree_nodes... [ 76.737810][ T5344] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0: (unpack error) [ 76.737843][ T5344] invalid variable length fields, deleting [ 76.781253][ T5341] bcachefs (loop0): btree node scan found 6 nodes after overwrites [ 76.803402][ T5341] done [ 76.804754][ T5341] bcachefs (loop0): check_topology... [ 76.804845][ T5341] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 76.820850][ T5341] bcachefs (loop0): no nodes found for btree inodes, continuing [ 76.826942][ T5341] bcachefs (loop0): btree root snapshots unreadable, must recover from scan [ 76.851049][ T5341] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=snapshots level=0 POS_MIN - SPOS_MAX [ 76.860898][ T5341] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 76.884670][ T5341] done [ 76.886047][ T5341] bcachefs (loop0): accounting_read... done [ 76.910120][ T5341] bcachefs (loop0): alloc_read... done [ 76.913189][ T5341] bcachefs (loop0): snapshots_read... done [ 76.919253][ T5341] bcachefs (loop0): check_allocations... [ 76.937800][ T5341] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 76.937829][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 76.981209][ T5341] bcachefs (loop0): bucket 0:32 data type btree ptr gen 0 missing in alloc btree [ 76.981226][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 77.016019][ T5341] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 77.016075][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 77.052071][ T5341] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree [ 77.052089][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 77.081206][ T5341] bcachefs (loop0): bucket 0:0 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.096720][ T5341] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.111724][ T5341] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.127912][ T5341] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.138390][ T5341] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.150221][ T5341] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.155772][ T5341] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.200743][ T5341] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.206124][ T5341] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.212602][ T5341] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.217768][ T5341] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.222871][ T5341] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.228125][ T5341] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.264324][ T5341] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.271592][ T5341] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.277428][ T5341] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.285257][ T5341] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.317466][ T5341] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 77.322726][ T5341] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.327749][ T5341] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.334314][ T5341] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.334330][ T5341] Ratelimiting new instances of previous error [ 77.381519][ T5341] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.381535][ T5341] Ratelimiting new instances of previous error [ 77.396970][ T5341] done [ 77.405773][ T5341] bcachefs (loop0): going read-write [ 77.461332][ T5341] bcachefs (loop0): journal_replay... done [ 77.535787][ T5341] bcachefs (loop0): check_lrus... done [ 77.538199][ T5341] bcachefs (loop0): check_backpointers_to_extents... done [ 77.543827][ T5341] bcachefs (loop0): check_extents_to_backpointers... [ 77.544781][ T5341] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 77.589836][ T5341] done [ 77.592171][ T5341] bcachefs (loop0): reconstruct_snapshots... done [ 77.595250][ T5341] bcachefs (loop0): check_subvols... done [ 77.598794][ T5341] bcachefs (loop0): check_inodes... done [ 77.602849][ T5341] bcachefs (loop0): check_dirents... [ 77.611559][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 7357670132654783074 [ 77.611575][ T5341] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 77.665624][ T4684] Bluetooth: hci0: command tx timeout [ 77.679580][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 6688962445251168951 [ 77.679608][ T5341] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.694697][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 2438429436998314141 [ 77.694713][ T5341] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.715022][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 1949959355372910942 [ 77.715038][ T5341] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 77.742493][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.742506][ T5341] u64s 7 type dirent 4096:6688962445251168951:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.770953][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.770963][ T5341] u64s 7 type dirent 4096:7357670132654783074:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 77.779024][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 7337720735921401298 [ 77.779038][ T5341] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 77.817884][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 6591970826555460022 [ 77.817898][ T5341] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 77.838327][ T5341] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 2 should be 1 [ 77.849325][ T5341] bcachefs (loop0): directory with wrong i_nlink: got 0, should be 1 [ 77.849341][ T5341] (disconnected), fixing [ 77.861749][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 7654438623147448894 [ 77.861759][ T5341] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing [ 77.890428][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.890441][ T5341] u64s 7 type dirent 4098:7654438623147448894:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing [ 77.899354][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 898682098300926515 [ 77.899365][ T5341] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing [ 77.931303][ T5341] bcachefs (loop0): check_dirents requires second pass [ 77.935358][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.935373][ T5341] u64s 7 type dirent 4096:1949959355372910942:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 77.965280][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.965293][ T5341] u64s 7 type dirent 4096:2438429436998314141:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.981019][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.981032][ T5341] u64s 8 type dirent 4096:6591970826555460022:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 78.001025][ T5341] bcachefs (loop0): dirent points to missing inode: [ 78.001038][ T5341] u64s 8 type dirent 4096:7337720735921401298:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 78.019799][ T5341] bcachefs (loop0): dirent points to missing inode: [ 78.019813][ T5341] u64s 7 type dirent 4098:898682098300926515:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing [ 78.046058][ T5341] ================================================================== [ 78.050056][ T5341] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 78.053716][ T5341] Read of size 1 at addr ffff888054f44048 by task syz.0.0/5341 [ 78.056921][ T5341] [ 78.058016][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) [ 78.058032][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.058040][ T5341] Call Trace: [ 78.058047][ T5341] [ 78.058053][ T5341] dump_stack_lvl+0x189/0x250 [ 78.058073][ T5341] ? __virt_addr_valid+0x1c8/0x5c0 [ 78.058089][ T5341] ? rcu_is_watching+0x15/0xb0 [ 78.058102][ T5341] ? __kasan_check_byte+0x12/0x40 [ 78.058117][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.058129][ T5341] ? rcu_is_watching+0x15/0xb0 [ 78.058142][ T5341] ? lock_release+0x4b/0x3e0 [ 78.058154][ T5341] ? __virt_addr_valid+0x1c8/0x5c0 [ 78.058168][ T5341] ? __virt_addr_valid+0x4a5/0x5c0 [ 78.058182][ T5341] print_report+0xd2/0x2b0 [ 78.058194][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.058206][ T5341] kasan_report+0x118/0x150 [ 78.058220][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.058233][ T5341] bch2_check_dirents+0x1fac/0x33f0 [ 78.058248][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.058260][ T5341] ? desc_read+0x1b8/0x3f0 [ 78.058274][ T5341] ? prb_first_seq+0xfd/0x1a0 [ 78.058284][ T5341] ? __pfx_bch2_check_dirents+0x10/0x10 [ 78.058296][ T5341] ? __pfx_prb_first_seq+0x10/0x10 [ 78.058310][ T5341] ? desc_read+0x1b8/0x3f0 [ 78.058322][ T5341] ? this_cpu_in_panic+0x4f/0x80 [ 78.058335][ T5341] ? _prb_read_valid+0xa07/0xa90 [ 78.058347][ T5341] ? console_flush_all+0x13a/0xc40 [ 78.058364][ T5341] ? up+0xde/0x150 [ 78.058441][ T5341] ? __console_unlock+0x14c/0x1a0 [ 78.058456][ T5341] ? __pfx___console_unlock+0x10/0x10 [ 78.058471][ T5341] ? rcu_is_watching+0x15/0xb0 [ 78.058486][ T5341] ? prb_read_valid+0x3c/0x60 [ 78.058499][ T5341] ? console_unlock+0x21b/0x270 [ 78.058514][ T5341] ? __pfx_console_unlock+0x10/0x10 [ 78.058530][ T5341] ? vprintk_emit+0x63e/0x7a0 [ 78.058549][ T5341] ? __bch2_print+0x176/0x220 [ 78.058564][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.058578][ T5341] ? _raw_spin_unlock_irq+0x23/0x50 [ 78.058594][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.058612][ T5341] __bch2_run_recovery_passes+0x395/0x1010 [ 78.058633][ T5341] bch2_run_recovery_passes+0x184/0x210 [ 78.058648][ T5341] bch2_fs_recovery+0x2690/0x3a50 [ 78.058660][ T5341] ? check_noncircular+0xe0/0x160 [ 78.058679][ T5341] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 78.058695][ T5341] ? __lock_acquire+0xab9/0xd20 [ 78.058710][ T5341] ? __lock_acquire+0xab9/0xd20 [ 78.058723][ T5341] ? __lock_acquire+0xab9/0xd20 [ 78.058739][ T5341] ? bch2_fs_start+0xa0f/0xda0 [ 78.058754][ T5341] ? up_write+0x1c4/0x420 [ 78.058768][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 78.058781][ T5341] bch2_fs_start+0xaaf/0xda0 [ 78.058795][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 78.058809][ T5341] ? __pfx_bch2_fs_start+0x10/0x10 [ 78.058829][ T5341] ? sget+0x267/0x620 [ 78.058841][ T5341] bch2_fs_get_tree+0xb39/0x1520 [ 78.058859][ T5341] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 78.058877][ T5341] ? aa_get_newest_label+0xf7/0x5d0 [ 78.058894][ T5341] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 78.058914][ T5341] ? apparmor_capable+0x137/0x1b0 [ 78.058928][ T5341] vfs_get_tree+0x92/0x2b0 [ 78.058943][ T5341] do_new_mount+0x24a/0xa40 [ 78.058960][ T5341] __se_sys_mount+0x317/0x410 [ 78.058977][ T5341] ? __pfx___se_sys_mount+0x10/0x10 [ 78.058994][ T5341] ? do_syscall_64+0xbe/0x3b0 [ 78.059005][ T5341] ? __x64_sys_mount+0x20/0xc0 [ 78.059020][ T5341] do_syscall_64+0xfa/0x3b0 [ 78.059031][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.059048][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.059060][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 78.059073][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.059085][ T5341] RIP: 0033:0x7fe8349900ca [ 78.059098][ T5341] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.059109][ T5341] RSP: 002b:00007fe830df4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 78.059123][ T5341] RAX: ffffffffffffffda RBX: 00007fe830df4ef0 RCX: 00007fe8349900ca [ 78.059132][ T5341] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fe830df4eb0 [ 78.059140][ T5341] RBP: 00002000000000c0 R08: 00007fe830df4ef0 R09: 0000000000818001 [ 78.059147][ T5341] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 78.059154][ T5341] R13: 00007fe830df4eb0 R14: 0000000000005978 R15: 0000200000000480 [ 78.059166][ T5341] [ 78.059170][ T5341] [ 78.264413][ T5341] The buggy address belongs to the physical page: [ 78.267547][ T5341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54f44 [ 78.271395][ T5341] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 78.274611][ T5341] raw: 04fff00000000000 0000000000000000 ffffea000153d108 0000000000000000 [ 78.278276][ T5341] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 78.282226][ T5341] page dumped because: kasan: bad access detected [ 78.285747][ T5341] page_owner tracks the page as freed [ 78.288895][ T5341] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5341, tgid 5336 (syz.0.0), ts 77930564736, free_ts 78045977770 [ 78.296309][ T5341] post_alloc_hook+0x240/0x2a0 [ 78.298569][ T5341] get_page_from_freelist+0x21e4/0x22c0 [ 78.301088][ T5341] __alloc_frozen_pages_noprof+0x181/0x370 [ 78.303606][ T5341] __alloc_pages_noprof+0xa/0x30 [ 78.305724][ T5341] ___kmalloc_large_node+0x85/0x210 [ 78.307969][ T5341] __kmalloc_large_node_noprof+0x18/0x90 [ 78.310491][ T5341] __kvmalloc_node_noprof+0x6d/0x5f0 [ 78.312814][ T5341] btree_node_sort+0x666/0x1760 [ 78.314805][ T5341] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.317234][ T5341] bch2_btree_node_prep_for_write+0x337/0x650 [ 78.319820][ T5341] bch2_trans_lock_write+0x669/0xba0 [ 78.322196][ T5341] __bch2_trans_commit+0x2773/0x8870 [ 78.324981][ T5341] bch2_str_hash_repair_key+0x2a2d/0x3fa0 [ 78.327995][ T5341] __bch2_str_hash_check_key+0xa65/0xd40 [ 78.330652][ T5341] bch2_check_dirents+0x2166/0x33f0 [ 78.333170][ T5341] __bch2_run_recovery_passes+0x395/0x1010 [ 78.335700][ T5341] page last free pid 5341 tgid 5336 stack trace: [ 78.338564][ T5341] __free_pages_ok+0xa44/0xc20 [ 78.340814][ T5341] __folio_put+0x21b/0x2c0 [ 78.343003][ T5341] free_large_kmalloc+0x145/0x200 [ 78.345261][ T5341] btree_node_sort+0x117f/0x1760 [ 78.347785][ T5341] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.350800][ T5341] bch2_btree_node_prep_for_write+0x337/0x650 [ 78.353968][ T5341] bch2_trans_lock_write+0x669/0xba0 [ 78.356781][ T5341] __bch2_trans_commit+0x2773/0x8870 [ 78.359740][ T5341] bch2_check_dirents+0x1c5c/0x33f0 [ 78.362509][ T5341] __bch2_run_recovery_passes+0x395/0x1010 [ 78.365411][ T5341] bch2_run_recovery_passes+0x184/0x210 [ 78.367965][ T5341] bch2_fs_recovery+0x2690/0x3a50 [ 78.370180][ T5341] bch2_fs_start+0xaaf/0xda0 [ 78.372611][ T5341] bch2_fs_get_tree+0xb39/0x1520 [ 78.375166][ T5341] vfs_get_tree+0x92/0x2b0 [ 78.377595][ T5341] do_new_mount+0x24a/0xa40 [ 78.380078][ T5341] [ 78.381413][ T5341] Memory state around the buggy address: [ 78.384119][ T5341] ffff888054f43f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.387808][ T5341] ffff888054f43f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.391416][ T5341] >ffff888054f44000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.395014][ T5341] ^ [ 78.398023][ T5341] ffff888054f44080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.402009][ T5341] ffff888054f44100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.406176][ T5341] ================================================================== [ 78.848106][ C0] IPVS: sh: SCTP 127.0.0.1:0 - no destination available [ 78.943356][ T5341] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 78.946652][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) [ 78.951867][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.956893][ T5341] Call Trace: [ 78.958520][ T5341] [ 78.960123][ T5341] dump_stack_lvl+0x99/0x250 [ 78.962679][ T5341] ? __asan_memcpy+0x40/0x70 [ 78.965300][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.967952][ T5341] ? __pfx__printk+0x10/0x10 [ 78.970300][ T5341] panic+0x2db/0x790 [ 78.972132][ T5341] ? __pfx_panic+0x10/0x10 [ 78.974142][ T5341] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 78.976803][ T5341] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 78.979658][ T5341] ? print_memory_metadata+0x314/0x400 [ 78.981714][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.984060][ T5341] check_panic_on_warn+0x89/0xb0 [ 78.986376][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.988932][ T5341] end_report+0x78/0x160 [ 78.990886][ T5341] kasan_report+0x129/0x150 [ 78.992952][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.995337][ T5341] bch2_check_dirents+0x1fac/0x33f0 [ 78.997536][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.999875][ T5341] ? desc_read+0x1b8/0x3f0 [ 79.001885][ T5341] ? prb_first_seq+0xfd/0x1a0 [ 79.004154][ T5341] ? __pfx_bch2_check_dirents+0x10/0x10 [ 79.006730][ T5341] ? __pfx_prb_first_seq+0x10/0x10 [ 79.009015][ T5341] ? desc_read+0x1b8/0x3f0 [ 79.010992][ T5341] ? this_cpu_in_panic+0x4f/0x80 [ 79.013156][ T5341] ? _prb_read_valid+0xa07/0xa90 [ 79.015299][ T5341] ? console_flush_all+0x13a/0xc40 [ 79.017557][ T5341] ? up+0xde/0x150 [ 79.019343][ T5341] ? __console_unlock+0x14c/0x1a0 [ 79.021723][ T5341] ? __pfx___console_unlock+0x10/0x10 [ 79.024379][ T5341] ? rcu_is_watching+0x15/0xb0 [ 79.026730][ T5341] ? prb_read_valid+0x3c/0x60 [ 79.028904][ T5341] ? console_unlock+0x21b/0x270 [ 79.031059][ T5341] ? __pfx_console_unlock+0x10/0x10 [ 79.033387][ T5341] ? vprintk_emit+0x63e/0x7a0 [ 79.035594][ T5341] ? __bch2_print+0x176/0x220 [ 79.037775][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 79.040095][ T5341] ? _raw_spin_unlock_irq+0x23/0x50 [ 79.042435][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.044900][ T5341] __bch2_run_recovery_passes+0x395/0x1010 [ 79.047745][ T5341] bch2_run_recovery_passes+0x184/0x210 [ 79.050496][ T5341] bch2_fs_recovery+0x2690/0x3a50 [ 79.052831][ T5341] ? check_noncircular+0xe0/0x160 [ 79.055040][ T5341] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 79.057436][ T5341] ? __lock_acquire+0xab9/0xd20 [ 79.059548][ T5341] ? __lock_acquire+0xab9/0xd20 [ 79.061958][ T5341] ? __lock_acquire+0xab9/0xd20 [ 79.065272][ T5341] ? bch2_fs_start+0xa0f/0xda0 [ 79.068043][ T5341] ? up_write+0x1c4/0x420 [ 79.070091][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 79.072259][ T5341] bch2_fs_start+0xaaf/0xda0 [ 79.074411][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 79.076735][ T5341] ? __pfx_bch2_fs_start+0x10/0x10 [ 79.079412][ T5341] ? sget+0x267/0x620 [ 79.081447][ T5341] bch2_fs_get_tree+0xb39/0x1520 [ 79.083772][ T5341] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 79.086125][ T5341] ? aa_get_newest_label+0xf7/0x5d0 [ 79.088542][ T5341] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 79.091256][ T5341] ? apparmor_capable+0x137/0x1b0 [ 79.093922][ T5341] vfs_get_tree+0x92/0x2b0 [ 79.096186][ T5341] do_new_mount+0x24a/0xa40 [ 79.098319][ T5341] __se_sys_mount+0x317/0x410 [ 79.100327][ T5341] ? __pfx___se_sys_mount+0x10/0x10 [ 79.103085][ T5341] ? do_syscall_64+0xbe/0x3b0 [ 79.105723][ T5341] ? __x64_sys_mount+0x20/0xc0 [ 79.108380][ T5341] do_syscall_64+0xfa/0x3b0 [ 79.110957][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.113730][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.116929][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 79.119166][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.121804][ T5341] RIP: 0033:0x7fe8349900ca [ 79.123819][ T5341] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.132287][ T5341] RSP: 002b:00007fe830df4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 79.136717][ T5341] RAX: ffffffffffffffda RBX: 00007fe830df4ef0 RCX: 00007fe8349900ca [ 79.140760][ T5341] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fe830df4eb0 [ 79.144433][ T5341] RBP: 00002000000000c0 R08: 00007fe830df4ef0 R09: 0000000000818001 [ 79.148168][ T5341] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 79.151660][ T5341] R13: 00007fe830df4eb0 R14: 0000000000005978 R15: 0000200000000480 [ 79.155446][ T5341] [ 79.157422][ T5341] Kernel Offset: disabled [ 79.159913][ T5341] Rebooting in 86400 seconds..