program: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket(0x2a, 0x2, 0x0) (async) r1 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}}}, 0x24}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}}}, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000006c0)) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000380), 0x208e24b) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) (async) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) clock_gettime(0x0, &(0x7f0000000580)) (async) clock_gettime(0x0, &(0x7f0000000580)={0x0, 0x0}) mq_timedreceive(0xffffffffffffffff, &(0x7f00000003c0)=""/29, 0x1d, 0x54683ae8, &(0x7f0000000740)={r3, r4+10000000}) socket$packet(0x11, 0x3, 0x300) (async) socket$packet(0x11, 0x3, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r5, &(0x7f0000000600)=ANY=[@ANYBLOB="000086dd000411000400000000006eec00be00442ffffc000000000000000000000000000002ff020000000000000000000000000001042088be000000030c000800a50086dd080088be00000001160906040c18107e00000010080022eb000000002004f0080200000000000002000294030800655800000002a93aa042ec5f724a8550b4c209d8aefdda99dec331e162df92de6d0811e4acee47bf9a8e08c931ce0ade831e46c68022256eba74a61fdefc569e737830eef994372600e5bdebe6a948ecc1fb216b2cf7a61916d4ff40f1ea5a37d37ff5ed868aeb33d019e43ca3670b202652215a80afaa1e5e6f1e04fa70dac567cfd0138688a9b18d76c31f7e81b7058f93b7bce05897c4edd8f0b9cade8696215dc7a3fa5944f29505d461637016726171c8e91260ea722b9d773ef817f35ee41d5c05f1e5371333cc"], 0x7a) (async) write$tun(r5, &(0x7f0000000600)=ANY=[@ANYBLOB="000086dd000411000400000000006eec00be00442ffffc000000000000000000000000000002ff020000000000000000000000000001042088be000000030c000800a50086dd080088be00000001160906040c18107e00000010080022eb000000002004f0080200000000000002000294030800655800000002a93aa042ec5f724a8550b4c209d8aefdda99dec331e162df92de6d0811e4acee47bf9a8e08c931ce0ade831e46c68022256eba74a61fdefc569e737830eef994372600e5bdebe6a948ecc1fb216b2cf7a61916d4ff40f1ea5a37d37ff5ed868aeb33d019e43ca3670b202652215a80afaa1e5e6f1e04fa70dac567cfd0138688a9b18d76c31f7e81b7058f93b7bce05897c4edd8f0b9cade8696215dc7a3fa5944f29505d461637016726171c8e91260ea722b9d773ef817f35ee41d5c05f1e5371333cc"], 0x7a) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x40000) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x40000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newtfilter={0x24, 0x2c, 0x20, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x3}, {0x7}, {0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x404c000}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x14, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x14, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) r7 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r7, &(0x7f00000000c0), 0x492492492492627, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=@delqdisc={0x78, 0x25, 0x800, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x10, 0x17}, {0x10, 0xd}, {0x3, 0x3}}, [@qdisc_kind_options=@q_drr={0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x4}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7}, @qdisc_kind_options=@q_ingress={0xc}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x5, 0x6, 0x7, 0x1, 0x5, 0x8000, 0x1}}, {0x6, 0x2, [0x6]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x4048040}, 0x8054) socket$netlink(0x10, 0x3, 0x0) (async) r8 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) r9 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r9, &(0x7f0000000940)={&(0x7f00000000c0)={0x24, @none={0x0, 0xffff}}, 0x14, &(0x7f0000000900)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) r10 = syz_open_dev$vim2m(&(0x7f0000000000), 0x20000000204, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r10, 0xc0405602, &(0x7f0000000080)={0x20, 0x2, 0x0, "11010100111400000100b64cd11e005c4b7c1500"}) syz_mount_image$bcachefs(&(0x7f00000005c0), &(0x7f0000000180)='./file1\x00', 0x10, &(0x7f0000000500)=ANY=[], 0xfd, 0x599a, &(0x7f000000dc40)="$eJzs3X+QXFW9IPBzu3synZn8mAR4jCCTIZD3ePA0E34Vyqtn3tv39BUgFQtLCRuFgUwwmoRUEgQCSnDBhQIstLQU9Q+0kFo0WlTBKpES+bEJqyjF6lJbSK3uon+4hSwpgSxluc6rmb6np+dO37k9PT35AZ9PJXP7nr79Peeee/r2/Z7umQ4AAAC8Jey7ZfuBC4/7l59+ZuT1G//1h5tvCr3l8fJq3KAvXV57qFrIwdRd6R9fZsfF31z/7d8NXvFPP3mg51tv7F1/4oZf/fNRVzzy8fP23P21x19b+NBfXiyKG8fTqRPryctJCNUf7f/SZ/c+fexYWRJCKIfSrhCWJEsfX5JkQgz9KYSwPl3pz9z54OtnbBhb3nR796TyxZntjPe3tmo6znYeuOa08Ot/XHvzz5d977tdu1/aNbFJUm0YTyEsuqzx8V0hhPnp/zFxtMXxGAftmhBCT8Pjzilo10kttn9lzvrx6XJeuuwtiBPvX55ZL2W2y65HXZllT0F9s5XXjna3K7Igs549Gc1WXjtj+ZJ0+YN0eeoM45fj/ySUklCpN39TMjFGQsNxS0Iyfiyr9fVS/diGdP8z60lmvZRZL3dl9mu83nSglZNkcnncLlMeT8eVtPzExnN1ExfllL8tXVbTJ+obcT1kb9T0TrlR369xsV37p2nLwVBqOAc1K68f+PRg9KZlvcnSKY8ZbSLet3ftHSvK657Y15fTjuSBJI2ftBV/58+WLPjod267Ovu6Xo9/WSmNX2or/m/Of+aVS2775ldz498V45fbin/6oz0vn//kLctz+2d/7J9KW/GHX3zqzmVHX747t/33xPjVtuKv3vNM98IDjz6W2/6h2D/z24r/wrnv/e39zz38Um78EOP3tBV/3Z6tn+seOHBKbvzHYv/0tjd+Xt199vMDA78fzIv/bIy/sK349+26+933Lr79vNzjuyb2T19b8S84+ZGbFxx4+IS8c2dyT6deOQHemo5Kr7FuTdfbzTNnqyFf+MpgpXbNtyD9v7CTFWUuPsfqWdTJ+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQQjjmtP/6vv/9ob6XK+l6d3rjhVJtGcvnhZDMDyFs3zG8bcfGLVcOfvyqq7dtGd40OLxjcGTLjm3XDZ75d4PbRrZuGr5u7N6hd5xRe9zSkNSWyQlT6u4eHR0t9U0ui/X9u5N3/3rFOf/nDyEMHfPLgUpu+1fevfneo5v8zEhWj75n89UX/vKsb6T71Ze2q69Ju0ZHR0dDTrv+78V/vvcL+393SghDfzVdu5564R9+PKlB4wUTcVKl7lBrUHfS07Qd9Van7Yn9VdmwcdPI0PT9O/b4cs5+/PvrX/rThms//+da/1Zz96PF/p2/enRT6ctrL/j/X76hVlDUrkN13Iv6O+5FbF/sv2ra34vS/VqUs1+VnP265eePPfej4257bVcYqry6bGrdRfvVlQ6AruRtLdUba+hJlkwqr6bbxyMeH7dyx+atK7dft/MdGzcPXzly5ciWd606c9XZQ2edfdbK8T1f2eH9j/X/dYv7f3DG0+JP7vpB/NnaeCpqV1F/jLWruD8aW5T3/Ou56LNffNfdT15YKyga53Hr+vkkXfaMHedVoWG8Te2rZvtV1A8hhMFm/fDKa+eFY//HxpuLzkONR6bxZ0ayevTp5X/8xjlf7//7WsGU8/y8TLs6cZ5vbFCb5/l6qyfaM95f1fR4jB6m/dsdyul+9TZt16qnn+y6Y98fPlVv37x54drhHTu2rar9XJC2dEFyfNN2ZUvjfi0b/1kOabeE+jBtMl7HdIVa+7Lnz7h5tld70/t6k6VN9ysr3rd37R0ryuue2JfX08kDtRrnh4W1ZfL2nC03ZR5Yrje4Wf2H6/OvaHwMvO/rD33ooe+fOWV8nF77WbRfSc5+fe+5+774rc//x+93br/e9w/P9P3xf35sRa3goFw/zua8Uq41pN7qtD1J43nl9BCKnn/LQvP9yH3+lZrvT9HzL1vPxPbN4w1m1ntDua3n6+mP9rx8/pO3LM99vu5v9fl6w6S1csHz9XAZP9nnV1KZ3I65e35NGijJ6tGf3HrUrsdvXHNcraDo9bK+dbNxfUYL+UfOfv34kucHrhr8D/+9c+eNb//dg5f+anj1p2sF7R/32JbOHPdq2r/VnP6ttzrmnY39+84rrtq0vlZ++F7/psuC/CeeSrZft/MTw5s2jWzb3tp+tfp6GuvJ9nK7r6fx7La0YL9KU/Zr7m600l+tPt9i+9e33V+Tn2+9IWnrdWHnz5Ys+Oh3bru6b8qj0oouK6XxS23F/835z7xyyW3f/Gpu/Lti/Epb8YdffOrOZUdfvjs3/j1JGr/aVvzVe57pXnjg0cdy4w/F9s9vK/4L5773t/c/9/BLufFDjN/bXv+/uvvs5wcGfp8b/9kkrWfsGimEB18/Y0NtPQld6fMttqNrUrtCdj3JrJcy6+XG9VJMUdMKykkyuTxul5af2NCWZj6cUx6vwqr9teUbcT1kb0xffrgpNZz76/omyouuUwEA3uzi+//xGjS+/z+SXijlzzTAhNnmYf05cWMeNjGfM2/S/f1p/P40MYnzgAPvDENjy5sGaxf6M30fIT4fsvOc/Zn7o3bnObsK5t+XZ9ZjvbX58kpDHpqamtdUQgvz71PrmX7+/aTMeuH8+OCtU5o12DBv1T/RnsFa/T1N2xumtrcyFiFvfGTnxeLnOQYWhTXj9bU4PrKfo4nHIfs5mljPcZkTZ7ufoyl6f6ZofMRmTzM+xptc/P7G1OMXpunfiePXPFr2+M3geFfHtp/r92c7MG/Y9JR28OYNZ/5+WHUG74cd1vOS83OCH8R5ycN93jCWx/2otDif+KGc8k7NJ8bTRWzX/mnacjA0nU8M5hOBI1/M/+NrxFj+P3YB/v8y2xVdh2avGmO83M8JlZu3pyjvmPo5vZ62XsfX7dn6ue6BA6fkXuc81urnfrZOWusp+NxPUT+uyKwX9mPOBE1Rvpetp6jfs5/L6A0L2+r3+3bd/e57F99+Xm6/r6m9kBb3+xcnrS0s6PcjIF9oHv8wzhfCmyVfOJSfY+jqzOcYiubPDlk+kn7waa7ykQ/mlM80H+mZcqO+X+MO33xk4oV0Uj6SnaAEAEjF/L/+/lma//+vuEF6HVGUt56aWY/xcvPWnOuTvLz1/eny2sz2velvVMz0uvmCkx+5ecGBh0/IzVvuaTUP/U+T1voK89DZ5c25ecSaznxePDePqOdZs8sTc9tfzxNnl6fnxq/n6bPLo3P7p55Hz24eIDd+fR7gCM1z65/XL5ivy1QWV1udrzskefSiyfs5J3l0+uuzc5VHX5RTPtM8unfKjfp+jTt88+jJ5fJoAODNKub/8TIu5v9PZrab7fvsuXlBh67bs38PpB7/2YOVV8513jfXeetc5/VzPS9xpOfFcz0vNLfzZIfs/eXDJS9OK5UXAwBwOIv5f/yVufz8f3b5SbP8rWtSfnLk5eeN28nPc+IX5udJ01rivYdPfn6kz3/J/70vXqxUlf8DALyZxfw//tpj/Pt//yVdz/7d+iMxTw/eR38LvY9+pOfpnZ9nCx35HEDVPEATLc0DNPw9siNmHsDnAAAA3lS6xjOlqb9n/5F0mf09+7zfy78kZ/tWVdLL48t3bBsZufTqreuHd4xcuuWq9SPbL71m28YdO0a21Labbd6Ym7ekeWNXqKT90Xy7bN62OP17CItz/h5CdvsY9vjxG1P/HkK22vkFf0dg4vhlHriref15x6+U09688ZF3vPPifzhn+6h+/K/42OmXbth+6cYtG3dsHN60cefI5O3GstaeGXxvZpL+n9H3pWZ+TFGa+fd3xsMzu3aUprSjK+2PvO9nTzLtWJK2ZEne9x/ktPun/+0Lnzx59M/3hzB0TPnts+q/ZPXof7545P079v1y61j7S9O2v75l2q6i7yvNbh/3p7Lpqu07Tttw1dVbst8o2Z44n1Gqr8/RfEb69C+3OD+xLqd8pp9TKE+5cXhqeX4CAIBJ4vv/8Xo2vn/4+fQCKpa3nqfP7v3j3Dx9qLU8Pfu9ZEV5enb7uL+t5unV9vL07rz6i/L0Zts3y9Pz8u68+B/M2X6mWh8ns/ucR+44uay1cZL9PoOicZLdfqbjJGl3Pien/qJx0mz7ZuMk77jnxf9AzvZ5isZDpT4eZve5nNzxcFdr4+FvM+tF4yG7/UzHQ2mW4yFbf9F4aLZ9s/GQd3zz4l+Ys32rJo+PsYExPi5GLr3mqm2faNhurr//os32zZto39x+/0e7Wu/fuf3c19y3f24/Vzb37Z/d58py2//s7GbCWm//3H6/S5TOleZtPvXxB2u+Nj0TFH3+rGged21O+UzncedNuXF4etA8LhwyMf+Pb/fE/P/2dNnpt4GO/O9J8z1mTeOHznyPWdF1zKF5Pa89C7yeF/O+LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBruiv948t9t2w/cOFx//LTz4y8fuO//nDzTX9z/bd/N3jFP/3kgZ5vvbF3/YkbfvXPR13xyMfP23P31x5/beFDf3mxMHDf+M/KqelqNYTk5SSE6o/2f+mze58+dqwsCSGUk75dISxJlj6+JMlEGPpTCGF9vZ2T73zw9TM2jC1vur17UvniTJDsfoXecmxPYztDuLZwjzgCVdNxtvPANaeFX//j2pt/vux73+3a/dKuiU2SasN4CmHRZY2P7wohzE//j4mjrT8+OF2uCSH0NDzunIJ2ndRi+1fmrB+fLuely96COPH+5Zn1Uma77HrUlVn2FNQ3W3ntaHe7Igsy69mT0WzltTOWL0mXP0iXp84wfjn+T0IpCZV68zclE2MkNBy3JCTjx7JaXy/Vj21I9z+znmTWS5n1cldmv8brTQdaOUkml8ftMuXxdFxJy09sPFc3cVFO+dvSZTV9or4R10P2Rk3vlBv1/RoX27V/mrYcDKWGc1Cz8vqBTw9Gb1rWmyyd8pjRJuJ9e9fesaK87ol9fTntSB5I0vhJW/F3/mzJgo9+57ar+/PiX1ZK45faiv+b85955ZLbvvnVWvz5U+PfFeOX24p/+qM9L5//5C3Lc/tnf+yfSlvxh1986s5lR1++O7d/7onxq23FX73nme6FBx59LLf9Q7F/5rcV/4Vz3/vb+597+KXc+CHG72kr/ro9Wz/XPXDglNz4j8X+6W1v/Ly6++znBwZ+P5gX/9kYf2Fb8e/bdfe77118+3m5x3dN7J++tuJfcPIjNy848PAJeefO5J5OvXICvDUdlV5j3Zqut5tnzlZDvvCVwUrtmm9B+n9hJyvKGKtn0RzGBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgzekXN5z5kYvf84G1lSSEJGeb0SbifeV5q1cPtlHv8ItP3bns6Mt3N5b1txEHAAAAKBbz8FK9pBr6wzXJ/HB80+3jHMHxcS2ZXJ6dQ4hxsnME7cYpdShOuUNxKh2K09WhOPM6FKe7Q3GqBXGqobU486eJUxkbFS22p2fa9rQep7dDcRZ0KM7CDsVZ1KE4izsUp2/aOK2PwyUdirO0Q3GO6lCcozsU55gOxfmrDsU5tkNxsnPKMx2HC9Mtj8uLM36jXBinkpTrdzSbTz82reeEWdbTW1DPwqLX4xbrmd9iPSdlHleaYT3VFuv561nWk7RYz9/Osp5SQT1x3F6bbV+sJ661OP6vayVOaer92Tg7O9Se6zsU54YOxflUh+J8ukNxbpxlHIBWxfx/It/rC92Vvw896RknOwsQ891l4z+nvt7lnZBivLdnyucVxcsm6pl4y2bavuwEQibe8kx516R4lXo+Mk28amO8FZk7p9vfc1c3b1tjvFMz5d3TxJu0AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwEPzihjM/cvF7PrA2JGHsX4Nd9VujTcT7yvNWrx5so969a+9YUV73xL7Gsu5KW7sAAAAAFIh5eFe9pBq6K6uq2e2q6TxAvKPcV1sOLAprxpbJYGl8vSdZMu3jKunjVu7YvHXl9ut2vmPj5uErR64c2fKuVWeuOnvorLPPWrlh46aRodrPELoL4oUQxqcftl+38xPDmzaNbNteK+xO5k16XH/6uP50PUkfN/DOMDS2vClt/9KC+kpT6pu7GwWHDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/o1duwuR6ywfAP6emdmZ6bb5d/70axqa7ZCPErVqEreSaukeECw0H2QpyGx1LcEmWNw0oU1KrGMbsK0JitASCJFcGInF1uJNP2wR+0EgUqMBNwZpi+ZCL5RWK2nJhaSMZHbO7MzZmcw6lKaNv9/F+Xjf53mf856LhefsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfOCma6OT1bHxieEohKhHTL2LZC6bj+PKAHW/8sK2HxRGTi9vHyvkBlgIAAAA6Cvpw4daI8VQyGVDNlzduFsc2ibCbN8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD875mujU5Wx8YnLo5CiHrE1LtI5oZCHFcGqHvynac++9rIyN/ax8oDrAMAAAD0l/ThmdZIMZTDkjAUXd0Rl3wbWJjKT8cl6yyaZ1z620GvuCXzjLtunnEf6xO3vnneGQAAAOCjL+n/c62RUijkFvTs//v19Unctam4bPM8/98K5OcdCQAAAJxb0v8XWiPlUMiVW/36fPv9xam4bAilbvV65S+bm9/Q7//565pn/6cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+O6droZHVsfCJ/jph6F8lcNh/HlQHqrnpx+B9rDj+8uH2skBtgIQAAAKCvpA+fbb2LoZAbDkPh4kbfP3LLgWe+9MxzoyGEmTY/nw87N27ffs+qmWMSt/Lo4aHvH3nr23PiVs4cz9sGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9810bXSyOjY+cVEUQtQjpt5FMpfNx3FlgLpvfP6Lf3nixPNvto+VB1gHAAAA6C/pw2d7/2Ioh3zIhysbd+29/lmZVH6vbwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAhePeb97/jY1TU5vuceHChYvWxfn+ywQAALzfrg1RqP+Xrtpwvp8aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4MJiujU5Wx8YnilEIUY+YehfJXDYfx5UB6sYvHCssOP3iy+1j5QHWAQAAAPpL+vDZ3r8YymEoDIUrGnfdvgk0+v/SB/iQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIfKdG10sjo2PrEgCiHqEVPvIpnL5uO4MkDdx3ft/9yhS793a/tYITfAQgAAAEBfSR+eb40UQyH38VAI1zTvpzoTomzz3P27wGzeto604Xnn1TrysvPO253aWa65m5m8YrJeaebcyqvMzau05ZVDq3ylIy/s7cha0Oc5AwAAAJxHSf9faI2UQiFXaOtzf9oRX9LnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9TNdGJ6tj4xNRFELUI6beRTKXzcdxZYC69//2/y/56s/27GgfKw+wDgAAANBf0ofP9v7FUA6Lwv+FRY2+P5Q645O4f1bPHHrsX39dHsKKK4+P5NLL/ii5+PUbN7+UPoSQ6YzOhHBps17Uo95vfv/YfUvrZ54IYcUV2Wvm1Avnrte5ZFx/trpp3fYjx7f1eTkAAABwgUj6/6HWSCkUcnd36/+L7Xl9+v+WRgN+6X27fnF589jsyFMZmVKzXibV/ydxX1j61J+Xrf77W2f7/7n1Ptm6+vT+LYcu7yg4M5ISxfWxLTvWH7/hYCbZ9Uz9bKp+8l6+/K03/71556NnZuoXWy9jYepRZqrNPabKh7g+ldk3sfa9fbXO+rke+3/4dy+f+NXCPe+erf/OtcOt+teFbvXbd951/xfF9eHbHtl74/7D6zvrhxAq3eq//e6t4ao/3vVQev/DqYXb33z7Mf0C4vrRxacOrj5QvqmzfpSqn7z/n594fO9PHv3uc0n95Lciy5fMt34mVf/V3ZfteuXBDQs762d67P+l218b2Vr5zh/S+7+zY9Vcz6eYu/8nr3/6jtc3xg+kpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4s07XRyerY+EQmCiHqEVPvIpnL5uO4MkDdk2uOvX37nh//sH2sPMA6AAAAQH9JHz7b+xdDOeRDPgw3+v5nq5vWbT9yfFsozcxGzXNuauu92z+xeeuOu+88T08OAAAAzNfJNVGj/8+1RkqhkFsahpr9/9iWHeuP33Awk/T/mbPnKISw+a6pTStCK+7V3ZfteuXBDQtb3wlCaPwsoHg27jOzcbfcfKx06k9fX9Y1btVs3NHFpw6uPlC+KYkL7XErQ+v7xJPXP33H6xvjB1rP1x73qa9tnWp+nkjWHb7tkb037j+8PpN8x2ieh5vrJnFTmX0Ta9/bV0viss1zsblvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCu6droZHVsfCJkQ4h6xNS7SOay+TiuDFB37dJfPnTJ6ecXtY8VcgMsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyHHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzXXWgcVR8H4HN2kzfbbNI3aQWjYppWRakXFgURvFFRkVak4FWlSLW1F6IgiCj1wlRasfiBN4LVmyIoqFEKCjYWS6uk4lfxxgsVFKoXQikGtEvxQmV3z2w30x1XJ1VQnweWk3Nm5jf/mXNmNgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/yhDAxOt9vDO+xu3nHvDR4/edeKRm965d/vFD7/63dTm6z7cO/zSybktK7d+ef3yzfvvXju7+4VDP42+9cvRvsEPtZvVqVsLIR6PIdTenX/2sbmPz26OxRBCNY5NhzAelx0aj7mENT+HELZ06ly48c0TV2xtttufGFow/v9cSP66Qr2a1dM2trBe/l1qaZ1tazx4afj62g07Pl3xxuuDM8emT+0Sa13rKYSlm7qPHwwhLEmfpmy1TWQHp3Z9CGG467ir+tR1wR+s/7KC/nmp/V9q631ysu2rcv1Kbr98PzOYa4f7nG+xiuoou18/I7l+/mW0WEV1ZuPjqX07tav/ZH41+8RQiWGgU/498dQaCV3zFkNszWWt06905jak68/1Y65fyfWrg7nrap03LbRqjAvHs/1y49nreCCNr+x+V/dwa8H4OamtpQf1ZNYP+T/a6qf90bmulqyu+d+p5e9Q6XoH9RrvTHyajHoaq8dlpx3zaw/ZtrkNT15U3fje4bGCOuLemPJjqfxtn4yP3P7argcmivI3VVJ+pVT+N+uO/HDbrhefL8x/Jsuvlsq//MDw8XXv71xVeH/ms/szUCr/jqMfPLXirDtnes11K39Pll8rlX/N7JGh0caBg4X1r8nuz5JS+V9dfeO3r3y+71hhfsjyh0vlb5y97+mhycYlhfkH249CvbVCS6yfH2eu/GJy8vupovzPsvs/2iM/9s1/eXp38wldW7g+12f3Z6xU/TdfuH/HSGPf+UXvzrjnTH1zAvw3LU//Yz2e+mV/Zy5W1++F56YG2t9AI+kzeiZPlNM8z9K/MB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5jBw5IAAAAAAT9f92OQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICnAgAA//9/+yFe") [ 68.437373][ T5314] Bluetooth: hci0: command tx timeout [ 68.487707][ T5329] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET) [ 68.721489][ T5329] loop0: detected capacity change from 0 to 32768 [ 68.818339][ T5329] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 68.826788][ T5329] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 68.832444][ T5329] bcachefs (loop0): Version upgrade required: [ 68.832444][ T5329] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 68.832444][ T5329] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.20: directory_size [ 68.832444][ T5329] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 68.871443][ T5329] bcachefs (loop0): error validating btree node on loop0 at btree extents level 0/0 [ 68.871477][ T5329] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 68.871487][ T5329] node offset 0/16: incorrect min_key: got 0:36028797018963968:0 should be POS_MIN [ 68.890253][ T5329] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 68.897278][ T5329] bcachefs (loop0): flagging btree extents lost data [ 68.900839][ T5329] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 68.910269][ T5329] error reading btree root btree=extents level=0: btree_node_read_error, fixing [ 68.919194][ T5329] bcachefs (loop0): error validating btree node at btree inodes level 0/0 [ 68.919285][ T5329] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 68.919300][ T5329] node offset 16/24 bset u64s 110 bset byte offset 152: keys out of order: u64s 16 type inode_v3 134217728:4096:U32_MAX len 0 ver 0 > u64s 18 type inode_v3 0:4098:U32_MAX len 0 ver 0, fixing [ 68.940245][ T5329] invalid bkey in btree_node btree=inodes level=0: u64s 16 type inode_v3 134217728:4096:U32_MAX len 0 ver 0: [ 68.940263][ T5329] mode=40755 [ 68.940269][ T5329] flags=(16300000) [ 68.940276][ T5329] journal_seq=0 [ 68.940282][ T5329] hash_seed=28e4f092a4fc58ee [ 68.940289][ T5329] hash_type=siphash [ 68.940294][ T5329] bi_size=0 [ 68.940301][ T5329] bi_sectors=0 [ 68.940306][ T5329] bi_version=0 [ 68.940312][ T5329] bi_atime=200535484 [ 68.940318][ T5329] bi_ctime=2780562352 [ 68.940324][ T5329] bi_mtime=2780562352 [ 68.940330][ T5329] bi_otime=200535484 [ 68.940336][ T5329] bi_uid=0 [ 68.940343][ T5329] bi_gid=0 [ 68.940348][ T5329] bi_nlink=2 [ 68.940354][ T5329] bi_generation=0 [ 68.940359][ T5329] bi_dev=0 [ 68.940365][ T5329] bi_data_checksum=0 [ 68.940372][ T5329] bi_compression=0 [ 68.940378][ T5329] bi_project=0 [ 68.940384][ T5329] bi_background_compression=0 [ 68.940391][ T5329] bi_data_replicas=0 [ 68.940397][ T5329] bi_promote_target=0 [ 68.940403][ T5329] bi_foreground_target=0 [ 68.940409][ T5329] bi_background_target=0 [ 68.940415][ T5329] bi_erasure_code=0 [ 68.940420][ T5329] bi_fields_set=0 [ 68.940426][ T5329] bi_dir=0 [ 68.940432][ T5329] bi_dir_offset=0 [ 68.940439][ T5329] bi_subvol=1 [ 68.940445][ T5329] bi_parent_subvol=0 [ 68.940452][ T5329] bi_nocow=0 [ 68.940457][ T5329] bi_depth=0 [ 68.940463][ T5329] bi_inodes_32bit=0 [ 68.940469][ T5329] nonzero k.p.inode: delete?, fixing [ 69.016829][ T5329] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 69.016829][ T5329] btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 69.027512][ T5329] bcachefs (loop0): error validating btree node on loop0 at btree dirents level 0/0 [ 69.027529][ T5329] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 69.027538][ T5329] node offset 16/24: btree node data missing: expected 24 sectors, found 16, fixing [ 69.044543][ T5329] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 69.044543][ T5329] btree=dirents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 69.056615][ T5329] bcachefs (loop0): error validating btree node on loop0 at btree xattrs level 0/0 [ 69.056632][ T5329] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 69.056640][ T5329] node offset 0/16 bset u64s 0: incorrect btree id [ 69.069916][ T5329] bcachefs (loop0): flagging btree xattrs lost data [ 69.074543][ T5329] error reading btree root btree=xattrs level=0: btree_node_read_error, fixing [ 69.081617][ T5329] bcachefs (loop0): error validating btree node at btree alloc level 0/0 [ 69.081633][ T5329] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 69.081641][ T5329] node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing [ 69.099994][ T5329] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 69.099994][ T5329] btree=alloc level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 69.118316][ T5329] bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0 [ 69.118333][ T5329] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 69.118342][ T5329] node offset 0/32 bset u64s 0: invalid bkey format: incorrect number of fields: got 0, should be 6 [ 69.118348][ T5329] u64s 5 fields 64:0, 64:0, 32:0, 0:0, 0:0, 0:0 [ 69.136044][ T5329] bcachefs (loop0): flagging btree freespace lost data [ 69.141683][ T5329] error reading btree root btree=freespace level=0: btree_node_read_error, fixing [ 69.147847][ T5329] bcachefs (loop0): scan_for_btree_nodes... [ 69.166326][ T5339] invalid bkey in btree_node btree=stripes level=0: u64s 7 type xattr 536870912:3798421620223919902:U32_MAX len 0 ver 0: user.xattr2:xattr2 [ 69.166354][ T5339] nonzero snapshot: delete?, fixing [ 69.179446][ T5339] bcachefs (loop0): flagging btree stripes lost data [ 69.235405][ T5329] bcachefs (loop0): btree node scan found 6 nodes after overwrites [ 69.241785][ T5329] done [ 69.243899][ T5329] bcachefs (loop0): check_topology... [ 69.246473][ T5329] bcachefs (loop0): btree root extents unreadable, must recover from scan [ 69.252626][ T5329] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=extents level=0 POS_MIN - SPOS_MAX [ 69.259950][ T5329] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 48 min_key 0:36028797018963968:0 durability: 1 ptr: 0:27:0 gen 0 [ 69.271706][ T37] bcachefs (loop0): error validating btree node at btree extents level 0/0 [ 69.271734][ T37] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 48 min_key 0:36028797018963968:0 durability: 1 ptr: 0:27:0 gen 0 [ 69.271787][ T37] node offset 8/48 bset u64s 2097 bset byte offset 40: bad k->u64s 0 (min 3 max 253), fixing [ 69.287865][ T37] invalid bkey in btree_node btree=extents level=0: u64s 10 type deleted 8825211592396076079:4100:0 len 0 ver 0: [ 69.287876][ T37] snapshot == 0: delete?, fixing [ 69.294657][ T37] bcachefs (loop0): error validating btree node at btree extents level 0/0 [ 69.294668][ T37] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 48 min_key 0:36028797018963968:0 durability: 1 ptr: 0:27:0 gen 0 [ 69.294674][ T37] node offset 8/48 bset u64s 2088 bset byte offset 360: bad k->u64s 0 (min 3 max 253), fixing [ 69.311086][ T37] ================================================================== [ 69.314547][ T37] BUG: KASAN: use-after-free in bkey_packed_valid+0x488/0x6c0 [ 69.319282][ T37] Read of size 1 at addr ffff888044d60000 by task kworker/0:1H/37 [ 69.323795][ T37] [ 69.325317][ T37] CPU: 0 UID: 0 PID: 37 Comm: kworker/0:1H Not tainted 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 69.325335][ T37] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.325345][ T37] Workqueue: bcachefs_btree_read_complete btree_node_read_work [ 69.325369][ T37] Call Trace: [ 69.325377][ T37] [ 69.325383][ T37] dump_stack_lvl+0x241/0x360 [ 69.325398][ T37] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.325411][ T37] ? __pfx__printk+0x10/0x10 [ 69.325423][ T37] ? _printk+0xd5/0x120 [ 69.325432][ T37] ? __virt_addr_valid+0x183/0x530 [ 69.325444][ T37] ? __virt_addr_valid+0x183/0x530 [ 69.325454][ T37] print_report+0x16e/0x5b0 [ 69.325470][ T37] ? __virt_addr_valid+0x183/0x530 [ 69.325479][ T37] ? __virt_addr_valid+0x183/0x530 [ 69.325489][ T37] ? __virt_addr_valid+0x45f/0x530 [ 69.325498][ T37] ? __phys_addr+0xba/0x170 [ 69.325516][ T37] ? bkey_packed_valid+0x488/0x6c0 [ 69.325529][ T37] kasan_report+0x143/0x180 [ 69.325543][ T37] ? bkey_packed_valid+0x488/0x6c0 [ 69.325557][ T37] bkey_packed_valid+0x488/0x6c0 [ 69.325570][ T37] ? __pfx___btree_err+0x10/0x10 [ 69.325582][ T37] ? __pfx_bkey_packed_valid+0x10/0x10 [ 69.325595][ T37] ? __pfx_bch2_bkey_in_btree_node+0x10/0x10 [ 69.325620][ T37] ? __asan_memset+0x23/0x50 [ 69.325631][ T37] ? validate_bset_keys+0x5df/0x1af0 [ 69.325643][ T37] validate_bset_keys+0xeb5/0x1af0 [ 69.325661][ T37] ? __pfx_validate_bset_keys+0x10/0x10 [ 69.325675][ T37] ? __pfx_validate_bset+0x10/0x10 [ 69.325688][ T37] ? mempool_alloc_noprof+0x1a6/0x5a0 [ 69.325702][ T37] ? bch2_bpos_to_text+0x295/0x3a0 [ 69.325713][ T37] ? __pfx_bch2_bpos_to_text+0x10/0x10 [ 69.325726][ T37] ? prt_str+0x4af/0x7d0 [ 69.325736][ T37] ? bch2_btree_node_read_done+0x2177/0x6180 [ 69.325749][ T37] bch2_btree_node_read_done+0x2298/0x6180 [ 69.325772][ T37] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 69.325784][ T37] ? __pfx_lock_acquire+0x10/0x10 [ 69.325800][ T37] ? bch2_bkey_pick_read_device+0x221/0x1850 [ 69.325814][ T37] ? __pfx_lock_release+0x10/0x10 [ 69.325836][ T37] ? __lock_acquire+0x1397/0x2100 [ 69.325862][ T37] ? bch2_bkey_pick_read_device+0x221/0x1850 [ 69.325880][ T37] ? bch2_bkey_pick_read_device+0x1561/0x1850 [ 69.325903][ T37] ? bch2_bkey_pick_read_device+0x221/0x1850 [ 69.325920][ T37] ? __pfx_bch2_bkey_pick_read_device+0x10/0x10 [ 69.325930][ T37] ? bch2_btree_ptr_v2_to_text+0x209/0x2f0 [ 69.325942][ T37] ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10 [ 69.325955][ T37] btree_node_read_work+0x6dc/0x1380 [ 69.325974][ T37] ? __pfx_btree_node_read_work+0x10/0x10 [ 69.325985][ T37] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.326013][ T37] ? process_scheduled_works+0x9c6/0x18e0 [ 69.326034][ T37] process_scheduled_works+0xabe/0x18e0 [ 69.326062][ T37] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.326075][ T37] ? assign_work+0x364/0x3d0 [ 69.326086][ T37] worker_thread+0x870/0xd30 [ 69.326102][ T37] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 69.326186][ T37] ? __kthread_parkme+0x169/0x1d0 [ 69.326203][ T37] ? __pfx_worker_thread+0x10/0x10 [ 69.326217][ T37] kthread+0x7a9/0x920 [ 69.326233][ T37] ? __pfx_kthread+0x10/0x10 [ 69.326249][ T37] ? __pfx_worker_thread+0x10/0x10 [ 69.326263][ T37] ? __pfx_kthread+0x10/0x10 [ 69.326278][ T37] ? __pfx_kthread+0x10/0x10 [ 69.326294][ T37] ? __pfx_kthread+0x10/0x10 [ 69.326310][ T37] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.326323][ T37] ? lockdep_hardirqs_on+0x99/0x150 [ 69.326337][ T37] ? __pfx_kthread+0x10/0x10 [ 69.326353][ T37] ret_from_fork+0x4b/0x80 [ 69.326369][ T37] ? __pfx_kthread+0x10/0x10 [ 69.326385][ T37] ret_from_fork_asm+0x1a/0x30 [ 69.326402][ T37] [ 69.326407][ T37] [ 69.484256][ T37] The buggy address belongs to the physical page: [ 69.487271][ T37] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44d60 [ 69.490960][ T37] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 69.493888][ T37] page_type: f0(buddy) [ 69.495568][ T37] raw: 04fff00000000000 ffffea0001136b08 ffff88805ffd6ef0 0000000000000000 [ 69.499180][ T37] raw: 0000000000000000 0000000000000002 00000000f0000000 0000000000000000 [ 69.503321][ T37] page dumped because: kasan: bad access detected [ 69.506202][ T37] page_owner tracks the page as freed [ 69.508363][ T37] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x452cd0(GFP_KERNEL_ACCOUNT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_RECLAIMABLE), pid 5329, tgid 5328 (syz.0.0), ts 68774906495, free_ts 69163441632 [ 69.517274][ T37] post_alloc_hook+0x1f4/0x240 [ 69.519393][ T37] get_page_from_freelist+0x365c/0x37a0 [ 69.521631][ T37] __alloc_frozen_pages_noprof+0x292/0x710 [ 69.524163][ T37] __alloc_pages_noprof+0xa/0x30 [ 69.526172][ T37] ___kmalloc_large_node+0x8b/0x1d0 [ 69.528654][ T37] __kmalloc_large_node_noprof+0x1a/0x80 [ 69.531608][ T37] __kmalloc_node_noprof+0x33a/0x4d0 [ 69.533819][ T37] __kvmalloc_node_noprof+0x72/0x190 [ 69.535910][ T37] btree_node_data_alloc+0xdb/0x260 [ 69.538080][ T37] __bch2_btree_node_mem_alloc+0x201/0x420 [ 69.540258][ T37] bch2_fs_btree_cache_init+0x27a/0x630 [ 69.542692][ T37] bch2_fs_open+0x2d2d/0x31e0 [ 69.545781][ T37] bch2_fs_get_tree+0x738/0x17a0 [ 69.548688][ T37] vfs_get_tree+0x90/0x2b0 [ 69.550560][ T37] do_new_mount+0x2be/0xb40 [ 69.552371][ T37] __se_sys_mount+0x2d6/0x3c0 [ 69.553985][ T37] page last free pid 5339 tgid 5339 stack trace: [ 69.556233][ T37] free_frozen_pages+0xe0d/0x10e0 [ 69.558323][ T37] __folio_put+0x2b3/0x360 [ 69.560284][ T37] free_large_kmalloc+0xfe/0x180 [ 69.562532][ T37] kfree+0x212/0x430 [ 69.564371][ T37] bch2_btree_node_read_done+0x3c89/0x6180 [ 69.566874][ T37] btree_node_read_work+0x6dc/0x1380 [ 69.568961][ T37] bch2_btree_node_read+0x2433/0x29f0 [ 69.571037][ T37] bch2_btree_node_fill+0xca6/0x1370 [ 69.573117][ T37] bch2_btree_node_get_noiter+0x9d5/0xf70 [ 69.575353][ T37] read_btree_nodes_worker+0x1392/0x1fd0 [ 69.577818][ T37] kthread+0x7a9/0x920 [ 69.580072][ T37] ret_from_fork+0x4b/0x80 [ 69.582276][ T37] ret_from_fork_asm+0x1a/0x30 [ 69.584370][ T37] [ 69.585281][ T37] Memory state around the buggy address: [ 69.587345][ T37] ffff888044d5ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.590333][ T37] ffff888044d5ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.593319][ T37] >ffff888044d60000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.596350][ T37] ^ [ 69.598054][ T37] ffff888044d60080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.602274][ T37] ffff888044d60100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.606371][ T37] ================================================================== [ 69.621045][ T37] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.624171][ T37] CPU: 0 UID: 0 PID: 37 Comm: kworker/0:1H Not tainted 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 69.628406][ T37] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.632320][ T37] Workqueue: bcachefs_btree_read_complete btree_node_read_work [ 69.635653][ T37] Call Trace: [ 69.637256][ T37] [ 69.638585][ T37] dump_stack_lvl+0x241/0x360 [ 69.640600][ T37] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.642645][ T37] ? __pfx__printk+0x10/0x10 [ 69.644558][ T37] ? preempt_schedule+0xe1/0xf0 [ 69.646577][ T37] ? vscnprintf+0x5d/0x90 [ 69.648693][ T37] panic+0x349/0x880 [ 69.650539][ T37] ? check_panic_on_warn+0x21/0xb0 [ 69.653375][ T37] ? __pfx_panic+0x10/0x10 [ 69.655509][ T37] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 69.657885][ T37] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.660027][ T37] ? print_report+0x519/0x5b0 [ 69.661829][ T37] check_panic_on_warn+0x86/0xb0 [ 69.663817][ T37] ? bkey_packed_valid+0x488/0x6c0 [ 69.666043][ T37] end_report+0x77/0x160 [ 69.667848][ T37] kasan_report+0x154/0x180 [ 69.669635][ T37] ? bkey_packed_valid+0x488/0x6c0 [ 69.671780][ T37] bkey_packed_valid+0x488/0x6c0 [ 69.673923][ T37] ? __pfx___btree_err+0x10/0x10 [ 69.676039][ T37] ? __pfx_bkey_packed_valid+0x10/0x10 [ 69.678280][ T37] ? __pfx_bch2_bkey_in_btree_node+0x10/0x10 [ 69.680583][ T37] ? __asan_memset+0x23/0x50 [ 69.682788][ T37] ? validate_bset_keys+0x5df/0x1af0 [ 69.685533][ T37] validate_bset_keys+0xeb5/0x1af0 [ 69.688602][ T37] ? __pfx_validate_bset_keys+0x10/0x10 [ 69.691121][ T37] ? __pfx_validate_bset+0x10/0x10 [ 69.693339][ T37] ? mempool_alloc_noprof+0x1a6/0x5a0 [ 69.695630][ T37] ? bch2_bpos_to_text+0x295/0x3a0 [ 69.697769][ T37] ? __pfx_bch2_bpos_to_text+0x10/0x10 [ 69.699935][ T37] ? prt_str+0x4af/0x7d0 [ 69.701644][ T37] ? bch2_btree_node_read_done+0x2177/0x6180 [ 69.704750][ T37] bch2_btree_node_read_done+0x2298/0x6180 [ 69.708385][ T37] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 69.711583][ T37] ? __pfx_lock_acquire+0x10/0x10 [ 69.714171][ T37] ? bch2_bkey_pick_read_device+0x221/0x1850 [ 69.717368][ T37] ? __pfx_lock_release+0x10/0x10 [ 69.719659][ T37] ? __lock_acquire+0x1397/0x2100 [ 69.721996][ T37] ? bch2_bkey_pick_read_device+0x221/0x1850 [ 69.724748][ T37] ? bch2_bkey_pick_read_device+0x1561/0x1850 [ 69.727335][ T37] ? bch2_bkey_pick_read_device+0x221/0x1850 [ 69.729680][ T37] ? __pfx_bch2_bkey_pick_read_device+0x10/0x10 [ 69.732152][ T37] ? bch2_btree_ptr_v2_to_text+0x209/0x2f0 [ 69.735061][ T37] ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10 [ 69.738515][ T37] btree_node_read_work+0x6dc/0x1380 [ 69.740930][ T37] ? __pfx_btree_node_read_work+0x10/0x10 [ 69.743405][ T37] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.745805][ T37] ? process_scheduled_works+0x9c6/0x18e0 [ 69.748046][ T37] process_scheduled_works+0xabe/0x18e0 [ 69.750214][ T37] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.752787][ T37] ? assign_work+0x364/0x3d0 [ 69.755590][ T37] worker_thread+0x870/0xd30 [ 69.757984][ T37] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 69.760562][ T37] ? __kthread_parkme+0x169/0x1d0 [ 69.762606][ T37] ? __pfx_worker_thread+0x10/0x10 [ 69.764701][ T37] kthread+0x7a9/0x920 [ 69.766565][ T37] ? __pfx_kthread+0x10/0x10 [ 69.768925][ T37] ? __pfx_worker_thread+0x10/0x10 [ 69.771556][ T37] ? __pfx_kthread+0x10/0x10 [ 69.774288][ T37] ? __pfx_kthread+0x10/0x10 [ 69.777058][ T37] ? __pfx_kthread+0x10/0x10 [ 69.779563][ T37] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.782083][ T37] ? lockdep_hardirqs_on+0x99/0x150 [ 69.784524][ T37] ? __pfx_kthread+0x10/0x10 [ 69.786942][ T37] ret_from_fork+0x4b/0x80 [ 69.789861][ T37] ? __pfx_kthread+0x10/0x10 [ 69.792871][ T37] ret_from_fork_asm+0x1a/0x30 [ 69.795454][ T37] [ 69.797274][ T37] Kernel Offset: disabled [ 69.799179][ T37] Rebooting in 86400 seconds..