program: mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x3, 0x0, &(0x7f0000000080)) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x180, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000000680)={{}, {0x3d}, 0x40, 0x0, 0x0, &(0x7f0000000240)='./file1/file1\x00', &(0x7f0000000280)='./file1\x00', &(0x7f0000000380)="ab786e1eac856c3563e52d34d14185ae379775f4527699bfa1d7fe1f274c7dae7885c49950d3254377c3c453e93800ffb77e6138b6990a1b2d6876496d71c9ce9f61b85c83c669a49b868119e6f8470025eab1f7afe8c9e8c8c4e01bb4d76504c753d4a0de9193ac4498e6a26b847fd3379bd34574bb78736db84ff7b8584579badb8cfbad34bc3f799e5607d41b151ecb1a84ab83bbe48676f9be3cdb7616cd77d3e261bb89f134623222550a48a73254e9ceb9ce83da2e8f835d38bdcec54641b90f7db7d988e279ed0634767665d1449f91edb41a28dd1e2f126070fe8c294928310569400d63c0f0d3965ea4e51318de6d366f61c3841cb144d114dd5fe2ac6e198a4f193da8ee47e6c17ff51f6b2a057cbd28c483de122292884f75e41a96e83a09077e9395809ef4c84d61a0ca2f7710a30d098c078575f4600bc9d97f790702db3347c7f3759ba3dc9f9a37184853743a8fdd180989da375f55c1ae132014ddb8fa04e55f5e1189573122b8", 0x16f, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000b5000000a6d4345d0c39000000a7bb32519283dc8c1d54e2b54d6595258fd79c944ba08722a9818606a81d7ba5248a9d1505fac2b87fca7076b6c7113413e5cda1d3240f042e6f0000004492ca1f047a74e3b345a88faa7ed371deb3bf71fa10435eca447745f7644f8b737aba5dc701ee5bf9290f3341a8b628c9dbe6ec5602ec66473cdab2598768de8f3282707bf6bce9308cb73471f8703fc2e650d93a01d67ba40d46b96e4ca895007fe8aa5e36ffd2f612ba375a2699890000003317f94e067fd22c3cc000642525b79da2da77086d1a1182d43473313059ef7f9f16627ea31500b1b8551e0cc7e4aee9c78634b5657bc9cf4bd98ec3e5cee290b67221bffc137cefb70e09a1da70e5aa9609302e94c386365d31b1a3aed0315905637c7d5feb32f616e66c158c1d0c6116851b2e30aa04040b940df8ec7721e7bf05a1420ec8252396"], 0x14a}) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./bus\x00', 0x3c00a, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@nfs_export_on}], [], 0x2c}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000780)='/proc/mdstat\x00', 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) sendfile(r2, r1, 0x0, 0x100000000000001) syz_mount_image$bcachefs(&(0x7f0000000280), &(0x7f0000000000)='./file1\x00', 0x800410, &(0x7f00000007c0)={[{@journal_flush_disabled}, {@acl}, {@recovery_pass_last={'recovery_pass_last', 0x3d, 'check_snapshots'}}, {@wide_macs}, {@errors_continue}, {@btree_node_mem_ptr_optimization}, {@prjquota}, {@reconstruct_alloc}, {@degraded}], [{@context={'context', 0x3d, 'root'}}]}, 0x3, 0x59da, &(0x7f000000b580)="$eJzs3Q2QHNV9IPDXM7Pa0a4+VgIHGcxqkZFDcGyt+Cp/pGIll9gpcCi5nHIsTjYsaEVkS0IliQAysUUOfKbALpwilcjJVREXpg5b9lEFsVEoEz5O4mxsiouPusLU2XfYV+UU4VAF0HEuLpvamX6jmZ7p7dnZWSGh36+k7ek3Pf/3+vWbnv6/md0JAAAAnBQO3bLryKWn/+73/3Ty1c/93t9tuykMl2vl1bjBSLq8/o1qIcfSYGVFbZkdF7/6ma//fOyq3/7efUNfe+3gprM2//h3TrnqoU9dfGDfXz36yuIH/uX5orhxPJ17dD15MQmh+t3Df/75g0+eNl02EEIoJyN7Q1iWLH90WZIJMf7LEMKmdGVF5s77Xz1/8/TyptsGW8qXZrYz3k9u08d5emDtOXLdO8NPfmvDzT9c+a1vDux/Ye/RTZJq03gKYckVzY+fHqML0//T4miL4zEO2vUhhKGmx72noF1v77L9a3LWz0iXC9LlcEGceP+qzHops112PRrILIcK6purvHb0ul2RRZn17MlorvLaGcuXpcvvpMtzZxm/HP8noZSESqP5W5OjYyQ0HbckJLVjWW2slxrHNqT7n1lPMuulgaa9SkIoD2T2q1ZvOtDKSdJaXrOwbft4Oq6k25/VfK7u4KM55W9Nl9X0ifpaXA/ZG3XDbTca+1UT23V4hrYcC6Wmc1Cn8saBTw/GcFo2nCxve8xUB/G+gxtuX13e+NihkZx2JPclafykp/h7frBs0Se/ceu12df1RvwrSmn8Uk/xf3rJUy9ddutXv5Ib/44Yv9xT/PMeHnrxksdvWZXbP4dj/1R6ij/x/BNfXHnqlftz239XjF/tKf66A08NLj7y8CNH25/sbYk/HvtnYU/xn3v/B3927zMPvtDcP+Xm+CHGH+op/sYDO740OHrknNz+fyT2z3Bv4+fl/Rc9Ozr6i7G8+E/H+It7in/P3n3vu3vpbRfnHt/1sX9Geor/4bMfunnRkQfPbC5riX9Xv145AU5Op6TXWF9I13vNM+eqKV/4y7FK/ZpvUfp/cT8rylx8TtezpJ/xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCE8JZ3/pcP/a+PjbxYSdcH0xvPlerLWL4ghGRhCGHX7omdu7dsv3rsU9dcu3P7xNaxid1jk9t377xh7IJfH9s5uWPrxA3T946/6/z645aHpL5Mzmyre3Bqaqo00loW6/s3Z+//yer3/OM/hTD+lh+NVnLbv2bftrtP7fAzI1k39YFt1176owv/Jt2vkbRdIx3aNTU1NRVy2vV/Pv763X92+OfnhDD+KzO164nnfvPvWxpUKzgaJ1UaDPUGDSZDHdvRaHXanthflc1btk6Oz9y/048v5+zHv/3MC7/cfP2XX6/3bzV3P7rs34XrpraW/mLDh///X9xYLyhq1xt13Iv6O+5FbF/sv2ra30vS/VqSs1+VnP265YePPPPd0299ZW8Yr7y8sr3uov0aSAfAQPLWruqNNQwly1rKq+n28YjHx63ZvW3Hml037HnXlm0TV09ePbn9vWsvWHvR+IUXXbimtudr+rz/sf53dLn/x2Y8Lf3jvd+JP7sbT0XtKuqP6XYV90dzi/Kef0Mf/fyd7933+KX1gqJxXtv69alLG+eTdDk0fZzXhqbx1t5XnfarqB9CCGOd+uGlVy4Op/33LTcXnYeaj0zzz4xk3dSTq/75b97z1yt+o15wTM7zzQ3q8Tyftvp/NxXX+quaHo+p47R/B0M53a/hju1a++TjA7cf+qc/abRvwYJw/cTu3TvX1n8uSlu6KDmjY7uypXG/VtZ+lkPaLaExTDuM12kDod6+7Pkzbp7t1eH0vuFkecf9yor3Hdxw++ryxscO5fV0cl+9xoVhcX2ZvC1ny62ZB5YbDe5U//H6/CsaH6Mf+usHPvbAty9oGx/n1X8W7VeSs1/feuaeO7/25X//7f7t14d+86mRf/4ff7S6XnCinFcarU7bkzSfV84Loej5tzJ03o/c51+p8/4UPf+y9RzdvnO8scz6cCj39Hw97+GhFy95/JZVuc/Xw90+X29sWSsXPF+Pl/GTfX4lldZ2zN/zq2WgJOumvveFU/Y++rn1p9cLisZ1Y+tO4/r8LvKPnP36+8ueHb1m7N/9t/6dN77+6/df/uOJdZ+tF/R+3GNb+nPcq2n/VnP6t9HqmHc29++7r7pm66Z6+fF7/ZsuC/KfeCrZdcOeT09s3Tq5c1d3+9Xt62msJ9vLvb6exrPb8oL9KrXt1/zd6Ka/un2+xfZv6rm/Wp9vwyGZ9evCvmoIe36wbNEnv3HrtSNtj0oruqKUxi/19Lrz00ueeumyW7/6ldz4d5Q+O1yLX+kp/sTzT3xx5alX7s+Nf1eStr/aU/x1B54aXHzk4Udy44/H/lnYU/zn3v/Bn937zIMv5MYPMf5wb/3/8v6Lnh0d/UVu/KeTtJ7pa6QQ7n/1/M319SQMpM+32I6BlnaF7HqSWS9l1svN66X6XGujgsFseVxP6u07q6ktnfxhTnm8CquuqC9fi+she6NptVRQ2XGg1NRnncqLrlMBAN7cvv2P8f3/eA0a3/+fTC+U8mca4Ki55mErcuLGPOzofM6ClvtXpPHj4+M84Oi7w/j08qax+oX+bN9HiM+H7DxnrOect7fG6HWes2j+fVVmPbarPl9eacpDU+15TSV0Mf/eXs/M8++Z3S+eHx/7QluzxprmrbLHbyCdMev0eYdMeyvTEfLGR3ZeLH6eY3RJWF+rr8vxkf0cTTwO2c/RxHpOz5w4e/0czVzHR2z2DOOj1uTi9zfaj1+YoX+PHr/O0bLHbxbHuzq9/Xy/P9vLvOG0pnnDjqe0YzBvmMaf3/fDzEvmxE+fYG/0vGE5nR/MmzeM5XE/Kl3OJ34sp7yn+cQO5fF0Edt1eIa2HAvmE4E3q5j/x9eI6fx/+gL8/2a2K7oOzV41xni5nxMqd25PUd7R/jm9oZ5exzce2PGlwdEj5+Re5zzS7ed+drSsDRV87qeoH1dn1gv7MWeCpijfy9ZT1O/Zz2UMh8U99fs9e/e97+6lt12c2+/r6y+k8eU0v9/vbFlbXNDvJ0C+0Dm+fOHNki90POP163MMRfNnb0A+Uqqdu9IPPs1XPvIHOeWzzUeG2m409qvmhMtHBo5tuwCAE0fM/xvvn6X5//+MG6TXEUV567mZ9RgvN2/NuT7Jy1t/P11en9l+OP2NitleN3/47IduXnTkwTNz85a76tflxfn/f2xZGynMQ+eWN+fmKetjHjG3PCs3j2jkWXPLE3Pb38gT55an58Zv5Olzy6Nz+6eRR89tHiA3fmMe4LjPczvHb+S5BfN1mcriarfzdW/CPLqeL6e/PjtfefRHc8pnm0cPt91o7FfNyHHyiTJ5NABwsor5f7yMi/n/45nt5vo+e25e0Kfr9uzfA2nEf/pY5ZXznffNd97al7y+7VNw/Xr/t3heYj7z4v905/znxUXzQqWO8bufF5rfebKTPi9OK+09L647Ad5frt8tLwYAOCHF/H9hut6S/zddSM/1fetO+dtAS34iP+8Yv7/5eXv8N0V+fhy8b50T//iZ/5L/H9/vi9edAPl/nfwfAOCEFPP/+GuP8e///ed0Pft36+XpOfHnIU9vyX/k6SdJnt7/ebbgcwAt8wDJsZ4HWHh0e/MAAAC8EQZqmVL779l/Il1mf88+7/fyL8vZvtvrwkp6eXzl7p2Tk5dfu2PTxO7Jy7dfs2ly1+XX7dyye/fk9vp2c80bc/OWNG8cCJW0Pzpvl83blqa/x7o05+8hjMXwNXsb18tn1G60/z2EbLULC/6OwNHj1117845faYbtO42PvOOdF/8Pc7aPGsf/qj867/LNuy7fsn3L7i0TW7fsmWzdbjprHZrF92bGbin6vtT/8M36svY1mZkfbUqz//7ObtsRdW5Hqa0dA2l/5H0/e5Jpx7K0Jcvyvv8gp93f/69/9sdnT71+bwjjbym/bbbtbg25bupvPz75+7sP/WjHdPtLM7a/sWXarqLvK81uH/ensvWaXbvfufmaa7dnv1GyN3E+o9RYn6f5jPTpX+5yfmJjTvlsP6dQbrtxfOp6fgIAgBbx/f94PRvfP/xyegEVy7vP0+f2/nFunj7eXZ6e/V6yojw9u33c327z9Ooc8/Rs/UV5eqftO+XpeXl3Xvw/yNl+trofJ3P7nEfuOLmiu3GS/T6DonGS3X624ySZ4zh5R2xmqmicZNubN07yjnte/I/kbJ+n+/Ewt8/l5I6HO7obD7+WWS8aD9ntZzseSnMcD9n6i8ZDp+07jYe845sX/9Kc7bvVOj6mB0ZtXExeft01Oz/dtN18f//F3Ns3v9//0avu2z+/n/ua//bP7+fK5r/9c/tcWW77n57bTFj37Z/f73fp1TGbr00/bFb0+bOiedwNOeWzncdd0Hbj+GQeF944Mf+Pb/fE/P+2dNnvt4FO/O9JO+m/x6xz/L58j9l44XWM1/MZKjsOeD0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6M5gZUVteeiWXUcuPf13v/+nk69+7vf+bttNv/qZr/987Krf/t59Q1977eCmszb/+HdOueqhT118YN9fPfrK4gf+5fnCwCO1n5Vz09VqCMmLSQjV7x7+888ffPK06bIkhFBORvaGsCxZ/uiyJBNh/JchhE2Ndrbeef+r52+eXt5022BL+dJMkOx+heFybE9zO0O4vnCPOAFV03G258h17ww/+a0NN/9w5be+ObD/hb1HN0mqTeMphCVXND9+IISwMP0/LY62FfHB6XJ9CGGo6XHvKWjX27ts/5qc9TPS5YJ0OVwQJ96/KrNeymyXXY8GMsuhgvrmKq8dvW5XZFFmPXsymqu8dsbyZenyO+ny3FnGL8f/SSglodJo/tbk6BgJTcctCUntWFYb66XGsQ3p/mfWk8x6KbNeHsjsV63edKCVk6S1PG6XKY+n40paflbzubqDj+aUvzVdVtMn6mtxPWRv1A233WjsV01s1+EZ2nIslJrOQZ3KGwc+PRjDadlwsrztMVMdxPsObrh9dXnjY4dGctqR3Jek8ZOe4u/5wbJFn/zGrdeuyIt/RSmNX+op/k8veeqly2796ldy498R45eL49/cHv+8h4devOTxW1bl9s/h2D+Vnto/8fwTX1x56pX7c9t/V4xf7Sn+ugNPDS4+8vAjue0fj/2zsKf4z73/gz+795kHX8iNH2L8oZ7ibzyw40uDo0fOyY3/SOyf4Y7xFxSNn5f3X/Ts6OgvxvLiPx3jL+6p/ffs3fe+u5fednHu8V0f+2ekp/gfPvuhmxcdefDMvHNncle/XjkBTk6npNdYX0jXe80z56opX/jLsUr9mm9R+n9xPyvKmK5nyTzGBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgzekfbrzgEx//wEc2rAghJDnbTHUQ7ysvWLdurId6J55/4osrT71yf3PZih7iAAAAAMViHl5qlFTDinBdsjCc0XH7OEdwRlxLWsuzcwgxTnaOoNc4pT7FKfcpTqVPcQb6FGdBn+IMzjZOuXOcakGcauiuPQtniFOZHhVd7tfQjO3pPs5wn+Is6lOcxX2Ks6RPcZb2Kc7IjHG6H8/L+hRneZ/inNKnOKf2Kc5b+hTnV/oU57SW0iU9x8nOKc92HC5Otzw9L07tRrkwTiWeIJPO8+mnpfWcOcd6hgvqWVz0etxlPQu7rOftmceVZllPtct63jHHepJ6Pf+vqJ5fm2M9pYL9ieP2+mz7Yj1xLb+e2qVEjHND73FCc5w9fYrzmT7FubFPcf6kT3E+26c4n5tjnPC32StSgM5i/n803xsJg5XfCEPpGSc7CxDPLitrP9tf79pPSHUx3tsy5QuK4mUT9Uy8lbNtX3YCIRNvVaZ8oCVepZGPzBCv2hxvdebOwv3NOX3HeOdmygeL4mUnFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgHv3DjRd84uMf+MiGkITpfx1NdRDvKy9Yt26sh3oPbrh9dXnjY4eaywYrPQQCAAAACsU8fKBRUg2DlbVhMFnQsl01nQeopuvlkfpydElYP71Mxkq19aFk2YyPq6SPW7N72441u27Y864t2yaunrx6cvt7116w9qLxCy+6cM3mLVsnx+s/QxgsiBdCqE0/7Lphz6cntm6d3Lmr1oq29q9IH7ciXU/Sx42+O4xPL2+qt79tCiRbX6mtvvm7UXz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+lV27C5HrLB8A/p6Z2Znptvln//RrGprNkI8StWgSt5Jq6R4QLLRJyFKQ2epagk2wuGlCm5RYxzZgWxMUoSUQIrkwEoutxZt+mCL2g0CkRgNuDNIW7YVeKEmtpCWgJIxkd87szMlMZjMpzYe/38U5Z57zPO9z3rlYeM4OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfLwmqkNjleGR0f4ohKhDTq2N5F42H8flHvp+9ZWNPywMnljcHCvkelgIAAAA6CqZw/sakWIo5LIhG26Y/DQ/NN0I03M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwv2eiOjRWGR4ZvTIKIeqQU2sjuZfNx3G5h77vfvD8594aHPx7c6zUwzoAAABAd8kcnmlEiqEUFoS+6IaWvOTdwJxUfTovWWfuDPPS7w465S2YYd5NM8z7RJe8VfXzlgAAAACXvmT+zzUiA6GQm9Vx/u821yd581J52fq5l98KAAAAAOcnmf8LjUgpFHKlxrw+03l/fiovqe/2f/ukflGH+nyX+pX1s//TAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMClY6I6NFYZHhnNRiFEHXJqbST3svk4LvfQd9mr/e/dtf+J+c2xQq5dZtsgAAAAcA6WnUoN9KEYCrn+0BeunJz7B+/Y/eKXX3x5KIQwNebn82HLmk2bHlw2dUzylh7c3/eDA8e+c0be0qnjBdsgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwkZmoDo1VhkdGr4hCiDrk1No4377vfOFLf332yL6jzbHS+S4KAAAAtHV6Do/CvqPTs38xlEI+5MN1k59q2db8TKq+0zsDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4PLx0Lce+eaa8fG1D16yF1uOXRSP4aLzRSheFI/h4lwuLvRfJgAA4KM2L0Shdo6uX32hnxoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgYTFSHxirDI6PFKISoQ06tjeReNh/H5R76xq8cKsw68errzbFSD+sAAAAA3SVz+PTsXwyl0Bf6wrWTn9q9E5ic/wc+xocEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALioT1aGxyvDI6KwohKhDTq2N5F42H8flHvo+s3XX5/fO/v6dzbFCroeFAAAAgK6SOTzfiBRDIffJUAg31j+PtxZE2fq5/XuB6bqNLWX9M66rttRlZ1y3LbWzXH03U3XFZL2BqXOjrnxmXbmprhQa7cstdWFHS9WsLs8ZAAAA4AJK5v9CIzIQCrlC05z7s5b8AXMuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDBRHVorDI8MhpFIUQdcmptJPey+Tgu99D3kd/9/1Vf+/n2zc2xUg/rAAAAAN0lc/j07F8MpTA3/F+YOzn3h4HW/CTvn5WTe5/+198Wh7DkusODufSyP04ufvPO7a+lDyFkWrMzIcyu94s69PvtH55+eGHt5LMhLLk2e+MZ/cLZ+7UuGddeqqxduenA4Y1dvhwAAAC4TCTzf18jMhAKuQc6zv/J5N1l/m+YHMBnP7z1l9fUj/WJPFWRGaj3y3To98WFz/9l0fJ/HDs9/5+t32d2rd97TUvDqUhKFNeG129edfiWPZlk11P9s6n+yffylW8f/c+6LU+dnOpfDMV6fE6uXf8zjylXxLXxzM7RFad2Vlv75zrs/4nfv37k13O2f3i6/wfz+hv9bzrL/s/ev//uJ3fcumv/qtb+IYRyu/7vf3hnuP5P9z+e3n9/auHmb775mBLFtYPzj+9Zvrt0W2v/KNU/+f5/ceSZHT996nsvJ/2T34osXjDT/plU/ze3Xb31jcdWz2ntn+mw/9fueWtwQ/m7f0zv/76WVXOpp3jv31O/lmm3/+dufuHet9fEj6ZvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXF4mqkNjleGR0UwUQtQhp9ZGci+bj+NyD33fvevQ+/ds/8mPmmOlHtYBAAAAukvm8OnZvxhKIR/yoX9y7n+psnblpgOHN4aBqbtR/Zwb3/DQpk+t27D5gfsu0JMDAAAAM5XM/7lGZCAUcgtDX33+H16/edXhW/Zkkvk/k8z/6+4fX7skNPLe3Hb11jceWz2n8Z4ghMmfBRRP5312Ou+O2w8NHP/zNxa1zVs2nXdw/vE9y3eXbkvyQnPe0tB4P/HczS/c+/aa+NHG8zXnffrrG8brryeSdfvvfnLHrbv2r2rso37ur6+b5I1ndo6uOLWzmuRl6+difd8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJkmqkNjleGR0ZANIeqQU2sjuZfNx3G5h74rFv7q8atO7JvbHCvkelgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+yAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhf36CY2jiuMA/t7uxt3uJm3SCkbBNK2KUg8WBRG9qKhIK1LwVClSbe1BFAQRpR5MpRVLVbwIVi9FVFCjFBRsLJZWScV/xYsHFRSqB6EUA9qleFDJ7sx2M9lxdRIF9fOB4eW9mfnOb+a9nc0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/KtUK6Ot9uiuB5q3nnfjx4/dferRm9+9b8fFj7z2/fiW6z/aX3/59PTWVdu+umHFloP3rJva+8KRn4fe/vV43+CH282apFsLIZ6MIdTem3n28elPzpkdiyGEchyeCGEkLj8yEjMJa38JIWzt1Dl351unrtg22+7YU50zviwTkr2v0Cin9bQNz62X/5Zass62Nx+6NHxz3cadn618842ByRMTZw6Jta71FMLSzd3nD4QQliTbrHS1jaYnJ+2GEEK967yr+tR1wZ+s/7J5/RhCV/FnJW2jT066f3WmX8ocl+2nBjJtvc/1FiqvjqLH9TOY6WdfRguVV2c6PpK07yTtmr+YX063GEoxVDrl3xvPrJHQNW8xxNZc1jr9amduQ3L/mX7M9EuZfnkgc1+t6yYLrRzj3PH0uMx4+jquJOOrut/VPdyWM35u0taSD+rptB+yf7Q15v3Rua+WtK6ZP6jln1Dqegf1Gu9MfDIZjWSsEZfPO+e3HtJ90xufvKi86f2jwzl1xP0xyY+F8rd/OjJ4x+u7HxzNy99cSvJLhfK/XX/sx9t3v/h8bv4zaX65UP7lh+on13+wa3Xu85lJn0+lUP6dxz98auXZd032mutW/r40v1Yo/9qpY9Wh5qHDufWvTZ/PkkL5X19z03evfnHgRG5+SPPrhfI3Td3/dHWseUlu/uH2R6HRWqEF1s9Pk1d+OTb2w3he/ufp8x/qkR/75r8ysffql5btWZe7Pjekz2e4UP23XHhw52DzwPl57864b7G+OQH+n1Yk/2M9kfSL/s5cqK7fC8+NV9rfQIPJNrSYF8qYvc7SvzEfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPidHTggAQAAABD0/3U7AgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACApwIAAP//XRg3lg==") r3 = open(&(0x7f0000000100)='./file0/file0\x00', 0x141042, 0x0) fallocate(r3, 0x20, 0x0, 0x10000) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', 0x300, 0x0) r4 = inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0x201) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r5, 0x0, 0x2a, &(0x7f0000000040)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108) setsockopt$inet_group_source_req(r5, 0x0, 0x2b, &(0x7f0000000180)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast1}}}, 0x108) setsockopt$inet_group_source_req(r5, 0x0, 0x2c, &(0x7f0000000300)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast1}}}, 0x108) setsockopt$inet_group_source_req(r5, 0x0, 0x2c, &(0x7f0000000440)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast1}}}, 0x108) inotify_rm_watch(0xffffffffffffffff, r4) inotify_rm_watch(r0, r4) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) ioctl$SNDCTL_MIDI_INFO(r0, 0xc074510c, &(0x7f0000000700)={"ad9182eed9e66a3353c31933a8b09726b87b9ae713142a510b0cb1f9332c", 0xd, 0x1, 0xfffffbff, [0x951e, 0x0, 0x6, 0x8001, 0x5, 0x0, 0x9, 0x9, 0x10, 0x81, 0xfffffff7, 0x6, 0x800, 0xff, 0x7, 0x5, 0x7, 0xfffffff8]}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000200)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1/file1\x00', 0x0) [ 67.835259][ T5297] Bluetooth: hci0: command tx timeout [ 67.875025][ T5312] overlayfs: failed to resolve './file2': -2 [ 68.084711][ T5312] loop0: detected capacity change from 0 to 32768 [ 68.171223][ T5312] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0 [ 68.204285][ T5312] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,wide_macs,prjquota,degraded,journal_flush_disabled,recovery_pass_last=check_snapshots,nojournal_transaction_names,reconstruct_alloc [ 68.204285][ T5312] allowing incompatible features above 0.0: (unknown version) [ 68.217816][ T5312] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=data_usage in superblock: invalid journal entry usage: no devices in entry free: 0/0 [], fixing [ 68.226028][ T5312] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 68.230021][ T5312] bcachefs (loop0): Version upgrade required: [ 68.230021][ T5312] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 68.230021][ T5312] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags [ 68.230021][ T5312] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 68.262346][ T5312] bcachefs (loop0): dropping and reconstructing all alloc info [ 68.267994][ T5312] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree extents level 0/0 [ 68.268011][ T5312] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 68.268020][ T5312] node offset 8/16 bset u64s 49 bset byte offset 288: bad k->u64s 0 (min 3 max 253), fixing [ 68.284829][ T5312] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree extents level 0/0 [ 68.284839][ T5312] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 68.284845][ T5312] node offset 8/16 bset u64s 47 bset byte offset 352: key extends past end of bset, fixing [ 68.302799][ T5312] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 68.302799][ T5312] btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 68.317025][ T5312] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:536870914:U32_MAX len 0 ver 0: (unpack error) [ 68.317046][ T5312] invalid variable length fields, deleting [ 68.328556][ T5312] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree xattrs level 0/0 [ 68.328570][ T5312] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 68.328579][ T5312] node offset 8/16: btree node data missing: expected 16 sectors, found 8, fixing [ 68.344034][ T5312] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 68.344034][ T5312] btree=xattrs level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 68.355244][ T5312] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 68.362032][ T5312] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree subvolumes level 0/0 [ 68.362052][ T5312] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key 0:2147549184:0 durability: 1 ptr: 0:35:0 gen 0 [ 68.362061][ T5312] node offset 0/16: incorrect min_key: got POS_MIN should be 0:2147549184:0, btree topology error: [ 68.378205][ T5312] bcachefs (loop0): flagging btree subvolumes lost data [ 68.382120][ T5312] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 68.390593][ T5312] bcachefs (loop0): error reading btree root btree=subvolumes level=0: btree_node_read_error, fixing [ 68.395920][ T5312] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree snapshots level 0/0 [ 68.395931][ T5312] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key 0:12884901888:0 durability: 1 ptr: 0:32:0 gen 0 [ 68.395939][ T5312] node offset 0/16: incorrect min_key: got POS_MIN should be 0:12884901888:0, btree topology error: [ 68.413097][ T5312] bcachefs (loop0): flagging btree snapshots lost data [ 68.416603][ T5312] bcachefs (loop0): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing [ 68.423577][ T5312] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree deleted_inodes level 0/0 [ 68.423590][ T5312] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 65535 min_key R POS_MIN durability: 1 ptr: 0:42:0 gen 0 [ 68.423599][ T5312] node offset 8/65535: btree node data missing: expected 65535 sectors, found 8, fixing [ 68.442618][ T5312] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 68.442618][ T5312] btree=deleted_inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 65535 min_key R POS_MIN durability: 1 ptr: 0:42:0 gen 0 [ 68.455242][ T5312] bcachefs (loop0): scan_for_btree_nodes... [ 68.462494][ T5321] bcachefs (loop0): invalid bkey in btree_node btree=subvolumes level=1: u64s 11 type alloc_v4 POS_MIN len 0 ver 0: [ 68.462513][ T5321] gen 0 oldest_gen 0 data_type sb [ 68.462519][ T5321] journal_seq_nonempty 1 [ 68.462524][ T5321] journal_seq_empty 0 [ 68.462529][ T5321] need_discard 1 [ 68.462534][ T5321] need_inc_gen 1 [ 68.462539][ T5321] dirty_sectors 256 [ 68.462544][ T5321] stripe_sectors 0 [ 68.462549][ T5321] cached_sectors 0 [ 68.462554][ T5321] stripe 0 [ 68.462558][ T5321] stripe_redundancy 0 [ 68.462562][ T5321] io_time[READ] 1 [ 68.462567][ T5321] io_time[WRITE] 1 [ 68.462572][ T5321] fragmentation 0 [ 68.462577][ T5321] bp_start 8 [ 68.462582][ T5321] [ 68.462587][ T5321] invalid key type for btree internal btree node (alloc_v4), deleting [ 68.508139][ T5321] bcachefs (loop0): invalid bkey in btree_node btree=subvolumes level=1: u64s 12 type alloc_v4 0:27:0 len 0 ver 0: [ 68.508155][ T5321] gen 0 oldest_gen 0 data_type btree [ 68.508161][ T5321] journal_seq_nonempty 4 [ 68.508166][ T5321] journal_seq_empty 0 [ 68.508170][ T5321] need_discard 1 [ 68.508175][ T5321] need_inc_gen 1 [ 68.508179][ T5321] dirty_sectors 256 [ 68.508184][ T5321] stripe_sectors 0 [ 68.508189][ T5321] cached_sectors 0 [ 68.508194][ T5321] stripe 0 [ 68.508199][ T5321] stripe_redundancy 0 [ 68.508204][ T5321] io_time[READ] 1 [ 68.508208][ T5321] io_time[WRITE] 256 [ 68.508213][ T5321] fragmentation 0 [ 68.508218][ T5321] bp_start 8 [ 68.508223][ T5321] [ 68.508228][ T5321] invalid key type for btree internal btree node (alloc_v4), deleting [ 68.551456][ T5321] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree snapshots level 0/0 [ 68.551475][ T5321] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 0 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 68.551483][ T5321] node offset 0/0 bset u64s 0: invalid bkey format: incorrect number of fields: got 0, should be 6 [ 68.551490][ T5321] u64s 0 fields 0:0, 0:0, 0:0, 0:0, 0:0, 0:0, btree topology error: [ 68.578185][ T5312] bcachefs (loop0): btree node scan found 7 nodes after overwrites [ 68.583494][ T5312] done [ 68.585396][ T5312] bcachefs (loop0): check_topology... [ 68.586944][ T5312] bcachefs (loop0): btree root subvolumes unreadable, must recover from scan [ 68.594126][ T5312] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=subvolumes level=0 POS_MIN - SPOS_MAX [ 68.598724][ T5312] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0 [ 68.610531][ T5312] bcachefs (loop0): btree root snapshots unreadable, must recover from scan [ 68.614481][ T5312] bcachefs (loop0): no nodes found for btree snapshots, continuing [ 68.618676][ T5312] done [ 68.622218][ T5312] bcachefs (loop0): accounting_read... done [ 68.625554][ T5312] bcachefs (loop0): alloc_read... done [ 68.627984][ T5312] bcachefs (loop0): snapshots_read... [ 68.628696][ T5312] bcachefs (loop0): running explicit recovery pass reconstruct_snapshots (21), currently at snapshots_read (7) [ 68.637886][ T5312] done [ 68.639754][ T5312] bcachefs (loop0): check_allocations... done [ 68.657198][ T5312] bcachefs (loop0): going read-write [ 68.668242][ T5312] bcachefs (loop0): journal_replay... done [ 68.743006][ T5312] bcachefs (loop0): check_alloc_info... done [ 68.754226][ T5312] bcachefs (loop0): check_lrus... done [ 68.757002][ T5312] bcachefs (loop0): check_btree_backpointers... done [ 68.762999][ T5312] bcachefs (loop0): check_backpointers_to_extents... done [ 68.767788][ T5312] bcachefs (loop0): check_extents_to_backpointers... [ 68.769677][ T5312] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 68.777015][ T5312] done [ 68.780240][ T5312] bcachefs (loop0): check_alloc_to_lru_refs... done [ 68.785833][ T5312] bcachefs (loop0): bucket_gens_init... done [ 68.790609][ T5312] bcachefs (loop0): reconstruct_snapshots... [ 68.790936][ T5312] bcachefs (loop0): snapshot node 4294967295 from tree 4294967295 missing, recreating [ 68.810936][ T5312] done [ 68.813133][ T5312] bcachefs (loop0): check_snapshot_trees... done [ 68.816501][ T5312] bcachefs (loop0): check_snapshots... done [ 68.829754][ T5312] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 68.833885][ T5312] bcachefs (loop0): check_alloc_info... done [ 68.841523][ T5312] bcachefs (loop0): check_lrus... done [ 68.845173][ T5312] bcachefs (loop0): check_btree_backpointers... done [ 68.848461][ T5312] bcachefs (loop0): check_backpointers_to_extents... done [ 68.852779][ T5312] bcachefs (loop0): check_extents_to_backpointers... done [ 68.856645][ T5312] bcachefs (loop0): check_alloc_to_lru_refs... done [ 68.861040][ T5312] bcachefs (loop0): bucket_gens_init... done [ 68.864576][ T5312] bcachefs (loop0): reconstruct_snapshots... done [ 68.867660][ T5312] bcachefs (loop0): check_snapshot_trees... done [ 68.883361][ T5312] bcachefs (loop0): check_snapshots... done [ 68.885833][ T5312] bcachefs (loop0): reading quotas [ 68.888259][ T5312] bcachefs (loop0): quotas done [ 68.898402][ T5312] bcachefs (loop0): done starting filesystem [ 68.974884][ T5312] bcachefs (loop0): bucket 0:34 gen 1 (mem gen 0) data type user: stale dirty ptr (gen 0) [ 68.974905][ T5312] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0 [ 68.974917][ T5312] [ 69.012277][ T5312] bcachefs (loop0): bucket 0:34 gen 1 (mem gen 0) data type user: stale dirty ptr (gen 0) [ 69.012295][ T5312] while marking u64s 7 type extent 4099:136:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0 [ 69.012306][ T5312] 4 transaction updates for bch2_fcollapse_finsert journal seq 25 [ 69.012313][ T5312] update: btree=extents cached=0 bch2_trans_update_extent_overwrite+0x1b0a/0x2ac0 [ 69.012349][ T5312] old u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0 [ 69.012361][ T5312] new u64s 5 type deleted 4099:8:U32_MAX len 0 ver 0 [ 69.012368][ T5312] update: btree=extents cached=0 bch2_trans_update+0x17da/0x1da0 [ 69.012375][ T5312] old u64s 5 type deleted 4099:136:U32_MAX len 0 ver 0 [ 69.012383][ T5312] new u64s 7 type extent 4099:136:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0 [ 69.012394][ T5312] update: btree=logged_ops cached=1 bch2_btree_insert_nonextent+0x109/0x170 [ 69.012401][ T5312] old u64s 10 type logged_op_finsert 0:1:0 len 0 ver 0: subvol=1 inum=4099 dst_offset=128 src_offset=0 [ 69.012411][ T5312] new u64s 10 type logged_op_finsert 0:1:0 len 0 ver 0: subvol=1 inum=4099 dst_offset=128 src_offset=0 [ 69.012420][ T5312] update: btree=alloc cached=1 bch2_trans_start_alloc_update+0x37c/0x4f0 [ 69.012428][ T5312] old u64s 13 type alloc_v4 0:34:0 len 0 ver 0: [ 69.012435][ T5312] gen 1 oldest_gen 0 data_type user [ 69.012442][ T5312] journal_seq_nonempty 0 [ 69.012449][ T5312] journal_seq_empty 0 [ 69.012455][ T5312] need_discard 0 [ 69.012468][ T5312] need_inc_gen 0 [ 69.012474][ T5312] dirty_sectors 8 [ 69.012480][ T5312] stripe_sectors 0 [ 69.012486][ T5312] cached_sectors 0 [ 69.012493][ T5312] stripe 0 [ 69.012499][ T5312] stripe_redundancy 0 [ 69.012505][ T5312] io_time[READ] 0 [ 69.012511][ T5312] io_time[WRITE] 0 [ 69.012517][ T5312] fragmentation 67108864 [ 69.012523][ T5312] bp_start 8 [ 69.012529][ T5312] [ 69.012535][ T5312] new u64s 13 type alloc_v4 0:34:0 len 0 ver 0: [ 69.012542][ T5312] gen 1 oldest_gen 0 data_type user [ 69.012549][ T5312] journal_seq_nonempty 0 [ 69.012555][ T5312] journal_seq_empty 0 [ 69.012562][ T5312] need_discard 0 [ 69.012569][ T5312] need_inc_gen 0 [ 69.012575][ T5312] dirty_sectors 8 [ 69.012581][ T5312] stripe_sectors 0 [ 69.012588][ T5312] cached_sectors 0 [ 69.012594][ T5312] stripe 0 [ 69.012600][ T5312] stripe_redundancy 0 [ 69.012607][ T5312] io_time[READ] 0 [ 69.012613][ T5312] io_time[WRITE] 0 [ 69.012620][ T5312] fragmentation 67108864 [ 69.012626][ T5312] bp_start 8 [ 69.012632][ T5312] [ 69.012639][ T5312] write_buffer_keys: btree=backpointers level=0 u64s 5 type deleted 0:8912896:0 len 0 ver 0 [ 69.012647][ T5312] write_buffer_keys: btree=accounting level=0 u64s 6 type accounting 145242191789293568:0:0 len 0 ver 0: replicas user: 1/1 [0] -8 [ 69.012656][ T5312] write_buffer_keys: btree=accounting level=0 u64s 6 type accounting 432345564210790400:0:0 len 0 ver 0: snapshot id=4294967295 -8 [ 69.012666][ T5312] write_buffer_keys: btree=accounting level=0 u64s 8 type accounting 289637751035265024:0:0 len 0 ver 0: compression incompressible -1 -8 -8 [ 69.012677][ T5312] write_buffer_keys: btree=accounting level=0 u64s 8 type accounting 577322769419599872:0:0 len 0 ver 0: inum -1 -8 -8 [ 69.012686][ T5312] [ 69.206323][ T5312] bcachefs (loop0): __bch2_resume_logged_op_finsert(): error bucket_ref_update [ 69.219620][ T25] audit: type=1804 audit(1747886416.748:2): pid=5313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/file1/file0/file0" dev="loop0" ino=4099 res=1 errno=0 [ 69.229512][ T5312] syz.0.0 (5312) used greatest stack depth: 14312 bytes left [ 69.233580][ T5313] bcachefs (loop0): bucket 0:34 gen 1 (mem gen 0) data type user: stale dirty ptr (gen 0) [ 69.233594][ T5313] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0 [ 69.233605][ T5313] [ 69.252669][ T5313] ------------[ cut here ]------------ [ 69.255251][ T5313] kernel BUG at fs/bcachefs/quota.c:232! [ 69.257916][ T5313] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 69.260824][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) [ 69.265871][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.270402][ T5313] RIP: 0010:bch2_quota_check_limit+0xd64/0xd90 [ 69.273205][ T5313] Code: dd fd e9 19 fb ff ff 48 8b 0c 24 80 e1 07 38 c1 0f 8c 1a fb ff ff 48 8b 3c 24 e8 e7 c0 dd fd e9 0c fb ff ff e8 4d c6 7b fd 90 <0f> 0b e8 45 c6 7b fd 90 0f 0b e8 3d c6 7b fd 90 0f 0b e8 35 c6 7b [ 69.281334][ T5313] RSP: 0018:ffffc9000f4bf218 EFLAGS: 00010283 [ 69.284204][ T5313] RAX: ffffffff84442b83 RBX: ffffc9000f4bf340 RCX: 0000000000100000 [ 69.287634][ T5313] RDX: ffffc9000e3f3000 RSI: 0000000000010cbe RDI: 0000000000010cbf [ 69.291092][ T5313] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffffffffffff8 [ 69.294534][ T5313] R10: dffffc0000000000 R11: fffffbfff1efe66f R12: fffffffffffffff8 [ 69.297929][ T5313] R13: fffffffffffffff8 R14: 0000000000000000 R15: ffff888011355800 [ 69.301321][ T5313] FS: 00007f4e564a96c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000 [ 69.305324][ T5313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.308128][ T5313] CR2: 00007f4e56487fc8 CR3: 00000000344a2000 CR4: 0000000000352ef0 [ 69.311473][ T5313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.314937][ T5313] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.318368][ T5313] Call Trace: [ 69.319813][ T5313] [ 69.321109][ T5313] bch2_quota_acct+0x3ed/0x750 [ 69.323226][ T5313] ? __pfx_bch2_quota_acct+0x10/0x10 [ 69.325543][ T5313] ? bch2_trans_put+0x8bf/0x10a0 [ 69.327657][ T5313] ? rcu_is_watching+0x15/0xb0 [ 69.329759][ T5313] ? trace_contention_end+0x39/0x120 [ 69.332022][ T5313] ? __mutex_lock+0x330/0xe80 [ 69.334122][ T5313] __bch2_i_sectors_acct+0x2b9/0x4d0 [ 69.336437][ T5313] ? __pfx___bch2_i_sectors_acct+0x10/0x10 [ 69.338829][ T5313] ? __pfx_bch2_truncate+0x10/0x10 [ 69.341031][ T5313] ? unmap_mapping_range+0xde/0x170 [ 69.343387][ T5313] ? truncate_setsize+0xcf/0xf0 [ 69.345341][ T5313] bchfs_truncate+0x7ff/0xcc0 [ 69.347425][ T5313] ? __pfx_bchfs_truncate+0x10/0x10 [ 69.349702][ T5313] ? bch2_trans_put+0xa67/0x10a0 [ 69.351756][ T5313] ? setattr_prepare+0x1e7/0xac0 [ 69.353811][ T5313] ? bch2_setattr+0x1a7/0x220 [ 69.355685][ T5313] ? __pfx_bch2_setattr+0x10/0x10 [ 69.357818][ T5313] notify_change+0xb36/0xe40 [ 69.359873][ T5313] do_truncate+0x19a/0x220 [ 69.361937][ T5313] ? __pfx_do_truncate+0x10/0x10 [ 69.364053][ T5313] ? apparmor_file_truncate+0x23e/0x2d0 [ 69.366376][ T5313] path_openat+0x306c/0x3830 [ 69.368413][ T5313] ? arch_stack_walk+0xfc/0x150 [ 69.370433][ T5313] ? __lock_acquire+0xaac/0xd20 [ 69.372153][ T5313] ? __pfx_path_openat+0x10/0x10 [ 69.374277][ T5313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.376980][ T5313] do_filp_open+0x1fa/0x410 [ 69.378999][ T5313] ? __pfx_do_filp_open+0x10/0x10 [ 69.381063][ T5313] ? _raw_spin_unlock+0x28/0x50 [ 69.383219][ T5313] ? alloc_fd+0x64c/0x6c0 [ 69.384976][ T5313] do_sys_openat2+0x121/0x1c0 [ 69.386719][ T5313] ? __pfx_do_sys_openat2+0x10/0x10 [ 69.388695][ T5313] ? exc_page_fault+0x68/0x110 [ 69.390707][ T5313] ? do_user_addr_fault+0xc8a/0x1390 [ 69.393064][ T5313] __x64_sys_openat+0x138/0x170 [ 69.394941][ T5313] do_syscall_64+0xf6/0x210 [ 69.396941][ T5313] ? clear_bhb_loop+0x60/0xb0 [ 69.398974][ T5313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.401338][ T5313] RIP: 0033:0x7f4e5558e969 [ 69.403151][ T5313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.410655][ T5313] RSP: 002b:00007f4e564a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 69.414146][ T5313] RAX: ffffffffffffffda RBX: 00007f4e557b6080 RCX: 00007f4e5558e969 [ 69.417637][ T5313] RDX: 0000000000000300 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 69.421104][ T5313] RBP: 00007f4e55610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 69.424603][ T5313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.428042][ T5313] R13: 0000000000000001 R14: 00007f4e557b6080 R15: 00007ffd8d84efb8 [ 69.431566][ T5313] [ 69.432874][ T5313] Modules linked in: [ 69.435252][ T5313] ---[ end trace 0000000000000000 ]--- [ 69.444120][ T5313] RIP: 0010:bch2_quota_check_limit+0xd64/0xd90 [ 69.446928][ T5313] Code: dd fd e9 19 fb ff ff 48 8b 0c 24 80 e1 07 38 c1 0f 8c 1a fb ff ff 48 8b 3c 24 e8 e7 c0 dd fd e9 0c fb ff ff e8 4d c6 7b fd 90 <0f> 0b e8 45 c6 7b fd 90 0f 0b e8 3d c6 7b fd 90 0f 0b e8 35 c6 7b [ 69.456422][ T5313] RSP: 0018:ffffc9000f4bf218 EFLAGS: 00010283 [ 69.459705][ T5313] RAX: ffffffff84442b83 RBX: ffffc9000f4bf340 RCX: 0000000000100000 [ 69.462929][ T5313] RDX: ffffc9000e3f3000 RSI: 0000000000010cbe RDI: 0000000000010cbf [ 69.466199][ T5313] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffffffffffff8 [ 69.470238][ T5313] R10: dffffc0000000000 R11: fffffbfff1efe66f R12: fffffffffffffff8 [ 69.473728][ T5313] R13: fffffffffffffff8 R14: 0000000000000000 R15: ffff888011355800 [ 69.477449][ T5313] FS: 00007f4e564a96c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000 [ 69.481785][ T5313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.484811][ T5313] CR2: 00007f4e56487fc8 CR3: 00000000344a2000 CR4: 0000000000352ef0 [ 69.488178][ T5313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.492047][ T5313] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.495196][ T5313] Kernel panic - not syncing: Fatal exception [ 69.497966][ T5313] Kernel Offset: disabled [ 69.500390][ T5313] Rebooting in 86400 seconds..