program: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0xa000, 0x10000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x5, 0x9}]}}}]}, 0x3c}}, 0x0) (async) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, 0x0, 0x0, 0xffffff7c, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x80) (async) ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00') (async) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xd, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0x39}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x818001, &(0x7f0000000100)=ANY=[@ANYBLOB='discard,acl,errors=continue,inline_data,fsck,nochanges,nocow,nocow_e\\abled,fix_errors=no,\x00'], 0x1, 0x5964, &(0x7f0000005b80)="$eJzs3X+QXFW9IPBzu3synZn8mAR4RJDJEMh7PHiaCb8K5dUz762/CpCKhaWEjcJAJhhNQioJQgJKcMGFAiy0tBT1D7SQWjRSVMEqkRL5sQmrKMXqUltIra7oVrmFLCmBSFmuszUz9/T03Ok7t6e7JyTw+RTM7XP69Pece+7pO/ecvpkOAAAAvCnsu3HbgfOPec9PPzv86nXv/+Gm60NveSy/Ggv0pdurX68WcjB1V5aMbbPj4h+u+c7vBy77t5/c1/Pt1/auO379r959xGUPfeKcPXd8/dFX5j/wt+eL4sbxdPJEOnkxCaH6o/1f/tzeJ48ezUtCCOWkb1cIi5LFjy5KMiEG/xJCWJcmfrtw8pP3v3ra+tHt9bd0T8rPFDPe3+Sq6TjbeeCqU8Kv/3XNDT9feu/3una/sGuiSFKtG08hLLik/vVd6f9z03QcbUvii9Pt6hBCT93rzipo1wlNtn9FTvrYdDsn3fYWxInPL8ukS5ly2XTUldn2FNTXrrx2tFquyLxMOnsyaldeO2P+onT7g3R78gzjl+P/SSgloVJr/sZkYoyEuuOWhGTsWFZr6VLt2IZ0/zPpJJMuZdLlrsx+jdWbDrRykkzOj+Uy+fF0XEnzj68/VzdwQU7+W9JtNX2jvhbTIftgXO+UB7X9GhPbtX+athwMpbpzUKP82jhLD0ZvmtebLJ7ympEG4nN719y6vLz2sX19Oe1I7kvS+MnYuJtp/J0/WzTvY9+9+colefEvKaXxS2PHYKbxf3PuUy9ddPO3vpYb//YYv9xS/FMf7nnx3MdvXJbXP3F49YZKS/GHnn/itqVHXro7t/13xv6vtnR8V+15qnv+gYcfyT2+g7F/5rYU/7mz3/u7e5558IXc+CHG72mpf9bu2fL57v4DJ+XGfyT2T29r4+fl3Wc+29//h4G8+E/H+PNbin/3rjveedfCW87JPb6rY//0tRT/vBMfumHegQePyzt3Jnd26jcnwJvTEek11k1perp5Zvc088x21c0XvjpQGb9unZf+P7+TFWUuPkfrWdDJ+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQQjjqlP/6vt9+uO/FSpruTh88Vxrfxvw5ISRzQwjbtg9t3b5h8+UDn7jiyq2bhzYODG0fGN68feuOgdP/aWDr8JaNQztGnx1822njr1sckvFtctyUurtHRkZKfZPzYn3/7sTdv15+1v/5YwiDR/2yv5Lb/hV3bLrryAY/M5JVI+/adOX5vzzjm+l+9aXt6mvQrpGRkZGQ067/e+Ff7/ri/t+fFMLg303Xriee+5cfT2rQWMZEnFSpO4w3qDvpadiOWqvT9sT+qqzfsHF4cPr+HX19OWc//v01L/xl/dVf+Ot4/1Zz96PJ/p27amRj6Strzvt/X7l2PKOoXbX9yLRrto97UX/HvYjti/1XTft7QbpfC3L2q5LT3zf+/JFnfnTMza/sCoOVl5dOrbtov7rSAdCVvKWpemMNPcmiSfnVtHw84vF1K7Zv2rJi246db9uwaejy4cuHN79j5ekrzxw848wzVozt+YoO73+s/++b3P9mx1O23pmNp4Wf2vWD+LO58VTUrqL+GG1XcX/Utyjv/ddzwee+9I47Hj9/PKNonMfStfdhuu0ZPc4rQ914m9pXjfarqB9CCAON+uGlV84JR/+PDTcUnYfqj0z9z4xk1ciTy/70zbO+seSfxzMOynm+vkEtnudrrZ5oz1h/VdPjMXKI9m93KKf71duwXSuffLzr1n1//HStfXPmhKuHtm/funL857y0pfOSYxu2K5sb92vp2M9ySLsl1IZpg/E6qiuMty97/ozFs73amz7XmyxuuF9Z8bm9a25dXl772L68nk7uG69xbpg/vk3emlNyY+aF5VqDG9V/qL7/Go6Pvol29b/vGw98+IHvnz5lfJw6/rNov5Kc/br3mbu/9O0v/Mfvd26/3vcvT/X96X9+fHnchcPjvFJrddqepP68cmoIRe+/paHxfuS+/0qN96fo/ZetZ6J843gDmXRvKBe/X6thyvv11Id7Xjz38RuX5b5f9zf7fr12Uqpc8H49VMZP9v2VVCa3Y/beX5MGSrJq5Cc3HbHr0etWHzOeUTSua6UbjevTmph/5OzXjy96tv+Kgf/w3zt33vjOP91/8a+GVn1mPKP14x7b0pnjXk37t5rTv7VWx3lnff++/bIrNq4bzz90r3/TbcH8J55Ktu3Y+cmhjRuHt25rbr+a/X0a68n2cqu/T+PZbXHBfpWm7NfsPWimv5p9v8X2r2u5vya/33pD0tJ13M6fLZr3se/efGXflFelFV1SSuOXWor/m3Ofeumim7/1tdz4t8f4lZbiDz3/xG1Lj7x0d278O5M0frWl+Kv2PNU9/8DDj+TGH4ztn9tS/OfOfu/v7nnmwRdy44cYv7e1/n9595nP9vf/ITf+00laz+g1Ugj3v3ra+vF0ErrS91tsR9ekdoVsOsmkS5l0uT5dGltrrdQqKCdJXX5duTT/+Lq2NPKRnPx4FVZdMr59LaZD9sH0+YeaUt25v1F+0XUqAMAbXfz8P16Dxs//h9MLpfyVBpjQ7jxsSU7cOA+bWM+ZM+n5JWn8+Pq4Dtj/9jA4ur1+YPxCf6afI8T3Q3adM9Zz0gmTY7S6zlm0/r4sk47tGl8vr9TNQ1NT5zWV0MT6+9R6pl9/z+x+8fr4wE1TmjVQt26VPX5d6YpZo/sdMu2tjEbIGx/ZdbF4P0f/grB6rL4mx0f2Ppp4HLL30cR6jsmcOFu9j6bd8RGbPc34GGty8ecbU49fmKZ/J45f42jZ4zeD410dLT/bn892YN2w4Snt4K0bNvF5WIP4zX4eVluXXDW1zHTx3yzrkq/PumFoet0w5sf9qDS5nvjhnPxm1hPr1+Xy1hPj6SK2a/80bTkYrCcCb1Rx/h9/R4zO/0cvwP+cKVd0HZq9aozxcu8TKjduT9G8Y+p9ej0t/R5fu2fL57v7D5yUe53zSLP3/WyZlOopuO+nqB+XZ9KF/ZizQNNovvfneydel62nqN+z92X0hvkt9fvdu+54510Lbzknt99Xj/8iLe73L01KzS/o98NgvtA4/httvuA+hsnxO3QfQ9H62es2H0lvfJqt+ciHcvJnen9Dz5QHtf0ac9jNR7oObrsAgMNHnP/XPj9L5///KxZIryOK5q0nZ9IxXu68Nef6JO9zyg+k26sz5XvTf1Ex0+vm80586IZ5Bx48Lnfecmez89D/NCnVVzgPbW/enDuPWN2Z+8Vz5xG1eVZ788Tc9tfmie3N03Pj1+bp7c2jc/unNo9ubx0gN35tHeBwn+cWrNdlKovJZtfr3rDz6PSfz87WPPqCnPyZzqN7pzyo7dcY82gAgNdXnP/Hy7g4/388U67dz9lz5wUdum7P/j2QWvynD9a8crbnfbM9b53tef1sr0sc7vPi2V4Xmt11sjf9vDit1LwYAIBDWZz/z03T+fP/9uYnjeZvXZPmJ+bnDeObnx8i8/PDff3L/N/n4sXM/wEA3tji/D/+s8f49//+S5rO/t168/Sc+Obp5unTjZ+m5+mdX2cL7gN4fdcB5k6Utw4AAMDroWtspjT139l/NN1m/5193r/LvyinfLMq6eXxpdu3Dg9ffOWWdUPbhy/efMW64W0XX7V1w/btw5vHy7U7b8ydt6Tzxq5QSfujcbnsvG1h+vcQFub8PYRs+Rj22LEHU/8eQrbauQV/R2Di+DXX3rzjV5qmfKPxkXe88+J/JKd8VDv+l3381IvXb7t4w+YN2zcMbdywc3hyudFZa88MvjczdsuMvi8182OK0sy/v7Mz7ShNaUdX2h9538+eZNqxKG3JorzvP8hp90//2xc/deLIX+8JYfCo8lvb6r9k1ch/vnD4A9v3/XLLaPvnTtv+Wsm0XUXfV5otH/ensvGKbdtPWX/FlZuz3yjZmrieUaqlZ2k9I337l5tcn1ibkz/T+xTKUx4cmppenwAAYJL4+X+8no2fH34hvYCK+c3P09v7/Dh3nj7Y3Dw9+71kRfP0bPm4v83O06ttztOz9RfN0xuVbzRPz5t358X/UE75mWp+nLR3n0fuOLmkuXGS/T6DonGSLT/TcZK0OU6y9ReNk0blG42TvOOeF/+DOeXzND8e2rsvJ3c83N7cePjHTLpoPGTLz3Q8lNocD9n6i8ZDo/KNxkPe8c2Lf35O+WZNHh+jA2NsXAxffNUVWz9ZV262v/+i/fbN7vd/tKr59s/ufV+z3/6Gnw8kebsQCzR7X9nst7+9+8py2/90eythzbd/dr/fpVUHbb02vdms6P6zonXcNTn5M13HnTPlwaHJOi68fuL8P37cE+f/t6TbTn8MdPh/T5rvMWsYv0PfY1Z0HeP3+TSVHQL8PgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoTndlydh2343bDpx/zHt++tnhV697/w83Xf8P13zn9wOX/dtP7uv59mt71x2//lfvPuKyhz5xzp47vv7oK/Mf+NvzhYH7xn5WTk6T1RCSF5MQqj/a/+XP7X3y6NG8JIRQTvp2hbAoWfzooiQTYfAvIYR1tXZOfvL+V09bP7q9/pbuSfkLM0Gy+xV6y7E99e0M4erCPeIwVE3H2c4DV50Sfv2va274+dJ7v9e1+4VdE0WSat14CmHBJfWv7wohzE3/HxVH25L44nS7OoTQU/e6swradUKT7V+Rkz423c5Jt70FceLzyzLpUqZcNh11ZbY9BfW1K68drZYrMi+Tzp6M2pXXzpi/KN3+IN2ePMP45fh/EkpJqNSavzGZGCOh7rglIRk7ltVaulQ7tiHd/0w6yaRLmXS5K7NfY/WmA62cJJPzY7lMfjwdV9L84+vP1Q1ckJP/lnRbTd+or8V0yD4Y1zvlQW2/xsR27Z+mLQdDqe4c1Ci/duDTg9Gb5vUmi6e8ZqSB+NzeNbcuL699bF9fTjuS+5I0ftJS/J0/WzTvY9+9+colefEvKaXxSy3F/825T7100c3f+lpu/Ntj/HJL8U99uOfFcx+/cVlu/+yP/VNpKf7Q80/ctvTIS3fntv/OGL/aUvxVe57qnn/g4Udy2z8Y+2duS/GfO/u9v7vnmQdfyI0fYvyeluKv3bPl8939B07Kjf9I7J/e1sbPy7vPfLa//w8DefGfjvHntxT/7l13vPOuhbeck3t8V8f+6Wsp/nknPnTDvAMPHpd37kzu7NRvToA3pyPSa6yb0nSr88x21c0XvjpQGb/mm5f+P7+TFWWM1rNgFuMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDG9ItrT//ohe/64JpKEkKSU2akgfhcec6qVQMt1Dv0/BO3LT3y0t31eUtaiAMAAAAUi/PwUi2nGpaEq5K54diG5eMawbExlUzOz64hxDjZNYJW45Q6FKfcoTiVDsXp6lCcOR2K092hONWCONXQXJy508SpjI6KJtvTM217mo/T26E48zoUZ36H4izoUJyFHYrTN22c5sfhog7FWdyhOEeMJ7vajXNkh9pzVIfi/F2H4hzdoTjZNeWZjsP5aclj8uKMPSgXxqkk5doTjdbTj07rOa7NenoL6plf9Pu4yXrmNlnPCZnXlWZYT7XJev6+zXqSJuv5xzbrKRXUE8ft1dn2xXpiqsnxv6NDcXa2F+d/x+utazrUnms7FOfTHYrzmQ7Fua7NOADNivP/ifleX+iu/HPoSc842VWAON9dOvZz6u+7vBNSjPfWTP6conjZiXom3tKZti+7gJCJtyyT3zUpXqU2H5kmXrU+3vLMk4X7m11QyLTv5Ex+d1G87MICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMyiX1x7+kcvfNcH14QkjP7X0EgD8bnynFWrBlqod++aW5eX1z62rz6vu9JCIAAAAKBQnId31XKqobuyMnQncyaVq6brANU0Xe4b3/YvCKtHt8lAaSzdkyya9nWV9HUrtm/asmLbjp1v27Bp6PLhy4c3v2Pl6SvPHDzjzDNWrN+wcXhw/GcI3QXxQghjyw/bduz85NDGjcNbt41nZtu/JH3dkjSdpK/rf3sYHN1en7Z/cUF9pSn17Xj27PGnJnI69KDg0AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/H927S5EzquMA/h5Z2ZnptvGrPRrGprNkI8StWgSt5Jq6b4gWGiTkKUgs9W1BJtgcdOENimxjk3AtiYoQksgRHJhJBZbizf9sEXsB4FIjQbcGKQt2gu9UFqtpCUXkjKS3TmzM5OZzDqWpk1/v4v3nTnnOeeZMxcL/3cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3ndT1ZGJyujY+GASQtKlptZBnMvm07TcR9+vPrf1h4XhU8ubxwq5PjYCAAAAeoo5fKAxUgyFXDZkw1XT7xafueTrE2E29wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB89U9WRicro2PjFSQhJl5paB3Eum0/Tch99X3/7ic+9Mjz89+axUh/7AAAAAL3FHJ5pjBRDKSwJA8lVLXXx2cCCtvXtdXGfhXOsa3920K1uyRzrrplj3Sd61K2r33cEAAAA+PCL+T/XGBkKhdy8rvm/V66PdYva6rL1ez+/FQAAAAD+PzH/FxojpVDIlRp5vXPe39l4H/P+4ra6uL7X/+3j+mVd1vf6f/7a+t3/6QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgw2OqOjJRGR0bzyYhJF1qah3EuWw+Tct99F31/OA/bzn84OLmsUKuj40AAACAnmIOn43exVDIDYaBcPF07h++6cBTX37qmZEQwkzMz+fDjg3btt29auYa61YePTzwgyNvfqexTaxbOXM9L4cDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADeU1PVkYnK6Nj4RUkISZeaWgdxLptP03IffV/7wpf++tiJZ99oHiv1sQ8AAADQW8zhs9m/GEohH/Lhiul3zVn/jEzb+m7PDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIALxz3fuu+bGyYnN97thRdeeNF4cb7/MgEAAO+1RSEJtf/RlevP96cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CKaqIxOV0bHxYhJC0qWm1kGcy+bTtNxH3/S5Y4V5p55/sXms1Mc+AAAAQG8xh89m/2IohYEwEC6fftfpmcB0/h96Hz8kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8IEyVR2ZqIyOjc9LQki61NQ6iHPZfJqW++j76K79nz80//s3N48Vcn1sBAAAAPQUc3i+MVIMhdwnQyFcXX8/2bogydbvnZ8LzK7b2rJscM7rqi3rsnNet7vtZLn6aWbWFeN+QzP3xrry2evKTetKodG+3LIu7G1ZNa/H5wwAAABwHsX8X2iMDIVCrtCUc3/WUj8k5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXUxVRyYqo2PjSRJC0qWm1kGcy+bTtNxH3/t+9/FLvvbzPdubx0p97AMAAAD0FnP4bPYvhlJYGD4WFk7n/jDUWh/r/lU5feiRf/9teQgrrjg+nGvf9sfxxW9eu/GF9ksImdbqTAjz6/2SLv1++4dH7l1aO/1YCCsuz159Vr9w7n6zarVyktaermxcu+3I8a29vx8AAAC4EMT8P9AYGQqF3F1d839M3j3yf8N0AJ9/765fXla/1hN524rMUL1fpku/Ly594i/LVv/jzTP5/1z9PrN/86HLWhrOjLRJ0tro5u3rjl93MBNPPdM/29Y/fi9f+fYb/9m04+HTM/2LoVgfX5Dr1P/sa5uL0tpkZt/4mnf3VVv757qc/8Hfv3ji1wv2vHOm/9uLBhv9rznH+c/df/DWh/Zev//wutb+IYRyp/5vvXNzuPJPdz7Qfv7Bto2bv/nma5skrR1dfPLg6gOlG1r7J2394/f/ixOP7v3pw997JvaPvxVZvmSu/TNt/V/efemul3auX9DaP9Pl/C/c9srwlvJ3/9h+/jtads11/RRnn//xa5+8/dUN6f3tUwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABeWqerIRGV0bDyThJB0qal1EOey+TQt99H39VuOvXXbnp/8qHms1Mc+AAAAQG8xh89m/2IohXzIh8Hp3P90ZePabUeObw1DM7NJ/Z6b3HLPtk9t2rL9rjvO0ycHAAAA5irm/1xjZCgUckvDQD3/j27evu74dQczMf9nYv7fdOfkxhWhUffy7kt3vbRz/YLGc4IQpn8WUDxT99nZuptuPDZ08s/fWNaxbtVs3dHFJw+uPlC6IdaF5rqVofF84vFrn7z91Q3p/Y3P11z36a9vmaw/noj7Dt760N7r9x9e1zhH/T5Y3zfWTWb2ja95d1811mXr92L93AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA2aaqIxOV0bHxkA0h6VJT6yDOZfNpWu6j75qlv3rgklPPLmweK+T62AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4L/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYb9+QuMo+ziAP89u8mabTdqkfcGomKZVUerBoiCiFxUVaUUKnipFqq09iIIgotSDqbRiqYoXweqliApqlIKCjcXSKqn4r3jxoIJC9SCUYkC7FA8q2X1mu5nuuDqpgvr5wPDkeWbmO7+Z59nZLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8oA31jzfbwjvsbt5xzw0eP3nXikZveuXfbRQ+/+t3Epus+3Dv40smZzSu2fHn9sk37714zvfv5Qz8Nv/XL0Z7BD7WaValbCyEejyHU3p195rGZj8+aG4shhGocmQxhNC49NBpzCat/DiFsbtc5f+ebJy7fMtdu2zUwb3xJLiR/X6FezeppGZlfL/8utbTOtjYevCR8fe367Z8uf+P1/qljk6cOibWO9RTC4o2d5/eHEBalbU622sayk1O7LoQw2HHelT3qOv8P1n9pQf/c1P4vtfUeOdn+lbl+JXdcvp/pz7WDPa63UEV1lD2ul6FcP/8yWqiiOrPx0dS+ndpVfzK/mm0xVGLoa5d/Tzy1RkLHvMUQm3NZa/cr7bkN6f5z/ZjrV3L9an/uvprXTQutGuP88ey43Hj2Ou5L4ys639Vd3FowfnZqa+mDejLrh/wfLfXT/mjfV1NW1+zv1PJ3qHS8g7qNtyc+TUY9jdXj0tPO+bWLbN/M+icurG547/BIQR1xb0z5sVT+1k9Gh25/becDY0X5Gyspv1Iq/5u1R364becLzxXmP53lV0vlX3Zg8Pja93esLHw+s9nz6SuVf8fRD55c/v87p7rNdTN/T5ZfK5V/zfSRgeHGgYOF9a/Ons+iUvlfXX3jt698vu9YYX7I8gdL5W+Yvu+pgfHGxYX5B1sfhXpzhZZYPz9OXfHF+Pj3E0X5n2XPf7hLfuyZ//Lk7qteXLJrTeH6XJc9n5FS9d98wf7tQ4195xW9O+OeM/XNCfDftCz9j/V46pf9nblQHb8Xnp3oa30DDaVt+ExeKGfuOov/wnwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDf2IEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeCgAA//9L2SYy") [ 75.112747][ T4704] Bluetooth: hci0: command tx timeout [ 75.175423][ T5357] bridge0: port 3(syz_tun) entered blocking state [ 75.178774][ T5357] bridge0: port 3(syz_tun) entered disabled state [ 75.184487][ T5357] syz_tun: entered allmulticast mode [ 75.203511][ T5357] syz_tun: entered promiscuous mode [ 75.210144][ T5357] bridge0: port 3(syz_tun) entered blocking state [ 75.217767][ T5357] bridge0: port 3(syz_tun) entered listening state [ 75.680209][ T5358] loop0: detected capacity change from 0 to 32768 [ 76.036084][ T5358] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,fix_errors=no,nochanges,nojournal_transaction_names,read_only,nocow [ 76.036102][ T5358] allowing incompatible features above 0.0: (unknown version) [ 76.036108][ T5358] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 76.073803][ T5358] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 76.078101][ T5358] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 76.095182][ T5358] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=blacklist in superblock: invalid journal seq blacklist entry: bad size, fixing [ 76.116318][ T5358] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 76.116337][ T5358] has non ptr field, deleting [ 76.149897][ T5358] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 76.262550][ T5358] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 76.298260][ T5358] bcachefs (loop0): check_topology... done [ 76.318686][ T5358] bcachefs (loop0): accounting_read... done [ 76.336883][ T5358] bcachefs (loop0): alloc_read... done [ 76.346237][ T5358] bcachefs (loop0): snapshots_read... done [ 76.361457][ T5358] bcachefs (loop0): check_allocations... [ 76.368396][ T5358] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 76.368425][ T5358] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 76.409660][ T5358] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 76.409676][ T5358] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 76.431446][ T5358] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 76.432087][ T5358] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 76.461230][ T5358] bcachefs (loop0): bucket 0:28 data type btree ptr gen 0 missing in alloc btree [ 76.461245][ T5358] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 76.482914][ T5358] bcachefs (loop0): key version number higher than recorded 0 [ 76.482928][ T5358] u64s 5 type set 0:34:0 len 1 ver 8323072, not fixing [ 76.497818][ T5358] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 76.497834][ T5358] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 76.530779][ T5358] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 76.530794][ T5358] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 76.559114][ T5358] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 76.559133][ T5358] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing [ 76.593636][ T5358] bcachefs (loop0): bucket 0:37 data type btree ptr gen 0 missing in alloc btree [ 76.593652][ T5358] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing [ 76.634609][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.634695][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.655784][ T5358] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 76.655799][ T5358] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 76.676925][ T5358] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree [ 76.676940][ T5358] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 76.714757][ T5358] done [ 76.719591][ T5358] bcachefs (loop0): going read-write [ 76.736227][ T5358] bcachefs (loop0): journal_replay... done [ 76.851357][ T5358] bcachefs (loop0): check_alloc_info... [ 76.880409][ T5358] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.880438][ T5358] device 0 buckets 9-16, fixing [ 76.931148][ T5358] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.931164][ T5358] device 0 buckets 24-25, fixing [ 76.967819][ T5358] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.967834][ T5358] device 0 buckets 26-28, fixing [ 76.988095][ T5358] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 76.988110][ T5358] device 0 buckets 31-33, fixing [ 77.008329][ T5358] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 77.008342][ T5358] device 0 buckets 34-36, fixing [ 77.024222][ T5358] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 77.024236][ T5358] device 0 buckets 38-39, fixing [ 77.043058][ T5358] done [ 77.044576][ T5358] bcachefs (loop0): check_lrus... [ 77.045298][ T5358] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 77.045308][ T5358] u64s 5 type set 18446462598867058688:6597069766690:0 len 0 ver 0 [ 77.045313][ T5358] for u64s 5 type deleted 0:6597069766690:0 len 0 ver 0, fixing [ 77.088863][ T5358] done [ 77.090423][ T5358] bcachefs (loop0): check_btree_backpointers... [ 77.091139][ T5358] bcachefs (loop0): backpointer for nonexistent alloc key: 0:27:0 [ 77.091150][ T5358] u64s 9 type backpointer 0:7077888:0 len 0 ver 0: bucket=0:27:0 btree=extents level=1 data_type=btree suboffset=0 len=256 gen=0 pos=SPOS_MAX, fixing [ 77.125272][ T5358] bcachefs (loop0): backpointer for nonexistent alloc key: 0:31:0 [ 77.125290][ T5358] u64s 9 type backpointer 0:8126464:0 len 0 ver 0: bucket=0:31:0 btree=xattrs level=1 data_type=btree suboffset=0 len=256 gen=0 pos=SPOS_MAX, fixing [ 77.150569][ T5358] bcachefs (loop0): backpointer for nonexistent alloc key: 0:34:0 [ 77.150582][ T5358] u64s 9 type backpointer 0:8912896:0 len 0 ver 0: bucket=0:34:0 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=4099:8:U32_MAX, fixing [ 77.185831][ T4704] Bluetooth: hci0: command tx timeout [ 77.198438][ T5358] bcachefs (loop0): backpointer for nonexistent alloc key: 0:34:0 [ 77.198452][ T5358] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=536870913:24:U32_MAX, fixing [ 77.228983][ T5358] done [ 77.233484][ T5358] bcachefs (loop0): check_backpointers_to_extents... done [ 77.268334][ T5358] bcachefs (loop0): check_extents_to_backpointers... [ 77.269422][ T5358] bcachefs (loop0): scanning for missing backpointers in 2/128 buckets [ 77.290269][ T5358] done [ 77.308742][ T5358] bcachefs (loop0): check_alloc_to_lru_refs... done [ 77.312996][ T5358] bcachefs (loop0): check_snapshot_trees... done [ 77.316026][ T5358] bcachefs (loop0): check_snapshots... done [ 77.319192][ T5358] bcachefs (loop0): check_subvols... done [ 77.343138][ T5358] bcachefs (loop0): check_subvol_children... done [ 77.347457][ T5358] bcachefs (loop0): delete_dead_snapshots... done [ 77.352458][ T5358] bcachefs (loop0): check_inodes... done [ 77.364059][ T5358] bcachefs (loop0): check_extents... done [ 77.367028][ T5358] bcachefs (loop0): check_indirect_extents... done [ 77.370323][ T5358] bcachefs (loop0): check_dirents... [ 77.370745][ T5358] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, not deleting [ 77.414019][ T5358] bcachefs (loop0): key in missing inode, found keys: [ 77.414033][ T5358] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir [ 77.414040][ T5358] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg [ 77.414047][ T5358] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg [ 77.414054][ T5358] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 77.414061][ T5358] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir [ 77.414067][ T5358] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg [ 77.414074][ T5358] , fixing [ 77.648087][ T5358] bcachefs (loop0): hash table key at wrong offset: should be at 6552286169514828621 [ 77.648120][ T5358] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 77.687901][ T5358] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, not deleting [ 77.707239][ T5358] bcachefs (loop0): hash table key at wrong offset: should be at 3398946530192156100 [ 77.707253][ T5358] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.746536][ T5358] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, not deleting [ 77.765857][ T5358] bcachefs (loop0): hash table key at wrong offset: should be at 4539824829875468757 [ 77.765873][ T5358] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.806109][ T5358] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:3398946530192156100:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, not deleting [ 77.838604][ T5358] bcachefs (loop0): dirent points to missing inode: [ 77.838617][ T5358] u64s 7 type dirent 4096:3398946530192156100:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.879733][ T5358] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, not deleting [ 77.934103][ T5358] bcachefs (loop0): hash table key at wrong offset: should be at 7647025884251580305 [ 77.934118][ T5358] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 77.996576][ T5358] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:4539824829875468757:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, not deleting [ 78.049427][ T5358] bcachefs (loop0): dirent points to missing inode: [ 78.049442][ T5358] u64s 7 type dirent 4096:4539824829875468757:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 78.112563][ T5358] ================================================================== [ 78.124293][ T5358] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 78.134660][ T5358] Read of size 1 at addr ffff8880560200e8 by task syz.0.0/5358 [ 78.145422][ T5358] [ 78.148936][ T5358] CPU: 0 UID: 0 PID: 5358 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11579-g35a813e010b9 #0 PREEMPT(full) [ 78.148955][ T5358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.148962][ T5358] Call Trace: [ 78.148971][ T5358] [ 78.148978][ T5358] dump_stack_lvl+0x189/0x250 [ 78.148994][ T5358] ? __kasan_check_byte+0x12/0x40 [ 78.149008][ T5358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.149046][ T5358] ? lock_release+0x4b/0x3e0 [ 78.149068][ T5358] ? __virt_addr_valid+0x4a5/0x5c0 [ 78.149083][ T5358] print_report+0xca/0x240 [ 78.149095][ T5358] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.149109][ T5358] kasan_report+0x118/0x150 [ 78.149123][ T5358] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.149138][ T5358] bch2_check_dirents+0x1fac/0x33f0 [ 78.149156][ T5358] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.149170][ T5358] ? desc_read+0x1b8/0x3f0 [ 78.149182][ T5358] ? prb_first_seq+0xfd/0x1a0 [ 78.149191][ T5358] ? __pfx_bch2_check_dirents+0x10/0x10 [ 78.149204][ T5358] ? __pfx_prb_first_seq+0x10/0x10 [ 78.149215][ T5358] ? desc_read+0x1b8/0x3f0 [ 78.149226][ T5358] ? this_cpu_in_panic+0x4f/0x80 [ 78.149234][ T5358] ? _prb_read_valid+0xa07/0xa90 [ 78.149242][ T5358] ? console_flush_all+0x13a/0xc40 [ 78.149255][ T5358] ? up+0xde/0x150 [ 78.149322][ T5358] ? __console_unlock+0x14c/0x1a0 [ 78.149343][ T5358] ? __pfx___console_unlock+0x10/0x10 [ 78.149354][ T5358] ? bch2_trans_put+0x961/0x1220 [ 78.149364][ T5358] ? kfree+0x4d/0x440 [ 78.149377][ T5358] ? prb_read_valid+0x3c/0x60 [ 78.149386][ T5358] ? console_unlock+0x21b/0x270 [ 78.149397][ T5358] ? __pfx_console_unlock+0x10/0x10 [ 78.149410][ T5358] ? vprintk_emit+0x63e/0x7a0 [ 78.149426][ T5358] ? __bch2_print+0x176/0x220 [ 78.149441][ T5358] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.149457][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.149469][ T5358] __bch2_run_recovery_passes+0x3bd/0x1060 [ 78.149491][ T5358] bch2_run_recovery_passes+0x184/0x210 [ 78.149507][ T5358] bch2_fs_recovery+0x2690/0x3a50 [ 78.149525][ T5358] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 78.149541][ T5358] ? __lock_acquire+0xab9/0xd20 [ 78.149558][ T5358] ? __mutex_trylock_common+0x153/0x260 [ 78.149570][ T5358] ? __lock_acquire+0xab9/0xd20 [ 78.149585][ T5358] ? __lock_acquire+0xab9/0xd20 [ 78.149605][ T5358] ? bch2_fs_start+0xa0f/0xda0 [ 78.149620][ T5358] ? up_write+0x1c4/0x420 [ 78.149630][ T5358] ? bch2_fs_start+0x5e7/0xda0 [ 78.149646][ T5358] bch2_fs_start+0xaaf/0xda0 [ 78.149660][ T5358] ? bch2_fs_start+0x5e7/0xda0 [ 78.149675][ T5358] ? __pfx_bch2_fs_start+0x10/0x10 [ 78.149695][ T5358] ? sget+0x267/0x620 [ 78.149708][ T5358] bch2_fs_get_tree+0xb39/0x1520 [ 78.149729][ T5358] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 78.149750][ T5358] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 78.149768][ T5358] vfs_get_tree+0x8f/0x2b0 [ 78.149780][ T5358] do_new_mount+0x2a2/0x9e0 [ 78.149794][ T5358] ? ns_capable+0x8a/0xf0 [ 78.149803][ T5358] ? __pfx_do_new_mount+0x10/0x10 [ 78.149815][ T5358] ? path_mount+0x61c/0xfe0 [ 78.149825][ T5358] ? user_path_at+0x44/0x60 [ 78.149837][ T5358] __se_sys_mount+0x317/0x410 [ 78.149851][ T5358] ? __pfx___se_sys_mount+0x10/0x10 [ 78.149865][ T5358] ? do_syscall_64+0xbe/0x3b0 [ 78.149876][ T5358] ? __x64_sys_mount+0x20/0xc0 [ 78.149888][ T5358] do_syscall_64+0xfa/0x3b0 [ 78.149899][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.149908][ T5358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.149918][ T5358] ? clear_bhb_loop+0x60/0xb0 [ 78.149929][ T5358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.149938][ T5358] RIP: 0033:0x7f4876b9030a [ 78.149950][ T5358] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.149958][ T5358] RSP: 002b:00007f4877975e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 78.149971][ T5358] RAX: ffffffffffffffda RBX: 00007f4877975ef0 RCX: 00007f4876b9030a [ 78.149979][ T5358] RDX: 00002000000000c0 RSI: 0000200000000180 RDI: 00007f4877975eb0 [ 78.149985][ T5358] RBP: 00002000000000c0 R08: 00007f4877975ef0 R09: 0000000000818001 [ 78.149992][ T5358] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000180 [ 78.149998][ T5358] R13: 00007f4877975eb0 R14: 0000000000005964 R15: 0000200000000100 [ 78.150009][ T5358] [ 78.150013][ T5358] [ 78.637093][ T5358] The buggy address belongs to the physical page: [ 78.644556][ T5358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56020 [ 78.650788][ T5358] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 78.659860][ T5358] page_type: f0(buddy) [ 78.673076][ T5358] raw: 04fff00000000000 ffffea0001586808 ffff88805ffd6f08 0000000000000000 [ 78.676762][ T5358] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 78.680607][ T5358] page dumped because: kasan: bad access detected [ 78.690757][ T5358] page_owner tracks the page as freed [ 78.692962][ T5358] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5358, tgid 5355 (syz.0.0), ts 77996131153, free_ts 78112473188 [ 78.706367][ T5358] post_alloc_hook+0x240/0x2a0 [ 78.719139][ T5358] get_page_from_freelist+0x21e4/0x22c0 [ 78.722405][ T5358] __alloc_frozen_pages_noprof+0x181/0x370 [ 78.725918][ T5358] alloc_pages_mpol+0x232/0x4a0 [ 78.728358][ T5358] ___kmalloc_large_node+0x5f/0x1b0 [ 78.730867][ T5358] __kmalloc_large_node_noprof+0x18/0x90 [ 78.747149][ T5358] __kvmalloc_node_noprof+0x6d/0x5f0 [ 78.749864][ T5358] btree_node_sort+0x666/0x1760 [ 78.752738][ T5358] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.755932][ T5358] bch2_btree_node_prep_for_write+0x337/0x650 [ 78.759136][ T5358] bch2_trans_lock_write+0x669/0xba0 [ 78.775670][ T5358] __bch2_trans_commit+0x2773/0x8870 [ 78.779369][ T5358] bch2_str_hash_repair_key+0x2a2d/0x3fa0 [ 78.782470][ T5358] __bch2_str_hash_check_key+0xa65/0xd40 [ 78.792596][ T5358] bch2_check_dirents+0x2166/0x33f0 [ 78.795278][ T5358] __bch2_run_recovery_passes+0x3bd/0x1060 [ 78.800850][ T5358] page last free pid 5358 tgid 5355 stack trace: [ 78.807353][ T5358] __free_pages_ok+0xa83/0xbe0 [ 78.810933][ T5358] free_large_kmalloc+0x13a/0x1f0 [ 78.815137][ T5358] btree_node_sort+0x117f/0x1760 [ 78.820687][ T5358] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.826778][ T5358] bch2_btree_node_prep_for_write+0x337/0x650 [ 78.832973][ T5358] bch2_trans_lock_write+0x669/0xba0 [ 78.840170][ T5358] __bch2_trans_commit+0x2773/0x8870 [ 78.846518][ T5358] bch2_check_dirents+0x1c5c/0x33f0 [ 78.854887][ T5358] __bch2_run_recovery_passes+0x3bd/0x1060 [ 78.864259][ T5358] bch2_run_recovery_passes+0x184/0x210 [ 78.871146][ T5358] bch2_fs_recovery+0x2690/0x3a50 [ 78.875921][ T5358] bch2_fs_start+0xaaf/0xda0 [ 78.880515][ T5358] bch2_fs_get_tree+0xb39/0x1520 [ 78.885314][ T5358] vfs_get_tree+0x8f/0x2b0 [ 78.888300][ T5358] do_new_mount+0x2a2/0x9e0 [ 78.891243][ T5358] __se_sys_mount+0x317/0x410 [ 78.893725][ T5358] [ 78.894875][ T5358] Memory state around the buggy address: [ 78.897686][ T5358] ffff88805601ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 78.904167][ T5358] ffff888056020000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.911795][ T5358] >ffff888056020080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.916132][ T5358] ^ [ 78.920573][ T5358] ffff888056020100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.945983][ T5358] ffff888056020180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.950460][ T5358] ================================================================== [ 79.137100][ T5358] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 79.142248][ T5358] CPU: 0 UID: 0 PID: 5358 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11579-g35a813e010b9 #0 PREEMPT(full) [ 79.150671][ T5358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.159286][ T5358] Call Trace: [ 79.161278][ T5358] [ 79.163177][ T5358] dump_stack_lvl+0x99/0x250 [ 79.166342][ T5358] ? __asan_memcpy+0x40/0x70 [ 79.169340][ T5358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.172107][ T5358] ? __pfx__printk+0x10/0x10 [ 79.174632][ T5358] vpanic+0x281/0x750 [ 79.176816][ T5358] ? preempt_schedule+0xae/0xc0 [ 79.180005][ T5358] ? __pfx_vpanic+0x10/0x10 [ 79.198594][ T5358] ? preempt_schedule_common+0x83/0xd0 [ 79.201978][ T5358] ? preempt_schedule+0xae/0xc0 [ 79.204478][ T5358] ? __pfx_preempt_schedule+0x10/0x10 [ 79.207056][ T5358] panic+0xb9/0xc0 [ 79.208905][ T5358] ? __pfx_panic+0x10/0x10 [ 79.211081][ T5358] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 79.214552][ T5358] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.221046][ T5358] check_panic_on_warn+0x89/0xb0 [ 79.225434][ T5358] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.231972][ T5358] end_report+0x78/0x160 [ 79.238222][ T5358] kasan_report+0x129/0x150 [ 79.245246][ T5358] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.251059][ T5358] bch2_check_dirents+0x1fac/0x33f0 [ 79.256535][ T5358] ? bch2_check_dirents+0x2f1/0x33f0 [ 79.260950][ T5358] ? desc_read+0x1b8/0x3f0 [ 79.264419][ T5358] ? prb_first_seq+0xfd/0x1a0 [ 79.268296][ T5358] ? __pfx_bch2_check_dirents+0x10/0x10 [ 79.272886][ T5358] ? __pfx_prb_first_seq+0x10/0x10 [ 79.279141][ T5358] ? desc_read+0x1b8/0x3f0 [ 79.283704][ T5358] ? this_cpu_in_panic+0x4f/0x80 [ 79.287570][ T5358] ? _prb_read_valid+0xa07/0xa90 [ 79.294540][ T5358] ? console_flush_all+0x13a/0xc40 [ 79.301208][ T5358] ? up+0xde/0x150 [ 79.304602][ T5358] ? __console_unlock+0x14c/0x1a0 [ 79.308523][ T5358] ? __pfx___console_unlock+0x10/0x10 [ 79.314590][ T5358] ? bch2_trans_put+0x961/0x1220 [ 79.319310][ T5358] ? kfree+0x4d/0x440 [ 79.322285][ T5358] ? prb_read_valid+0x3c/0x60 [ 79.325124][ T5358] ? console_unlock+0x21b/0x270 [ 79.330413][ T5358] ? __pfx_console_unlock+0x10/0x10 [ 79.334720][ T5358] ? vprintk_emit+0x63e/0x7a0 [ 79.336879][ T5358] ? __bch2_print+0x176/0x220 [ 79.339493][ T5358] ? bch2_check_dirents+0x2f1/0x33f0 [ 79.343645][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.348324][ T5358] __bch2_run_recovery_passes+0x3bd/0x1060 [ 79.353838][ T5358] bch2_run_recovery_passes+0x184/0x210 [ 79.357072][ T5358] bch2_fs_recovery+0x2690/0x3a50 [ 79.359861][ T5358] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 79.363783][ T5358] ? __lock_acquire+0xab9/0xd20 [ 79.367062][ T5358] ? __mutex_trylock_common+0x153/0x260 [ 79.370197][ T5358] ? __lock_acquire+0xab9/0xd20 [ 79.372624][ T5358] ? __lock_acquire+0xab9/0xd20 [ 79.375163][ T5358] ? bch2_fs_start+0xa0f/0xda0 [ 79.377293][ T5358] ? up_write+0x1c4/0x420 [ 79.379070][ T5358] ? bch2_fs_start+0x5e7/0xda0 [ 79.381327][ T5358] bch2_fs_start+0xaaf/0xda0 [ 79.383693][ T5358] ? bch2_fs_start+0x5e7/0xda0 [ 79.386199][ T5358] ? __pfx_bch2_fs_start+0x10/0x10 [ 79.388679][ T5358] ? sget+0x267/0x620 [ 79.391043][ T5358] bch2_fs_get_tree+0xb39/0x1520 [ 79.393188][ T5358] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 79.395589][ T5358] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 79.398043][ T5358] vfs_get_tree+0x8f/0x2b0 [ 79.400021][ T5358] do_new_mount+0x2a2/0x9e0 [ 79.402591][ T5358] ? ns_capable+0x8a/0xf0 [ 79.404886][ T5358] ? __pfx_do_new_mount+0x10/0x10 [ 79.407324][ T5358] ? path_mount+0x61c/0xfe0 [ 79.409580][ T5358] ? user_path_at+0x44/0x60 [ 79.412132][ T5358] __se_sys_mount+0x317/0x410 [ 79.414605][ T5358] ? __pfx___se_sys_mount+0x10/0x10 [ 79.418081][ T5358] ? do_syscall_64+0xbe/0x3b0 [ 79.420453][ T5358] ? __x64_sys_mount+0x20/0xc0 [ 79.422669][ T5358] do_syscall_64+0xfa/0x3b0 [ 79.424829][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.427270][ T5358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.430222][ T5358] ? clear_bhb_loop+0x60/0xb0 [ 79.432744][ T5358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.436314][ T5358] RIP: 0033:0x7f4876b9030a [ 79.438301][ T5358] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.449370][ T5358] RSP: 002b:00007f4877975e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 79.453809][ T5358] RAX: ffffffffffffffda RBX: 00007f4877975ef0 RCX: 00007f4876b9030a [ 79.457381][ T5358] RDX: 00002000000000c0 RSI: 0000200000000180 RDI: 00007f4877975eb0 [ 79.460956][ T5358] RBP: 00002000000000c0 R08: 00007f4877975ef0 R09: 0000000000818001 [ 79.465140][ T5358] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000180 [ 79.469059][ T5358] R13: 00007f4877975eb0 R14: 0000000000005964 R15: 0000200000000100 [ 79.473069][ T5358] [ 79.474923][ T5358] Kernel Offset: disabled [ 79.476962][ T5358] Rebooting in 86400 seconds..