program: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@delneigh={0x1c, 0x1d, 0x2cb9fc920827cc0b, 0x0, 0x0, {0x7, 0x0, 0x0, r0}}, 0x1c}}, 0x0) syz_mount_image$bcachefs(&(0x7f0000005d80), &(0x7f0000005dc0)='./file0\x00', 0x0, &(0x7f0000000280)={[{@errors_continue}, {@nocow_enabled}, {@direct_io}, {@nocow_enabled}, {@read_only}]}, 0x1, 0x5d7d, &(0x7f0000005e00)="$eJzs3X2QHOWZGPDumVntSquPlSzMCgmxGNmOuGALFIjlO0cb5+zYjmxkYQEWp5NkWGEdQhL6QCBdwlcOCCYpVUEdBOJEBxS5Sl0luHQJ4U6pkjHgi6+KQib+gyNfRwXnj/iI6ixxRHK8V7vbvTvT2+/07PSsEPbvV6WdfXufed7n6X2np3u0OxsBAADwS+GV39nz7lcu+NwP7h06ddcX/ujWe6Le6uj2njSgL7m94/2qkOm0/IdnGr6z3bX+0dvsujj/jxe+23ffmi8/tOrzP9z8J/MHly4buuo7R66+/74XP/OzFx97Yk3RPOl6unRiHP9FHEVL3z7y2P0v/+n5I9vikfnjvruj+fPjBd+dH2dSrDgdRdFN43U2fvHIqZVbR27v+VZ3w/Z5mSTW+y+3nmSdHdz0jaeO3TL48pGBXSt/cvLKnXdPhMQ9despiuZurr9/VxRFM5N/I9LV1p/eObldG0XRrLr7faqgrktarP+ywHhJcjsjue0tyJN+/eLMuNZiHbXMbXeL92tXZZrzZ2X3X/ZgNF3SPucmt88nt5dOMU81/RdHlTiqjZe/PZ5YI1Hd9y2O4tG13TM+royOo/FxlB3HmXElM652ZfoanTfZsdU4btyexmW2p4fjWrL94vpjdY51ge2Lktue5IH6XjqOsp+M6Z30yUQfUV1dJ87WwgioBB576fbx8pJvRm+yrTdeMOk+wznSr534/pYN77xx4Pm+QB3xc3GSP24r/+DQk8eevf7oov5Q/s2VJH+lrfyvVF89/czJ/tnB/IfS/NW28q//+Y8fvPea/QuD++dEun9qbeVf9vDsg6f2r+seCOU/nObvaSv/VRuXrrrw5L7bg/WvSPfPzLby/+iR5Wc2HnrhaDB/lOaf1Vb+N598ekl10aPHg/mPpfunt6381658fPWXFt/3RHD/v5bmn9NW/g3H79+866mXlgfX59p0//S1lf/06tffOtO35unQsTM+fLafYQF+sXwoOcd6MBm3e51ZVt31wuMDtbFzvtnJvzmdnCgjrrt2AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB2Pbr6399WP/7o/7l9/fH/sHRbLRl316IojqLonerYON0+I4rimVEU7dm7ZffebTtuHvitnft279iyfWDL3oGhHXt33znwt/7mwO6hXdu33Dny1RWXrRy734LRbFG0IL5wUi3Dw8PDURQN1G9L5/u9Lz73/9Y/8Zdfj6IV572+tBbs55P/9a3PLcz5mBEPDq/9F1c+cmDG/5o3tqEvqasvVFdf47a0gt7B1/7ss8+/MVLXh5vV9dir1/3fhoJGN0zkSVS6o8roJ93xrNw6xqueqGd0f9W2bts+tKJ4/8aB/fvxl/7w5L+7Y/0/Hdu/PcE+Wty/I3u1NvzQT+/9+N2fHfr0Ofx9L9rfdS2M1pfuv55kf89N+pob6KsS6Ov2gTdP/LN/+5+euTtaUfvpRZPnLuqrK1kAXfGiluZNZ5gVz2+I7Uni0+94er9P7r111yf33Hngsm23brl56OahHStXXrnq8pWXX7Fq5SdHWx/72LH+0/k/3mL/s5NMs+PFufstuzWd96LRj9UoKTu9qfukUVfUO3ab2c9peLbr3uRrvfGCSbmGc6RfO/H9LRveeePA86FHXvzc2Iwzozljt/GSQOT2zB2r4wXnzX92Hpc7f7dne/qxtcdlUV1F62qkruJ1VV9Rk+PYq5c8+NOnHvjnN7RwvKgLHa0vrXPWyMPl8qjucTt5X+X11cL3ZzBvP9x42e4/vHPbhkNFx/P670z9x4x4cPh/Lom/vG/Pn+0e23BWni/rC2rz+XK86ol6RvdXT/L9OFf3b3dUTfrqza1rXfzUZz5+69FfGa9vxozoji179+6+fOzjB7WvP58xb+G2exZfOKmvK8Y+Fh33L8qMC4/7lfz+io772Xkm4vPzDWTGvVG1reeJ9T//8YP3XrN/YfB54kSrzxO/3TCqlnyeqAQe7w/95bcH3r3ha+8Wraer9yy+a2HOx2x7g8Mv/MGvXv7p6675/NiGs3Icqi+ozePQeNVJPen+Gj0OXXHu9PH+fZ8bHojx4PBF3/nYtWdO3fbVsQ1F+3c8Om//riw+zlcDfd3Q9ZH5j/xk8Uc6t373bPqrSz4xa/Y5tn57kv3bE9i/41Un9VTr9+8nbty5/aax8bl73jamu+D6J33e2XPngVu2bN8+tHtPa321+nyazpPdy+0+n6bPHgsK+kq/XxN9Td8nreyvVh9vaf03ZXK0+3gDSE08L8xo2J49fqav+y2dG63/xAPfezUeGHu+7NTrrek8F2SemNt9vbXoOukjmXHjdVItqut7zOTrpNG7FF0nZecpuk66JDMuvo55MLeT0PevK3nmzXvdNFNvbSRDaH30J/n7k3F6vrn0E9GV1ec/+sV4sLX10er5dDrP38jsoHbPp4vWx7Iov65Or4+PZe5U/P0+lFtZT+D7UfT9XtaQaHi47HV5X6Dq9Lq8N4rbyj849OSxZ68/uiiYf3MlyV9pK/8r1VdPP3Oyf3Yw/6E0f62t/Msenn3w1P513cH8h9P909NW/qs2Ll114cl9twfzr0jrn9lW/h89svzMxkMvHA3mj9L8vW3lv3bl46u/tPi+J4L5X4uTeUYeu1F05NTKrWPjOOpK1n9aR1dDXVF2HI+PZ+T1EVXr4ytpWDJBNY4bt6dxme1pH7Vk+8V1NeZZH9iePmp7kgf2e+k4yn7SfHt6eErrOhF4/jlbKnXnHnnbi16f7JR33u7/vfpx+v//6Rroro19767I7K+i54/s0TvNF3wdNvASRtH5wuT/f5vV1uPvzSefXlJd9Ojx4Ouqx1p9XXVXw2hWweuqZesNHi+OpcfTcsej/lD+19L85Z4PgvmT54OidfbRzLhwnXXlz1e0zrLnKb3RnLb63nD8/s27nnppeXCdrR17wBevs0cbRnMK11m5/5cOrrPn4o7sj2D+tZ05rwmus+S8pmidXZoZl19njeejX05u78jE9yavEE+179OrX3/rTN+ap4Pr7HCr6+z3G0Z9heus3Plt8Ps0fn473efnH+zzz46eH46NK5lx/vlh8t+503V+uC6wfarnh72TPpnoI/ognh8GjjMA0MwPHrrzf9eP0+v/9Lk7vf7/XuZ+Za8rsz8PlerUdWUw/+HOXK8Ez1PHr1em+3prus+zp/d6y3l8IP/468jT/brQ9F5Xug5JxlH2kzGuQwAAeD9c/K+//ev14/T6f/zn3pLf/38pHWfu7zo3kP+sXedO9+skrqNz83fo5yuKXweb7teppvI6wH8+L/2a1wHyeR3g7NYFAMDUbNq6e2hoz64tNw5t2rZj297x7V2jV06Tf071bye3azN5in5+Oi9+VpP4rwbzN9bzqUB8SG30Z16j6Bs3fvOKTTcN3T7V/kPzFfWfF9+s/+z1Raj/VYH4kLL9h+Yr6j8vvln/1wTzN9bz6UB8SNn+Q/MV9Z8X36z/rwXzN9bzq4H4kLL9h+Yr6j8vvln/2d8HC/X/a4H4kLL9h+Yr6j8vvln/1wbzN9bzmUB8SNn+Q/MV9Z8X36z/64L5G+v5O4H4kLL9h+Yr6j8vvln/1wfzN9azOhAfUrb/0HxF/efFN+v/68H8jfUMBuJDyvYfmq+o/7z4Zv1vCOZvrOfvBuJDyvYfmq+o/7z4Zv3fEMzfWM9nA/EhZfsPzVfUf158s/5/I5i/sZ6/F4gPadp/bn2tzVfUf158s/43BvM31vPrgfiQst//0HxF/efFN+v/N4P5G+v5XCA+pGz/ofmK+s+Lb9b/pmD+xno+H4gPKdt/aL6i/vPim/W/OZi/sZ6/H4gPKdt/aL6i/vPim/W/JZi/sZ4vBOJDyvYfmq+o/7z4Zv1/I5i/sZ4vBuJDyvYfmq+o/7z4Zv3fGMzfWM+XAvEhZfsPzVfUf158s/6z73cY6v8fBOJDyvYfmq+o/7z4Zv0PBfM31rMmEB9Stv/QfEX958U3639rMH/++wZk40PK9h+ar6j/vPhm/d8czN9Yz1cC8SFl+w/NV9R/Xnyz/r8ZzN9Yz9WB+JCy/YfmK+o/L75Z/9uC+RvrWRuIDynbf2i+ov7z4pv1/1vB/I31fDUQH1K2/9B8Rf3nxTfr/5Zg/sZ61gXiQ8r2H5qvqP+8+Gb9bw/mb6znmkB8SNn+Q/MV9Z8X36z/W4P5G+v5WiA+pGz/I/P9q5y8Rf3n9dOs/x3B/I31rA/Eh5TtPzRfUf958c363xnM31jPtYH4kLL9h+Yr6j8vvln/u4L5G+u5LhAfUrb/0HxF/efFN+v/tmD+xnquD8SHlO0/NF9R/3nxzfrfHczfWM/XA/EhZfsPzVfUf158s/73BPM31rMhEB9Stv/QfEX958U3639vMH9jPTcE4kPK9h+ar6j/vPhm/e8L5m+s5zcC8SFl+w/NV9R/Xnyz/m8P5m+sZ2MgPqRs/6H5ivrPi2/W//5g/sZ6fjMQH1K2/9B8Rf3nxTfrP/s+kKH+NwXiQ8b737t7aGjTvl03bdk7tGnHzpuG9mzav3vb3r1DyYla2d8rC/9e0Pv8iyw01fD4GFsk23bsGdo9+fg9s+n6rV8T0eivPc0cu40/3FJ89m2v210158p674pqTffXBZnxvOT9aOcF3o82G5+mXTz6yeT3o81OWyt4H9ei41N2/tDxKW4Sn3d8DR3Pip7/pnz8K1zfPU37z27uTn6xrzs+r6X4qMnfd2ttvZb7vdPgen2ttfWafd/1ovWajZ/qeu0tuV6z84fWU6VJfLPzoVbX64ZAfKr19RkH+81bV1P9O4Np2in9ncHMh0na+FsGrT8eyv0eefDxkBRd9HjI/h530eMhGz/Vx8PMko+H7PxFj4e8+GbXx60+Hq4LxIe0vh7KvW9BcD2saG09ZP+OVdF6yMZPdT30lFwP2fmL1kNefLPXC1tdD18LxLeq9fVR7n1Fgutjc2vrI/v3JIrWRzZ+qusjLrk+svMXrY+8+ND/p0RTWB9fDcSnGp4/t+4ZvajftmX7tgOZH8DoS54/3+/nw7PyvPxXv/bn7419SOqoTKqj6HwiztQxP6lkfujvHgbqvvG//Jv13/vZA9+OohXnVZeE654oeeJDRjw4vOCuZc9e/+Hjnx2pv9K0/vHI9O8WF/y942x82k9t+849e39l6859O1r9iavm0vdDqYyPp+n9UJKN1Rbf3yT0+wRTfX+TrkmfnJtafn8TgF8Q8w4/N6d+nL7/X/p81J8c+2YmB8B0e+vn2eXeXy94nn2otfPs5dl+C86zs/Fpv62eZ1dKnmdn5y86z86Lb/Zze62eZ38lED9VjetkZIGMro+hTft37q7/mbjp/ru1na93ev+Ob/n6pvd9G9vVev3T+76Q01//9P4d4Omvf3r/znO7ztr1UvJmkUXvH1l0HRX6vfSpXkfNmPTJucl1FACc+/7J7rf/Zf04vf5PrmLHr/+/lYyrHZ5/uq+jpvu6crrPkz/4778/vddBrgeaTHYOcD0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkO/3//t//G79uLvWP3r7yu/sefcrF3zuB/cOnbrrC3906z3n//HCd/vuW/Plh1Z9/oeb/2T+4NJlQ1d958jV99/34md+9uJjT6wpnKhv7ObSZNgTRfFfxFG09O0jj93/8p+eP7ItHpk/7rs7mj8/XvDd+XEmw4rTURTdNF5n4xePnFq5deT2nm91N2yfl0mS7Svqrab1NNQZ3VHYER9APck6O7jpG08du2Xw5SMDu1b+5OSVO++eCIl76tZTFM3dXH//riiKZib/RqSrrT+9c3K7NoqiWXX3+1RBXZe0WP9lgfGS5HZGcttbkCf9+sWZca3FOmqZ2+4W79em/1+Z3vyTZPdf9mA0XdI+5ya3zye3l04xTzX9F0eVOKqNl789nlgjUd33LY7i0bXdMz6ujI6j8XGUHceZcSUzrnZl+hqdN9mx1Thu3J7GZbanh+Nasv3i+mN1jnWB7YuS257kgfpeOo6yn4zpnfTJRB9RXV0nztbCCKgEHnvp9vHykm9Gb7KtN14w6T7DOdKvnfj+lg3vvHHg+b5AHfFzcZI/biv/4NCTx569/uii/lD+zZUkf6Wt/K9UXz39zMn+2cH8h9L81bbyr//5jx+895r9C4P750S6f2pt5V/28OyDp/av6x4I5T+c5u9pK/9VG5euuvDkvtuD9a9I98/MtvL/6JHlZzYeeuFoMH+U5p/VVv43n3x6SXXRo8eD+Y+l+6e3rfzXrnx89ZcW3/dEcP+/luaf01b+Dcfv37zrqZeWB9fn2nT/9LWV//Tq198607fm6dCxMz58tp9hAX6xfCg5x3owGbd7nVlW3fXC4wO1sXO+2cm/OZ2cKCOuu3YBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICQncPVffXjt44+dPU3/8em/1aLoygO3Gc4R/q16ozBwYE26lj28OyDp/av607HI3P3t5EHAAAAmGzxmw/cVj9Or8MryTiOeqL+aH88M1qce//0NYLF6Shu3J59DWHmRGRH8lQ6lKfaoTy1DuXp6lCeGR3K092hPD0FeXqi1vLMbJqn0nI9szqUp7dDeWZ3KM+cDuWZ236eWn2eeR2qp69pntbX4fwO5VnQoTwf6lCehR3Kc16H8ny4Q3nO71Ce7GvKU12Hc5LIC0J5Rj+pFuapxdXxL+S9np7Oc2HJeXpbnCf7mv1U55nZ4jyXlJynp8V5PlZynrjFeZZn7leZ4jyVgnnSdXtHqJ901OL6v7NDeQ50KM/BDuX57Q7l+YcdyvOPOpTnrpJ5AEJ+98VL/6B+nF7/p9efcdQXddeuiGYlR5zsqwDp9e5Fox8nP9+FDkhpviWZ7V1F+bIX2Jl8F021vuwLCJl8H2marzbpejUnX60+37IO5QMAAICp+MenDzb819zk6//+qLu2cPz69aOZ+xder2f/IzuR5ru0Q/kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ppde42RqywfAP6endmZ+S+XLqQtU3rbtP1TCKEXmhpBhUkTSTDCFrHl0pC1wsI2LC10W6BVUwRjm00waPHC7YMFiSFEICFp0DXBgBI/2NgghovrwkrgCxGkN6DomNk9Z/fszA67jNJa/f1CzpnnnOd5n/ccEpLnLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH++P37/b8+m48G+3vaugY7+EIXKP+MqjyO5l8mVSm0N7OOd59Ze+deXtu5O4krvfLaBhQAAAIAaj5834/R0nMzhyegdhULIZ5eGfJQbU1eMvwMU47ipdfg8Z1FYntn9/xdGpaah+OTopDF1hbiuEMeZuK5ny9br13Z3d278BH9U+lQ/R/V+ohCGPl/MOTGsWrT9mT1R2/BztEzwHE1x3eJNN9y4uGfL1rPW3bD2us7rOtcvW7b8nKXLlp59zrLF167r7lwyfAz5CdYLIZTGvpcJ/kUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMARsO23u7+Vjgf7etu7Bjr6W6IQojo15XEk9zK5UqmtgX28ct+DszIz7t6bxJXe+WwDCwEAAAA1fvX4jPPTcTKHJ6N3FAohn82FTJgxFM8bTc2GUC4n1xdUXT8SewcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI6sfQfb/5yOB/t627sGOvqPi0KI6tSUx5Hcy+RKpbYG9rF62Y/O/8LMO+5N4krvYgPrAAAAALVeOL35jnSczOFNcRyFQiiG+aE5mjGmLvk2cGrVetV5yTqzJ5lX/e2gXt78SeadNsm8MybIuzg+3xoAAADg2HNF6+9Wp+Nk/m+O4yi0hny2GDJxPNEcn3wXmFuVl9RPNN8n9fPq1E809yf11XM/AAAA/C87680nPkzHtfN/MeSzhZH5e6K/p18Un/2dHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACo59cHL/xFOh7s623vGujoz0QhRHVqyuNI7mVypVJbA/tY9Y83dtx+6S1Tk7jSO59tYCEAAACgxqO5T9+SjpM5PBm9o1AI+WxLaA7HDc39r+WmTF33zZmzQwiloYRcLty6dtOmjWcPH5O8L0W7Prfwhr4za/KWDh+P/JMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/qmWP7FyTjgf7etu7Bjr6/y8KIapTUx5Hci+TK5XaGtjHCzvPOHzVXU/1JXGld7GBdQAAAIBas7qf/ks6TubwZPaPQiEUQy7kwvShOD3rVzRVrVfvmwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw36Nny9br13Z3d270ww8//Bj5cbT/ywQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwtP1//vbfT8WBfb3vXQEd/IQohqlNTHkdyL5Mrldoa2Menrppzzuz9m29O4krvYgPrAAAAALXWvLV5fzpO5vBk9o9CIRRDc2gO0+K41tD833okdgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxNc0MUyh/TKSuP9q4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT8KBF1fdl44H+3rbuwY6+k+IQojq1JTHkdzL5Eqltgb2ceXeb3/lxl3PnpHEld75bAMLAQAAADWa33zxq+k4mcOT0TsKhZDPzgr5MCu+0j12gSiTJI77XWC07utjyjKTrttRtePhnRXi7xCFkX2Goc8Oo3V3fWRdMb7a1Dq59wQAAADHsmk7Lv5GOk7m/+Y4jkJryGenpebqG8fUt0x6jr97TN0Jk6776Zi61gnq/g2vBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo0J0rnzslHQ/29bZ3DXT0R1EIUZ2a8jiSe5lcqdTWwD5Knfc9/fDlfTOSuNK72MA6AAAAQK1L3yh8Nx0nc3gy+0ehEIphdjgxzB6a+0Pr2Pok77jS719esfulK0JYMv35Odm6/X6457K3w6HPvvbe8GEoDKFpbFJTCFPiflGdflf/4ZFVz3y4/YEQlkzLzKrfb7TV6KFKVCqfvG3Bw5dP37ui7jIAAABwTCs8eOAn6TiZ/5OJOgqtIZ9dX3f+T/I+1vzf3jNz29T4GH8BqKpoao37NdXp1/vuA20H13z5YGX+f35OYeT/FTh9/tj8dKv0seqbQ1Qqz33itNWHD9x0yfCFpH+mTv81zfNO2vnWzHlJ/0J8/Zow2f6hqn9Px6H5i1qOv2Bs/xBC23j9f3zh4++vuvfdK4b713/fi/80+PmpYcMPCt3JcfhKbf+V9y/fuTX3+pSx/aM6/Rc+++T+x25ddWf185+aHa9/7bFKpWu23Lvv9oW3reg8N9W/qU7/m9teeec7P/vlQ5X+++a2jPRf+BHPP2H/PfN37Nu1/Z41Y99/qbb/beHqszY+uWXdlXdVP39L1cLpN58+1r7/V2dFF23ueXlj9S0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBjW8djHxxKx4N9ve1dAx39TVEIUZ2a8jiSe5lcqdTWwD5+k9nzwUP7i8cncaV3sYF1AAAAgFqXrHj1unSczOHJ7B+FQiiGXMiFlqG5/+RtCx6+fPreFaE1vh+fs90bejadee2GzeuvOdKPAAAAAExg13nvr0jHyfyfjeMotIZ8dkFojuf/lfcv37k19/qUZP4PIQz9uT977bruziVh5DtBT8eh+Ytajr8gycvE50Ilb9HVG7rjzwTJuk89+pml51526Uh+Uzr/7NG8uU+ctvrwgZsuGTdv2Wjeq7Oiizb3vLwxtc/SSN7S0bzefbcvvG1F57nJc0TxuRA/T5K3Z/6Ofbu237MmyWuKzy3xegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABACCe99/evpePBvt72roGO/pAJIapTUx5Hci+TK5XaGtjHB+c/P3i49YsPJnGldz7bwEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2QHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoK+/UTGkcVxwH8vd2t2XbTuqmFJlpDir20IBSCxR6kufgHiVoqihaKUYwXFQuiFXuwbTAU9VBQaGkvpRXPSg5F7SEWW0VBrOJBPCnoSSWHpEgqKknmbTbTDomjLaV8PjC8/b3Z+c6bt29ndwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4pj3+47219rqj1j3bnnv9xQsP3nz3FweGp16776Pn96/9eM2F5sjgA29sveeboc+7Bno3DG/5YOyh0ZEzd/155vDRwUVP9Mpcsykr6yHE32IIvT+PHR49++Xamb44c/7Y3Be6uuLqT7piLmHzdAjh6dY4F+4cm+p/Zqbd/2bHgv4bcyH56wqNahrPnObC8XJ9qWfrbO8TT50Yf3bg7Fjf7v5fJ+94Yd/8W2K9bT2FsGqo/fhlIYTl2TYjrbbudHDWbg8hrGg77s5FxnXbEsd/e0G9LmtvyNrGIjlp//pcXVviOGq5tmOJx5VVucL5efn5y9+MrpR0nauy9lTWbvqXOdW0xVCJodYa/nNxfo2Ets8thji7tuutujJbh1Yd8nXM1ZVcXV2Wu67Z82YTW41xYX96X64/3Y5rWf/69nv1Zewo6O/J2nr2Rf0j1SH/Yk7jkhfz1xHaxjVxtRZGgUrBdy/1t4aXfRiNrK8RV19yzN+XkfZNfPbkzt+/f/VUs2Ac8f2Y5cdS+QPDx8bfe+x0T3dR/lAly6+Uyj9X/Wr63cnuzsL8Qym/Wir/kb9+OXjg4T1rCudnIs1PrVT+hrc6907t2dHRV5R/POXXS+Vv2dW79dbJl14uHP/mND/LS+V/9/bGi7sOfXi6MD+k/BWl8n84dnJdteed84X542l+GqXyH+0/su3+W0aOFs7/1yl/Zan8nedHh3af+HRj4frcnuanWSp/etu3P11sDp4sunfG41f7Fxbg+nJT9h/rYFaXfc78r9qeF4701eb+83Vm28r/80Q5se3ZhX/YgWMBAAAAAGH+1l1ZbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKwAAAD//8R6ZmI=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x105042, 0xda) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) writev(r1, &(0x7f0000000140)=[{&(0x7f0000001200)="1093c17d373764ffbd742a272b54744919b6b6511a155ca17ca937dcffd8591c6c22a8bd7dd8c75894eed2d36c58fd6e083c4c9368734a361ae329e1ec3dce36c51de78d3fa6b61765860c239513acbdeee34c854c09d97f86703e51a1e181a97d6e5cc195f960e516d1a9bea481777877132b4ffc6c54f7ea7aaec474d909f1457f27b698cd7b055227e01f1bc2c59217ea2588f67dc4f2e26929503ae5f4ca77de98552c71d172e3b4b2f0d897343c529b6fda28b3c0990971f0f396d280a40651b5988b330d7bc07d6716cac3d471f595aa6190745508c3ff389747d204fd60f1638150a90a834cab8477a91530444dfc49bd41b3059b84c5c74357373fd1d493259524cb090df7a943352d5d9b602b040aab24cbb2a235c009753eb14c94de417b03855c37af8cbf88f4ecab496f27df821f776952f83a20587e3550c3e02aa0ba9fe4ebc4e2b54dd83d20090590d5318b560bae38dbb7dd6169b6bd977b2dbabb69c5d55986accfe6475eb7e7e0896b4aa727e12996cbc9f6ca7623e1c30ab401a2ec70cf299405d580402a821a7f9c1e6cc2f012a4e095bcf55f0ea66520034ebfa03c36aa213f56d595681d0caa5606443fd44d5bf84c95a7d8d3ff220036fbdba0f55b695ee4465e027276fe4d72feaf2a33425a0e1572c98def8ef36b9e3c6a5caa1b0345c588cdc1e458e7acbc5809ed6f12163de19eaf9ec4177df5f269dac049c5631f3e8184c8e01f7af4f2541f488d1cbd590849a263caf15c6b3e1668b251e2ec2a2b495761fa75ca1dc458ecdc4831db48184e991ca48abc44ff4c8c234e94f36b481ed64b8cab498fc2ca654edae32deb21baa13304f6152396afc38d70adf650e1048cbe2a06b131e40cd67f2276d630e4abe620b8d454033128c87fef3abe859e9d63237491e9ff57476a1637a7e90cbee7c2be0e61483767295d127807782aecb952090ccc95486d899bc979bbbd1b5f91f8b616129b7b06189b3d9fba632ca10b3928504b77352c85f748f4ed45e30da8bb380c63bb7e7528967da6399581ef348d8c5282a5dd912732e7219dfe6c6e16c3b3b5afcfc64412847bbfe2f6caf0d17747d2006a1965cc928e81e3cfd50f311756498426cca98be0525608dc3bc01e1365383be7f216a0a7dc075aa6ec62c3902966f7d6bc8046a896e6cc7d87cd90f8af4de9d7b88ebc8e3f29e918b8328c760d8a5e80ddb457ef3057e8dad72e57e7ffce6421192d41d38e4012e3b65a57433d0abfe4f2ade79132b6d10396b9d898916927fb338551a032d2e775dedd1cd3b3e655bc8abaf72c55db1a5d37e4fb07cbc39e367ac3bd350b4b54be558b566f0fa087f94f03d74f712300688c01a7efaf9ef79b07c6ad407d6736852d226c815c0a13562b37ce7268181e824bb98de8e6bb26e3579ce1eb868f4a192a3ee4949b32b7a2a82c51c76e1dccbe3dc344ab2bd0c25926cc895159c81adb425f97a94a47f400a014416d88eaea42b31c6e3489cd47d298ca59b51395b117f2ad8aac03f42ba7862e80fc52f80b9f6b74308575814ea393148a3418a9fd0a5e267c2ebcc6cbdeca21697dd8058c08573ab755562d04527231d3a07c4d1541e220d1bbb1f12bd0603095f424712c3d0fffb1b93db3d5dca94a9ac4da6492191ce552f43c1b256cfb7f1275eec7c553befcb4675f5e2fe47e551f46073808057ff1862f0bc2d8c2cd29864ba6b941a4a05a18149a1651b9dd5cd95671e7f9304c38e7c7a783f2facd2f8f2d2fb825bb24cb858ff6eef413ae73a1e5aa10022a40327b4bf747035e4b81faf4638e087406e491eda167c7001032c81a412adbe71ecebbfbc23d6c3e5f3f68c7f1132c467d4d99c0fa96be292c250b8a61752fce4f5cd7a740ed88c647c160d65b4c2a3306263a16ff85990939ad61671deff7780e8137e33b245115e8a59905f3fb9fc7fa309dc400bd30e44497b3f8febbd4611888510e9eda54d0fcfd1126f785295002013437f4edd81ee600d772fc7e17199fd390db20348a915deff330aba6e11ae6acdd014226f3defbb80e519ed8e07e864a72c2f2bede0d98d6454f9eef12e034d7d985fd70e4f1ef0ffd158bb89cf8fef89e561f5afa4466c5ed0c0d42eb90e924d17931cf7e25801fcfc100172d0499409e39764baa7ecda6a0f7c0c46d390f3c3a470e967e7e2108b7063fb84c5d005c54a18e29611704e781393d419268e9c5be6a9ab9d973040d7fe62e27995a69eacff5ca0eecea61fb9873a280f87b87dc45bd6266d1e06329ace766a5655571ebbbd649b72842358a75cf85e9ad343c532d63b4fd7d78e271f7f2ce0dd6e22792dae70bf4bdd0f885043be2e9fd887d87bddbdbe5adec9b55b224bba89c1cfd8cad372b1f955e4d67fd296b081e838ed058055d6ed81da5e7240bd9a8b0404063da9ac80d04beff6435e6572be137b83d9fc9eff710513e6c77c19cb330f50105938a772941442185032287b8f5abf8afb1db09f436a48f018ac8709f5c07753c190d94563c7aa59294be89c56aeb014da8fe97a52f29d4edeca72fc9caec2b966b4609e6584ba7a8545dbf815cedb81871eeb7e0e23f74de3ef2213772dfa1d18d66ed8cb4a7a3943bae9e54e3bd26ef7ac5e4be219b5e03e14283a4ab38ad03273c0566c51c625d1d10756e1a6b3903d95c3e10b73875fea4b6fa60d1cc03f74ef0a1213cddb74b38e905fb54532fc052d47eca1eeaf6030f66b111b74ce5552efdc964acf4aefb2b0e71e5dba24238a2adbdc528ce0caece1b1862802c05c6b39329af84c0c33eed1706796fab71dd28db57f9f14956b35c34a22c8dfabf0a4c3da443c80c4f50926e46c60432f7363c87784f482845f9f800a19fd1957f888bd110948693948231356f52b943b3523e5c3488343732b4e433966943f035740f9bbc76b3c800193d8a9642aafec3051c69b7eed8485ba5bee0155c795be6566e9148b125490561ea4b350cc75c04724abe356cb235c673563bc5cb587cfdc528f0118f3def41fefaa107f1deba75e84a36d284e4e62519635dc8c2cc1ac88ea467869f28bc1ff637e2f88dc9bb91c262e8a97b9541ea363167119e56be3dffb61de26ab480e68f77b2e6a98c3f292a1391649b450f1d5ae292b4d73b4d8efe0eeb64e5085e58817e5404c697bd8033296891a7276632bb31bc25dd5b973d4bc534cf15c9e9ce5aee3e1e9fb40b817ce628235130636202754e17e3e302bea56d68a60dae958f43236408bf226065d78de840e8b12b7bb88e0bdd2093f9a78eed06693847349b679b3b5e78a0fb2ed53dff92cdc8f13478dbda3ec738ab0356909393f833facd5fc745990b08710b973278867f55b44a8f2a5bea92133c981e80df1471e658c85a31df012fb759caa6c4c09640b912dc2da52a6bd1dd0a51e12e541c2bd08c8f7a7623de25af8433397d5b4869df9c9a5de958196a6c6a8c1e2850755e2238d526e5cfbbf45c7daeb7c49adb04051283c7d1fb5691e23a42506719f729b8a76c3b6a5700ce437551675b4dfc1b1d7d5cfc3779b5d6929bb4ce23cb89cd84dfb16ba436b77a308a578f2043feee00c0eddec1a050d6ec9a60b07aaf8dcf46df5f8d10e634f386253a61522b2ecfdbba445e5e3bc789ec2826196ab797c4a9756a68d095844dcb04d7cf6945ff5a819de7f89c3d67eb725f067a13e1435bd91742c7e622a142f930e140de08e2db2078f3c65f68e56ba087fa9668420c0c13e9377cc499aea4d5c78fd77ab46849a8190dac8dc8484420edcdda4180364909b92c19b83b6d15cfa10f6d4be642f5732b314d5a8c7f588095dba2cbc60d6db2e5fe85a81e64e1c770dcd7dd5dbc2794e8ab2b61aa9b13715a42d6a7d62919f347107d69d9ec354c58238d863a9ddc10ddc0d0983319cce80b03f5cfe1ed25d73d7493df30067e91245d16b7cd461e0e6f16e2d2b5d50e396e8a0dac03aeb26ee64f6590a74add1515c57442de4ad2de6439411fc4be6f411424494cb611372e343bc2b262025f466c5b4f81fc5ebf2bdb309b24f572dfe408509d03395ac94450f7d636badd1cf6f4dceca3363274be3c19b715fe058444b8d54fa984169071afbc162a672808cb055e877ea92bbe388ea2c687a2b9419e7c557cdee3edaf7e4480a8e8ec40e8404fc20bd9d44eff3b3d3107f3f602a6c1d3f89f00dede76f0418af893f49887ca8b2d0d1a51456221fd7429e193b1781e608e5db6f2cfa3805c43dd0b62da526d3b0006973d17e22ccf75b6a8d5aaca3f9e3951e1a3656e689f5837f37658c9511c458050174accc2729a5decf99b72e81e4385662c2b6857e395fcb28da9328be7254fa88807b4c5f2ae2161e7392c1758662c8d390703794b9fa499209201e4927b7f9648d22eb48a31723b673995fafa3b7e1b0ac9e39fdc46d4d2dc70a36a3c9870e102275b8a322fb8778690cab757a4569b300578531ec9299e49f18ba97e19277bd854f24bb50d1a52f2f11430f11ec93e156dd433a3f6725b0bef8546754cbec1dd3e6f4c663c1ce650d7b34846cad5ec1d2f28167d04182a9439fcd6a314d6a8e3ba06000000e960785f380ec4219650275d584c597a39c28f37863fad3709111f3c78bd8d09d1a654a7fb3f3a154287ce86209c58e92df115ea7a6c4f0b85372499d99999edb2c472cfd95f2dbe10465d84fdb1c1f7437c51da62e3c5f520e32354c051020ff7a64ea11a8ccebecd25d1a2fbfbd67017fa4d1c86853ae5ed672b1517e03a1b37f8b3ed7b0de7874a60836eaa6c291e10a242e5cab95811f24b6129d752b6bf1889a8eaa912f44945738fb59641da98bf60c164a5e07ccbe635e602e4dc8d5fe9ee5cb8339fcec866dd8c0f82268678c07d555137818b41a0c59dd598af643f1b68ceebd48e961350f71ca783bf443c73d6c46dcea725326d0c1f91ee642f3519172f187db5abf3be5bbe742cafabfa325189802a3e6d4ba03f7be595e6ef1f01db7cd1d503952a15ecfecebabc3d36f2bde73ce84a0246ef16d5cdc15ecd60dc24f4bbac4e65ef0c64169a891a249281a65cf999648d3bd8618bc0a6fb26ead8d72dc9f9c27222ac12b2c7d51c94e01b5a81a10e568cd5550b3cb3ceca708c18eca5185c24bf8cc691cd997eb738710eae317c3f985267d861ab50301c07860b093eb5cde8fddd771f77ca80bbe7b272a633da76913743f1ce7b437a88f0fbf9a79aed7bfd47a958203de97b2f7c31f90a815e9cc51b4d5eafb0bbc40d57f9b427b6ea4b32bc095caa8e807475f63811f8d97255102707f4521f7732b5eefdb3fa668e24254c7cce9d1198e50c2e59d36309bbc2fccfd26e96b0b0bfe1bcc54d24439db11c5d368ab6ad501939dd617b0dcb01174b4f53ebf32a6e1b20f95a1c42959a852f14d8320c45fde33f63e68a715df19150633b97f01e15896d210ef3fa0694085e86238c00bfe40dff755fac670eb409a6fa7b33cb4f2a84622665866f027ce0496bce5d23925c4f27b49e7e2ed71f85ac2f44c4eb2ba63217a4eb35807d0adc6c5663ae35e6a801f1134a025ce4a09893de1ec09b73371b83cadf59c0484d67444f0568c371763f50f907f647c42073b6e33410833655cab54ab30aacf7fd6b844d65aee21d5a27ed2c679cf60c81a4a344af54bdd366d22a350ec2bae282844a5a6c7a8307b6b90c4eae5e755e0c6ea0f033b1b59ff674726c1748301b3c5a90c435b0faa632d6465a7d42a3757a1f3c5dfdfc278b46ff7d78f9ca4af89f8fae5e9f4b089bae2d605d", 0x1000}], 0x1) (fail_nth: 1) sendmmsg$sock(r2, 0x0, 0x0, 0x0) [ 78.581964][ T5094] Bluetooth: hci0: command tx timeout [ 78.974808][ T5109] loop0: detected capacity change from 0 to 32768 [ 79.097601][ T5109] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,compression=lz4,nojournal_transaction_names [ 79.114415][ T5109] bcachefs (loop0): recovering from clean shutdown, journal seq 7 [ 79.117679][ T5109] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.12: rebalance_work_acct_fix [ 79.117679][ T5109] running recovery passes: check_allocations [ 79.176056][ T5109] invalid bkey u64s 11 type alloc_v4 0:14:0 len 0 ver 0: [ 79.176081][ T5109] gen 0 oldest_gen 0 data_type journal [ 79.176089][ T5109] journal_seq 1 [ 79.176096][ T5109] need_discard 1 [ 79.176102][ T5109] need_inc_gen 1 [ 79.176109][ T5109] dirty_sectors 256 [ 79.176116][ T5109] stripe_sectors 0 [ 79.176122][ T5109] cached_sectors 0 [ 79.176129][ T5109] stripe 67108864 [ 79.176136][ T5109] stripe_redundancy 0 [ 79.176142][ T5109] io_time[READ] 1 [ 79.176148][ T5109] io_time[WRITE] 1 [ 79.176154][ T5109] fragmentation 0 [ 79.176161][ T5109] bp_start 8 [ 79.176167][ T5109] [ 79.176173][ T5109] invalid data type (got 2 should be 7): delete?, fixing [ 79.261378][ T5109] bcachefs (loop0): accounting_read... done [ 79.268455][ T5109] bcachefs (loop0): alloc_read... done [ 79.270417][ T5109] bcachefs (loop0): stripes_read... done [ 79.272391][ T5109] bcachefs (loop0): snapshots_read... done [ 79.282083][ T5109] bcachefs (loop0): check_allocations... [ 79.291048][ T5109] btree ptr not marked in member info btree allocated bitmap [ 79.291068][ T5109] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 75277f57b0c8c24 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 79.314802][ T5109] btree ptr not marked in member info btree allocated bitmap [ 79.314817][ T5109] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 19bc58a6c09b6540 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 79.336128][ T5109] btree ptr not marked in member info btree allocated bitmap [ 79.336141][ T5109] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c18f4a4face03c6 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 79.355764][ T5109] btree ptr not marked in member info btree allocated bitmap [ 79.355778][ T5109] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7675f41d391e5d36 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 79.374628][ T5109] btree ptr not marked in member info btree allocated bitmap [ 79.374642][ T5109] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq bcb9905dfb2993d5 written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 79.395290][ T5109] btree ptr not marked in member info btree allocated bitmap [ 79.395304][ T5109] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9a831b4a3f983356 written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 79.416421][ T5109] bucket 0:14 gen 0 has wrong data_type: got free, should be journal, fixing [ 79.419834][ T5109] bucket 0:14 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 79.436199][ T5109] done [ 79.445474][ T5109] bcachefs (loop0): going read-write [ 79.455553][ T5109] bcachefs (loop0): journal_replay... done [ 79.503174][ T5109] bcachefs (loop0): resume_logged_ops... done [ 79.505484][ T5109] bcachefs (loop0): delete_dead_inodes... done [ 79.518586][ T5109] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 79.521933][ T5109] bcachefs (loop0): resume_logged_ops... done [ 79.525597][ T5109] bcachefs (loop0): delete_dead_inodes... done [ 79.535266][ T5109] bcachefs (loop0): done starting filesystem [ 79.558416][ T24] audit: type=1800 audit(1727034332.910:2): pid=5109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file0" dev="loop0" ino=536870913 res=0 errno=0 [ 79.627752][ T5109] ================================================================== [ 79.631011][ T5109] BUG: KASAN: slab-use-after-free in bch2_direct_write+0x2a70/0x3160 [ 79.634099][ T5109] Read of size 8 at addr ffff88804dc250a0 by task syz.0.0/5109 [ 79.637043][ T5109] [ 79.637999][ T5109] CPU: 0 UID: 0 PID: 5109 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0 [ 79.641749][ T5109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.645651][ T5109] Call Trace: [ 79.646904][ T5109] [ 79.647990][ T5109] dump_stack_lvl+0x241/0x360 [ 79.649811][ T5109] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.651714][ T5109] ? __pfx__printk+0x10/0x10 [ 79.653450][ T5109] ? _printk+0xd5/0x120 [ 79.654990][ T5109] ? __virt_addr_valid+0x183/0x530 [ 79.656871][ T5109] ? __virt_addr_valid+0x183/0x530 [ 79.658795][ T5109] print_report+0x169/0x550 [ 79.660636][ T5109] ? __virt_addr_valid+0x183/0x530 [ 79.662691][ T5109] ? __virt_addr_valid+0x183/0x530 [ 79.664702][ T5109] ? __virt_addr_valid+0x45f/0x530 [ 79.666841][ T5109] ? __phys_addr+0xba/0x170 [ 79.668599][ T5109] ? bch2_direct_write+0x2a70/0x3160 [ 79.670694][ T5109] kasan_report+0x143/0x180 [ 79.672463][ T5109] ? bch2_direct_write+0x2a70/0x3160 [ 79.674557][ T5109] bch2_direct_write+0x2a70/0x3160 [ 79.676545][ T5109] ? __pfx_bch2_direct_write+0x10/0x10 [ 79.678697][ T5109] bch2_write_iter+0x194/0x2480 [ 79.680654][ T5109] ? __pfx_lock_acquire+0x10/0x10 [ 79.682697][ T5109] ? mark_lock+0x9a/0x360 [ 79.684386][ T5109] ? __lock_acquire+0x1384/0x2050 [ 79.686367][ T5109] ? __pfx_bch2_write_iter+0x10/0x10 [ 79.688405][ T5109] do_iter_readv_writev+0x600/0x880 [ 79.690371][ T5109] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 79.692539][ T5109] ? rcu_read_lock_any_held+0xb7/0x160 [ 79.694745][ T5109] vfs_writev+0x376/0xba0 [ 79.696488][ T5109] ? __pfx___mutex_trylock_common+0x10/0x10 [ 79.698895][ T5109] ? rcu_is_watching+0x15/0xb0 [ 79.700848][ T5109] ? __pfx_vfs_writev+0x10/0x10 [ 79.702763][ T5109] ? vfs_write+0x7bf/0xc90 [ 79.704476][ T5109] ? __fdget_pos+0x24e/0x320 [ 79.706267][ T5109] do_writev+0x1b1/0x350 [ 79.707934][ T5109] ? __pfx_do_writev+0x10/0x10 [ 79.709874][ T5109] ? do_syscall_64+0x100/0x230 [ 79.711747][ T5109] ? do_syscall_64+0xb6/0x230 [ 79.713676][ T5109] do_syscall_64+0xf3/0x230 [ 79.715450][ T5109] ? clear_bhb_loop+0x35/0x90 [ 79.717300][ T5109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.719633][ T5109] RIP: 0033:0x7f6d8737def9 [ 79.721406][ T5109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.728899][ T5109] RSP: 002b:00007f6d8820d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 79.732173][ T5109] RAX: ffffffffffffffda RBX: 00007f6d87535f80 RCX: 00007f6d8737def9 [ 79.735316][ T5109] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000004 [ 79.738515][ T5109] RBP: 00007f6d8820d090 R08: 0000000000000000 R09: 0000000000000000 [ 79.741696][ T5109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 79.744995][ T5109] R13: 0000000000000000 R14: 00007f6d87535f80 R15: 00007ffe05fba538 [ 79.748177][ T5109] [ 79.749456][ T5109] [ 79.750413][ T5109] Allocated by task 5109: [ 79.752085][ T5109] kasan_save_track+0x3f/0x80 [ 79.753938][ T5109] __kasan_mempool_unpoison_object+0x9e/0x160 [ 79.756319][ T5109] remove_element+0x129/0x1a0 [ 79.758121][ T5109] mempool_alloc_noprof+0x54e/0x5a0 [ 79.760202][ T5109] bio_alloc_bioset+0x26f/0x1130 [ 79.762147][ T5109] bch2_direct_write+0x5a3/0x3160 [ 79.764103][ T5109] bch2_write_iter+0x194/0x2480 [ 79.765957][ T5109] do_iter_readv_writev+0x600/0x880 [ 79.767940][ T5109] vfs_writev+0x376/0xba0 [ 79.769647][ T5109] do_writev+0x1b1/0x350 [ 79.771305][ T5109] do_syscall_64+0xf3/0x230 [ 79.773192][ T5109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.775630][ T5109] [ 79.776596][ T5109] Freed by task 5109: [ 79.778261][ T5109] kasan_save_track+0x3f/0x80 [ 79.780173][ T5109] kasan_save_free_info+0x40/0x50 [ 79.782145][ T5109] __kasan_mempool_poison_object+0xaa/0x120 [ 79.784335][ T5109] mempool_free+0x1c8/0x390 [ 79.786057][ T5109] bch2_direct_write+0x2a59/0x3160 [ 79.788068][ T5109] bch2_write_iter+0x194/0x2480 [ 79.790029][ T5109] do_iter_readv_writev+0x600/0x880 [ 79.792075][ T5109] vfs_writev+0x376/0xba0 [ 79.793789][ T5109] do_writev+0x1b1/0x350 [ 79.795452][ T5109] do_syscall_64+0xf3/0x230 [ 79.797258][ T5109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.799589][ T5109] [ 79.800465][ T5109] The buggy address belongs to the object at ffff88804dc24fc0 [ 79.800465][ T5109] which belongs to the cache bio-119 of size 1192 [ 79.805416][ T5109] The buggy address is located 224 bytes inside of [ 79.805416][ T5109] freed 1192-byte region [ffff88804dc24fc0, ffff88804dc25468) [ 79.810635][ T5109] [ 79.811481][ T5109] The buggy address belongs to the physical page: [ 79.813872][ T5109] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4dc24 [ 79.817095][ T5109] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 79.820102][ T5109] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 79.822856][ T5109] page_type: f5(slab) [ 79.824306][ T5109] raw: 04fff00000000040 ffff88804dc20000 dead000000000122 0000000000000000 [ 79.827328][ T5109] raw: 0000000000000000 00000000800c000c 00000001f5000000 0000000000000000 [ 79.830433][ T5109] head: 04fff00000000040 ffff88804dc20000 dead000000000122 0000000000000000 [ 79.833558][ T5109] head: 0000000000000000 00000000800c000c 00000001f5000000 0000000000000000 [ 79.836620][ T5109] head: 04fff00000000002 ffffea0001370901 ffffffffffffffff 0000000000000000 [ 79.839836][ T5109] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 79.843272][ T5109] page dumped because: kasan: bad access detected [ 79.845720][ T5109] page_owner tracks the page as allocated [ 79.847776][ T5109] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5109, tgid 5108 (syz.0.0), ts 79065382011, free_ts 0 [ 79.854927][ T5109] post_alloc_hook+0x1f3/0x230 [ 79.856637][ T5109] get_page_from_freelist+0x3045/0x3190 [ 79.858682][ T5109] __alloc_pages_noprof+0x256/0x6c0 [ 79.860689][ T5109] alloc_pages_mpol_noprof+0x3e8/0x680 [ 79.862769][ T5109] alloc_slab_page+0x6a/0x120 [ 79.864525][ T5109] allocate_slab+0x5a/0x2f0 [ 79.866217][ T5109] ___slab_alloc+0xcd1/0x14b0 [ 79.867913][ T5109] __slab_alloc+0x58/0xa0 [ 79.869528][ T5109] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 79.871481][ T5109] mempool_init_node+0x1ee/0x4e0 [ 79.873313][ T5109] mempool_init_noprof+0x3a/0x50 [ 79.875195][ T5109] bioset_init+0x2e8/0x820 [ 79.876907][ T5109] bch2_fs_fs_io_direct_init+0x67/0x90 [ 79.878913][ T5109] bch2_fs_alloc+0x1eab/0x20b0 [ 79.880657][ T5109] bch2_fs_open+0x8cc/0xdf0 [ 79.882325][ T5109] bch2_fs_get_tree+0x731/0x1700 [ 79.884142][ T5109] page_owner free stack trace missing [ 79.886061][ T5109] [ 79.886913][ T5109] Memory state around the buggy address: [ 79.889660][ T5109] ffff88804dc24f80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 79.892675][ T5109] ffff88804dc25000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.895607][ T5109] >ffff88804dc25080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.898497][ T5109] ^ [ 79.900429][ T5109] ffff88804dc25100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.903247][ T5109] ffff88804dc25180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.905900][ T5109] ================================================================== [ 80.233968][ T5109] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 80.236840][ T5109] CPU: 0 UID: 0 PID: 5109 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0 [ 80.240666][ T5109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.244619][ T5109] Call Trace: [ 80.245894][ T5109] [ 80.246975][ T5109] dump_stack_lvl+0x241/0x360 [ 80.248763][ T5109] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.250743][ T5109] ? __pfx__printk+0x10/0x10 [ 80.252541][ T5109] ? preempt_schedule+0xe1/0xf0 [ 80.254454][ T5109] ? vscnprintf+0x5d/0x90 [ 80.256097][ T5109] panic+0x349/0x880 [ 80.257592][ T5109] ? check_panic_on_warn+0x21/0xb0 [ 80.259571][ T5109] ? __pfx_panic+0x10/0x10 [ 80.261329][ T5109] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 80.263609][ T5109] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 80.266057][ T5109] ? print_report+0x502/0x550 [ 80.267955][ T5109] check_panic_on_warn+0x86/0xb0 [ 80.269927][ T5109] ? bch2_direct_write+0x2a70/0x3160 [ 80.271853][ T5109] end_report+0x77/0x160 [ 80.273397][ T5109] kasan_report+0x154/0x180 [ 80.274974][ T5109] ? bch2_direct_write+0x2a70/0x3160 [ 80.276830][ T5109] bch2_direct_write+0x2a70/0x3160 [ 80.278716][ T5109] ? __pfx_bch2_direct_write+0x10/0x10 [ 80.280818][ T5109] bch2_write_iter+0x194/0x2480 [ 80.282719][ T5109] ? __pfx_lock_acquire+0x10/0x10 [ 80.284712][ T5109] ? mark_lock+0x9a/0x360 [ 80.286441][ T5109] ? __lock_acquire+0x1384/0x2050 [ 80.288430][ T5109] ? __pfx_bch2_write_iter+0x10/0x10 [ 80.290518][ T5109] do_iter_readv_writev+0x600/0x880 [ 80.292584][ T5109] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 80.294731][ T5109] ? rcu_read_lock_any_held+0xb7/0x160 [ 80.296832][ T5109] vfs_writev+0x376/0xba0 [ 80.298543][ T5109] ? __pfx___mutex_trylock_common+0x10/0x10 [ 80.300879][ T5109] ? rcu_is_watching+0x15/0xb0 [ 80.302719][ T5109] ? __pfx_vfs_writev+0x10/0x10 [ 80.304563][ T5109] ? vfs_write+0x7bf/0xc90 [ 80.306309][ T5109] ? __fdget_pos+0x24e/0x320 [ 80.308102][ T5109] do_writev+0x1b1/0x350 [ 80.309736][ T5109] ? __pfx_do_writev+0x10/0x10 [ 80.311520][ T5109] ? do_syscall_64+0x100/0x230 [ 80.313384][ T5109] ? do_syscall_64+0xb6/0x230 [ 80.315256][ T5109] do_syscall_64+0xf3/0x230 [ 80.317073][ T5109] ? clear_bhb_loop+0x35/0x90 [ 80.318945][ T5109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.321236][ T5109] RIP: 0033:0x7f6d8737def9 [ 80.322972][ T5109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.330360][ T5109] RSP: 002b:00007f6d8820d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 80.333623][ T5109] RAX: ffffffffffffffda RBX: 00007f6d87535f80 RCX: 00007f6d8737def9 [ 80.336705][ T5109] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000004 [ 80.339791][ T5109] RBP: 00007f6d8820d090 R08: 0000000000000000 R09: 0000000000000000 [ 80.342877][ T5109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.345865][ T5109] R13: 0000000000000000 R14: 00007f6d87535f80 R15: 00007ffe05fba538 [ 80.348806][ T5109] [ 80.350215][ T5109] Kernel Offset: disabled [ 80.351791][ T5109] Rebooting in 86400 seconds..