program: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000100)={0x6, 0xdc4, 0xffffffff00000000}) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000000314230c2abd7000ff05df250900020073797a310000000008004100727865001400330073797a5f74756e"], 0x38}, 0x1, 0x0, 0x0, 0x48845}, 0x4010) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r3}}, 0x30) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x4e28, 0x711, @private1, 0x206}, {0xa, 0x4e21, 0x0, @empty, 0x8}, r3, 0x8}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f00000002c0)={0x4, 0x8, 0xfa00, {r3, 0x5}}, 0x10) r4 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) write$RDMA_USER_CM_CMD_CONNECT(r2, &(0x7f0000000380)={0x6, 0x118, 0xfa00, {{0xfffffffd, 0xffff, "4ca4625e00b5aa95a443d782d859cb2df816a3bc9bd3bf1d11d8b4a7ba9fc6dfb72a8a253215874b349abc806123fd11b1d23eb79cf0385a4cd7b494621f0b26b593bbccdfdf13dbc79be9e9f18b5fb46b9d5a74d7a6dd151c0f37b9e89825f2f99217fb0091568ce14c98b5b462555908260a0e7c7c33fc1ba12df6d0d8fc11847c4b29bd4752fa53802767e26e11475a905215a4d1cfb8a8cc88d605e68145d97c3c2836b7935b66b3583d6633efe51a9cb5426092d85d47a8ca52fe5b7c2083596186c5b4e98f1052759d2233c3fb1e62e4333f0898f89b770b6abe57c92ba6f0e1c64a714686c6f22f7c8f6f79ee56c56d09e95001654229a197d0462e6f", 0x2, 0x4, 0x5, 0x3, 0xfe, 0x0, 0x0, 0x1}, r3}}, 0x120) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000240)={[{@inodes_32bit}, {@shared_inode_numbers}, {@errors_continue}, {@grpquota}, {@nocow_enabled}, {@nochanges}, {@prjquota}, {@acl}, {@acl}]}, 0x1, 0x5989, &(0x7f00000002c0)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkIMpjVIlBCILZW/FBhk4o3ucROAaHkIuUgTjYsaEVkS0IliYAECSIHPijAhVNOJTj5g7gwddiKiyq4GIUy4ccJzsamuPioK0ydfYd9Vb7CHCoDOsrl817tTr/RbO/09uzMrH7A51PS9rw3Pd/37e43Pf3ezO4EAAAA3heeu2PnoctO+YPv/OX4O7f+4T9vvS0MlKfqq3GFwXR509HKkCOpt7J8apntF79x89d+Mnzt7337kf6vvntg4+mbfvD7J1z7xGcv3n//3z399qLHfvVaUdzYn84+XE7eSEKofuvgX3/+wAsnT9YlIYRyMrg3hKXJsqeXJpkQI78IIWxMC+XK9Dsffee8TZPL2+7unVa/JBNEf39/q6b9bM+hG88JP/zd9bd/b8U3/rFn3+t7D6+SVBv6UwiLr258fE/6vy8tx962PD44Xa4LIfQ3PO7CgrzOaDH/1TnlU9PlgnQ5UBAn3r8yUy5l1suWo57Msr+gvU7l5dHuekUWZsrZk1Gn8vKM9UvT5TfT5dlzjF+O/5NQSkKlnv6W5HAfCQ3HLQnJ1LGs1sul+rEN6fZnykmmXMqUyz2Z7ZpqN+1o5SSZXh/Xy9TH03ElrT+98VzdxOU59R9Il9X0ifpuLIfsjZqBGTfq2zUl5nVwllyOhFLDOahZfb2fpQdjIK0bSJbNeMxEE/G+A+vvWVXe8Mxzgzl5JI8kafxkah/NNf6e7y5d+Jmv33VD3rFNri6l8Uttxf/RJS++eeVdX/ny8rz498X45bbin/tk/xuXPHvHyrz9E7drIFTaij/22vP3rjjxmn25+T8Q93+1reM7uv/F3kWHnnwq9/iOxP3T11b+r1708R8//PLjr+fGDzF+f1vxN+zf/oXeoUNn5cZ/Ku6fgfb6z1v71r4yNPTT4bz4L8X4i9qK/9De+z/64JK7L849vuvi/hlsK/6lZz5x+8JDj5+W+/x6oFuvnADvTyek11h3puXZxpm9s4wzO9UwXvjb4UrtunVh+n9RNxvKXHxOtrO4m/EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRw0jn/+RP/81ODb1TScm9649VSbRnrF4SQ9IUQdu4a27Fr87brhj97/Q07to1tGR7bNTy+bdeO3cPn/9bwjvHtW8Z2T9478qHzao9bFpLaMjltRtu9ExMTpcHpdbG9f3Pmvh+uuvB//yyEkZO+P1TJzX/1/VsfPLHJz4xkdOJjW2+47PsX/EO6XYNpXoNN8pqYmJgIOXn9nyt++eBfHfzJWSGM/NpseT3/6u/8y7SEpioOx0mVekMtod6kv2ke9azTfOL+qmzavGV8ZPb9O/n4cs52/NubX//Fppu++Mva/q3mbkeL+7dvdGJL6W/WX/r//uaWWkVRXvXtyOQ138e9aH/HrYj5xf1XTff34nS7FudsVyVnf9/xvade/tYpd729N4xU3loxs+2i7epJO0BP8oGW2o0t9CdLp9VX0/XjEY+PW71r6/bVO3fv+dDmrWPXjV83vu0ja85fs3bkgrUXrJ7a8tVd3v7Y/q+3uP2t9qdsu3PrT0v+bO8348/W+lNRXkX7YzKv4v3RmFEmr0VTP/tGJ/ov//yXPnL/s5fVqov6eVy7/jxMl/2Tx3lNaOhvM/dVs+0q2g8hhOFm++HNty8OJ/+3zbcXnYcaj0zjz4xkdOKFlT//hwv/fvlv1yqOyHm+MaE2z/P1rA/nM7W/qunxmDhG929vKKfbNdA0rzUvPNtzz3M/+/N6fgsWhJvGdu3asab2c2Ga6cLk1KZ5ZWvjdq2Y+lkO6W4J9W7apL9O6gm1/LLnz7h6dq8OpPcNJMuabldWvO/A+ntWlTc881zenk4eqbXYF5+4yQdz1tySeWC5nnCz9o/V519R/xj6xN8/9qnH/un8Gf3j3NrPou1KcrbrGy8/9KWvfvHf/1P3tusTv/Pi4M//+5+uqlUcL+eVetZpPknjeeXcEIqefytC8+3Iff6Vmm9P0fMv287h9ZvHG86UB0K5+PlaDTOer+c+2f/GJc/esTL3+Xqw1efrLdNK5YLn67HSf7LPr6QyPY/5e35N6yjJ6MS37zxh79O3rjulVlHUr+trN+vX57Uw/sjZrn+58pWh64f/3X/t3nnja7/16FU/GBv9i1pF+8c95tKd415N9281Z//Ws47jzsb9++Frr9+ysVZ/1K9/a5pc/6bLgvFPPJXs3L3nc2Nbtozv2NnadrX6ehrbye7ldl9P49ltWcF2lWZs1/zdaGV/tfp8i/lvbHt/TX++DYSkreu4Pd9duvAzX7/rhsEZj0oburqUxi+1Ff9Hl7z45pV3feXLufHvi/ErbcUfe+35e1eceM2+3PgPJGn8alvxR/e/2Lvo0JNP5cYfifn3tRX/1Ys+/uOHX3789dz4IcYfaG//v7Vv7StDQz/Njf9SkrYzeY0UwqPvnLepVk5CT/p8i3n0TMsrZMtJplzKlMuN5VJtrrXeQDlJptfH9dL60xtyaeZPcurjVVh1eW35biyH7I3Z6481pYZzf7P6outUAID3uvj+f7wGje//j6cXSvkzDXBYp+Ow5Tlx4zjs8HzOgmn3L0/jx8fHecChD4eRyeVtw7UL/bm+jxCfD9l5ztjOWWdMjzGXec5SODzPWTT/vjJTjnnV5ssrDePQ1MxxTSW0MP8+s53Z598zm188Pz5854y0hhvmrbLHryedMWv2eYdMvpXJCHn9IzsvFj/PMbQ4rJtqr8X+kf0cTTwO2c/RxHZOyZw42/0cTaf9I6Y9S/+YSrn4/Y2Zxy/Msn8PH7/m0bLHbw7Huzq5/ny/P9uFecOmp7QjN2/YwvthTeK3+n5YfV5ydOY6s8V/v8xLHuvzhrE+bkelxfnET+XUtzKf2DgvlzefGE8XMa+Ds+RyJJhPBN6r4vg/vkZMjv8nL8D/b2a9ouvQ7FVjjJf7OaFy83yKxh0zP6fX39br+Ib927/QO3TorNzrnKda/dzP9mml/oLP/RTtx1WZcuF+zJmgKRrvZdsp2u/Zz2UMhEVt7feH9t7/0QeX3H1x7n5fV3shLd7vX5pWWlSw34+D8ULz+O+18YLPMUyP36XPMRTNnx218Uj6waf5Go/8cU79XD/f0D/jRn27phx345GeI5sXAHD86E3H//X3z9Lx//+IK6TXEUXj1rOzcdNl7rg15/okb9z6R+nypsz6A+lvVMz1uvnSM5+4feGhx0/LHbc80Oo49D9MKw0WjkM7GzfnjiPWdefz4rnjiPo4q7NxYm7+9XFiZ+P03Pj1cXpn4+jc/VMfR88+D9CTEz/OA+TGr88DHO/j3IL5ukxjsdjqfN17dhyd/vrsfI2jL8+pn+s4emDGjfp2TTGOBgA4uuL7//EyLo7/n82s1+n77Lnjgi5dt2f/Hkg9/ktHalzZ2fu/xeO++R63zve4fr7nJY73cfF8zwvN7zzZ+35cnDb6/hsX9x2x3AAA6Fwc/8eruPzxf2fjk2bjt55p4xPj86bxjc+PkfH58T7/dVTH/6Pv+fF/LIfsjZr37vgfAIDjSRz/x197jH//7z+l5ezfrTdOz4lvnG6cPlv/eWvf2ocHWxmnd3+eLfgcwNGdB2h4i9w8AAAAR0PP1Ehp5u/ZfzpdZn/PPu/38q/MWb9VlfTy+JpdO8bHr7ph+8axXeNXbbt+4/jOq27csXnXrvFttfU6HTfmjlvScWNPqKT7o/l62XHbkvTvISzJ+XsI2fVj2FOnbsz8ewjZZvsK/o7A4ePXWr55x680y/rN+kfe8c6L/yc560f143/tn5571aadV23etnnX5rEtm/eMT19vctTaP4fvzYy7ZU7fl5r5MUNp7t/f2Z08SjPy6En3R973syeZPJammSzN+/6DnLy/81/+6s/OnPjlwyGMnFT+YEf7Lxmd+I9XjP/Rrue+v30y/75Z86+vmeZV9H2l2fXj9lS2XL9z1zmbrr9hW/YbJdsT5zNK9fI8zWekT/9yi/MTG3Lq5/o5hfKMG8emlucnAACYJr7/H69n4/uHX0wvoGJ96+P0zt4/zh2nj0wfp+f91mn2e8mKxunZ9eP2tjpOr3Y4Ts+2XzROb7Z+s3F63rg7L/4f56w/V633k84+55HbT65ubT4n+30GRf0ku/5c+0nSYT/Jtl/UT5qt36yf5B33vPifzFk/T+v9obPP5eT2h/ta6w+/mSkX9Yfs+nPtD6UO+0O2/aL+ENcfb1i/WX/IO7558S/LWb9V0/vHZMeY6hfjV914/Y7PNaw3399/0Xl+8/v9H+1qPf/5/dzX/Oc/v58rm//8O/v9r9z8X+psJqz1/Of3+13adcTma9MPmxV9/qxoHnd9Tv1c53EXzLhxbDKPC0dPHP/Ht3vi+P/udNntt4GO/+9J8z1mTeN36XvMiq5jvJ7P0tgxwOs5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGt6K8unls/dsfPQZaf8wXf+cvydW//wn7fe9hs3f+0nw9f+3rcf6f/quwc2nr7pB79/wrVPfPbi/ff/3dNvL3rsV68VBh6c+lk5Oy1WQ0jeSEKofuvgX3/+wAsnT9YlIYRyMrg3hKXJsqeXJpkII78IIWys5zn9zkffOW/T5PK2u3un1S/JBMluVxgox3wa8wzhpsIt4jhUTfvZnkM3nhN++Lvrb//eim/8Y8++1/ceXiWpNvSnEBZf3fj4nhBCX/p/Uuxty+OD0+W6EEJ/w+MuLMjrjBbzX51TPjVdLkiXAwVx4v0rM+VSZr1sOerJLPsL2utUXh7trldkYaacPRl1Ki/PWL80XX4zXZ49x/jl+D8JpSRU6ulvSQ73kdBw3JKQTB3Lar1cqh/bkG5/ppxkyqVMudyT2a6pdtOOVk6S6fVxvUx9PB1X0vrTG8/VTVyeU/+BdFlNn6jvxnLI3qgZmHGjvl1TYl4HZ8nlSCg1nIOa1dcPfHowBtK6gWTZjMdMNBHvO7D+nlXlDc/05eWRPJKk8ZO24u/57tKFn/n6XTcsz4t/dSmNX2or/o8uefHNK+/6ypdz498X45fbin/uk/1vXPLsHSsH8+IfjPun0lb8sdeev3fFidfsy83/gRi/2lb80f0v9i469ORTufmPxP3T11b8Vy/6+I8ffvnx13Pjhxi/v634G/Zv/0Lv0KGzcuM/FffPQHv95619a18ZGvrpcF78l2L8RW3Ff2jv/R99cMndF+ce33Vx/wy2Ff/SM5+4feGhx0/LO3cmD3TrlRPg/emE9BrrzrTc7jizUw3jhb8drtSu+Ram/xd1s6GMyXYWz2N8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADem/71lvM/fcXHPrm+koSQ5Kwz0US8r7xgdHS4jXbHXnv+3hUnXrOvsW55G3EAAACAYnEcXqrXVMPycGPSF05tun6cIzg1lpLp9dk5hBgnO0fQbpxSl+KUuxSn0kKcvhbi9HQpnwVditPbpTjVgjjV0FqcvlniVCZ7RYv59M+aT+txBroUZ2GX4izqUpzFXYqzpEtxBmeN03o/XNqlOMu6FOeELsU5sUtxTupSnF+bW5zBvDgndymf7JzyXPvhonTNU/LiTN0oF8apJOX6Hc3m009O2zmtw3YGCtpZVPR63GI7fS22c0bmcaU5tlNtsZ1f77CdpMV2frPDdkoF7cR+e1M2v9hOLLXY/3d3Kc6ezuL8r3i9dXOX8rmlS3H+vEtx/qJLcW7tME62DJAnjv8Pj/cGQ2/lt0N/esbJzgLE8e6KqZ8zX+/yTkAx3gcz9QuK4mUH6pl4K+aaX3YCIRNvZaa+Z1q8Sn08Mku8amO8VZk7C7c3O6GQye/sTH1vUbzsxAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzKN/veX8T1/xsU+uD0mY/NfURBPxvvKC0dHhNto9sP6eVeUNzzzXWNdbaSMQAAAAUCiOw3vqNdXQW1kTepMF09arpvMA1bRcHqwthxaHdZPLZLg0Ve5Pls76uEr6uNW7tm5fvXP3ng9t3jp23fh149s+sub8NWtHLlh7wepNm7eMj9R+htBbEC+EMDX9sHP3ns+NbdkyvmNnrTKb//L0ccvTcpI+bujDYWRyeVua/7KC9koz2tv9ykW1uw7XdOlGwaEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/j+7dhci51X/Afw8M7Mz023z7/7p2zQ02yEvJWrRJG4l1dJ9QLDQJiFLQWaqawk2weKmCW1SYh3bgG1NUISWQIjkwkgsthZv+mKL2BcCkRoNuDFIW7QXeqG0WklLLiRlJLtzZmcmM5l1LE0bP5+L55k553fOb85cLHyfHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAzddG5usjE9Uh5MQkh419S7iXDafpuUB+n75+a3fL4yeXN46VsgNsBEAAADQV8zhQ82RYijksiEbrpx5t/j0Jd+YCHO5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+N8zXRubrIxPVC9MQkh61NS7iHPZfJqWB+j7xjtPfubV0dG/to6VBtgHAAAA6C/m8ExzpBhKYUkYSq5sq4vPBhZ2rO+si/ssmmdd57ODXnVL5ll3zTzrPtanbl3jviMAAADAR1/M/7nmyEgo5Bb0zP/9cn2su7qjLtu4D/JbAQAAAOC/E/N/oTlSCoVcqZnX55v3F3fUxfX9/m8f1y/rsb7f//PXNu7+Tw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHx3TtbHJyvhENZuEkPSoqXcR57L5NC0P0HfVC8N/v+XQQ4tbxwq5ATYCAAAA+oo5fC56F0MhNxyGwoUzuX/0pv1Pf/HpZ8dCCLMxP58POzZs23b3qtlrrFt55NDQ9w6/9a3mNrFu5ez1nBwOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4X03XxiYr4xPVC5IQkh419S7iXDafpuUB+r7+uS/8+fHjz73ZOlYaYB8AAACgv5jD57J/MZRCPuTD5TPvWrP+aZmO9b2eGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnj3u+cd/XN0xNbbzbCy+88KL54lz/ZQIAAN5vV4ck1P9DV6w/158aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4MJiujU1WxieqxSSEpEdNvYs4l82naXmAvunzRwsLTr7wUgghE8dKA50AAAAA6Cfm8LnsXwylMBSGwmUz77o9E5jJ/yMf4IcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPlSma2OTlfGJ6oIkhKRHTb2LOJfNp2l5gL6P7dz32YMXf/fm1rFCboCNAAAAgL5iDs83R4qhkPt4KISrGu+n2hck2ca9+3OBuXVb25YNz3tdrW1ddt7rdnWcLNc4zey6YtxvZPbeXFc+c125ZV0pNNuX29aFPW2rFvT5nAEAAADOoZj/C82RkVDIFVpy7k/a6kfkXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgh+na2GRlfKKaJCEkPWrqXcS5bD5NywP0ve83/3/RV366e3vrWGmAfQAAAID+Yg6fy/7FUAqLwv+FRTO5P4y018e6f1ROHXz0n39ZHsKKy4+N5jq3/WF88avXb3yx8xJCpr06E8LFjX5Jj36//t2j9y6tn3o8hBWXZa86o184e7859Xo5SevPVDau3Xb42Nb+3w8AAACcD2L+H2qOjIRC7q6e+T8m7z75v2kmgF98786fX9q4NhJ5x4pMofE7g0yPfp9f+uSflq3+21un8//Z+n1q3+aDl7Y1nB3pkKT18c3b1x277kAmnnr2vNmO/vF7+dI33/zXph2PnJrtXwzFxvjCXLf+Z147XJDWpzJ7q2ve21tr75/rcf6HfvvS8V8u3P3u6f7vXD3c7H/NWc5/9v7Dtz685/p9h9a19w8hlLv1f/vdm8MVf7jzwc7zD3ds3PrNt147JGn9yOITB1bvL93Q3j/p6B+//58df2zPjx/5zrOxf/ytyPIl8+2f6ej/yq5Ldr78wPqF7f0zPc7/4m2vjm4pf/v3nee/o23XXM9Pceb5n7j2qdtf25De3zkFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwfpmujU1WxieqmSSEpEdNvYs4l82naXmAvm/ccvTt23b/6AetY6UB9gEAAAD6izl8LvsXQynkQz4Mz+T+Zyob1247fGxrGJmdTRr33NSWe7Z9YtOW7XfdcY4+OQAAADBfMf/nmiMjoZBbGoYa+X988/Z1x647kIn5PxPz/6Y7pzauCM26V3ZdsvPlB9YvbD4nCGHmZwHF03Wfnqu76cajIyf++LVlXetWzdUdWXziwOr9pRtiXWitWxmazyeeuPap21/bkN7f/HytdZ/86papxuOJuO/wrQ/vuX7foXXNczTuw419Y91UZm91zXt7a7Eu27gXG+cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM40XRubrIxPVEM2hKRHTb2LOJfNp2l5gL5rlv7iwYtOPreodayQG2AjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Dc7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2K+f0DjKPg7gz7ObvNlmkzZpXzAqpmlVlHqwKIjoRUVFWpGCp0qRamsPoiCIKPVgKq1YquJFsHopooIapaBgY7G0Sir+K148qKBQPQilGNAuxYNKdp/ZbqY7rk6qoH4+MDx5npn5zm/meXY2CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8owz0jTXbwzvub9xyzg0fPXrXiUdueufebRc9/Op3E5uu+3Dv4EsnZzav2PLl9cs27b97zfTu5w/9NPzWL0d7Bj/Ualalbi2EeDyGUHt39pnHZj4+a24shhCqcWQyhNG49NBozCWs/jmEsLld5/ydb564fMtcu23XwLzxJbmQ/H2FejWrp2Vkfr38u9TSOtvaePCS8PW167d/uvyN1/unjk2eOiTWOtZTCIs3dp7fH0JYlLY52Woby05O7boQwmDHeVf2qOv8P1j/pQX9c1P7v9TWe+Rk+1fm+pXccfl+pj/XDva43kIV1VH2uF6Gcv38y2ihiurMxkdT+3ZqV/3J/Gq2xVCJoa9d/j3x1BoJHfMWQ2zOZa3dr7TnNqT7z/Vjrl/J9av9uftqXjcttGqM88ez43Lj2eu4L42v6HxXd3FrwfjZqa2lD+rJrB/yf7TUT/ujfV9NWV2zv1PL36HS8Q7qNt6e+DQZ9TRWj0tPO+fXLrJ9M+ufuLC64b3DIwV1xL0x5cdS+Vs/GR26/bWdD4wV5W+spPxKqfxv1h754badLzxXmP90ll8tlX/ZgcHja9/fsbLw+cxmz6evVP4dRz94cvn/75zqNtfN/D1Zfq1U/jXTRwaGGwcOFta/Ons+i0rlf3X1jd++8vm+Y4X5IcsfLJW/Yfq+pwbGGxcX5h9sfRTqzRVaYv38OHXFF+Pj308U5X+WPf/hLvmxZ/7Lk7uvenHJrjWF63Nd9nxGStV/8wX7tw819p1X9O6Me87UNyfAf9Oy9D/W46lf9nfmQnX8Xnh2oq/1DTSUtuEzeaGcuess/gvzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA3duCABAAAAEDQ/9ftCBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeCoAAP//iHIkBQ==") [ 85.177445][ T4708] Bluetooth: hci0: command tx timeout [ 86.194289][ T5367] infiniband syz1: set active [ 86.280431][ T5367] infiniband syz1: added syz_tun [ 86.577760][ T50] cfg80211: failed to load regulatory.db [ 86.662526][ T5367] RDS/IB: syz1: added [ 86.664745][ T5367] smc: adding ib device syz1 with port count 1 [ 86.678801][ T5367] smc: ib device syz1 port 1 has pnetid [ 87.223853][ T4708] Bluetooth: hci0: command tx timeout [ 87.534341][ T5368] loop0: detected capacity change from 0 to 32768 [ 87.663630][ T5368] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,grpquota,prjquota,nochanges,nojournal_transaction_names,read_only [ 87.663648][ T5368] allowing incompatible features above 0.0: (unknown version) [ 87.663654][ T5368] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 87.742459][ T5368] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 87.746502][ T5368] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 87.754271][ T5368] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 87.754290][ T5368] has non ptr field, deleting [ 87.772379][ T5368] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 87.781375][ T5368] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 87.781375][ T5368] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 87.781375][ T5368] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 87.836243][ T5368] bcachefs (loop0): accounting_read... done [ 87.842655][ T5368] bcachefs (loop0): alloc_read... done [ 87.845303][ T5368] bcachefs (loop0): snapshots_read... done [ 87.851082][ T5368] bcachefs (loop0): check_allocations... [ 87.854006][ T5368] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 87.854033][ T5368] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 87.872089][ T5368] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 87.872105][ T5368] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 8 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 87.887807][ T5368] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 87.887823][ T5368] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 87.911560][ T5368] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 87.911578][ T5368] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 87.929090][ T5368] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.938825][ T5368] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.951409][ T5368] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.956803][ T5368] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 87.967916][ T5368] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 87.998501][ T5368] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 88.006011][ T5368] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 88.013543][ T5368] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 88.022555][ T5368] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 88.030709][ T5368] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 88.041522][ T5368] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 88.047717][ T5368] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 88.052747][ T5368] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 88.056590][ T5368] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 88.063186][ T5368] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 88.067094][ T5368] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 88.072471][ T5368] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 88.078123][ T5368] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 88.084590][ T5368] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 88.093713][ T5368] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 88.104794][ T5368] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 88.104809][ T5368] Ratelimiting new instances of previous error [ 88.123736][ T5368] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 88.123752][ T5368] Ratelimiting new instances of previous error [ 88.166380][ T5368] done [ 88.193208][ T5368] bcachefs (loop0): going read-write [ 88.243976][ T5368] bcachefs (loop0): journal_replay... [ 88.266208][ T5367] syz.0.0 (5367) used greatest stack depth: 19496 bytes left [ 88.314051][ T5368] done [ 88.315631][ T5368] bcachefs (loop0): check_extents_to_backpointers... [ 88.324167][ T5368] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 88.336655][ T5368] done [ 88.341662][ T5368] bcachefs (loop0): check_subvols... done [ 88.345781][ T5368] bcachefs (loop0): check_inodes... done [ 88.351917][ T5368] bcachefs (loop0): check_dirents... [ 88.353564][ T5368] bcachefs (loop0): key in missing inode, found keys: [ 88.353588][ T5368] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir [ 88.353596][ T5368] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg [ 88.353604][ T5368] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg [ 88.353612][ T5368] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 88.353620][ T5368] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir [ 88.353628][ T5368] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg [ 88.353635][ T5368] , fixing [ 88.445343][ T5368] bcachefs (loop0): hash table key at wrong offset: should be at 359024543459997554 [ 88.445358][ T5368] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 88.499566][ T5368] bcachefs (loop0): dirent points to missing inode: [ 88.499596][ T5368] u64s 7 type dirent 4096:359024543459997554:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 88.559141][ T5368] bcachefs (loop0): hash table key at wrong offset: should be at 3304726950761784880 [ 88.559158][ T5368] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 88.599364][ T5368] bcachefs (loop0): hash table key at wrong offset: should be at 1563907286643691712 [ 88.599381][ T5368] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 88.643067][ T5368] bcachefs (loop0): dirent points to missing inode: [ 88.643081][ T5368] u64s 7 type dirent 4096:3304726950761784880:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 88.673084][ T5368] bcachefs (loop0): hash table key at wrong offset: should be at 3100528435920558462 [ 88.673099][ T5368] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 88.697028][ T5368] bcachefs (loop0): hash table key at wrong offset: should be at 139023544655412710 [ 88.697042][ T5368] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 88.745701][ T5368] bcachefs (loop0): hash table key at wrong offset: should be at 7224482109228644815 [ 88.745717][ T5368] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 88.784938][ T5368] bcachefs (loop0): directory with wrong i_nlink: got 0, should be 1 [ 88.784952][ T5368] (disconnected), fixing [ 88.814160][ T5368] bcachefs (loop0): key in missing inode, found keys: [ 88.814174][ T5368] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk [ 88.814184][ T5368] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg [ 88.814193][ T5368] , fixing [ 88.879458][ T5368] bcachefs (loop0): key in missing inode, found keys: [ 88.879473][ T5368] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg [ 88.879481][ T5368] , fixing [ 88.936024][ T5368] bcachefs (loop0): check_dirents requires second pass [ 88.948225][ T5368] bcachefs (loop0): dirent points to missing inode: [ 88.948238][ T5368] u64s 8 type dirent 4096:139023544655412710:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 88.976990][ T5368] bcachefs (loop0): dirent points to missing inode: [ 88.977005][ T5368] u64s 7 type dirent 4096:1563907286643691712:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 89.019177][ T5368] bcachefs (loop0): dirent points to missing inode: [ 89.019191][ T5368] u64s 7 type dirent 4096:3100528435920558462:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 89.063088][ T5368] ================================================================== [ 89.067121][ T5368] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 89.087792][ T5368] Read of size 1 at addr ffff888055a40118 by task syz.0.0/5368 [ 89.100698][ T5368] [ 89.103921][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 89.103941][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.103950][ T5368] Call Trace: [ 89.103958][ T5368] [ 89.103965][ T5368] dump_stack_lvl+0x189/0x250 [ 89.103984][ T5368] ? __kasan_check_byte+0x12/0x40 [ 89.104001][ T5368] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.104015][ T5368] ? lock_release+0x4b/0x3e0 [ 89.104036][ T5368] ? __virt_addr_valid+0x4a5/0x5c0 [ 89.104052][ T5368] print_report+0xca/0x240 [ 89.104065][ T5368] ? bch2_check_dirents+0x1fac/0x33f0 [ 89.104076][ T5368] kasan_report+0x118/0x150 [ 89.104091][ T5368] ? bch2_check_dirents+0x1fac/0x33f0 [ 89.104102][ T5368] bch2_check_dirents+0x1fac/0x33f0 [ 89.104117][ T5368] ? bch2_check_dirents+0x2f1/0x33f0 [ 89.104130][ T5368] ? desc_read+0x1b8/0x3f0 [ 89.104142][ T5368] ? prb_first_seq+0xfd/0x1a0 [ 89.104153][ T5368] ? __pfx_bch2_check_dirents+0x10/0x10 [ 89.104164][ T5368] ? __pfx_prb_first_seq+0x10/0x10 [ 89.104176][ T5368] ? desc_read+0x1b8/0x3f0 [ 89.104188][ T5368] ? this_cpu_in_panic+0x4f/0x80 [ 89.104199][ T5368] ? _prb_read_valid+0xa07/0xa90 [ 89.104210][ T5368] ? console_flush_all+0x13a/0xc40 [ 89.104224][ T5368] ? up+0xde/0x150 [ 89.104305][ T5368] ? __console_unlock+0x14c/0x1a0 [ 89.104318][ T5368] ? __pfx___console_unlock+0x10/0x10 [ 89.104334][ T5368] ? prb_read_valid+0x3c/0x60 [ 89.104346][ T5368] ? console_unlock+0x21b/0x270 [ 89.104357][ T5368] ? __pfx_console_unlock+0x10/0x10 [ 89.104371][ T5368] ? vprintk_emit+0x63e/0x7a0 [ 89.104388][ T5368] ? __bch2_print+0x176/0x220 [ 89.104402][ T5368] ? bch2_check_dirents+0x2f1/0x33f0 [ 89.104415][ T5368] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.104427][ T5368] __bch2_run_recovery_passes+0x3bd/0x1060 [ 89.104447][ T5368] bch2_run_recovery_passes+0x184/0x210 [ 89.104460][ T5368] bch2_fs_recovery+0x2690/0x3a50 [ 89.104476][ T5368] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 89.104490][ T5368] ? __lock_acquire+0xab9/0xd20 [ 89.104508][ T5368] ? __mutex_trylock_common+0x153/0x260 [ 89.104521][ T5368] ? __lock_acquire+0xab9/0xd20 [ 89.104540][ T5368] ? __lock_acquire+0xab9/0xd20 [ 89.104561][ T5368] ? bch2_fs_start+0xa0f/0xda0 [ 89.104575][ T5368] ? up_write+0x1c4/0x420 [ 89.104588][ T5368] ? bch2_fs_start+0x5e7/0xda0 [ 89.104600][ T5368] bch2_fs_start+0xaaf/0xda0 [ 89.104614][ T5368] ? bch2_fs_start+0x5e7/0xda0 [ 89.104627][ T5368] ? __pfx_bch2_fs_start+0x10/0x10 [ 89.104644][ T5368] ? sget+0x267/0x620 [ 89.104657][ T5368] bch2_fs_get_tree+0xb39/0x1520 [ 89.104676][ T5368] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 89.104693][ T5368] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 89.104713][ T5368] vfs_get_tree+0x8f/0x2b0 [ 89.104727][ T5368] do_new_mount+0x2a2/0x9e0 [ 89.104744][ T5368] ? ns_capable+0x8a/0xf0 [ 89.104756][ T5368] ? __pfx_do_new_mount+0x10/0x10 [ 89.104770][ T5368] ? path_mount+0x61c/0xfe0 [ 89.104782][ T5368] ? user_path_at+0x44/0x60 [ 89.104795][ T5368] __se_sys_mount+0x317/0x410 [ 89.104812][ T5368] ? __pfx___se_sys_mount+0x10/0x10 [ 89.104828][ T5368] ? do_syscall_64+0xbe/0x3b0 [ 89.104840][ T5368] ? __x64_sys_mount+0x20/0xc0 [ 89.104855][ T5368] do_syscall_64+0xfa/0x3b0 [ 89.104867][ T5368] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.104879][ T5368] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.104890][ T5368] ? clear_bhb_loop+0x60/0xb0 [ 89.104903][ T5368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.104914][ T5368] RIP: 0033:0x7efcd2d9034a [ 89.104927][ T5368] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.104938][ T5368] RSP: 002b:00007efcd3ca7e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 89.104952][ T5368] RAX: ffffffffffffffda RBX: 00007efcd3ca7ef0 RCX: 00007efcd2d9034a [ 89.104960][ T5368] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007efcd3ca7eb0 [ 89.104968][ T5368] RBP: 00002000000000c0 R08: 00007efcd3ca7ef0 R09: 0000000000818001 [ 89.104975][ T5368] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 89.104983][ T5368] R13: 00007efcd3ca7eb0 R14: 0000000000005989 R15: 0000200000000240 [ 89.104994][ T5368] [ 89.105000][ T5368] [ 89.685521][ T5368] The buggy address belongs to the physical page: [ 89.689193][ T5368] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55a40 [ 89.699360][ T5368] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 89.708835][ T5368] page_type: f0(buddy) [ 89.723630][ T5368] raw: 04fff00000000000 ffffea0001596808 ffff88805ffd6f08 0000000000000000 [ 89.731905][ T5368] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 89.742604][ T5368] page dumped because: kasan: bad access detected [ 89.745947][ T5368] page_owner tracks the page as freed [ 89.748643][ T5368] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5368, tgid 5366 (syz.0.0), ts 88930516464, free_ts 89063008460 [ 89.775553][ T5368] post_alloc_hook+0x240/0x2a0 [ 89.777783][ T5368] get_page_from_freelist+0x21e4/0x22c0 [ 89.780383][ T5368] __alloc_frozen_pages_noprof+0x181/0x370 [ 89.794749][ T5368] alloc_pages_mpol+0x232/0x4a0 [ 89.797671][ T5368] ___kmalloc_large_node+0x5f/0x1b0 [ 89.802566][ T5368] __kmalloc_large_node_noprof+0x18/0x90 [ 89.807743][ T5368] __kvmalloc_node_noprof+0x6d/0x5f0 [ 89.810108][ T5368] btree_node_sort+0x666/0x1760 [ 89.822568][ T5368] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 89.825403][ T5368] bch2_btree_node_prep_for_write+0x337/0x650 [ 89.828278][ T5368] bch2_trans_lock_write+0x669/0xba0 [ 89.830785][ T5368] __bch2_trans_commit+0x2773/0x8870 [ 89.844053][ T5368] bch2_check_dirents+0x811/0x33f0 [ 89.846697][ T5368] __bch2_run_recovery_passes+0x3bd/0x1060 [ 89.853606][ T5368] bch2_run_recovery_passes+0x184/0x210 [ 89.862402][ T5368] bch2_fs_recovery+0x2690/0x3a50 [ 89.864652][ T5368] page last free pid 5368 tgid 5366 stack trace: [ 89.871773][ T5368] __free_pages_ok+0xa83/0xbe0 [ 89.875278][ T5368] free_large_kmalloc+0x13a/0x1f0 [ 89.882345][ T5368] btree_node_sort+0x117f/0x1760 [ 89.886727][ T5368] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 89.894254][ T5368] bch2_btree_node_prep_for_write+0x337/0x650 [ 89.902605][ T5368] bch2_trans_lock_write+0x669/0xba0 [ 89.910647][ T5368] __bch2_trans_commit+0x2773/0x8870 [ 89.919197][ T5368] bch2_check_dirents+0x1c5c/0x33f0 [ 89.925409][ T5368] __bch2_run_recovery_passes+0x3bd/0x1060 [ 89.931683][ T5368] bch2_run_recovery_passes+0x184/0x210 [ 89.941505][ T5368] bch2_fs_recovery+0x2690/0x3a50 [ 89.943648][ T5368] bch2_fs_start+0xaaf/0xda0 [ 89.945898][ T5368] bch2_fs_get_tree+0xb39/0x1520 [ 89.952767][ T5368] vfs_get_tree+0x8f/0x2b0 [ 89.954527][ T5368] do_new_mount+0x2a2/0x9e0 [ 89.962418][ T5368] __se_sys_mount+0x317/0x410 [ 89.964520][ T5368] [ 89.965711][ T5368] Memory state around the buggy address: [ 89.971596][ T5368] ffff888055a40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 89.975122][ T5368] ffff888055a40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 89.984711][ T5368] >ffff888055a40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 89.994356][ T5368] ^ [ 89.996811][ T5368] ffff888055a40180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 90.000229][ T5368] ffff888055a40200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 90.015072][ T5368] ================================================================== [ 90.042174][ T5343] Bluetooth: hci0: command tx timeout [ 90.091709][ T5368] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 90.096790][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 90.103102][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.113395][ T5368] Call Trace: [ 90.116277][ T5368] [ 90.119247][ T5368] dump_stack_lvl+0x99/0x250 [ 90.123161][ T5368] ? __asan_memcpy+0x40/0x70 [ 90.127132][ T5368] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.131223][ T5368] ? __pfx__printk+0x10/0x10 [ 90.136831][ T5368] vpanic+0x281/0x750 [ 90.139176][ T5368] ? preempt_schedule+0xae/0xc0 [ 90.142678][ T5368] ? __pfx_vpanic+0x10/0x10 [ 90.144523][ T5368] ? preempt_schedule_common+0x83/0xd0 [ 90.146818][ T5368] ? preempt_schedule+0xae/0xc0 [ 90.149825][ T5368] ? __pfx_preempt_schedule+0x10/0x10 [ 90.153411][ T5368] panic+0xb9/0xc0 [ 90.155158][ T5368] ? __pfx_panic+0x10/0x10 [ 90.157342][ T5368] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 90.161483][ T5368] ? bch2_check_dirents+0x1fac/0x33f0 [ 90.166392][ T5368] check_panic_on_warn+0x89/0xb0 [ 90.170868][ T5368] ? bch2_check_dirents+0x1fac/0x33f0 [ 90.175169][ T5368] end_report+0x78/0x160 [ 90.177508][ T5368] kasan_report+0x129/0x150 [ 90.179336][ T5368] ? bch2_check_dirents+0x1fac/0x33f0 [ 90.181559][ T5368] bch2_check_dirents+0x1fac/0x33f0 [ 90.183667][ T5368] ? bch2_check_dirents+0x2f1/0x33f0 [ 90.185875][ T5368] ? desc_read+0x1b8/0x3f0 [ 90.187717][ T5368] ? prb_first_seq+0xfd/0x1a0 [ 90.189613][ T5368] ? __pfx_bch2_check_dirents+0x10/0x10 [ 90.191848][ T5368] ? __pfx_prb_first_seq+0x10/0x10 [ 90.194191][ T5368] ? desc_read+0x1b8/0x3f0 [ 90.196190][ T5368] ? this_cpu_in_panic+0x4f/0x80 [ 90.198391][ T5368] ? _prb_read_valid+0xa07/0xa90 [ 90.200555][ T5368] ? console_flush_all+0x13a/0xc40 [ 90.212876][ T5368] ? up+0xde/0x150 [ 90.214443][ T5368] ? __console_unlock+0x14c/0x1a0 [ 90.216733][ T5368] ? __pfx___console_unlock+0x10/0x10 [ 90.223380][ T5368] ? prb_read_valid+0x3c/0x60 [ 90.225437][ T5368] ? console_unlock+0x21b/0x270 [ 90.227590][ T5368] ? __pfx_console_unlock+0x10/0x10 [ 90.229877][ T5368] ? vprintk_emit+0x63e/0x7a0 [ 90.242081][ T5368] ? __bch2_print+0x176/0x220 [ 90.244191][ T5368] ? bch2_check_dirents+0x2f1/0x33f0 [ 90.247856][ T5368] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.250093][ T5368] __bch2_run_recovery_passes+0x3bd/0x1060 [ 90.255649][ T5368] bch2_run_recovery_passes+0x184/0x210 [ 90.268029][ T5368] bch2_fs_recovery+0x2690/0x3a50 [ 90.270155][ T5368] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 90.288436][ T5368] ? __lock_acquire+0xab9/0xd20 [ 90.290703][ T5368] ? __mutex_trylock_common+0x153/0x260 [ 90.293177][ T5368] ? __lock_acquire+0xab9/0xd20 [ 90.295336][ T5368] ? __lock_acquire+0xab9/0xd20 [ 90.297524][ T5368] ? bch2_fs_start+0xa0f/0xda0 [ 90.299861][ T5368] ? up_write+0x1c4/0x420 [ 90.315671][ T5368] ? bch2_fs_start+0x5e7/0xda0 [ 90.317816][ T5368] bch2_fs_start+0xaaf/0xda0 [ 90.319854][ T5368] ? bch2_fs_start+0x5e7/0xda0 [ 90.322004][ T5368] ? __pfx_bch2_fs_start+0x10/0x10 [ 90.324349][ T5368] ? sget+0x267/0x620 [ 90.326126][ T5368] bch2_fs_get_tree+0xb39/0x1520 [ 90.328393][ T5368] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 90.330832][ T5368] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 90.349260][ T5368] vfs_get_tree+0x8f/0x2b0 [ 90.351748][ T5368] do_new_mount+0x2a2/0x9e0 [ 90.354495][ T5368] ? ns_capable+0x8a/0xf0 [ 90.356608][ T5368] ? __pfx_do_new_mount+0x10/0x10 [ 90.358852][ T5368] ? path_mount+0x61c/0xfe0 [ 90.360732][ T5368] ? user_path_at+0x44/0x60 [ 90.362694][ T5368] __se_sys_mount+0x317/0x410 [ 90.364648][ T5368] ? __pfx___se_sys_mount+0x10/0x10 [ 90.366753][ T5368] ? do_syscall_64+0xbe/0x3b0 [ 90.368723][ T5368] ? __x64_sys_mount+0x20/0xc0 [ 90.388380][ T5368] do_syscall_64+0xfa/0x3b0 [ 90.390450][ T5368] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.392829][ T5368] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.395610][ T5368] ? clear_bhb_loop+0x60/0xb0 [ 90.397629][ T5368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.400187][ T5368] RIP: 0033:0x7efcd2d9034a [ 90.412345][ T5368] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.436367][ T5368] RSP: 002b:00007efcd3ca7e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 90.439594][ T5368] RAX: ffffffffffffffda RBX: 00007efcd3ca7ef0 RCX: 00007efcd2d9034a [ 90.455766][ T5368] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007efcd3ca7eb0 [ 90.459043][ T5368] RBP: 00002000000000c0 R08: 00007efcd3ca7ef0 R09: 0000000000818001 [ 90.462473][ T5368] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 90.465740][ T5368] R13: 00007efcd3ca7eb0 R14: 0000000000005989 R15: 0000200000000240 [ 90.483747][ T5368] [ 90.485403][ T5368] Kernel Offset: disabled [ 90.487186][ T5368] Rebooting in 86400 seconds..