program: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000e00)=@newqdisc={0x48, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x3}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0xa}]}}]}, 0x48}}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) syz_emit_ethernet(0x6a, &(0x7f00000002c0)={@local, @empty, @val={@void, {0x8100, 0x1, 0x1, 0x4}}, {@ipv6={0x86dd, @udp={0x0, 0x6, "a24b9f", 0x30, 0x2b, 0xff, @remote, @local, {[@routing={0x3a, 0x2, 0x2, 0x1, 0x0, [@mcast1]}], {0x4e22, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x0) setsockopt$inet6_int(r3, 0x29, 0x24, &(0x7f00000000c0)=0x5, 0x4) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) write$binfmt_script(r3, &(0x7f0000000280)={'#! ', '', [], 0x8, "2c36ce35fe800000000000009d94165f433d388e6577f86274e326d04670000000002c00"}, 0x5ac) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x818001, &(0x7f0000000100)=ANY=[@ANYBLOB='discard,acl,errors=continue,inline_data,fsck,nochanges,nocow,nocow_e\\abled,fix_errors=no,\x00'], 0x1, 0x5964, &(0x7f0000005b80)="$eJzs3X+QXFW9IPBzu3synZn8mAR4RJDJEMh7PHiaCb8K5dUz762/CpCKhaWEjcJAJhhNQioJQgJKcMGFAiy0tBT1D7SQWjRSVMEqkRL5sQmrKMXqUltIra7oVrmFLCmBSFmuszUz9/T03Ok7t6e7JyTw+RTM7XP69Pece+7pO/ecvpkOAAAAvCnsu3HbgfOPec9PPzv86nXv/+Gm60NveSy/Ggv0pdurX68WcjB1V5aMbbPj4h+u+c7vBy77t5/c1/Pt1/auO379r959xGUPfeKcPXd8/dFX5j/wt+eL4sbxdPJEOnkxCaH6o/1f/tzeJ48ezUtCCOWkb1cIi5LFjy5KMiEG/xJCWJcmfrtw8pP3v3ra+tHt9bd0T8rPFDPe3+Sq6TjbeeCqU8Kv/3XNDT9feu/3una/sGuiSFKtG08hLLik/vVd6f9z03QcbUvii9Pt6hBCT93rzipo1wlNtn9FTvrYdDsn3fYWxInPL8ukS5ly2XTUldn2FNTXrrx2tFquyLxMOnsyaldeO2P+onT7g3R78gzjl+P/SSgloVJr/sZkYoyEuuOWhGTsWFZr6VLt2IZ0/zPpJJMuZdLlrsx+jdWbDrRykkzOj+Uy+fF0XEnzj68/VzdwQU7+W9JtNX2jvhbTIftgXO+UB7X9GhPbtX+athwMpbpzUKP82jhLD0ZvmtebLJ7ympEG4nN719y6vLz2sX19Oe1I7kvS+MnYuJtp/J0/WzTvY9+9+colefEvKaXxS2PHYKbxf3PuUy9ddPO3vpYb//YYv9xS/FMf7nnx3MdvXJbXP3F49YZKS/GHnn/itqVHXro7t/13xv6vtnR8V+15qnv+gYcfyT2+g7F/5rYU/7mz3/u7e5558IXc+CHG72mpf9bu2fL57v4DJ+XGfyT2T29r4+fl3Wc+29//h4G8+E/H+PNbin/3rjveedfCW87JPb6rY//0tRT/vBMfumHegQePyzt3Jnd26jcnwJvTEek11k1perp5Zvc088x21c0XvjpQGb9unZf+P7+TFWUuPkfrWdDJ+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQQjjqlP/6vt9+uO/FSpruTh88Vxrfxvw5ISRzQwjbtg9t3b5h8+UDn7jiyq2bhzYODG0fGN68feuOgdP/aWDr8JaNQztGnx1822njr1sckvFtctyUurtHRkZKfZPzYn3/7sTdv15+1v/5YwiDR/2yv5Lb/hV3bLrryAY/M5JVI+/adOX5vzzjm+l+9aXt6mvQrpGRkZGQ067/e+Ff7/ri/t+fFMLg303Xriee+5cfT2rQWMZEnFSpO4w3qDvpadiOWqvT9sT+qqzfsHF4cPr+HX19OWc//v01L/xl/dVf+Ot4/1Zz96PJ/p27amRj6Strzvt/X7l2PKOoXbX9yLRrto97UX/HvYjti/1XTft7QbpfC3L2q5LT3zf+/JFnfnTMza/sCoOVl5dOrbtov7rSAdCVvKWpemMNPcmiSfnVtHw84vF1K7Zv2rJi246db9uwaejy4cuHN79j5ekrzxw848wzVozt+YoO73+s/++b3P9mx1O23pmNp4Wf2vWD+LO58VTUrqL+GG1XcX/Utyjv/ddzwee+9I47Hj9/PKNonMfStfdhuu0ZPc4rQ914m9pXjfarqB9CCAON+uGlV84JR/+PDTcUnYfqj0z9z4xk1ciTy/70zbO+seSfxzMOynm+vkEtnudrrZ5oz1h/VdPjMXKI9m93KKf71duwXSuffLzr1n1//HStfXPmhKuHtm/funL857y0pfOSYxu2K5sb92vp2M9ySLsl1IZpg/E6qiuMty97/ozFs73amz7XmyxuuF9Z8bm9a25dXl772L68nk7uG69xbpg/vk3emlNyY+aF5VqDG9V/qL7/Go6Pvol29b/vGw98+IHvnz5lfJw6/rNov5Kc/br3mbu/9O0v/Mfvd26/3vcvT/X96X9+fHnchcPjvFJrddqepP68cmoIRe+/paHxfuS+/0qN96fo/ZetZ6J843gDmXRvKBe/X6thyvv11Id7Xjz38RuX5b5f9zf7fr12Uqpc8H49VMZP9v2VVCa3Y/beX5MGSrJq5Cc3HbHr0etWHzOeUTSua6UbjevTmph/5OzXjy96tv+Kgf/w3zt33vjOP91/8a+GVn1mPKP14x7b0pnjXk37t5rTv7VWx3lnff++/bIrNq4bzz90r3/TbcH8J55Ktu3Y+cmhjRuHt25rbr+a/X0a68n2cqu/T+PZbXHBfpWm7NfsPWimv5p9v8X2r2u5vya/33pD0tJ13M6fLZr3se/efGXflFelFV1SSuOXWor/m3Ofeumim7/1tdz4t8f4lZbiDz3/xG1Lj7x0d278O5M0frWl+Kv2PNU9/8DDj+TGH4ztn9tS/OfOfu/v7nnmwRdy44cYv7e1/n9595nP9vf/ITf+00laz+g1Ugj3v3ra+vF0ErrS91tsR9ekdoVsOsmkS5l0uT5dGltrrdQqKCdJXX5duTT/+Lq2NPKRnPx4FVZdMr59LaZD9sH0+YeaUt25v1F+0XUqAMAbXfz8P16Dxs//h9MLpfyVBpjQ7jxsSU7cOA+bWM+ZM+n5JWn8+Pq4Dtj/9jA4ur1+YPxCf6afI8T3Q3adM9Zz0gmTY7S6zlm0/r4sk47tGl8vr9TNQ1NT5zWV0MT6+9R6pl9/z+x+8fr4wE1TmjVQt26VPX5d6YpZo/sdMu2tjEbIGx/ZdbF4P0f/grB6rL4mx0f2Ppp4HLL30cR6jsmcOFu9j6bd8RGbPc34GGty8ecbU49fmKZ/J45f42jZ4zeD410dLT/bn892YN2w4Snt4K0bNvF5WIP4zX4eVluXXDW1zHTx3yzrkq/PumFoet0w5sf9qDS5nvjhnPxm1hPr1+Xy1hPj6SK2a/80bTkYrCcCb1Rx/h9/R4zO/0cvwP+cKVd0HZq9aozxcu8TKjduT9G8Y+p9ej0t/R5fu2fL57v7D5yUe53zSLP3/WyZlOopuO+nqB+XZ9KF/ZizQNNovvfneydel62nqN+z92X0hvkt9fvdu+54510Lbzknt99Xj/8iLe73L01KzS/o98NgvtA4/httvuA+hsnxO3QfQ9H62es2H0lvfJqt+ciHcvJnen9Dz5QHtf0ac9jNR7oObrsAgMNHnP/XPj9L5///KxZIryOK5q0nZ9IxXu68Nef6JO9zyg+k26sz5XvTf1Ex0+vm80586IZ5Bx48Lnfecmez89D/NCnVVzgPbW/enDuPWN2Z+8Vz5xG1eVZ788Tc9tfmie3N03Pj1+bp7c2jc/unNo9ubx0gN35tHeBwn+cWrNdlKovJZtfr3rDz6PSfz87WPPqCnPyZzqN7pzyo7dcY82gAgNdXnP/Hy7g4/388U67dz9lz5wUdum7P/j2QWvynD9a8crbnfbM9b53tef1sr0sc7vPi2V4Xmt11sjf9vDit1LwYAIBDWZz/z03T+fP/9uYnjeZvXZPmJ+bnDeObnx8i8/PDff3L/N/n4sXM/wEA3tji/D/+s8f49//+S5rO/t168/Sc+Obp5unTjZ+m5+mdX2cL7gN4fdcB5k6Utw4AAMDroWtspjT139l/NN1m/5193r/LvyinfLMq6eXxpdu3Dg9ffOWWdUPbhy/efMW64W0XX7V1w/btw5vHy7U7b8ydt6Tzxq5QSfujcbnsvG1h+vcQFub8PYRs+Rj22LEHU/8eQrbauQV/R2Di+DXX3rzjV5qmfKPxkXe88+J/JKd8VDv+l3381IvXb7t4w+YN2zcMbdywc3hyudFZa88MvjczdsuMvi8182OK0sy/v7Mz7ShNaUdX2h9538+eZNqxKG3JorzvP8hp90//2xc/deLIX+8JYfCo8lvb6r9k1ch/vnD4A9v3/XLLaPvnTtv+Wsm0XUXfV5otH/ensvGKbdtPWX/FlZuz3yjZmrieUaqlZ2k9I337l5tcn1ibkz/T+xTKUx4cmppenwAAYJL4+X+8no2fH34hvYCK+c3P09v7/Dh3nj7Y3Dw9+71kRfP0bPm4v83O06ttztOz9RfN0xuVbzRPz5t358X/UE75mWp+nLR3n0fuOLmkuXGS/T6DonGSLT/TcZK0OU6y9ReNk0blG42TvOOeF/+DOeXzND8e2rsvJ3c83N7cePjHTLpoPGTLz3Q8lNocD9n6i8ZDo/KNxkPe8c2Lf35O+WZNHh+jA2NsXAxffNUVWz9ZV262v/+i/fbN7vd/tKr59s/ufV+z3/6Gnw8kebsQCzR7X9nst7+9+8py2/90eythzbd/dr/fpVUHbb02vdms6P6zonXcNTn5M13HnTPlwaHJOi68fuL8P37cE+f/t6TbTn8MdPh/T5rvMWsYv0PfY1Z0HeP3+TSVHQL8PgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoTndlydh2343bDpx/zHt++tnhV697/w83Xf8P13zn9wOX/dtP7uv59mt71x2//lfvPuKyhz5xzp47vv7oK/Mf+NvzhYH7xn5WTk6T1RCSF5MQqj/a/+XP7X3y6NG8JIRQTvp2hbAoWfzooiQTYfAvIYR1tXZOfvL+V09bP7q9/pbuSfkLM0Gy+xV6y7E99e0M4erCPeIwVE3H2c4DV50Sfv2va274+dJ7v9e1+4VdE0WSat14CmHBJfWv7wohzE3/HxVH25L44nS7OoTQU/e6swradUKT7V+Rkz423c5Jt70FceLzyzLpUqZcNh11ZbY9BfW1K68drZYrMi+Tzp6M2pXXzpi/KN3+IN2ePMP45fh/EkpJqNSavzGZGCOh7rglIRk7ltVaulQ7tiHd/0w6yaRLmXS5K7NfY/WmA62cJJPzY7lMfjwdV9L84+vP1Q1ckJP/lnRbTd+or8V0yD4Y1zvlQW2/xsR27Z+mLQdDqe4c1Ci/duDTg9Gb5vUmi6e8ZqSB+NzeNbcuL699bF9fTjuS+5I0ftJS/J0/WzTvY9+9+colefEvKaXxSy3F/825T7100c3f+lpu/Ntj/HJL8U99uOfFcx+/cVlu/+yP/VNpKf7Q80/ctvTIS3fntv/OGL/aUvxVe57qnn/g4Udy2z8Y+2duS/GfO/u9v7vnmQdfyI0fYvyeluKv3bPl8939B07Kjf9I7J/e1sbPy7vPfLa//w8DefGfjvHntxT/7l13vPOuhbeck3t8V8f+6Wsp/nknPnTDvAMPHpd37kzu7NRvToA3pyPSa6yb0nSr88x21c0XvjpQGb/mm5f+P7+TFWWM1rNgFuMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDG9ItrT//ohe/64JpKEkKSU2akgfhcec6qVQMt1Dv0/BO3LT3y0t31eUtaiAMAAAAUi/PwUi2nGpaEq5K54diG5eMawbExlUzOz64hxDjZNYJW45Q6FKfcoTiVDsXp6lCcOR2K092hONWCONXQXJy508SpjI6KJtvTM217mo/T26E48zoUZ36H4izoUJyFHYrTN22c5sfhog7FWdyhOEeMJ7vajXNkh9pzVIfi/F2H4hzdoTjZNeWZjsP5aclj8uKMPSgXxqkk5doTjdbTj07rOa7NenoL6plf9Pu4yXrmNlnPCZnXlWZYT7XJev6+zXqSJuv5xzbrKRXUE8ft1dn2xXpiqsnxv6NDcXa2F+d/x+utazrUnms7FOfTHYrzmQ7Fua7NOADNivP/ifleX+iu/HPoSc842VWAON9dOvZz6u+7vBNSjPfWTP6conjZiXom3tKZti+7gJCJtyyT3zUpXqU2H5kmXrU+3vLMk4X7m11QyLTv5Ex+d1G87MICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMyiX1x7+kcvfNcH14QkjP7X0EgD8bnynFWrBlqod++aW5eX1z62rz6vu9JCIAAAAKBQnId31XKqobuyMnQncyaVq6brANU0Xe4b3/YvCKtHt8lAaSzdkyya9nWV9HUrtm/asmLbjp1v27Bp6PLhy4c3v2Pl6SvPHDzjzDNWrN+wcXhw/GcI3QXxQghjyw/bduz85NDGjcNbt41nZtu/JH3dkjSdpK/rf3sYHN1en7Z/cUF9pSn17Xj27PGnJnI69KDg0AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/H927S5EzquMA/h5Z2ZnptvGrPRrGprNkI8StWgSt5Jq6b4gWGiTkKUgs9W1BJtgcdOENimxjk3AtiYoQksgRHJhJBZbizf9sEXsB4FIjQbcGKQt2gu9UFqtpCUXkjKS3TmzM5OZzDqWpk1/v4v3nTnnOeeZMxcL/3cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3ndT1ZGJyujY+GASQtKlptZBnMvm07TcR9+vPrf1h4XhU8ubxwq5PjYCAAAAeoo5fKAxUgyFXDZkw1XT7xafueTrE2E29wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB89U9WRicro2PjFSQhJl5paB3Eum0/Tch99X3/7ic+9Mjz89+axUh/7AAAAAL3FHJ5pjBRDKSwJA8lVLXXx2cCCtvXtdXGfhXOsa3920K1uyRzrrplj3Sd61K2r33cEAAAA+PCL+T/XGBkKhdy8rvm/V66PdYva6rL1ez+/FQAAAAD+PzH/FxojpVDIlRp5vXPe39l4H/P+4ra6uL7X/+3j+mVd1vf6f/7a+t3/6QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgw2OqOjJRGR0bzyYhJF1qah3EuWw+Tct99F31/OA/bzn84OLmsUKuj40AAACAnmIOn43exVDIDYaBcPF07h++6cBTX37qmZEQwkzMz+fDjg3btt29auYa61YePTzwgyNvfqexTaxbOXM9L4cDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADeU1PVkYnK6Nj4RUkISZeaWgdxLptP03IffV/7wpf++tiJZ99oHiv1sQ8AAADQW8zhs9m/GEohH/Lhiul3zVn/jEzb+m7PDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIALxz3fuu+bGyYnN97thRdeeNF4cb7/MgEAAO+1RSEJtf/RlevP96cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CKaqIxOV0bHxYhJC0qWm1kGcy+bTtNxH3/S5Y4V5p55/sXms1Mc+AAAAQG8xh89m/2IohYEwEC6fftfpmcB0/h96Hz8kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8IEyVR2ZqIyOjc9LQki61NQ6iHPZfJqW++j76K79nz80//s3N48Vcn1sBAAAAPQUc3i+MVIMhdwnQyFcXX8/2bogydbvnZ8LzK7b2rJscM7rqi3rsnNet7vtZLn6aWbWFeN+QzP3xrry2evKTetKodG+3LIu7G1ZNa/H5wwAAABwHsX8X2iMDIVCrtCUc3/WUj8k5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXUxVRyYqo2PjSRJC0qWm1kGcy+bTtNxH3/t+9/FLvvbzPdubx0p97AMAAAD0FnP4bPYvhlJYGD4WFk7n/jDUWh/r/lU5feiRf/9teQgrrjg+nGvf9sfxxW9eu/GF9ksImdbqTAjz6/2SLv1++4dH7l1aO/1YCCsuz159Vr9w7n6zarVyktaermxcu+3I8a29vx8AAAC4EMT8P9AYGQqF3F1d839M3j3yf8N0AJ9/765fXla/1hN524rMUL1fpku/Ly594i/LVv/jzTP5/1z9PrN/86HLWhrOjLRJ0tro5u3rjl93MBNPPdM/29Y/fi9f+fYb/9m04+HTM/2LoVgfX5Dr1P/sa5uL0tpkZt/4mnf3VVv757qc/8Hfv3ji1wv2vHOm/9uLBhv9rznH+c/df/DWh/Zev//wutb+IYRyp/5vvXNzuPJPdz7Qfv7Bto2bv/nma5skrR1dfPLg6gOlG1r7J2394/f/ixOP7v3pw997JvaPvxVZvmSu/TNt/V/efemul3auX9DaP9Pl/C/c9srwlvJ3/9h+/jtads11/RRnn//xa5+8/dUN6f3tUwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABeWqerIRGV0bDyThJB0qal1EOey+TQt99H39VuOvXXbnp/8qHms1Mc+AAAAQG8xh89m/2IohXzIh8Hp3P90ZePabUeObw1DM7NJ/Z6b3HLPtk9t2rL9rjvO0ycHAAAA5irm/1xjZCgUckvDQD3/j27evu74dQczMf9nYv7fdOfkxhWhUffy7kt3vbRz/YLGc4IQpn8WUDxT99nZuptuPDZ08s/fWNaxbtVs3dHFJw+uPlC6IdaF5rqVofF84vFrn7z91Q3p/Y3P11z36a9vmaw/noj7Dt760N7r9x9e1zhH/T5Y3zfWTWb2ja95d1811mXr92L93AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA2aaqIxOV0bHxkA0h6VJT6yDOZfNpWu6j75qlv3rgklPPLmweK+T62AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4L/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYb9+QuMo+ziAP89u8mabTdqkfcGomKZVUerBoiCiFxUVaUUKnipFqq09iIIgotSDqbRiqYoXweqliApqlIKCjcXSKqn4r3jxoIJC9SCUYkC7FA8q2X1mu5nuuDqpgvr5wPDkeWbmO7+Z59nZLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8oA31jzfbwjvsbt5xzw0eP3nXikZveuXfbRQ+/+t3Epus+3Dv40smZzSu2fHn9sk37714zvfv5Qz8Nv/XL0Z7BD7WaValbCyEejyHU3p195rGZj8+aG4shhGocmQxhNC49NBpzCat/DiFsbtc5f+ebJy7fMtdu2zUwb3xJLiR/X6FezeppGZlfL/8utbTOtjYevCR8fe367Z8uf+P1/qljk6cOibWO9RTC4o2d5/eHEBalbU622sayk1O7LoQw2HHelT3qOv8P1n9pQf/c1P4vtfUeOdn+lbl+JXdcvp/pz7WDPa63UEV1lD2ul6FcP/8yWqiiOrPx0dS+ndpVfzK/mm0xVGLoa5d/Tzy1RkLHvMUQm3NZa/cr7bkN6f5z/ZjrV3L9an/uvprXTQutGuP88ey43Hj2Ou5L4ys639Vd3FowfnZqa+mDejLrh/wfLfXT/mjfV1NW1+zv1PJ3qHS8g7qNtyc+TUY9jdXj0tPO+bWLbN/M+icurG547/BIQR1xb0z5sVT+1k9Gh25/becDY0X5Gyspv1Iq/5u1R364becLzxXmP53lV0vlX3Zg8Pja93esLHw+s9nz6SuVf8fRD55c/v87p7rNdTN/T5ZfK5V/zfSRgeHGgYOF9a/Ons+iUvlfXX3jt698vu9YYX7I8gdL5W+Yvu+pgfHGxYX5B1sfhXpzhZZYPz9OXfHF+Pj3E0X5n2XPf7hLfuyZ//Lk7qteXLJrTeH6XJc9n5FS9d98wf7tQ4195xW9O+OeM/XNCfDftCz9j/V46pf9nblQHb8Xnp3oa30DDaVt+ExeKGfuOov/wnwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDf2IEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeCgAA//9L2SYy") [ 85.509633][ T4701] Bluetooth: hci0: command tx timeout [ 86.224582][ T5361] loop0: detected capacity change from 0 to 32768 [ 86.496071][ T5361] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,fix_errors=no,nochanges,nojournal_transaction_names,read_only,nocow [ 86.496090][ T5361] allowing incompatible features above 0.0: (unknown version) [ 86.496097][ T5361] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 86.564318][ T5361] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 86.568934][ T5361] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 86.576273][ T5361] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=blacklist in superblock: invalid journal seq blacklist entry: bad size, fixing [ 86.621689][ T11] cfg80211: failed to load regulatory.db [ 86.685563][ T5361] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 86.685585][ T5361] has non ptr field, deleting [ 86.759997][ T5361] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 86.804910][ T5361] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 86.833964][ T5361] bcachefs (loop0): check_topology... done [ 86.855037][ T5361] bcachefs (loop0): accounting_read... done [ 86.876113][ T5361] bcachefs (loop0): alloc_read... done [ 86.884389][ T5361] bcachefs (loop0): snapshots_read... done [ 86.887860][ T5361] bcachefs (loop0): check_allocations... [ 86.890022][ T5361] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 86.890050][ T5361] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 86.926085][ T5361] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 86.926103][ T5361] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 86.963180][ T5361] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 86.963197][ T5361] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 86.997571][ T5361] bcachefs (loop0): bucket 0:28 data type btree ptr gen 0 missing in alloc btree [ 86.997588][ T5361] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 87.021750][ T5361] bcachefs (loop0): key version number higher than recorded 0 [ 87.021764][ T5361] u64s 5 type set 0:34:0 len 1 ver 8323072, not fixing [ 87.045477][ T5361] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 87.045494][ T5361] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 87.071242][ T5361] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 87.071256][ T5361] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 87.107852][ T5361] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 87.107868][ T5361] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing [ 87.134713][ T5361] bcachefs (loop0): bucket 0:37 data type btree ptr gen 0 missing in alloc btree [ 87.134728][ T5361] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing [ 87.173666][ T5361] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap [ 87.173682][ T5361] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 87.210898][ T5361] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree [ 87.210913][ T5361] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 87.248650][ T5361] done [ 87.253391][ T5361] bcachefs (loop0): going read-write [ 87.278673][ T5361] bcachefs (loop0): journal_replay... done [ 87.368834][ T5361] bcachefs (loop0): check_alloc_info... [ 87.369952][ T5361] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 87.369981][ T5361] device 0 buckets 9-16, fixing [ 87.400477][ T5361] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 87.400492][ T5361] device 0 buckets 24-25, fixing [ 87.432744][ T5361] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 87.432761][ T5361] device 0 buckets 26-28, fixing [ 87.455430][ T5361] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 87.455446][ T5361] device 0 buckets 31-33, fixing [ 87.464702][ T5361] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 87.464716][ T5361] device 0 buckets 34-36, fixing [ 87.490948][ T5361] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 87.490962][ T5361] device 0 buckets 38-39, fixing [ 87.510078][ T5361] done [ 87.511900][ T5361] bcachefs (loop0): check_lrus... [ 87.512556][ T5361] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 87.512568][ T5361] u64s 5 type set 18446462598867058688:6597069766690:0 len 0 ver 0 [ 87.512575][ T5361] for u64s 5 type deleted 0:6597069766690:0 len 0 ver 0, fixing [ 87.543930][ T5361] done [ 87.545445][ T5361] bcachefs (loop0): check_btree_backpointers... [ 87.546226][ T5361] bcachefs (loop0): backpointer for nonexistent alloc key: 0:27:0 [ 87.546238][ T5361] u64s 9 type backpointer 0:7077888:0 len 0 ver 0: bucket=0:27:0 btree=extents level=1 data_type=btree suboffset=0 len=256 gen=0 pos=SPOS_MAX, fixing [ 87.560583][ T4701] Bluetooth: hci0: command tx timeout [ 87.612127][ T5361] bcachefs (loop0): backpointer for nonexistent alloc key: 0:31:0 [ 87.612142][ T5361] u64s 9 type backpointer 0:8126464:0 len 0 ver 0: bucket=0:31:0 btree=xattrs level=1 data_type=btree suboffset=0 len=256 gen=0 pos=SPOS_MAX, fixing [ 87.633480][ T5361] bcachefs (loop0): backpointer for nonexistent alloc key: 0:34:0 [ 87.633495][ T5361] u64s 9 type backpointer 0:8912896:0 len 0 ver 0: bucket=0:34:0 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=4099:8:U32_MAX, fixing [ 87.669761][ T5361] bcachefs (loop0): backpointer for nonexistent alloc key: 0:34:0 [ 87.669814][ T5361] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=536870913:24:U32_MAX, fixing [ 87.711166][ T5361] done [ 87.715429][ T5361] bcachefs (loop0): check_backpointers_to_extents... done [ 87.719717][ T5361] bcachefs (loop0): check_extents_to_backpointers... [ 87.720577][ T5361] bcachefs (loop0): scanning for missing backpointers in 2/128 buckets [ 87.740067][ T5361] done [ 87.742052][ T5361] bcachefs (loop0): check_alloc_to_lru_refs... done [ 87.745377][ T5361] bcachefs (loop0): check_snapshot_trees... done [ 87.767116][ T5361] bcachefs (loop0): check_snapshots... done [ 87.770937][ T5361] bcachefs (loop0): check_subvols... done [ 87.774763][ T5361] bcachefs (loop0): check_subvol_children... done [ 87.789145][ T5361] bcachefs (loop0): delete_dead_snapshots... done [ 87.809322][ T5361] bcachefs (loop0): check_inodes... done [ 87.819534][ T5361] bcachefs (loop0): check_extents... done [ 87.822966][ T5361] bcachefs (loop0): check_indirect_extents... done [ 87.830082][ T5361] bcachefs (loop0): check_dirents... [ 87.830430][ T5361] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, not deleting [ 87.852326][ T5361] bcachefs (loop0): key in missing inode, found keys: [ 87.852355][ T5361] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir [ 87.852364][ T5361] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg [ 87.852371][ T5361] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg [ 87.852379][ T5361] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 87.852387][ T5361] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir [ 87.852396][ T5361] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg [ 87.852405][ T5361] , fixing [ 87.970346][ T5361] bcachefs (loop0): hash table key at wrong offset: should be at 815130517871007195 [ 87.970362][ T5361] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 88.012997][ T5361] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:815130517871007195:U32_MAX len 0 ver 0: file0 -> 4098 type dir, not deleting [ 88.050685][ T5361] bcachefs (loop0): dirent points to missing inode: [ 88.050698][ T5361] u64s 7 type dirent 4096:815130517871007195:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 88.083067][ T5361] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, not deleting [ 88.094910][ T5361] bcachefs (loop0): hash table key at wrong offset: should be at 3219400551727152720 [ 88.094923][ T5361] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 88.130767][ T5361] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, not deleting [ 88.152529][ T5361] bcachefs (loop0): hash table key at wrong offset: should be at 4531718362062503301 [ 88.152542][ T5361] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 88.161222][ T5361] bcachefs (loop0): key in missing snapshot dirents u64s 7 type dirent 4096:3219400551727152720:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, not deleting [ 88.173007][ T5361] bcachefs (loop0): dirent points to missing inode: [ 88.173019][ T5361] u64s 7 type dirent 4096:3219400551727152720:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 88.200314][ T5361] ================================================================== [ 88.210430][ T5361] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 88.217701][ T5361] Read of size 1 at addr ffff888055903048 by task syz.0.0/5361 [ 88.224156][ T5361] [ 88.227286][ T5361] CPU: 0 UID: 0 PID: 5361 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) [ 88.227304][ T5361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.227311][ T5361] Call Trace: [ 88.227320][ T5361] [ 88.227326][ T5361] dump_stack_lvl+0x189/0x250 [ 88.227350][ T5361] ? __kasan_check_byte+0x12/0x40 [ 88.227365][ T5361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.227376][ T5361] ? lock_release+0x4b/0x3e0 [ 88.227391][ T5361] ? __virt_addr_valid+0x4a5/0x5c0 [ 88.227406][ T5361] print_report+0xca/0x240 [ 88.227416][ T5361] ? bch2_check_dirents+0x1fac/0x33f0 [ 88.227429][ T5361] kasan_report+0x118/0x150 [ 88.227441][ T5361] ? bch2_check_dirents+0x1fac/0x33f0 [ 88.227455][ T5361] bch2_check_dirents+0x1fac/0x33f0 [ 88.227469][ T5361] ? bch2_check_dirents+0x2f1/0x33f0 [ 88.227483][ T5361] ? desc_read+0x1b8/0x3f0 [ 88.227493][ T5361] ? prb_first_seq+0xfd/0x1a0 [ 88.227501][ T5361] ? __pfx_bch2_check_dirents+0x10/0x10 [ 88.227513][ T5361] ? __pfx_prb_first_seq+0x10/0x10 [ 88.227523][ T5361] ? desc_read+0x1b8/0x3f0 [ 88.227533][ T5361] ? this_cpu_in_panic+0x4f/0x80 [ 88.227541][ T5361] ? _prb_read_valid+0xa07/0xa90 [ 88.227550][ T5361] ? console_flush_all+0x13a/0xc40 [ 88.227562][ T5361] ? up+0xde/0x150 [ 88.227626][ T5361] ? __console_unlock+0x14c/0x1a0 [ 88.227637][ T5361] ? __pfx___console_unlock+0x10/0x10 [ 88.227647][ T5361] ? bch2_trans_put+0x961/0x1220 [ 88.227656][ T5361] ? kfree+0x4d/0x440 [ 88.227668][ T5361] ? prb_read_valid+0x3c/0x60 [ 88.227678][ T5361] ? console_unlock+0x21b/0x270 [ 88.227688][ T5361] ? __pfx_console_unlock+0x10/0x10 [ 88.227701][ T5361] ? vprintk_emit+0x63e/0x7a0 [ 88.227716][ T5361] ? __bch2_print+0x176/0x220 [ 88.227732][ T5361] ? bch2_check_dirents+0x2f1/0x33f0 [ 88.227746][ T5361] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.227758][ T5361] __bch2_run_recovery_passes+0x3ba/0x1060 [ 88.227777][ T5361] bch2_run_recovery_passes+0x184/0x210 [ 88.227790][ T5361] bch2_fs_recovery+0x2690/0x3a50 [ 88.227805][ T5361] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 88.227819][ T5361] ? __lock_acquire+0xab9/0xd20 [ 88.227834][ T5361] ? __mutex_trylock_common+0x153/0x260 [ 88.227846][ T5361] ? __lock_acquire+0xab9/0xd20 [ 88.227860][ T5361] ? __lock_acquire+0xab9/0xd20 [ 88.227878][ T5361] ? bch2_fs_start+0xa0f/0xda0 [ 88.227892][ T5361] ? up_write+0x1c4/0x420 [ 88.227902][ T5361] ? bch2_fs_start+0x5e7/0xda0 [ 88.227915][ T5361] bch2_fs_start+0xaaf/0xda0 [ 88.227930][ T5361] ? bch2_fs_start+0x5e7/0xda0 [ 88.227944][ T5361] ? __pfx_bch2_fs_start+0x10/0x10 [ 88.227964][ T5361] ? sget+0x267/0x620 [ 88.227975][ T5361] bch2_fs_get_tree+0xb39/0x1520 [ 88.227995][ T5361] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 88.228014][ T5361] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 88.228032][ T5361] vfs_get_tree+0x92/0x2b0 [ 88.228045][ T5361] do_new_mount+0x2a2/0x9e0 [ 88.228059][ T5361] ? ns_capable+0x8a/0xf0 [ 88.228069][ T5361] ? __pfx_do_new_mount+0x10/0x10 [ 88.228081][ T5361] ? path_mount+0x61c/0xfe0 [ 88.228092][ T5361] ? user_path_at+0x44/0x60 [ 88.228103][ T5361] __se_sys_mount+0x317/0x410 [ 88.228118][ T5361] ? __pfx___se_sys_mount+0x10/0x10 [ 88.228132][ T5361] ? do_syscall_64+0xbe/0x3b0 [ 88.228143][ T5361] ? __x64_sys_mount+0x20/0xc0 [ 88.228156][ T5361] do_syscall_64+0xfa/0x3b0 [ 88.228168][ T5361] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.228178][ T5361] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.228189][ T5361] ? clear_bhb_loop+0x60/0xb0 [ 88.228200][ T5361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.228211][ T5361] RIP: 0033:0x7f7cae39038a [ 88.228224][ T5361] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.228233][ T5361] RSP: 002b:00007f7caf18ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 88.228246][ T5361] RAX: ffffffffffffffda RBX: 00007f7caf18eef0 RCX: 00007f7cae39038a [ 88.228254][ T5361] RDX: 00002000000000c0 RSI: 0000200000000180 RDI: 00007f7caf18eeb0 [ 88.228262][ T5361] RBP: 00002000000000c0 R08: 00007f7caf18eef0 R09: 0000000000818001 [ 88.228269][ T5361] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000180 [ 88.228276][ T5361] R13: 00007f7caf18eeb0 R14: 0000000000005964 R15: 0000200000000100 [ 88.228288][ T5361] [ 88.228292][ T5361] [ 88.638703][ T5361] The buggy address belongs to the physical page: [ 88.641940][ T5361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55903 [ 88.646636][ T5361] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 88.650575][ T5361] raw: 04fff00000000000 0000000000000000 ffffea00015640c8 0000000000000000 [ 88.655064][ T5361] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 88.672447][ T5361] page dumped because: kasan: bad access detected [ 88.675801][ T5361] page_owner tracks the page as freed [ 88.688559][ T5361] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5361, tgid 5359 (syz.0.0), ts 86802398925, free_ts 88199804298 [ 88.697711][ T5361] post_alloc_hook+0x240/0x2a0 [ 88.700152][ T5361] get_page_from_freelist+0x21e4/0x22c0 [ 88.702761][ T5361] __alloc_frozen_pages_noprof+0x181/0x370 [ 88.705531][ T5361] alloc_pages_mpol+0x232/0x4a0 [ 88.718290][ T5361] ___kmalloc_large_node+0x5f/0x1b0 [ 88.729969][ T5361] __kmalloc_large_node_noprof+0x18/0x90 [ 88.732611][ T5361] __kvmalloc_node_noprof+0x6d/0x5f0 [ 88.735110][ T5361] bch2_btree_node_read_done+0x32f6/0x5550 [ 88.749095][ T5361] btree_node_read_work+0x40e/0xe60 [ 88.755297][ T5361] bch2_btree_node_read+0x887/0x2a00 [ 88.760944][ T5361] bch2_btree_root_read+0x5f0/0x760 [ 88.767575][ T5361] read_btree_roots+0x2c6/0x840 [ 88.773077][ T5361] bch2_fs_recovery+0x261f/0x3a50 [ 88.779071][ T5361] bch2_fs_start+0xaaf/0xda0 [ 88.782170][ T5361] bch2_fs_get_tree+0xb39/0x1520 [ 88.786217][ T5361] vfs_get_tree+0x92/0x2b0 [ 88.791272][ T5361] page last free pid 5361 tgid 5359 stack trace: [ 88.798824][ T5361] __free_pages_ok+0xa83/0xbe0 [ 88.803574][ T5361] free_large_kmalloc+0x13a/0x1f0 [ 88.810581][ T5361] btree_node_sort+0x117f/0x1760 [ 88.814564][ T5361] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 88.817997][ T5361] bch2_btree_node_prep_for_write+0x337/0x650 [ 88.821580][ T5361] bch2_trans_lock_write+0x669/0xba0 [ 88.827669][ T5361] __bch2_trans_commit+0x2773/0x8870 [ 88.835374][ T5361] bch2_check_dirents+0x1c5c/0x33f0 [ 88.841633][ T5361] __bch2_run_recovery_passes+0x3ba/0x1060 [ 88.865970][ T5361] bch2_run_recovery_passes+0x184/0x210 [ 88.887781][ T5361] bch2_fs_recovery+0x2690/0x3a50 [ 88.890446][ T5361] bch2_fs_start+0xaaf/0xda0 [ 88.894062][ T5361] bch2_fs_get_tree+0xb39/0x1520 [ 88.911573][ T5361] vfs_get_tree+0x92/0x2b0 [ 88.913827][ T5361] do_new_mount+0x2a2/0x9e0 [ 88.917243][ T5361] __se_sys_mount+0x317/0x410 [ 88.927924][ T5361] [ 88.929653][ T5361] Memory state around the buggy address: [ 88.932680][ T5361] ffff888055902f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 88.936917][ T5361] ffff888055902f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 88.953913][ T5361] >ffff888055903000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 88.961438][ T5361] ^ [ 88.967714][ T5361] ffff888055903080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 88.976717][ T5361] ffff888055903100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 88.985006][ T5361] ================================================================== [ 89.044528][ T5361] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 89.055644][ T5361] CPU: 0 UID: 0 PID: 5361 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) [ 89.069171][ T5361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.074412][ T5361] Call Trace: [ 89.077540][ T5361] [ 89.079402][ T5361] dump_stack_lvl+0x99/0x250 [ 89.082311][ T5361] ? __asan_memcpy+0x40/0x70 [ 89.085289][ T5361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.089708][ T5361] ? __pfx__printk+0x10/0x10 [ 89.094760][ T5361] vpanic+0x281/0x750 [ 89.096890][ T5361] ? preempt_schedule+0xae/0xc0 [ 89.099046][ T5361] ? __pfx_vpanic+0x10/0x10 [ 89.100938][ T5361] ? preempt_schedule_common+0x83/0xd0 [ 89.105183][ T5361] ? preempt_schedule+0xae/0xc0 [ 89.109683][ T5361] ? __pfx_preempt_schedule+0x10/0x10 [ 89.114881][ T5361] panic+0xb9/0xc0 [ 89.117970][ T5361] ? __pfx_panic+0x10/0x10 [ 89.121945][ T5361] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 89.126277][ T5361] ? bch2_check_dirents+0x1fac/0x33f0 [ 89.130982][ T5361] check_panic_on_warn+0x89/0xb0 [ 89.133718][ T5361] ? bch2_check_dirents+0x1fac/0x33f0 [ 89.139399][ T5361] end_report+0x78/0x160 [ 89.142999][ T5361] kasan_report+0x129/0x150 [ 89.145737][ T5361] ? bch2_check_dirents+0x1fac/0x33f0 [ 89.149051][ T5361] bch2_check_dirents+0x1fac/0x33f0 [ 89.152546][ T5361] ? bch2_check_dirents+0x2f1/0x33f0 [ 89.155445][ T5361] ? desc_read+0x1b8/0x3f0 [ 89.160517][ T5361] ? prb_first_seq+0xfd/0x1a0 [ 89.162629][ T5361] ? __pfx_bch2_check_dirents+0x10/0x10 [ 89.165147][ T5361] ? __pfx_prb_first_seq+0x10/0x10 [ 89.174289][ T5361] ? desc_read+0x1b8/0x3f0 [ 89.176395][ T5361] ? this_cpu_in_panic+0x4f/0x80 [ 89.184978][ T5361] ? _prb_read_valid+0xa07/0xa90 [ 89.187037][ T5361] ? console_flush_all+0x13a/0xc40 [ 89.189149][ T5361] ? up+0xde/0x150 [ 89.190842][ T5361] ? __console_unlock+0x14c/0x1a0 [ 89.193259][ T5361] ? __pfx___console_unlock+0x10/0x10 [ 89.195883][ T5361] ? bch2_trans_put+0x961/0x1220 [ 89.215412][ T5361] ? kfree+0x4d/0x440 [ 89.219312][ T5361] ? prb_read_valid+0x3c/0x60 [ 89.221506][ T5361] ? console_unlock+0x21b/0x270 [ 89.223836][ T5361] ? __pfx_console_unlock+0x10/0x10 [ 89.231782][ T5361] ? vprintk_emit+0x63e/0x7a0 [ 89.233934][ T5361] ? __bch2_print+0x176/0x220 [ 89.236090][ T5361] ? bch2_check_dirents+0x2f1/0x33f0 [ 89.256326][ T5361] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.258709][ T5361] __bch2_run_recovery_passes+0x3ba/0x1060 [ 89.278033][ T5361] bch2_run_recovery_passes+0x184/0x210 [ 89.280550][ T5361] bch2_fs_recovery+0x2690/0x3a50 [ 89.282824][ T5361] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 89.285235][ T5361] ? __lock_acquire+0xab9/0xd20 [ 89.298051][ T5361] ? __mutex_trylock_common+0x153/0x260 [ 89.300671][ T5361] ? __lock_acquire+0xab9/0xd20 [ 89.302963][ T5361] ? __lock_acquire+0xab9/0xd20 [ 89.304913][ T5361] ? bch2_fs_start+0xa0f/0xda0 [ 89.306736][ T5361] ? up_write+0x1c4/0x420 [ 89.323476][ T5361] ? bch2_fs_start+0x5e7/0xda0 [ 89.325494][ T5361] bch2_fs_start+0xaaf/0xda0 [ 89.327505][ T5361] ? bch2_fs_start+0x5e7/0xda0 [ 89.330268][ T5361] ? __pfx_bch2_fs_start+0x10/0x10 [ 89.333435][ T5361] ? sget+0x267/0x620 [ 89.335862][ T5361] bch2_fs_get_tree+0xb39/0x1520 [ 89.348747][ T5361] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 89.351320][ T5361] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 89.353827][ T5361] vfs_get_tree+0x92/0x2b0 [ 89.356105][ T5361] do_new_mount+0x2a2/0x9e0 [ 89.368158][ T5361] ? ns_capable+0x8a/0xf0 [ 89.370586][ T5361] ? __pfx_do_new_mount+0x10/0x10 [ 89.373130][ T5361] ? path_mount+0x61c/0xfe0 [ 89.375470][ T5361] ? user_path_at+0x44/0x60 [ 89.377698][ T5361] __se_sys_mount+0x317/0x410 [ 89.389822][ T5361] ? __pfx___se_sys_mount+0x10/0x10 [ 89.392590][ T5361] ? do_syscall_64+0xbe/0x3b0 [ 89.395494][ T5361] ? __x64_sys_mount+0x20/0xc0 [ 89.398629][ T5361] do_syscall_64+0xfa/0x3b0 [ 89.401288][ T5361] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.404272][ T5361] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.408596][ T5361] ? clear_bhb_loop+0x60/0xb0 [ 89.412111][ T5361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.419139][ T5361] RIP: 0033:0x7f7cae39038a [ 89.428082][ T5361] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.447843][ T5361] RSP: 002b:00007f7caf18ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 89.451611][ T5361] RAX: ffffffffffffffda RBX: 00007f7caf18eef0 RCX: 00007f7cae39038a [ 89.455286][ T5361] RDX: 00002000000000c0 RSI: 0000200000000180 RDI: 00007f7caf18eeb0 [ 89.469191][ T5361] RBP: 00002000000000c0 R08: 00007f7caf18eef0 R09: 0000000000818001 [ 89.472789][ T5361] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000180 [ 89.476490][ T5361] R13: 00007f7caf18eeb0 R14: 0000000000005964 R15: 0000200000000100 [ 89.498818][ T5361] [ 89.500555][ T5361] Kernel Offset: disabled [ 89.502548][ T5361] Rebooting in 86400 seconds..