program: r0 = socket(0xa, 0x3, 0x3a) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f024}) r2 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x5, 0x1000, 0x4, 0x2}}) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000100)={0x2, @vbi={0x9, 0x7, 0x80000000, 0x34524742, [0x1000, 0x7], [0x9, 0xfff], 0x108}}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000080)=@newtaction={0x48, 0x30, 0x601, 0x0, 0x0, {}, [{0x34, 0x1, [@m_skbedit={0x30, 0x1, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc}, {0xc, 0x9}}}]}]}, 0x48}}, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x1000024) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="0413"], 0x8) socket$packet(0x11, 0x3, 0x300) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x4}, 0xc) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$TCFLSH(r4, 0x400455c8, 0x0) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000480)={[{@inodes_32bit}, {@shared_inode_numbers}, {@errors_continue}, {@inline_data}, {@direct_io}, {@nochanges}, {@prjquota}, {@discard}, {@version_upgrade={'version_upgrade', 0x3d, 'compatible'}}]}, 0x1, 0x594d, &(0x7f000000b5c0)="$eJzs3X+MXVUdIPBz33vTeTPTH9MCUkGmQ6GKoHbKr6AYra6/AkhqMErZKgx0itW2NG0RWlCKCy4EMGg0ivoHGiSLVkMCq1Qi8mNbVlHC6pINktVddBM3yNIIdIlxnc3M3PPmzZ13575586a05fMJzH3nvPO+59xzz7tzz3m38wIAAACvC3tv3Lr//GM++OsvDb1y3Ud+vvH60FMeza/GAr3p9urXqoUcSJ2VxaPb7Lh4yzU//Ev/Ze//1b3dP3h1z9rj1/3hA0dc9uBnz9l9x3ceeXne/f96rihuHE8nj6eTF5IQqr/Y940v73ni6JG8JIRQTnp3hrAwWfTIwiQTYuAfIYS1aaJcmfjkfa+ctm5ke/0tnRPyF2SCGO+vb9V0nO3Yf9Up4Y/vW33Db5f85Mcdu57fOV4kqdaNpxDmX1L/+o70/640HUfb4vjidLsqhNBd97qzCtp1QpPtX56TPjbdzkm3PQVx4vNLM+lSplw2HXVktt0F9c1UXjtaLVdkbiadPRnNVF47Y/7CdPuzdHvyNOOX4/9JKCWhUmv+hmR8jIS645aEZPRYVmvpUu3YhnT/M+kkky5l0uWOzH6N1psOtHKSTMyP5TL58XRcSfOPrz9XN3BBTv4b0201faO+GtMh+2BMz6QHtf0aFdu1b4q2HAilunNQo/zaOEsPRk+a15MsmvSa4Qbic3tW37qsvObRvb057UjuTdL46Xaa8Xf8ZuHcT//o5isX58W/pJTGL43WMN34fzr3yRcvuvn73+7Ki397jF9uKf6pD3W/cO5jNy7N6584vHpCpaX4g889ftuSIy/dlds/d8b+r7Z0fFfufrJz3v6HHs49vgOxf7paav+zZ3/oz/c8/cDzufFDjN/dUvw1uzd/pbNv/0m58R+O/dPT2vh5adeZz/T1/bU/L/5TMf68luLfvfOOd9214JZzco/vqtg/vS3FP+/EB2+Yu/+B4/LOncmd7frNCfD6dER6jXVTmp5qntk5xTxzpurmC9/qr4xdt85N/5/XzooyF58j9cxvZ3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCEcdcp//vD//ETvC5U03Zk+eLY0to35c0JIukIIW7cNbtm2ftPl/Z+94sotmwY39A9u6x/atG3L9v7T39a/ZWjzhsHtI88OvP20sdctCsnYNjluUt2dw8PDpd6JebG+f3Pirj8uO+t//y2EgaN+31fJbf/yOzbedWSDnxnJyuH3brzy/N+f8b10v3rTdvU2aNfw8PBwyGnX/7nwn3d9bd9fTgph4A1TtevxZ9/zywkNGs0Yj5MqdYaxBnUm3Q3bUWt12p7YX5V16zcMDUzdvyOvL+fsx7+95vl/rLv6q/8c699q7n402b9dK4c3lL65+rz/981rxzKK2lXbj0y7Zvu4F/V33IvYvth/1bS/56f7NT9nvyo5/X3jbx9++hfH3PzyzjBQeWnJ5LqL9qsjHQAdyRubqjfW0J0snJBfTcvHIx5ft3zbxs3Lt27f8fb1GwcvH7p8aNM7V5y+4syBM848Y/noni9v8/7H+t/c5P43O56y9U5vPC34/M6fxZ/NjaeidhX1x0i7ivujvkV577/uC7789Xfe8dj5YxlF4zyWrr0P0233yHFeEerG2+S+arRfRf0QQuhv1A8vvnxOOPq/rb+h6DxUf2Tqf2YkK4efWPr375313cXvHss4IOf5+ga1eJ6vtXq8PaP9VU2Px/BB2r+doZzuV0/Ddq144rGOW/f+7Qu19s2ZE64e3LZty4qxn3PTls5Njm3Yrmxu3K8loz/LIe2WUBumDcbriI4w1r7s+TMWz/ZqT/pcT7Ko4X5lxef2rL51WXnNo3vzejq5d6zGrjBvbJu8KafkhswLy7UGN6r/YH3/FY2Pvg9/9/5P3P/T0yeNj1PHfhbtV5KzXz95+u6v/+Cr//6n7duvD7/nyd6///fPLBvLOFTOK7VWp+1J6s8rp4ZQ9P5bEhrvR+77r9R4f4ref9l6xss3jtefSfeEcvH7tRomvV9Pfaj7hXMfu3Fp7vt1X7Pv12snpMoF79eDZfxk319JZWI7Zu/9NWGgJCuHf3XTETsfuW7VMWMZReO6VrrRuD6tiflHzn798qJn+q7o/3f/tX3njR++7b6L/zC48otjGa0f99iW9hz3atq/1Zz+rbU6zjvr+/cdl12xYe3Ie3TcwXf9m24L5j/xVLJ1+47PDW7YMLRla7o/bfp9GuvJ9nKrv0/j2W1RwX6VJu3X7D1opr+afb/F9q9tub8mvt96QtLSddyO3yyc++kf3Xxl76RXpRVdUkrjl1qK/6dzn3zxopu//+3c+LfH+JWW4g8+9/htS468dFdu/DuTNH61pfgrdz/ZOW//Qw/nxh+I7e9qKf6zZ3/oz/c8/cDzufFDjN/TWv+/tOvMZ/r6/pob/6kkrWfkGimE+145bd1YOhk971Xr2tExoV0hm04y6VImXa5Pl8bWWmsVlJNkYn4sl+YfX9eWRj6Zkx+vwqqLx7avxnTIPpg6/2BTqjv3N8ovuk4FADjcxc//4zVo/Px/KL1Qyl9pgHEznYctzokb52Hj6zlzJjy/OI0fXx/XAfveEQZGttf3j13oT/dzhPh+yK5zxnpOOmFijFbXOYvW35dm0rFdY+vllbp5aGryvKYSmlh/n1zP1Ovvmd0vXh/vv2lSs/rr1q2yx68jXTFrdL9Dpr2VkQh54yO7Lhbv5+ibH1aN1tfk+MjeRxOPQ/Y+mljPMZkTZ6v30cx0fMRmTzE+Rptc/PnG5OMXpujf8ePXOFr2+E3jeFdHys/257NtWDdseEo7cOuGTXwe1iB+s5+H1dYlV04uM1X818u65MG+bhjz435UmlxP/EROfjPrifXrcnnrifF0Edu1b4q2HAjWE4HDVZz/x98RI/P/kQvw/5spV3Qdmr1qjPFy7xMqN25P0bxj8n163S39Hl+ze/NXOvv2n5R7nfNws/f9bJ6Q6i6476eoH5dl0oX9mLNAUzTfy9ZT1O/Z+zJ6wryW+v3unXe8664Ft5yT2++rxn6RFvf71yek5hX0+yEwX2gc/3CbL7iPYWL8Nt3HULR+9prNR9Ibn2ZrPvLxnPzp3t/QPelBbb9GHXLzkY4D2y4A4NAR5/+1z8/S+f//iAXS64iieevJmXSMlztvzbk+yZu3fjTdXp0p35P+i4rpXjefd+KDN8zd/8BxufOWO5udh/6HCanewnnozObNufOIVe25Xzx3HlGbZ81snpjb/to8cWbz9Nz4tXn6zObRuf1Tm0fPbB0gN35tHeBQn+cWrNdlKovJZtfrDtt5dPrPZ2drHn1BTv5059E9kx7U9muUeTQAwGsrzv/jZVyc/z+WKTfTz9lz5wVtum7P/j2QWvynDtS8crbnfbM9b53tef1sr0sc6vPi2V4Xmt11stf9vDit1LwYAICDWZz/d6Xp/Pn/zOYnjeZvHRPmJ+bnDeObnx8k8/NDff3L/N/n4sXM/wEADm9x/h//2WP8+3//KU1n/269eXpOfPN08/Spxk/T8/T2r7MF9wG8tusAXePlrQMAAPBa6BidKU3+d/afSrfZf2ef9+/yL8op36xKenl86bYtQ0MXX7l57eC2oYs3XbF2aOvFV21Zv23b0KaxcjOdN+bOW9J5Y0eopP3RuFx23rYg/XsIC3L+HkK2fAx77OiDyX8PIVttV8HfERg/fs21N+/4laYo32h85B3vvPifzCkf1Y7/ZZ859eJ1Wy9ev2n9tvWDG9bvGJpYbmTW2j2N782M3TKt70vN/JikNP3v72xPO0qT2tGR9kfe97MnmXYsTFuyMO/7D3La/ev/8rXPnzj8z3tCGDiq/KYZ9V+ycvg/Xjj00W17f795pP1dU7a/VjJtV9H3lWbLx/2pbLhi67ZT1l1x5absN0q2Jq5nlGrpWVrPSN/+5SbXJ9bk5E/3PoXypAcHp6bXJwAAmCB+/h+vZ+Pnh19NL6BifvPz9Jl9fpw7Tx9obp6e/V6yonl6tnzc32bn6dUZztOz9RfN0xuVbzRPz5t358X/eE756Wp+nMzsPo/ccXJJc+Mk+30GReMkW3664ySZ4TjJ1l80ThqVbzRO8o57XvyP5ZTP0/x4mNl9Obnj4fbmxsNbM+mi8ZAtP93xUJrheMjWXzQeGpVvNB7yjm9e/PNzyjdr4vgYGRij42Lo4quu2PK5unKz/f0XM2/f7H7/R6uab//s3vc1++2f3fvKpqPUUvtndl9ZbvufmtlKWPPtn93vd2nVAVuvTW82K7r/rGgdd3VOfm0dN90WrePOmfTg4GQdF147cf4fP+6J8/9b0m27PwY69L8nzfeYNYzfpu8xK7qOOex+nzf5uazf5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHl87K4tHt3hu37j//mA/++ktDr1z3kZ9vvP4t1/zwL/2Xvf9X93b/4NU9a49f94cPHHHZg589Z/cd33nk5Xn3/+u5wsC9oz8rJ6fJagjJC0kI1V/s+8aX9zxx9EheEkIoJ707Q1iYLHpkYZKJMPCPEMLaWjsnPnnfK6etG9lef0vnhPwFmSDZ/Qo95die+naGcHXhHnEIqqbjbMf+q04Jf3zf6ht+u+QnP+7Y9fzO8SJJtW48hTD/kvrXd4QQutL/R8TRtji+ON2uCiF0173urIJ2ndBk+5fnpI9Nt3PSbU9BnPj80ky6lCmXTUcdmW13QX0zldeOVssVmZtJZ09GM5XXzpi/MN3+LN2ePM345fh/EkpJqNSavyEZHyOh7rglIRk9ltVaulQ7tiHd/0w6yaRLmXS5I7Nfo/WmA62cJBPzY7lMfjwdV9L84+vP1Q1ckJP/xnRbTd+or8Z0yD4Y0zPpQW2/RsV27ZuiLQdCqe4c1Ci/duDTg9GT5vUkiya9ZriB+Nye1bcuK695dG9vTjuSe5M0ftJS/B2/WTj30z+6+crFefEvKaXxSy3F/9O5T7540c3f/3Zu/Ntj/HJL8U99qPuFcx+7cWlu/+yL/VNpKf7gc4/ftuTIS3fltv/OGL/aUvyVu5/snLf/oYdz2z8Q+6erpfjPnv2hP9/z9APP58YPMX53S/HX7N78lc6+/Sflxn849k9Pa+PnpV1nPtPX99f+vPhPxfjzWop/98473nXXglvOyT2+q2L/9LYU/7wTH7xh7v4Hjss7dyZ3tus3J8Dr0xHpNdZNabrVeeZM1c0XvtVfGbvmm5v+P6+dFWWM1DN/FuMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB4+t21p3/qwvd+bHUlCSHJKTPcQHyuPGflyv4W6h187vHblhx56a76vMUtxAEAAACKxXl4qZZTDYvDVUlXOLZh+bhGcGxMJRPzs2sIMU52jaDVOKU2xSm3KU6lTXE62hRnTpvidLYpTrUgTjU0F6drijiVkVHRZHu6p2xP83F62hRnbpvizGtTnPltirOgTXF6p4zT/Dhc2KY4i9oU54g2xTmyTXGOalOcN7QpztFtipNdU57uOJyXljwmL87og3JhnEpSrj3RaD396LSe42ZYT09BPfOKfh83WU9Xk/WckHldaZr1VJus580zrCdpsp63zrCeUkE9cdxenW1frCemmhz/29sUZ8fM4vyveL11TZvac22b4nyhTXG+2KY4180wDkCz4vx/fL7XGzor7w7d6RknuwoQ57tLRn9O/n2Xd0KK8d6UyZ9TFC87Uc/EWzLd9mUXEDLxlmbyOybEq9TmI1PEq9bHW5Z5snB/swsKmfadnMnvLIqXXVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFn0u2tP/9SF7/3Y6pCEkf8aGm4gPlees3Jlfwv17ll967Lymkf31ud1VloIBAAAABSK8/COWk41dFZWhM5kzoRy1XQdoJqmy71j2775YdXINukvjaa7k4VTvq6Svm75to2bl2/dvuPt6zcOXj50+dCmd644fcWZA2ececbydes3DA2M/QyhsyBeCGF0+WHr9h2fG9ywYWjL1rHMbPsXp69bnKaT9HV97wgDI9vr0/YvKqivNKm+7c+cPfbUeE6bHhQcOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4/+zaXYhcZxkH8PfMzM5Mt40d6dc0NJshHyVq0SRuJdXSOSBYaJOQpSAz1bUEm2Bx04Q2KWkd24BtTVCElkCI5MJILLYWb/phi9gPApEaDbgxSFu0F3qhtFpJSy4kZSS7c+YrM5l1LN02/n4X58y87/O+z7xzsfA/OwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfuOna+GSlPFEdjUKI+tTUe0jm0tk4Lg3R96vPb/tBbuzUivaxXGaIjQAAAICBkhw+0hzJh1wmHdLhypl3S85cso2J0Mr9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/5/p2vhkpTxRvTAKIepTU+8hmUtn47g0RN833nnyc6+Ojf2tfaw4xD4AAADAYEkOTzVH8qEYloaR6MqOuuTZwMKu9d11yT6L5ljX/eygX93SOdZdPce6TwyoW9+47wwAAADw0Zfk/0xzpBBymQV98/+gXJ/ULe6qSzfuw/xWAAAAAPjfJPk/1xwphlym2Mzrc837S7rqkvWD/m+frF/eZ/2g/+eva9z9nx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjqma+OTlfJENR2FEPWpqfeQzKWzcVwaou/qF0b/cfPhh5a0j+UyQ2wEAAAADJTk8Fb0zodcZjSMhAtncv/YjQee/vLTz46HEGZjfjYbdm7cvv2u1bPXpG7V0cMj3z/y1reb2yR1q2av83I4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfTVdG5+slCeqF0QhRH1q6j0kc+lsHJeG6Pv6F770l8dPPPdm+1hxiH0AAACAwZIc3sr++VAM2ZANl8+8a8/6Z6S61vd7ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcP+6+975vbpya2nSXF1544UXzxXz/ZQIAAN5vi0MU6v+lKzbM96cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DKZr45OV8kQ1H4UQ9amp95DMpbNxXBqib/z8sdyCUy+81D5WHGIfAAAAYLAkh7eyfz4Uw0gYCZfNvOv1TGAm/xc+wA8JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfKhM18YnK+WJ6oIohKhPTb2HZC6djePSEH0f27X/84cu/t5N7WO5zBAbAQAAAAMlOTzbHMmHXOaTIReuaryf6lwQpRv33s8FWuu2dSwbnfO6Wse6e5t9B63b3XWyTOM0s+vyjdF0YfbeXFc6e12pbV2x1b7UsS7s7Vi1YMD5AgAAAMyjJP/nmiOFkMvk2nLuTzvqC3IuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDHdG18slKeqEZRCFGfmnoPyVw6G8elIfre99uPX/S1n+3Z0T5WHGIfAAAAYLAkh7eyfz4Uw6LwsbBoJveHQmd9UvfPyulDj/7rrytCWHn58bFM97Y/Sl78+vUbXuy+hJDqrE6FcHGjX9Sn329+/+g9y+qnHw9h5WXpq87qF87dr6VeL0Vx/ZnKpnXbjxzfNvj7AQAAgPNBkv9HmiOFkMvc2Tf/J8l7QP5vmgngF9+z6xeXNq6NRN61IlVo9Ev16ffFZU/+efmav791Jv+fq99n9m85dGlHw9mRLlFcL2/Zsf74tQdTyaln+6e7+iffy1e+9ea/N+985PRs/3zIN8YXZnr1P/va5YK4PpXaV1373r5aZ/9Mn/M/9LuXTvxq4Z53z/R/Z/Fos//V5zj/ufuP3vLw3uv2H17f2T+EUOrV/+13bwpX/PGOB7vPP9q1cfs3337tEsX1o0tOHlxzoHh9Z/+oq3/y/f/8xGN7f/LId59N+ie/FVmxdK79U139X9l9ya6XH9iwsLN/qs/5X7z11bGtpe/8ofv8t3fsmun7Kc4+/xPXPHXbaxvj+7unAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzi/TtfHJSnmimopCiPrU1HtI5tLZOC4N0feNm4+9feueH/+wfaw4xD4AAADAYEkOb2X/fCiGbMiG0Znc/0xl07rtR45vC4XZ2ahxz0xtvXv7pzZv3XHn7fP0yQEAAIC5SvJ/pjlSCLnMsjDSyP/lLTvWH7/2YCrJ/6kk/2++Y2rTytCse2X3JbtefmDDwuZzghBmfhaQP1P32VbdjTccK5z80zeW96xb3ao7uuTkwTUHitcndaG9blVoPp944pqnbnttY3x/8/O1133661unGo8nkn1Hb3l473X7D69vnqNxH23sm9RNpfZV1763r5bUpRv3fOPcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDZpmvjk5XyRDWkQ4j61NR7SObS2TguDdF37bJfPnjRqecWtY/lMkNsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwH3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwX38hUpV9HMCfZ2b33XFnV3f1hbaidbWisIukIKJuKipCI4SuDAlL8yIKgojCLlpDI7GimyDrRqKCaguhIDdJtFijf9JNFxUUWBeBSAvlIF1U7MxzxtnjnKbOWlB9PjA88zznnO/5nfM8c2YGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf5SBvrFme3jH/Y1bzrnho0fvOvHITe/cu+2ih1/9bmLTdR/uHXzp5MzmFVu+vH7Zpv13r5ne/fyhn4bf+uVoz+CHWs2q1K2FEI/HEGrvzj7z2MzHZ82NxRBCNY5MhjAalx4ajbmE1T+HEDa365y/8c0Tl2+Za7ftGpg3viQXkr+uUK9m9bSMzK+Xf5daWmdbGw9eEr6+dv32T5e/8Xr/1LHJU7vEWsd6CmHxxs7j+0MIi9JrTrbaxrKDU7suhDDYcdyVPeo6/w/Wf2lB/9zU/i+19R452faVuX4lt1++n+nPtYM9zrdQRXWU3a+XoVw//zBaqKI6s/HR1L6d2lV/Mr+avWKoxNDXLv+eeGqNhI55iyE257LW7lfacxvS9ef6Mdev5PrV/tx1Nc+bFlo1xvnj2X658exx3JfGV3Q+q7u4tWD87NTW0gf1ZNYP+Tct9dPetK+rKatr9ndq+TtUOp5B3cbbE58mo57G6nHpacf82kW2bWb9ExdWN7x3eKSgjrg3pvxYKn/rJ6NDt7+284GxovyNlZRfKZX/zdojP9y284XnCvOfzvKrpfIvOzB4fO37O1YW3p/Z7P70lcq/4+gHTy7//51T3ea6mb8ny6+Vyr9m+sjAcOPAwcL6V2f3Z1Gp/K+uvvHbVz7fd6wwP2T5g6XyN0zf99TAeOPiwvyDrY9CvblCS6yfH6eu+GJ8/PuJovzPsvs/3CU/9sx/eXL3VS8u2bWmcH2uy+7PSKn6b75g//ahxr7zip6dcc+Z+uYE+G9aln5jPZ5+lpX9n7lQHf8Xnp3oa30DDaXX8Jk8Uc7ceRb/hfkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/sQMHJAAAAACC/r9uR6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8FQAA//9JjSZK") ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000080)=0x4) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000180)) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x1) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000380)=0xff) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000280)={'veth1_to_hsr\x00'}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r5, 0x135, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0], 0x0, 0x7c, &(0x7f00000006c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x2, &(0x7f0000000340), &(0x7f00000003c0), 0x8, 0x2e, 0x8, 0xfffffd15, &(0x7f0000000400)}}, 0x10) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@ipv6_deladdr={0xb0, 0x15, 0x622, 0x70bd2c, 0x25dfdbff, {0xa, 0x78, 0x24, 0x0, r7}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_CACHEINFO={0x14, 0x6, {0xfff, 0x0, 0x4885}}, @IFA_CACHEINFO={0x14, 0x6, {0x3, 0x1, 0x0, 0x8}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x1}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x1}, @IFA_CACHEINFO={0x14, 0x6, {0x1, 0xfffffffa, 0x3, 0xe}}, @IFA_CACHEINFO={0x14, 0x6, {0xc00e, 0x1ff, 0x8, 0x10001}}, @IFA_TARGET_NETNSID={0x8}, @IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x5, 0x37f, 0xc, 0x900}}]}, 0xb0}}, 0x20000890) ioctl$SIOCGETMIFCNT_IN6(r0, 0x89e0, &(0x7f0000000000)) [ 75.260583][ T5319] Bluetooth: hci0: command tx timeout [ 75.369563][ T5319] Bluetooth: hci0: Malformed Event: 0x13 [ 75.382434][ T5341] pim6reg: entered allmulticast mode [ 75.793307][ T5341] loop0: detected capacity change from 0 to 32768 [ 75.940658][ T5341] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,prjquota,nochanges,nojournal_transaction_names,read_only [ 75.940678][ T5341] allowing incompatible features above 0.0: (unknown version) [ 75.940686][ T5341] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 75.987619][ T5341] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 75.992246][ T5341] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 76.007641][ T5341] bcachefs (loop0): invalid bkey in superblock btree=inodes level=0: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 76.007656][ T5341] invalid key type for btree inodes (btree_ptr_v2), deleting [ 76.030625][ T5341] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 76.030642][ T5341] has non ptr field, deleting [ 76.053649][ T5341] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 76.067748][ T5341] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 76.067748][ T5341] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 76.067748][ T5341] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 76.115017][ T5341] bcachefs (loop0): btree node read error at btree dirents level 0/0 [ 76.115052][ T5341] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 9 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 76.115062][ T5341] loop0 node offset 8/9 bset u64s 6: bset past end of btree node (offset 8 len 8 but written 9) [ 76.115070][ T5341] flagging btree dirents lost data [ 76.115075][ T5341] running recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 76.115083][ T5341] running recovery pass check_lrus (14), currently at recovery_pass_empty (0) [ 76.115090][ T5341] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 76.115097][ T5341] running recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 76.115103][ T5341] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 76.115110][ T5341] ret fsck_errors_not_fixed [ 76.201684][ T5341] bcachefs (loop0): error reading btree root btree=dirents level=0: btree_node_read_error, fixing [ 76.216539][ T5341] bcachefs (loop0): check_topology... [ 76.216679][ T5341] bcachefs (loop0): btree root dirents unreadable, must recover from scan [ 76.223917][ T5341] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 76.230473][ T5341] bcachefs (loop0): bch2_check_root(): error restart_recovery [ 76.234001][ T5341] bcachefs (loop0): scan_for_btree_nodes... [ 76.242213][ T5347] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0: (unpack error) [ 76.242245][ T5347] invalid variable length fields, deleting [ 76.262713][ T5341] bcachefs (loop0): btree node scan found 7 nodes after overwrites [ 76.266854][ T5341] done [ 76.269353][ T5341] bcachefs (loop0): check_topology... [ 76.270275][ T5341] bcachefs (loop0): btree root dirents unreadable, must recover from scan [ 76.276575][ T5341] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=dirents level=0 POS_MIN - SPOS_MAX [ 76.282432][ T5341] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 76.294161][ T5341] done [ 76.295396][ T5341] bcachefs (loop0): accounting_read... done [ 76.299515][ T5341] bcachefs (loop0): alloc_read... done [ 76.303208][ T5341] bcachefs (loop0): snapshots_read... done [ 76.306316][ T5341] bcachefs (loop0): check_allocations... [ 76.310580][ T5341] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 76.310602][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 76.326074][ T5341] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 76.326089][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 76.360248][ T5341] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 76.360264][ T5341] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 76.390878][ T5341] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.395536][ T5341] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.403571][ T5341] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.409955][ T5341] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.415396][ T5341] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.424725][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.424802][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.433095][ T5341] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.439564][ T5341] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.444781][ T5341] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.451552][ T5341] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.455828][ T5341] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.462229][ T5341] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.466848][ T5341] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.473213][ T5341] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.477681][ T5341] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.482695][ T5341] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.488991][ T5341] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 76.493581][ T5341] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.504056][ T5341] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.517774][ T5341] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.522099][ T5341] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.529373][ T5341] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.529383][ T5341] Ratelimiting new instances of previous error [ 76.536650][ T5341] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.536664][ T5341] Ratelimiting new instances of previous error [ 76.555120][ T5341] done [ 76.559346][ T5341] bcachefs (loop0): going read-write [ 76.636915][ T5341] bcachefs (loop0): journal_replay... done [ 76.727502][ T5341] bcachefs (loop0): check_lrus... [ 76.728774][ T5341] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 76.728789][ T5341] u64s 5 type set 18446462598867058688:6597069766690:0 len 0 ver 0 [ 76.728796][ T5341] for u64s 5 type deleted 0:6597069766690:0 len 0 ver 0, fixing [ 76.763814][ T5341] done [ 76.765276][ T5341] bcachefs (loop0): check_backpointers_to_extents... done [ 76.787424][ T5341] bcachefs (loop0): check_extents_to_backpointers... [ 76.788438][ T5341] bcachefs (loop0): scanning for missing backpointers in 3/128 buckets [ 76.798786][ T5341] done [ 76.807322][ T5341] bcachefs (loop0): check_subvols... done [ 76.818148][ T5341] bcachefs (loop0): check_inodes... done [ 76.820556][ T5341] bcachefs (loop0): check_dirents... [ 76.822197][ T5341] bcachefs (loop0): key in missing inode, found keys: [ 76.822211][ T5341] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir [ 76.822220][ T5341] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg [ 76.822228][ T5341] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg [ 76.822236][ T5341] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 76.822244][ T5341] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir [ 76.822252][ T5341] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg [ 76.822260][ T5341] , fixing [ 76.948330][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 3496027271272942799 [ 76.948356][ T5341] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 76.964117][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 3743622237297350792 [ 76.964132][ T5341] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.007911][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 1144629051699013407 [ 77.007925][ T5341] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.016819][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.016832][ T5341] u64s 7 type dirent 4096:3496027271272942799:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 77.068863][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.068878][ T5341] u64s 7 type dirent 4096:3743622237297350792:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.097850][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 2459259457053216672 [ 77.097864][ T5341] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 77.123491][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 4818004701458418393 [ 77.123502][ T5341] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 77.167593][ T5341] bcachefs (loop0): hash table key at wrong offset: should be at 6220216796656938210 [ 77.167605][ T5341] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 77.198099][ T5341] bcachefs (loop0): key in missing inode, found keys: [ 77.198111][ T5341] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk [ 77.198118][ T5341] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg [ 77.198125][ T5341] , fixing [ 77.239169][ T5341] bcachefs (loop0): key in missing inode, found keys: [ 77.239183][ T5341] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg [ 77.239190][ T5341] , fixing [ 77.258263][ T5341] bcachefs (loop0): check_dirents requires second pass [ 77.261854][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.261867][ T5341] u64s 7 type dirent 4096:1144629051699013407:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.292445][ T5341] bcachefs (loop0): dirent points to missing inode: [ 77.292459][ T5341] u64s 7 type dirent 4096:2459259457053216672:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 77.305670][ T45] Bluetooth: hci0: command tx timeout [ 77.322736][ T5341] ================================================================== [ 77.326036][ T5341] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 77.329317][ T5341] Read of size 1 at addr ffff888056d43048 by task syz.0.0/5341 [ 77.332784][ T5341] [ 77.333875][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) [ 77.333886][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.333892][ T5341] Call Trace: [ 77.333898][ T5341] [ 77.333902][ T5341] dump_stack_lvl+0x189/0x250 [ 77.333918][ T5341] ? __virt_addr_valid+0x1c8/0x5c0 [ 77.333929][ T5341] ? rcu_is_watching+0x15/0xb0 [ 77.333938][ T5341] ? __kasan_check_byte+0x12/0x40 [ 77.333948][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.333960][ T5341] ? rcu_is_watching+0x15/0xb0 [ 77.333973][ T5341] ? lock_release+0x4b/0x3e0 [ 77.333990][ T5341] ? __virt_addr_valid+0x1c8/0x5c0 [ 77.334004][ T5341] ? __virt_addr_valid+0x4a5/0x5c0 [ 77.334018][ T5341] print_report+0xd2/0x2b0 [ 77.334030][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.334042][ T5341] kasan_report+0x118/0x150 [ 77.334056][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.334070][ T5341] bch2_check_dirents+0x1fac/0x33f0 [ 77.334083][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 77.334092][ T5341] ? desc_read+0x1b8/0x3f0 [ 77.334101][ T5341] ? prb_first_seq+0xfd/0x1a0 [ 77.334109][ T5341] ? __pfx_bch2_check_dirents+0x10/0x10 [ 77.334120][ T5341] ? __pfx_prb_first_seq+0x10/0x10 [ 77.334129][ T5341] ? desc_read+0x1b8/0x3f0 [ 77.334137][ T5341] ? this_cpu_in_panic+0x4f/0x80 [ 77.334145][ T5341] ? _prb_read_valid+0xa07/0xa90 [ 77.334153][ T5341] ? console_flush_all+0x13a/0xc40 [ 77.334163][ T5341] ? up+0xde/0x150 [ 77.334237][ T5341] ? __console_unlock+0x14c/0x1a0 [ 77.334252][ T5341] ? __pfx___console_unlock+0x10/0x10 [ 77.334274][ T5341] ? prb_read_valid+0x3c/0x60 [ 77.334285][ T5341] ? console_unlock+0x21b/0x270 [ 77.334294][ T5341] ? __pfx_console_unlock+0x10/0x10 [ 77.334304][ T5341] ? vprintk_emit+0x63e/0x7a0 [ 77.334316][ T5341] ? __bch2_print+0x176/0x220 [ 77.334326][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 77.334334][ T5341] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.334348][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.334364][ T5341] __bch2_run_recovery_passes+0x395/0x1010 [ 77.334384][ T5341] bch2_run_recovery_passes+0x184/0x210 [ 77.334398][ T5341] bch2_fs_recovery+0x2690/0x3a50 [ 77.334410][ T5341] ? check_noncircular+0xe0/0x160 [ 77.334427][ T5341] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 77.334443][ T5341] ? __lock_acquire+0xab9/0xd20 [ 77.334455][ T5341] ? __lock_acquire+0xab9/0xd20 [ 77.334463][ T5341] ? __lock_acquire+0xab9/0xd20 [ 77.334473][ T5341] ? bch2_fs_start+0xa0f/0xda0 [ 77.334482][ T5341] ? up_write+0x1c4/0x420 [ 77.334491][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 77.334500][ T5341] bch2_fs_start+0xaaf/0xda0 [ 77.334511][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 77.334520][ T5341] ? __pfx_bch2_fs_start+0x10/0x10 [ 77.334531][ T5341] ? sget+0x267/0x620 [ 77.334539][ T5341] bch2_fs_get_tree+0xb39/0x1520 [ 77.334552][ T5341] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 77.334562][ T5341] ? aa_get_newest_label+0xf7/0x5d0 [ 77.334573][ T5341] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 77.334585][ T5341] ? apparmor_capable+0x137/0x1b0 [ 77.334597][ T5341] vfs_get_tree+0x92/0x2b0 [ 77.334610][ T5341] do_new_mount+0x24a/0xa40 [ 77.334626][ T5341] __se_sys_mount+0x317/0x410 [ 77.334637][ T5341] ? __pfx___se_sys_mount+0x10/0x10 [ 77.334650][ T5341] ? do_syscall_64+0xbe/0x3b0 [ 77.334661][ T5341] ? __x64_sys_mount+0x20/0xc0 [ 77.334675][ T5341] do_syscall_64+0xfa/0x3b0 [ 77.334686][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.334698][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.334705][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 77.334713][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.334721][ T5341] RIP: 0033:0x7f60e01900ca [ 77.334729][ T5341] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.334736][ T5341] RSP: 002b:00007f60e1084e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.334746][ T5341] RAX: ffffffffffffffda RBX: 00007f60e1084ef0 RCX: 00007f60e01900ca [ 77.334751][ T5341] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f60e1084eb0 [ 77.334756][ T5341] RBP: 00002000000000c0 R08: 00007f60e1084ef0 R09: 0000000000818001 [ 77.334761][ T5341] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 77.334766][ T5341] R13: 00007f60e1084eb0 R14: 000000000000594d R15: 0000200000000480 [ 77.334775][ T5341] [ 77.334779][ T5341] [ 77.518867][ T5341] The buggy address belongs to the physical page: [ 77.521816][ T5341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56d43 [ 77.525897][ T5341] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 77.529021][ T5341] raw: 04fff00000000000 0000000000000000 ffffea00015b50c8 0000000000000000 [ 77.532670][ T5341] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 77.536325][ T5341] page dumped because: kasan: bad access detected [ 77.538961][ T5341] page_owner tracks the page as freed [ 77.541180][ T5341] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 49, tgid 49 (kworker/0:1H), ts 76293040411, free_ts 77322196978 [ 77.548353][ T5341] post_alloc_hook+0x240/0x2a0 [ 77.550503][ T5341] get_page_from_freelist+0x21e4/0x22c0 [ 77.552963][ T5341] __alloc_frozen_pages_noprof+0x181/0x370 [ 77.555632][ T5341] __alloc_pages_noprof+0xa/0x30 [ 77.557903][ T5341] ___kmalloc_large_node+0x85/0x210 [ 77.560275][ T5341] __kmalloc_large_node_noprof+0x18/0x90 [ 77.562711][ T5341] __kvmalloc_node_noprof+0x6d/0x5f0 [ 77.565015][ T5341] bch2_btree_node_read_done+0x3305/0x5520 [ 77.567636][ T5341] btree_node_read_work+0x426/0xe30 [ 77.570067][ T5341] process_scheduled_works+0xae1/0x17b0 [ 77.572782][ T5341] worker_thread+0x8a0/0xda0 [ 77.574913][ T5341] kthread+0x70e/0x8a0 [ 77.576695][ T5341] ret_from_fork+0x3fc/0x770 [ 77.578790][ T5341] ret_from_fork_asm+0x1a/0x30 [ 77.581019][ T5341] page last free pid 5341 tgid 5340 stack trace: [ 77.583888][ T5341] __free_pages_ok+0xa44/0xc20 [ 77.585972][ T5341] __folio_put+0x21b/0x2c0 [ 77.587949][ T5341] free_large_kmalloc+0x145/0x200 [ 77.590448][ T5341] btree_node_sort+0x117f/0x1760 [ 77.592661][ T5341] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 77.595285][ T5341] bch2_btree_node_prep_for_write+0x337/0x650 [ 77.597919][ T5341] bch2_trans_lock_write+0x669/0xba0 [ 77.600431][ T5341] __bch2_trans_commit+0x2773/0x8870 [ 77.603190][ T5341] bch2_check_dirents+0x1c5c/0x33f0 [ 77.605920][ T5341] __bch2_run_recovery_passes+0x395/0x1010 [ 77.608455][ T5341] bch2_run_recovery_passes+0x184/0x210 [ 77.610872][ T5341] bch2_fs_recovery+0x2690/0x3a50 [ 77.613142][ T5341] bch2_fs_start+0xaaf/0xda0 [ 77.615147][ T5341] bch2_fs_get_tree+0xb39/0x1520 [ 77.617310][ T5341] vfs_get_tree+0x92/0x2b0 [ 77.619373][ T5341] do_new_mount+0x24a/0xa40 [ 77.621381][ T5341] [ 77.622490][ T5341] Memory state around the buggy address: [ 77.625035][ T5341] ffff888056d42f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.628717][ T5341] ffff888056d42f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.632276][ T5341] >ffff888056d43000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.635728][ T5341] ^ [ 77.638657][ T5341] ffff888056d43080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.642446][ T5341] ffff888056d43100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.646184][ T5341] ================================================================== [ 77.737095][ T5319] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 77.832940][ T5341] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 77.836119][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) [ 77.841439][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.846263][ T5341] Call Trace: [ 77.847772][ T5341] [ 77.849172][ T5341] dump_stack_lvl+0x99/0x250 [ 77.851309][ T5341] ? __asan_memcpy+0x40/0x70 [ 77.853477][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.855847][ T5341] ? __pfx__printk+0x10/0x10 [ 77.858083][ T5341] panic+0x2db/0x790 [ 77.859923][ T5341] ? __pfx_panic+0x10/0x10 [ 77.861957][ T5341] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 77.864557][ T5341] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 77.867273][ T5341] ? print_memory_metadata+0x314/0x400 [ 77.869664][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.872015][ T5341] check_panic_on_warn+0x89/0xb0 [ 77.874310][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.876809][ T5341] end_report+0x78/0x160 [ 77.878937][ T5341] kasan_report+0x129/0x150 [ 77.880955][ T5341] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.883457][ T5341] bch2_check_dirents+0x1fac/0x33f0 [ 77.885772][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 77.888080][ T5341] ? desc_read+0x1b8/0x3f0 [ 77.890078][ T5341] ? prb_first_seq+0xfd/0x1a0 [ 77.892237][ T5341] ? __pfx_bch2_check_dirents+0x10/0x10 [ 77.894829][ T5341] ? __pfx_prb_first_seq+0x10/0x10 [ 77.897198][ T5341] ? desc_read+0x1b8/0x3f0 [ 77.899165][ T5341] ? this_cpu_in_panic+0x4f/0x80 [ 77.901286][ T5341] ? _prb_read_valid+0xa07/0xa90 [ 77.903419][ T5341] ? console_flush_all+0x13a/0xc40 [ 77.905629][ T5341] ? up+0xde/0x150 [ 77.907234][ T5341] ? __console_unlock+0x14c/0x1a0 [ 77.909621][ T5341] ? __pfx___console_unlock+0x10/0x10 [ 77.912213][ T5341] ? prb_read_valid+0x3c/0x60 [ 77.914345][ T5341] ? console_unlock+0x21b/0x270 [ 77.916410][ T5341] ? __pfx_console_unlock+0x10/0x10 [ 77.918659][ T5341] ? vprintk_emit+0x63e/0x7a0 [ 77.920740][ T5341] ? __bch2_print+0x176/0x220 [ 77.922733][ T5341] ? bch2_check_dirents+0x2f1/0x33f0 [ 77.924978][ T5341] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.927312][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.929702][ T5341] __bch2_run_recovery_passes+0x395/0x1010 [ 77.932319][ T5341] bch2_run_recovery_passes+0x184/0x210 [ 77.934791][ T5341] bch2_fs_recovery+0x2690/0x3a50 [ 77.936955][ T5341] ? check_noncircular+0xe0/0x160 [ 77.939160][ T5341] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 77.941470][ T5341] ? __lock_acquire+0xab9/0xd20 [ 77.943578][ T5341] ? __lock_acquire+0xab9/0xd20 [ 77.945713][ T5341] ? __lock_acquire+0xab9/0xd20 [ 77.947781][ T5341] ? bch2_fs_start+0xa0f/0xda0 [ 77.949910][ T5341] ? up_write+0x1c4/0x420 [ 77.951968][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 77.954328][ T5341] bch2_fs_start+0xaaf/0xda0 [ 77.956479][ T5341] ? bch2_fs_start+0x5e7/0xda0 [ 77.958557][ T5341] ? __pfx_bch2_fs_start+0x10/0x10 [ 77.960725][ T5341] ? sget+0x267/0x620 [ 77.962465][ T5341] bch2_fs_get_tree+0xb39/0x1520 [ 77.964535][ T5341] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 77.966883][ T5341] ? aa_get_newest_label+0xf7/0x5d0 [ 77.969249][ T5341] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 77.971700][ T5341] ? apparmor_capable+0x137/0x1b0 [ 77.974013][ T5341] vfs_get_tree+0x92/0x2b0 [ 77.976111][ T5341] do_new_mount+0x24a/0xa40 [ 77.978312][ T5341] __se_sys_mount+0x317/0x410 [ 77.980350][ T5341] ? __pfx___se_sys_mount+0x10/0x10 [ 77.982591][ T5341] ? do_syscall_64+0xbe/0x3b0 [ 77.984538][ T5341] ? __x64_sys_mount+0x20/0xc0 [ 77.986650][ T5341] do_syscall_64+0xfa/0x3b0 [ 77.988620][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.990793][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.993360][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 77.995419][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.998024][ T5341] RIP: 0033:0x7f60e01900ca [ 78.000151][ T5341] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.008394][ T5341] RSP: 002b:00007f60e1084e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 78.011927][ T5341] RAX: ffffffffffffffda RBX: 00007f60e1084ef0 RCX: 00007f60e01900ca [ 78.015462][ T5341] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f60e1084eb0 [ 78.019292][ T5341] RBP: 00002000000000c0 R08: 00007f60e1084ef0 R09: 0000000000818001 [ 78.022787][ T5341] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 78.026210][ T5341] R13: 00007f60e1084eb0 R14: 000000000000594d R15: 0000200000000480 [ 78.029615][ T5341] [ 78.031340][ T5341] Kernel Offset: disabled [ 78.033176][ T5341] Rebooting in 86400 seconds..