program: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x68000000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r4) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r5, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}, {0x4, 0x3}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x705, 0x70bd2b, 0x5, {0x0, 0x0, 0x0, 0x0, {0x1, 0xffe0}, {0x10, 0x8}, {0xfff2, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x32e83a8a9c78b83e) sendmsg$AUDIT_DEL_RULE(r6, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000005d80)={0x448, 0x3f4, 0x100, 0x70bd26, 0x25dfdbfe, {0x2, 0x0, 0x25, [0x5, 0x3, 0x218, 0x5, 0xcc32, 0x8001, 0x1, 0x1, 0x8, 0x9, 0xfffffffe, 0x7b0e, 0x6, 0x2, 0x8, 0x2, 0x5, 0x5, 0x53, 0x8, 0x5, 0x1, 0x2, 0x80000000, 0x50000000, 0x4f, 0x6, 0x3, 0x5, 0x0, 0x3, 0xd, 0x340, 0x3, 0x2, 0xb, 0x9, 0x8, 0x3, 0x0, 0x0, 0x3, 0x4, 0x63a, 0x5, 0xfffff40a, 0x0, 0x6, 0x7, 0x7, 0x5, 0x338, 0x1, 0x737, 0x7e, 0x5a, 0x2, 0x4, 0x5, 0xe, 0xa28f, 0x5, 0x7, 0xb7], [0xb33, 0x8, 0x4, 0x3374, 0xfffffffa, 0x7fffffff, 0x400, 0x0, 0x2, 0x2, 0x1, 0x6, 0x9, 0x7, 0x36, 0x3, 0x4, 0x10000, 0xfffffffe, 0x4, 0x8, 0x80000001, 0x9, 0xad29, 0x1, 0x4e53, 0x2, 0x6, 0x5, 0x8, 0x9, 0x1, 0x9, 0x0, 0x1, 0xb, 0x9, 0x1000, 0xfffffff8, 0x1, 0x0, 0x4, 0x9, 0x566e, 0x6, 0xe254, 0x373, 0x1, 0x0, 0x7, 0x4, 0x6, 0x7f, 0x9, 0x3, 0x76f, 0x2, 0x7f, 0x8, 0x9, 0x2, 0xffff, 0xe26, 0x7fff], [0x7, 0x2b2, 0x6000, 0xd, 0x9, 0x3, 0x0, 0x4f34, 0x2, 0x8, 0xff, 0x4eb, 0x1, 0x9, 0x200, 0x200, 0x9, 0x6, 0x814, 0x7, 0x6, 0x0, 0x1, 0x9, 0x1, 0x2, 0x2, 0x81, 0x9, 0x80, 0xfffffff9, 0x5, 0x3, 0xe, 0x4, 0x9, 0x5, 0x3, 0x7fff, 0x6e3, 0xda7, 0x8000, 0x3, 0x101, 0x2, 0x7, 0x5, 0x33e6, 0xfffffe92, 0x9, 0xf9a3, 0x0, 0x0, 0xffff00, 0x0, 0x3, 0x3, 0x665, 0x5, 0x8, 0x0, 0x101, 0x1, 0x4b], [0x6, 0x8, 0x3746, 0x7ff, 0x9, 0x4, 0x5, 0x9, 0x0, 0x1, 0x2fd2, 0x80000001, 0x800000, 0x7fff, 0x3178, 0x401, 0x30c574ac, 0x3c5c, 0x800, 0x0, 0xfffffffc, 0x8, 0x2, 0x153, 0x3ff, 0x9055, 0xf, 0x7, 0x80000001, 0xfffffffe, 0x4, 0x7, 0x4, 0x1, 0x9, 0x3, 0x8, 0x101, 0x4, 0x4, 0xffff9245, 0x1a759eed, 0x80000000, 0x2c, 0x9, 0x8, 0x2, 0x0, 0x43, 0x3, 0x2, 0x8, 0x5, 0x8, 0x2, 0xffffffff, 0x3, 0xff, 0xd, 0x2, 0x9, 0x101, 0x7, 0x2], 0x26, ['bcachefs\x00', '%\x00', '{(\x00', '\x00', 'bcachefs\x00', './\'[\x00', 'bcachefs\x00']}, ["", "", "", ""]}, 0x448}, 0x1, 0x0, 0x0, 0xc0040}, 0x4008011) syz_mount_image$bcachefs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000300)=ANY=[@ANYBLOB="7265636f766572795f706073735f6c6173743d636865636b5f616c6c6f635f746f5f6c72755f726566732c6d756d3d6372633332632c6572726f72733d636f6e74696e75652c696e6c696e655f646174613c7374725f686173683d736970686163682c6e6f6368616e6765732c6e6f636f772c6e6f6578636c2c6e6f636f772c009de64b13c7fe6458bcd6d2d7793dd0d582fa215cdb447daefca877f332de059c1ce3af538bd2704deba5435b74a9d2603c05922ff0efdfdcde03b87b29fa1c67cc652304af76370c95a26cb157"], 0x1, 0x597e, &(0x7f0000000400)="$eJzs3X+QXFW9IPBzu3synZn8mAR4RJDJEMh7PHiaCb8K5dUz7+17+gp4VCxe+QgbhYFMeNFJSCXhQQJKcMGFAiy0tBT1D7SQWjRaVMEqkRL5sQmraIrVpbaQWt1Ft8otZEkJZCnXdV7N9D09PXf6zu3p6QkJfD6VzO1z+vT3nHvu6dv3nO6ZDgAAALwt7L91+6GLT/i7H31y+PWb/v57m28OveXx/Gos0Jdur3+zWsjh1F1ZNr7Njos/u+Ebvx646m9++GDP19/Yt+HkjT//22OuevSjF+y958tPvLbw4T++WBQ3jqfTJ9LJy0kI1e8f/Pyn9j1z/FheEkIoJ327Q1iSLH1iSZIJMfj7EMKGNFGuTL7zodfP2ji2vfmO7kn5izNBjPe3t2o6znYduu6M8Iu/XnfLT5Z/+1tde17aPVEkqTaMpxAWXdH4+K4QwvwQwkAsnG6XZdJrQwg9DY87r6Bdp7TY/lU56RPT7bx021sQJ96/IpMuZcpl01FXZttTUN9s5bWj3XJFFmTS2ZPRbOW1M+YvSbffTbenzzB+Of5PQikJlXrzR5KJMRIajlsSkvFjWa2nS/VjG9L9z6STTLqUSZe7Mvs1Xm860MpJMjk/lsvkx9NxJc0/ufFc3cQlOfnvSLfV9In6RkyH7I2a3ik36vs1Lrbr4DRtORzG+ql7mvzx8VSeOHi96T70JkunPGa0iXjfvnV3riyvf3J/X047kgeTNH7SVvxdP16y4CPfvP3aZXnxryil8Uttxf/lhQdeuez2r30pN/7dMX65rfhnPtbz8oVP3boir3/i8OoNlbbiD7349F3Lj71yT2777439X20r/pq9B7oXHnrs8dzjOxj7Z35b8V84//2/euC5R17KjR9i/J624q/fu/XT3f2HTsuN/3jsn972xs+re859vr//NwN58Z+N8Re2Ff/+3fe8977Fd1yQe3zXxv7payv+Rac+esuCQ4+clHfuTO7t1CsnwNvTMek11m1perp5Zvc088zZapgvfHGgUrvmW5D+X9jJijIXn2P1LOpkfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRx3xn/+wP/8UN/LlTTdnd54oVTbxvx5ISTzQwjbdwxt27Fpy9UDH73m2m1bhkYGhnYMDI+Utu0cOPsvBrYNbx0Z2jl27+C7zqo9bmlIatvkpCl1d4+Ojpb6JufF+v7NqXt+sfK8//3bEAaP+1l/Jbf9q+7ZfN+xTX5mJGtG37f52ot/ds5X0/3qS9vV16Rdo6OjoyGnXf/n0j/c99mDvz4thME/ma5dT7/wVz+Y1KDxjIk4qVJ3qDWoO+lp2o56q9P2xP6qbNw0Mjw4ff+OPb6csx//9oaXfr/x+s/8oda/1dz9aLF/568ZHSl9Yd1F//8LN9YyitpV349Mu+b6uBf1d9yL2L7Yf9W0vxel+7UoZ78qOf19608ef+77J9z+2u4wWHl1+dS6i/arKx0AXck7Wqo31tCTLJmUX03LxyMeH7dqx+atq7bv3PWuTZuHrh6+enjLe1afvfrcwXPOPWfV+J6v6vD+x/r/tMX9b3U8Zeud2Xha/C+7vxt/tjaeitpV1B9j7Sruj8YW5T3/ei751Ofec89TF9cyisZ5LF1/HqbbnrHjvDo0jLepfdVsv4r6IYQw0KwfXnntgnD8f9t0S9F5qPHINP7MSNaMPrPid1897yvL/rKWcVjO840NavM8X2/1RHvG+6uaHo/RI7R/u0M53a/epu1a/cxTXXfu/+3H6+2bNy9cP7Rjx7bVtZ8L0pYuSE5s2q5sbtyv5eM/yyHtllAfpk3G65iuUGtf9vwZi2d7tTe9rzdZ2nS/suJ9+9bdubK8/sn9eT2dPFircX5YWNsm78wpOZJ5YLne4Gb1H6nPv6Lx0f+Brzz8oYe/c/aU8XFm7WfRfiU5+/Xt5+7/3Nc/8++/07n9+sBfHej73X//55W1jKPlvFJvddqepPG8cmYIRc+/5aH5fuQ+/0rN96fo+ZetZ6J883gDmXRvKBc/X6thyvP1zMd6Xr7wqVtX5D5fD7b6fL1xUqpc8Hw9UsZP9vmVVCa3Y+6eX5MGSrJm9Ie3HbP7iZvWnlDLKBrX9dLNxvVZLcw/cvbrB5c933/NwL/7r507b3zjLx66/OdDaz5Ry2j/uMe2dOa4V9P+reb0b73Vcd7Z2L/vvuqakQ21/CP3+jfdFsx/4qlk+85dHxsaGRnetr21/Wr19TTWk+3ldl9P49ltacF+labs19zdaKW/Wn2+xfZvaLu/Jj/fekPS1nXcrh8vWfCRb95+bd+UR6UVXVFK45faiv/LCw+8ctntX/tSbvy7Y/xKW/GHXnz6ruXHXrknN/69SRq/2lb8NXsPdC889NjjufEHY/vntxX/hfPf/6sHnnvkpdz4Icbvba//X91z7vP9/b/Jjf9sktYzdo0UwkOvn7Wxlk5CV/p8i+3omtSukE0nmXQpky43pku1tdZ6BeUkmZwfy6X5Jze0pZl/ysmPV2HVZbXtGzEdsjemzz/SlBrO/c3yi65TAQDe6uL7//EaNL7/P5xeKOWvNMCE2c7DluXEjfOwifWceZPuX5bGj4+P64D97w6DY9ubB2oX+jN9HyE+H7LrnLGe006ZHKPddc6i9fcVmXRsV229vNIwD01NnddUQgvr71PrmX79PbP7xevjA7dNadZAw7pV9vh1pStmzT7vkGlvZSxC3vjIrovFz3P0Lwprx+trcXxkP0cTj0P2czSxnhMyJ852P0cz2/ERmz3N+BhvcvH7G1OPX5imfyeOX/No2eM3g+NdHSs/1+/PdmDdsOkp7fCtG7bwfliT+K2+H1Zfl1wztcx08d8u65JH+rphzI/7UWlxPfFDOfmtrCc2rsvlrSfG00Vs18Fp2nI4WE8E3qri/D++RozN/8cuwP9vplzRdWj2qjHGy/2cULl5e4rmHVM/p9fT1uv4+r1bP93df+i03Oucx1v93M/WSamegs/9FPXjyky6sB9zFmiK5nvZeor6Pfu5jN6wsK1+v3/3Pe+9b/EdF+T2+9raC2lxv39uUmphQb8fBfOF5vHfavMFn2OYHL9Dn2MoWj970+Yj6Qef5mo+8o85+TP9fEPPlBv1/Rp31M1Hug5vuwCAo0ec/9ffP0vn//8jFkivI4rmradn0jFe7rw15/okb976D+n2+kz53vQ3KmZ63XzRqY/esuDQIyflzlvubXUe+h8mpfoK56GzmzfnziPWdubz4rnziPo8a3bzxNz21+eJs5un58avz9NnN4/O7Z/6PHp26wC58evrAEf7PLdgvS5TWUy2ul73lp1Hp78+O1fz6Ety8mc6j+6dcqO+X+PMowEA3lxx/h8v4+L8/6lMudm+z547L5jtdXuS9xd/0vjPHq555VzP++Z63jrX8/q5Xpc42ufFc70u1N7xbXWd7G0/L04rNS8GAOBIFuf/89N0/vx/dvOTZvO3rknzE/PzpvHNz4+Q+fkRuv6Vvm+d/Xu49fj19a+5/ZzM237+H9Mhe6PG/B8AgCNBnP/HX3uMf//vP6Xp7N+tN0/PiW+ebp4+3fhpeZ7e+XW2MGmdzTrAYV8HmD9R3joAAABvhq7xmdLU37P/cLrN/p593u/lX5ZTvlWV9PL4yh3bhocvv3brhqEdw5dvuWbD8PbLr9u2aceO4S21crOdN+bOW9J5Y1eopP3RvFx23rY4/XsIi3P+HkK2fAx74viNqX8PIVvt/IK/IzBx/Fprb97xK01Tvtn4yDveefH/Kad8VD/+V/3zmZdv3H75pi2bdmwaGtm0a3hyubFZa88MvjczdsuMvi8182OK0sy/v7Mz7ShNaUdX2h9538+eZNqxJG3JkrzvP8hp94/+y2f/5dTRPzwQwuBx5XfOqv+SNaP/8dLhf9ix/2dbx9o/f9r210um7Sr6vtJs+bg/lZFrtu84Y+M1127JfqNke+J6RqmenqP1jPTpX25xfWJ9Tv5MP6dQnnLjyNTy+gQAAJPE9//j9Wx8//Az6QVUzG99nj67949z5+mDrc3Ts99LVjRPz5aP+9vqPL06y3l6tv6ieXqz8s3m6Xnz7rz4/5hTfqZaHyez+5xH7ji5orVxkv0+g6Jxki0/03GSFI+TeTm71LT+onHSrHyzcZJ33PPifzCnfJ7Wx8PsPpeTOx7ubm08/HkmXTQesuVnOh5KszxvZOsvGg/NyjcbD3nHNy/+xTnlWzV5fIwNjPFxMXz5ddds+1hDubn+/ovZt29uv/+jXa23f24/9zX37Z/bz5XNfftn97my3PY/O7uVsNbbP7ff79Kuw7Zem756F33+rGgdd11O/kzXcedNuXFkso4Lb544/49v98T5/x3pttNvAx3935Pme8yaxu/Q95gVXcd4PZ+msiOA13MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA1nRXlo1v99+6/dDFJ/zdjz45/PpNf/+9zTf/2Q3f+PXAVX/zwwd7vv7Gvg0nb/z53x5z1aMfvWDvPV9+4rWFD//xxcLAfeM/K6enyWoIyctJCNXvH/z8p/Y9c/xYXhJCKCd9u0NYkix9YkmSiTD4+xDChno7J9/50OtnbRzb3nxH96T8xZkg2f0KveXYnsZ2hnB94R5xFKqm42zXoevOCL/463W3/GT5t7/Vteel3RNFkmrDeAph0RWNj+8KIcxP/4+Jo21ZfHC6XRtC6Gl43HkF7TqlxfavykmfmG7npdvegjjx/hWZdKleIsmkJ+vKbHsK6putvHa0W67Igkw6ezKarbx2xvwl6fa76fb0GcYvx/9JKCWhUm/+SDIxRkLDcUtCMn4sq/V0qX5sQ7r/mXSSSZcy6XJD+v+V4thMB1o5mRhfje0pZfLj6biS5p/ceK5u4pKc/Hek22r6RH0jpkP2Rk3vlBv1/RoX23VwmrYcDqWGc1Cz/PqBTw9Gb5rXmyyd8pjRJuJ9+9bdubK8/sn9fTntSB5M0vhJW/F3/XjJgo988/Zrl+XFv6KUxi+1Ff+XFx545bLbv/al3Ph3x/jltuKf+VjPyxc+deuK3P45GPun0lb8oRefvmv5sVfuyW3/vTF+ta34a/Ye6F546LHHc9s/GPtnflvxXzj//b964LlHXsqNH2L8nrbir9+79dPd/YdOy43/eOyf3vbGz6t7zn2+v/83A3nxn43xF7YV//7d97z3vsV3XJB7fNfG/ulrK/5Fpz56y4JDj5yUd+5M7u3UKyfA29Mx6TXWbWm63XnmbDXMF744UKld8y1I/y/sZEUZY/UsmsP4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8Nf30xrM/fOn7PriukoSQ5JQZbSLeV563Zs1AG/UOvfj0XcuPvXJPY96yNuIAAAAAxeI8vFTPqYZl4bpkfjixafm4RnBiTI1ndNfzs2sIMU52jaB5nFAYp9ShOOUOxal0KE5Xh+LM61Cc7g7FqRbEqYbW4syfJk5lbFS02J6eadvTepzeDsVZ0KE4CzsUZ1GH4izuUJy+aeO0Pg6XdCjO0g7FOaZDcY7tUJzjOhTnTzoU5/gOxcmuKc90HC5MS56QF2f8RrkwTiUp1+9otp5+fFrPSbOsp7egnoVFr8ct1jO/xXpOyTyuNMN6qi3W86ezrCdpsZ4/n2U9pYJ64ri9Ptu+WE9MtTj+d3Yozq7Zxflf8Xrrhg6158YOxfl4h+J8okNxbpplHIBWxfn/xHyvL3RX/jL0pGec7CpAnO8uH/859fUu74QU470zkz+vKF52op6Jt3ym7csuIGTircjkd02KV6nPR6aJV22MtzJzZ+H+ZhcUMu07PZPfXRQvu7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHPopzee/eFL3/fBdSEJY/+aGm0i3leet2bNQBv17lt358ry+if3N+Z1V9oIBAAAABSK8/Cuek41dFdWh+5k3qRy1XQdoJqmy321bf+isHZsmwyUxtM9yZJpH1dJH7dqx+atq7bv3PWuTZuHrh6+enjLe1afvfrcwXPOPWfVxk0jw4O1nyF0F8QLIYwvP2zfuetjQyMjw9u21zKz7V+WPm5Zmk4O1O7vf3cYHNvenLZ/aUF9pSn17Xz+/NpdEzkdujH9kQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH9l1+5C5DrLAAB/Z2Z2ZrptzEr/pqHZDPkpUYsmcSupls4BwUKbhCwFmamuJdgEi5smtEmJdWwDtjVBEVoCIZILI7HYWrzpjy1ifwhEajTgxiBt0V7ohdJqJS25kJSR3Z0zf5nJrGPpNunzXJxz5v3e73vPd1gW3jMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwwZuqjk2US+OV4SiEqEdOrYtkLJ2N4+IAdb/6/PYf5kZPr2yN5TIDLAQAAAD0lfThQ41IPuQy6ZAOV818Wjp9yNYHQrPvBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPnqmqmMT5dJ45eIohKhHTq2LZCydjePiAHXfeOfJz706Ovr31lhhgHUAAACA/pI+PNWI5EMhLAtD0VVtecm7gUUd8zvzknUWzzGv891Br7xlc8y7Zo55n+iTt6F+3hUAAADg/Jf0/5lGZCTkMgt69v/9+vokb0lHXrp+HuS3AgAAAMD/J+n/c41IIeQyhUa/Ptd+f2lHXjK/3/f2yfwVPeb3+z5/ff3se3oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOH9MVccmyqXxSjoKIeqRU+siGUtn47g4QN01Lwz/85YjDy1tjeUyAywEAAAA9JX04c3WOx9ymeEwFC6e6ftHbzr49JeffnYshDDb5mezYdemHTvuXjN7TPJWHzsy9IOjb32nsUySt3r2OC+bAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3ldT1bGJcmm8clEUQtQjp9ZFMpbOxnFxgLqvf+FLf3385HNvtsYKA6wDAAAA9Jf04c3ePx8KIRuy4YqZT629/rRUx/xe7wwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC8c937rvm5smJzff7eI8v4hCCC2R7Hzfj4vz+2K+/zMBAADvtyUhCrX/0ZUb5/uuAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD4Op6thEuTReyUchRD1yal0kY+lsHMcD1I2fP55bcPqFl1pjhQHWAQAAAPpL+vBm758PhTAUhsLlM5+6vROY6f9HPsCbBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5UpqpjE+XSeGVBFELUI6fWRTKWzsZxcYC6j+0+8PnDC79/c2sslxlgIQAAAKCvpA/PNiL5kMt8MuTC1fXPk+0TonT93P29QHPe9rZpw+3zsp2Tm/OqbfPSc663p2NnzZcJ03n5ZL2R2XNjXvHsecWZpzA7rxAa5Ytt88K+tlkL+txnAAAAgHmU9P+5RmQk5DK5lj73Z235I/pcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCHqerYRLk0XomiEKIeObUukrF0No6LA9S973cfv+RrP9+7szVWGGAdAAAAoL+kD2/2/vlQCIvDx8Limb4/jLTnJ3n/Kp85/Oi//7YyhFVXnBjNdC774+TiN6/f+GLnIYRUe3YqhIX1elGPer/9w6P3Lq+deTyEVZenrz6rXjh3vfYl49oz5c3rdxw9sb3PwwEAAIALRNL/DzUiIyGXuatn/5903n36/4aZBnzhvbt/eVn9WO/IO2akRur1Uj3qfXH5k39ZsfYfb033/+eq95kDWw9f1lZwNtIhimulrTs3nLjuUCrZ9Wz9dEf95Ll85dtv/mfLrkfOzNbPh3w9vijTrf7Zxw4XxbXJ1P7Kuvf2V9vrZ3rs/6Hfv3Ty14v2vjtd/50lw43615xj/+euP3zrw/uuP3BkQ3v9EEKxW/233705XPmnOx/s3P9wx8KtT7712CGKa8eWnjq09mDhhvb6UUf95Pn/4uRj+376yPeeTeonvxVZuWyu9VMd9V/Zc+nulx/YuChdD9X//nrs/8XbXh3dVvzuHzv3f0fbqpmed3H2/p+49qnbX9sU3985BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcGGZqo5NlEvjlVQUQtQjp9ZFMpbOxnFxgLpv3HL87dv2/uRHrbHCAOsAAAAA/SV9eLP3z4dCyIZsGJ7p+58pb16/4+iJ7WFkdjSqnzOT2+7Z8akt23bedcc83TkAAAAwV0n/n2lERkIuszwM1fv/0tadG05cdyiV9P+ppP/fcufk5lWhkffKnkt3v/zAxkWN9wQhzPwsID+d99lm3k03Hh859edvrOiat6aZd2zpqUNrDxZuSPJCa97q0Hg/8cS1T93+2qb4/sb9teZ9+uvbJuuvJ5J1h299eN/1B45saOyjfh6ur5vkTab2V9a9t7+a5KXr53x93wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA2aaqYxPl0nglpEOIeuTUukjG0tk4Lg5Qd93yXz14yennFrfGcpkBFgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ssOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUV9usvRKoqjgP4OTO77bizq7saZEXrakVhD0lBRL1UVIRGCD0ZEpbmQxQEEYU9tIZGYkUvQdaLRAXVFkJBbpJosUb/pJceKiiwHgKRFspFeqjYmXNnZ+/ObfKuBdXnA8PZc+be7/3de86c2QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/lb6e5Y32yM4Hp28776ZPHr/n5GO3vHf/9kseff2H0c03fLyv/5VTk1tWbv36xmWbD9y7dmLPi4d/GXznt2Ndgx9pNqtTtxZCPBFDqL0/9dwTk5+eMzMWQwjVODQWwnBceng45hLW/BpC2NKqc+6bb5+8cutMu31335zxJbmQ/H2FejWrp2lobr38t9TSOts2/fBl4dvrN+z4fMVbb/aOHx+bPSTW2tZTCIs3tZ/fG0JYlF4zstW2PDs5tetDCP1t513dpa4L/2L9lxf0z0/tWamtd8nJ3l+V61dyx+X7md5c29/legtVVEfZ47oZyPXzm9FCFdWZjQ+n9t3Urj7N/Gr2iqESQ0+r/Pvi7BoJbfMWQ2zMZa3Vr7TmNqT7z/Vjrl/J9au9uftqXDcttGqMc8ez43Lj2Xbck8ZXtu/VHdxeMH5uamvpg3oq64f8H031eX+07qshq2vqT2r5J1Ta9qBO462JT5NRT2P1uHTeOb93kL03ueGpi6sbPzgyVFBH3BdTfiyVv+2z4YE739j10PKi/E2VlF8plf/duqM/3bHrpRcK85/N8qul8q842H9i3Yc7VxU+n6ns+fSUyr/r2EdPrzj77vFOc93I35vl10rlXzdxtG9w+uChwvrXZM9nUan8b669+fvXvtx/vDA/ZPn9pfI3TjzwTN/I9KWF+YeaH4V6Y4WWWD8/j1/11cjIj6NF+V9kz3+wQ37smv/q2J5rXl6ye23h+lyfPZ+hUvXfetGBHQPT+y8o2jvj3jP1zQnw/7Qs/Y/1ZOqfzu/M2d164dp+Lzw/2tP8BhpIr8Ezd5l5Zq6z+G/MBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAP9iBAxIAAAAAQf9ftyNQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//7v4Hw0=") [ 86.067581][ T5332] syz.0.0 (5332) used greatest stack depth: 17288 bytes left [ 85.146035][ T4673] Bluetooth: hci0: command tx timeout [ 85.474017][ T5332] loop0: detected capacity change from 0 to 32768 [ 85.597257][ T5332] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nochanges,nojournal_transaction_names,noexcl,read_only,nocow [ 85.597275][ T5332] allowing incompatible features above 0.0: (unknown version) [ 85.597282][ T5332] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 85.616994][ T5332] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 85.621963][ T5332] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 85.626975][ T5332] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 85.626986][ T5332] has non ptr field, deleting [ 85.640542][ T5332] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 85.643842][ T5332] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 85.643842][ T5332] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 85.643842][ T5332] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 85.708762][ T5332] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing [ 85.719878][ T5332] bcachefs (loop0): btree node read error at btree subvolumes level 0/0 [ 85.719907][ T5332] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0 [ 85.719916][ T5332] loop0 node offset 0/16 bset u64s 0: invalid bkey format: field 2 too large: 18446744073709551615 + 0 > 4294967295 [ 85.719925][ T5332] u64s 3 fields 64:0, 64:0, 64:0, 0:0, 0:0, 0:0 [ 85.719931][ T5332] flagging btree subvolumes lost data [ 85.719936][ T5332] ret btree_node_read_validate_error [ 85.748314][ T5332] bcachefs (loop0): error reading btree root btree=subvolumes level=0: btree_node_read_error, fixing [ 85.762434][ T5332] bcachefs (loop0): check_topology... [ 85.762545][ T5332] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 85.769872][ T5332] bcachefs (loop0): no nodes found for btree inodes, continuing [ 85.773497][ T5332] bcachefs (loop0): btree root subvolumes unreadable, must recover from scan [ 85.779875][ T5332] bcachefs (loop0): no nodes found for btree subvolumes, continuing [ 85.784526][ T5332] done [ 85.786105][ T5332] bcachefs (loop0): accounting_read... done [ 85.790451][ T5332] bcachefs (loop0): alloc_read... done [ 85.793096][ T5332] bcachefs (loop0): snapshots_read... done [ 85.795949][ T5332] bcachefs (loop0): check_allocations... [ 85.799524][ T5332] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 85.799549][ T5332] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 85.816545][ T5332] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 85.816555][ T5332] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 85.830425][ T5332] bcachefs (loop0): bucket 0:32 gen 0 different types of data in same bucket: journal, btree [ 85.830439][ T5332] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 85.843746][ T5332] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 85.843759][ T5332] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 85.856669][ T5332] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong cached_sectors: got 458752, should be 0, fixing [ 85.863112][ T5332] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.868317][ T5332] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 85.875941][ T5332] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.881437][ T5332] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 85.886665][ T5332] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.891198][ T5332] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 85.896914][ T5332] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.902767][ T5332] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 85.908692][ T5332] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.913029][ T5332] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 85.920942][ T5332] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.925239][ T5332] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 85.930864][ T5332] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.935278][ T5332] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 85.941515][ T5332] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.945785][ T5332] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 85.951247][ T5332] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.955678][ T5332] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 85.961940][ T5332] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.966637][ T5332] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 85.972318][ T5332] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 85.972337][ T5332] Ratelimiting new instances of previous error [ 85.980501][ T5332] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 85.980520][ T5332] Ratelimiting new instances of previous error [ 85.996733][ T5332] done [ 85.999487][ T5332] bcachefs (loop0): going read-write [ 86.125633][ T5332] bcachefs (loop0): journal_replay... done [ 86.159027][ T5332] bcachefs (loop0): check_lrus... [ 86.160120][ T5332] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 86.160144][ T5332] u64s 5 type set 18446462598867058688:6597069766690:0 len 0 ver 0 [ 86.160152][ T5332] for u64s 5 type deleted 0:6597069766690:0 len 0 ver 0, fixing [ 86.175193][ T5332] done [ 86.176663][ T5332] bcachefs (loop0): check_backpointers_to_extents... done [ 86.182981][ T5332] bcachefs (loop0): check_extents_to_backpointers... [ 86.183849][ T5332] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 86.191856][ T5332] done [ 86.193113][ T5332] bcachefs (loop0): check_subvols... done [ 86.195330][ T5332] bcachefs (loop0): check_inodes... done [ 86.198548][ T5332] bcachefs (loop0): check_dirents... [ 86.204970][ T5332] bcachefs (loop0): hash table key at wrong offset: should be at 6490828889369682218 [ 86.204984][ T5332] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 86.216952][ T5332] bcachefs (loop0): hash table key at wrong offset: should be at 2196490510264985959 [ 86.216966][ T5332] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 86.716902][ T10] cfg80211: failed to load regulatory.db [ 87.188535][ T5306] Bluetooth: hci0: command tx timeout [ 87.274790][ T5332] bcachefs (loop0): dirent points to missing inode: [ 87.274805][ T5332] u64s 7 type dirent 4096:2196490510264985959:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 87.284524][ T5332] bcachefs (loop0): hash table key at wrong offset: should be at 6923363027923091 [ 87.284537][ T5332] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 87.294316][ T5332] bcachefs (loop0): hash table key at wrong offset: should be at 6168811922833379006 [ 87.294347][ T5332] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 87.305451][ T5332] bcachefs (loop0): dirent points to missing inode: [ 87.305463][ T5332] u64s 7 type dirent 4096:6168811922833379006:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 87.314283][ T5332] bcachefs (loop0): dirent points to missing inode: [ 87.314296][ T5332] u64s 7 type dirent 4096:6490828889369682218:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 88.312515][ T5332] ================================================================== [ 88.316152][ T5332] BUG: KASAN: slab-use-after-free in bch2_check_dirents+0x1efd/0x3390 [ 88.319749][ T5332] Read of size 1 at addr ffff8880549a0138 by task syz.0.0/5332 [ 88.322898][ T5332] [ 88.324008][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 88.324022][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.324029][ T5332] Call Trace: [ 88.324037][ T5332] [ 88.324043][ T5332] dump_stack_lvl+0x189/0x250 [ 88.324062][ T5332] ? __virt_addr_valid+0x1c8/0x5c0 [ 88.324074][ T5332] ? rcu_is_watching+0x15/0xb0 [ 88.324089][ T5332] ? __kasan_check_byte+0x12/0x40 [ 88.324106][ T5332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.324120][ T5332] ? rcu_is_watching+0x15/0xb0 [ 88.324135][ T5332] ? lock_release+0x4b/0x3e0 [ 88.324151][ T5332] ? __virt_addr_valid+0x1c8/0x5c0 [ 88.324161][ T5332] ? __virt_addr_valid+0x4a5/0x5c0 [ 88.324170][ T5332] print_report+0xd2/0x2b0 [ 88.324178][ T5332] ? bch2_check_dirents+0x1efd/0x3390 [ 88.324188][ T5332] kasan_report+0x118/0x150 [ 88.324195][ T5332] ? bch2_check_dirents+0x1efd/0x3390 [ 88.324208][ T5332] bch2_check_dirents+0x1efd/0x3390 [ 88.324224][ T5332] ? bch2_check_dirents+0x2ea/0x3390 [ 88.324238][ T5332] ? desc_read+0x1b8/0x3f0 [ 88.324254][ T5332] ? prb_first_seq+0xfd/0x1a0 [ 88.324268][ T5332] ? __pfx_bch2_check_dirents+0x10/0x10 [ 88.324282][ T5332] ? __pfx_prb_first_seq+0x10/0x10 [ 88.324297][ T5332] ? desc_read+0x1b8/0x3f0 [ 88.324313][ T5332] ? this_cpu_in_panic+0x4f/0x80 [ 88.324328][ T5332] ? _prb_read_valid+0xa07/0xa90 [ 88.324343][ T5332] ? console_flush_all+0x13a/0xc40 [ 88.324354][ T5332] ? up+0xde/0x150 [ 88.324405][ T5332] ? __console_unlock+0x14c/0x1a0 [ 88.324415][ T5332] ? __pfx___console_unlock+0x10/0x10 [ 88.324428][ T5332] ? prb_read_valid+0x3c/0x60 [ 88.324443][ T5332] ? console_unlock+0x21b/0x270 [ 88.324454][ T5332] ? __pfx_console_unlock+0x10/0x10 [ 88.324466][ T5332] ? vprintk_emit+0x63e/0x7a0 [ 88.324482][ T5332] ? __bch2_print+0x176/0x220 [ 88.324504][ T5332] ? bch2_check_dirents+0x2ea/0x3390 [ 88.324518][ T5332] ? _raw_spin_unlock_irq+0x23/0x50 [ 88.324531][ T5332] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.324547][ T5332] __bch2_run_recovery_passes+0x395/0x1010 [ 88.324563][ T5332] bch2_run_recovery_passes+0x184/0x210 [ 88.324574][ T5332] bch2_fs_recovery+0x25fd/0x3950 [ 88.324589][ T5332] ? check_noncircular+0xe0/0x160 [ 88.324602][ T5332] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 88.324621][ T5332] ? __lock_acquire+0xab9/0xd20 [ 88.324637][ T5332] ? __lock_acquire+0xab9/0xd20 [ 88.324653][ T5332] ? __lock_acquire+0xab9/0xd20 [ 88.324671][ T5332] ? bch2_fs_start+0x9fe/0xd90 [ 88.324682][ T5332] ? up_write+0x1c4/0x420 [ 88.324693][ T5332] ? bch2_fs_start+0x5c4/0xd90 [ 88.324703][ T5332] bch2_fs_start+0xa99/0xd90 [ 88.324713][ T5332] ? bch2_fs_start+0x5c4/0xd90 [ 88.324722][ T5332] ? __pfx_bch2_fs_start+0x10/0x10 [ 88.324735][ T5332] ? sget+0x267/0x620 [ 88.324749][ T5332] bch2_fs_get_tree+0xb02/0x14f0 [ 88.324771][ T5332] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 88.324879][ T5332] ? aa_get_newest_label+0xf7/0x5d0 [ 88.324897][ T5332] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 88.324913][ T5332] ? apparmor_capable+0x137/0x1b0 [ 88.324925][ T5332] vfs_get_tree+0x8f/0x2b0 [ 88.324936][ T5332] do_new_mount+0x24a/0xa40 [ 88.324950][ T5332] __se_sys_mount+0x317/0x410 [ 88.324963][ T5332] ? __pfx___se_sys_mount+0x10/0x10 [ 88.324976][ T5332] ? do_syscall_64+0xbe/0x3b0 [ 88.324985][ T5332] ? __x64_sys_mount+0x20/0xc0 [ 88.324997][ T5332] do_syscall_64+0xfa/0x3b0 [ 88.325006][ T5332] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.325033][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.325043][ T5332] ? clear_bhb_loop+0x60/0xb0 [ 88.325055][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.325066][ T5332] RIP: 0033:0x7fd599b900ca [ 88.325077][ T5332] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.325086][ T5332] RSP: 002b:00007fd59aa33e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 88.325098][ T5332] RAX: ffffffffffffffda RBX: 00007fd59aa33ef0 RCX: 00007fd599b900ca [ 88.325106][ T5332] RDX: 0000200000000000 RSI: 0000200000000080 RDI: 00007fd59aa33eb0 [ 88.325114][ T5332] RBP: 0000200000000000 R08: 00007fd59aa33ef0 R09: 0000000000818001 [ 88.325121][ T5332] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 88.325128][ T5332] R13: 00007fd59aa33eb0 R14: 000000000000597e R15: 0000200000000300 [ 88.325139][ T5332] [ 88.325143][ T5332] [ 88.501489][ T5332] Allocated by task 1039: [ 88.503230][ T5332] kasan_save_track+0x3e/0x80 [ 88.505260][ T5332] __kasan_kmalloc+0x93/0xb0 [ 88.507191][ T5332] __kmalloc_node_track_caller_noprof+0x271/0x4e0 [ 88.509870][ T5332] kmalloc_reserve+0x136/0x290 [ 88.511954][ T5332] __alloc_skb+0x142/0x2d0 [ 88.513684][ T5332] nsim_dev_trap_report_work+0x29a/0xb80 [ 88.516082][ T5332] process_scheduled_works+0xae1/0x17b0 [ 88.518364][ T5332] worker_thread+0x8a0/0xda0 [ 88.520236][ T5332] kthread+0x70e/0x8a0 [ 88.522073][ T5332] ret_from_fork+0x3f9/0x770 [ 88.524087][ T5332] ret_from_fork_asm+0x1a/0x30 [ 88.526294][ T5332] [ 88.527351][ T5332] Freed by task 1039: [ 88.529229][ T5332] kasan_save_track+0x3e/0x80 [ 88.531274][ T5332] kasan_save_free_info+0x46/0x50 [ 88.533462][ T5332] __kasan_slab_free+0x62/0x70 [ 88.535537][ T5332] kfree+0x18e/0x440 [ 88.537260][ T5332] skb_release_data+0x62d/0x7c0 [ 88.539473][ T5332] consume_skb+0x9e/0xf0 [ 88.541328][ T5332] nsim_dev_trap_report_work+0x7cf/0xb80 [ 88.543729][ T5332] process_scheduled_works+0xae1/0x17b0 [ 88.546107][ T5332] worker_thread+0x8a0/0xda0 [ 88.548098][ T5332] kthread+0x70e/0x8a0 [ 88.549815][ T5332] ret_from_fork+0x3f9/0x770 [ 88.551743][ T5332] ret_from_fork_asm+0x1a/0x30 [ 88.553843][ T5332] [ 88.554932][ T5332] The buggy address belongs to the object at ffff8880549a0000 [ 88.554932][ T5332] which belongs to the cache kmalloc-4k of size 4096 [ 88.560781][ T5332] The buggy address is located 312 bytes inside of [ 88.560781][ T5332] freed 4096-byte region [ffff8880549a0000, ffff8880549a1000) [ 88.566705][ T5332] [ 88.567777][ T5332] The buggy address belongs to the physical page: [ 88.570470][ T5332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x549a0 [ 88.574091][ T5332] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 88.577491][ T5332] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 88.580477][ T5332] page_type: f5(slab) [ 88.582071][ T5332] raw: 04fff00000000040 ffff88801a442140 dead000000000122 0000000000000000 [ 88.585543][ T5332] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 88.589137][ T5332] head: 04fff00000000040 ffff88801a442140 dead000000000122 0000000000000000 [ 88.592696][ T5332] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 88.596349][ T5332] head: 04fff00000000003 ffffea0001526801 00000000ffffffff 00000000ffffffff [ 88.600235][ T5332] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 88.603882][ T5332] page dumped because: kasan: bad access detected [ 88.606639][ T5332] page_owner tracks the page as allocated [ 88.609187][ T5332] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1039, tgid 1039 (kworker/u4:7), ts 87459118089, free_ts 87324632553 [ 88.618011][ T5332] post_alloc_hook+0x240/0x2a0 [ 88.619985][ T5332] get_page_from_freelist+0x21e4/0x22c0 [ 88.622411][ T5332] __alloc_frozen_pages_noprof+0x181/0x370 [ 88.625028][ T5332] alloc_pages_mpol+0x232/0x4a0 [ 88.627193][ T5332] allocate_slab+0x8a/0x3b0 [ 88.629217][ T5332] ___slab_alloc+0xbfc/0x1480 [ 88.631326][ T5332] __kmalloc_node_track_caller_noprof+0x2f8/0x4e0 [ 88.634187][ T5332] kmalloc_reserve+0x136/0x290 [ 88.636370][ T5332] __alloc_skb+0x142/0x2d0 [ 88.638382][ T5332] nsim_dev_trap_report_work+0x29a/0xb80 [ 88.640551][ T5332] process_scheduled_works+0xae1/0x17b0 [ 88.642729][ T5332] worker_thread+0x8a0/0xda0 [ 88.644629][ T5332] kthread+0x70e/0x8a0 [ 88.646377][ T5332] ret_from_fork+0x3f9/0x770 [ 88.648403][ T5332] ret_from_fork_asm+0x1a/0x30 [ 88.650252][ T5332] page last free pid 5332 tgid 5331 stack trace: [ 88.652767][ T5332] __free_pages_ok+0xa44/0xc20 [ 88.654697][ T5332] __folio_put+0x21b/0x2c0 [ 88.656590][ T5332] free_large_kmalloc+0x145/0x200 [ 88.658711][ T5332] btree_node_sort+0x117f/0x1760 [ 88.660880][ T5332] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 88.663514][ T5332] bch2_btree_node_prep_for_write+0x337/0x650 [ 88.665894][ T5332] bch2_trans_lock_write+0x669/0xba0 [ 88.668330][ T5332] __bch2_trans_commit+0x2829/0x8880 [ 88.670689][ T5332] bch2_check_dirents+0x1cdf/0x3390 [ 88.672962][ T5332] __bch2_run_recovery_passes+0x395/0x1010 [ 88.675485][ T5332] bch2_run_recovery_passes+0x184/0x210 [ 88.678032][ T5332] bch2_fs_recovery+0x25fd/0x3950 [ 88.680307][ T5332] bch2_fs_start+0xa99/0xd90 [ 88.682386][ T5332] bch2_fs_get_tree+0xb02/0x14f0 [ 88.684588][ T5332] vfs_get_tree+0x8f/0x2b0 [ 88.686569][ T5332] do_new_mount+0x24a/0xa40 [ 88.688713][ T5332] [ 88.689744][ T5332] Memory state around the buggy address: [ 88.692352][ T5332] ffff8880549a0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 88.695899][ T5332] ffff8880549a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 88.699345][ T5332] >ffff8880549a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 88.702842][ T5332] ^ [ 88.705439][ T5332] ffff8880549a0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 88.708954][ T5332] ffff8880549a0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 88.713549][ T5332] ================================================================== [ 88.733906][ T5332] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 88.737166][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 88.742288][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.747107][ T5332] Call Trace: [ 88.748679][ T5332] [ 88.750032][ T5332] dump_stack_lvl+0x99/0x250 [ 88.752110][ T5332] ? __asan_memcpy+0x40/0x70 [ 88.754222][ T5332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.756540][ T5332] ? __pfx__printk+0x10/0x10 [ 88.758587][ T5332] panic+0x2db/0x790 [ 88.760358][ T5332] ? __pfx_panic+0x10/0x10 [ 88.762332][ T5332] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 88.765071][ T5332] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 88.767855][ T5332] ? print_memory_metadata+0x314/0x400 [ 88.770304][ T5332] ? bch2_check_dirents+0x1efd/0x3390 [ 88.772719][ T5332] check_panic_on_warn+0x89/0xb0 [ 88.774960][ T5332] ? bch2_check_dirents+0x1efd/0x3390 [ 88.777340][ T5332] end_report+0x78/0x160 [ 88.779226][ T5332] kasan_report+0x129/0x150 [ 88.781306][ T5332] ? bch2_check_dirents+0x1efd/0x3390 [ 88.783691][ T5332] bch2_check_dirents+0x1efd/0x3390 [ 88.786062][ T5332] ? bch2_check_dirents+0x2ea/0x3390 [ 88.788421][ T5332] ? desc_read+0x1b8/0x3f0 [ 88.790401][ T5332] ? prb_first_seq+0xfd/0x1a0 [ 88.792559][ T5332] ? __pfx_bch2_check_dirents+0x10/0x10 [ 88.795067][ T5332] ? __pfx_prb_first_seq+0x10/0x10 [ 88.797421][ T5332] ? desc_read+0x1b8/0x3f0 [ 88.799443][ T5332] ? this_cpu_in_panic+0x4f/0x80 [ 88.801709][ T5332] ? _prb_read_valid+0xa07/0xa90 [ 88.804049][ T5332] ? console_flush_all+0x13a/0xc40 [ 88.806279][ T5332] ? up+0xde/0x150 [ 88.807956][ T5332] ? __console_unlock+0x14c/0x1a0 [ 88.810127][ T5332] ? __pfx___console_unlock+0x10/0x10 [ 88.812564][ T5332] ? prb_read_valid+0x3c/0x60 [ 88.814654][ T5332] ? console_unlock+0x21b/0x270 [ 88.816816][ T5332] ? __pfx_console_unlock+0x10/0x10 [ 88.819011][ T5332] ? vprintk_emit+0x63e/0x7a0 [ 88.821047][ T5332] ? __bch2_print+0x176/0x220 [ 88.823094][ T5332] ? bch2_check_dirents+0x2ea/0x3390 [ 88.825525][ T5332] ? _raw_spin_unlock_irq+0x23/0x50 [ 88.827834][ T5332] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.830106][ T5332] __bch2_run_recovery_passes+0x395/0x1010 [ 88.832639][ T5332] bch2_run_recovery_passes+0x184/0x210 [ 88.834999][ T5332] bch2_fs_recovery+0x25fd/0x3950 [ 88.837158][ T5332] ? check_noncircular+0xe0/0x160 [ 88.839313][ T5332] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 88.841694][ T5332] ? __lock_acquire+0xab9/0xd20 [ 88.843794][ T5332] ? __lock_acquire+0xab9/0xd20 [ 88.845881][ T5332] ? __lock_acquire+0xab9/0xd20 [ 88.848029][ T5332] ? bch2_fs_start+0x9fe/0xd90 [ 88.850078][ T5332] ? up_write+0x1c4/0x420 [ 88.852019][ T5332] ? bch2_fs_start+0x5c4/0xd90 [ 88.854145][ T5332] bch2_fs_start+0xa99/0xd90 [ 88.856246][ T5332] ? bch2_fs_start+0x5c4/0xd90 [ 88.858394][ T5332] ? __pfx_bch2_fs_start+0x10/0x10 [ 88.860704][ T5332] ? sget+0x267/0x620 [ 88.862518][ T5332] bch2_fs_get_tree+0xb02/0x14f0 [ 88.864719][ T5332] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 88.867066][ T5332] ? aa_get_newest_label+0xf7/0x5d0 [ 88.869394][ T5332] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 88.871910][ T5332] ? apparmor_capable+0x137/0x1b0 [ 88.874111][ T5332] vfs_get_tree+0x8f/0x2b0 [ 88.876131][ T5332] do_new_mount+0x24a/0xa40 [ 88.878192][ T5332] __se_sys_mount+0x317/0x410 [ 88.880292][ T5332] ? __pfx___se_sys_mount+0x10/0x10 [ 88.882588][ T5332] ? do_syscall_64+0xbe/0x3b0 [ 88.884730][ T5332] ? __x64_sys_mount+0x20/0xc0 [ 88.886851][ T5332] do_syscall_64+0xfa/0x3b0 [ 88.888920][ T5332] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.891238][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.893822][ T5332] ? clear_bhb_loop+0x60/0xb0 [ 88.895970][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.898594][ T5332] RIP: 0033:0x7fd599b900ca [ 88.900652][ T5332] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.909223][ T5332] RSP: 002b:00007fd59aa33e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 88.912783][ T5332] RAX: ffffffffffffffda RBX: 00007fd59aa33ef0 RCX: 00007fd599b900ca [ 88.916180][ T5332] RDX: 0000200000000000 RSI: 0000200000000080 RDI: 00007fd59aa33eb0 [ 88.919743][ T5332] RBP: 0000200000000000 R08: 00007fd59aa33ef0 R09: 0000000000818001 [ 88.923198][ T5332] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 88.926729][ T5332] R13: 00007fd59aa33eb0 R14: 000000000000597e R15: 0000200000000300 [ 88.930200][ T5332] [ 88.932003][ T5332] Kernel Offset: disabled [ 88.933955][ T5332] Rebooting in 86400 seconds..