program: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0xc, &(0x7f0000000040), 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @loopback}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xd, 0xf, &(0x7f0000000500)=ANY=[@ANYBLOB="18080000000000000000000020000000181100000aac4f3a14d9b2cbca5c7947c3cf19cd2b194aa65f10860835637a124c8c3213889bd894c8f97cbaaf61775f71946e9d42ad522ec29c2bebc54f9dc3bf47ea9ec5819959948b289fb11823fbcc846c750d2852089e31c1543b84c7714ac33b11aaf6976cf5b6db4c2a771b4f1bdcf0e67ffa81b6789982da71107c459cfaac45ea7d692d5b56ae595c45533bc36e3e3f24bc18818428005021", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300002bb91a008500000008000000bc0900000000000045090100002000009500000000000000bf9800000000000056090000000000008500000085000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @sock_ops=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x90, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, &(0x7f0000000000)=0x3ff) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x4a}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$cgroup_subtree(r4, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc02082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r7) socket$inet_sctp(0x2, 0x5, 0x84) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) recvmsg$unix(r6, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) connect$unix(r4, &(0x7f00000002c0)=@file={0x1, './file1\x00'}, 0x6e) write$cgroup_subtree(r8, &(0x7f0000000000), 0xfdef) syz_mount_image$bcachefs(&(0x7f0000000080), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRES16], 0x1, 0x5993, &(0x7f0000002a80)="$eJzs3X2QHGW5KPC3Z2azk918bAJIBNksgSiCmg1fhR+l0atiAVKxsJRwoxDIRqMhpJIgEFCCF7xQgIWWlqL+gRZSF40WVXCVSIl83ISrKMXVS51C6ug56B+eQg4pgRyOpe6p3el3Mts7vT07M5sE+P0q2Z5+p+fpp7vf6ennndmdAAAAwKvC7uu27D37iPf94vMjL179gZ9cfE3oL4+3V+MCA+n08gOVIftTb2XR+DTbL95w5ff+OHTRe35+V993X9q19uh1v33vIRfd96kzdt76zQdfmHvPP54uihv70/H75pNnkxCqP93z1S/sevTwsbYkhFBOBraHsCBZ+OCCJBNi+K8hhLXpTLky8c67Xzxp3dj0mht7J7TPzwTR31/dqmk/27b3shPC79696tpfLf7hD3p2PLN93yJJtaE/hTDvgsbH94QQZqf/x8Tetig+OJ2uDCH0NTzutIK8jmkx/2U580em01nptL8gTrx/SWa+lFkuOx/1ZKZ9BevrVF4e7S5XZE5mPnsy6lRenrF9QTr9cTo9fprxy/F/EkpJqNTT35Ds6yOh4bglIRk/ltX6fKl+bEO6/Zn5JDNfysyXezLbNb7etKOVk2Rie1wu0x5Px5W0/ejGc3UT5+S0vzadVtMn6ktxPmRv1PRPulHfrnExrz1T5LI/lBrOQc3a6wc+PRj9aVt/snDSY0abiPftWnXT0vLqh3YP5OSR3JWk8ZNpxq/t+G2/XDDn49+/4dJFefEvKKXxS23l//szH3vuvBu+843c+LfE+OW24p94f9+zZz583ZLc/bMn7p9KW/HXPP3IzYsPvXBHbv63xfjVtuKv2PlY79y99z+Qm/9w3D+z24r/1Nvf/4c7n7j3mdz4Icbvayv+6p2bvtg7uPe43PgPxP3T317/eX7HqU8ODv5pKC/+4zH+3Lbi37H91rfdPv/GM3KP78q4fwbain/WsfddO2fvvUflnTuT27r1ygnw6nRIeo11fTrfbp3ZqYZ64etDldo135z0/9xurihz8Tm2nnndjA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIYTDTvi/p//rRwaeraTzvemNp0q1aWyfFUIyO4SwZeuazVvXb/zE0KcuuXTzxjUbhtZsHRrZuHXzFUMnv2lo88imDWuuGLt3+M0n1R63MCS1aXLUpHX3jo6OlgYmtsX1/bdjd/xu6Wn/9ucQhg/7zWAlN/9lt158+6FNfmYkK0bfdfGlZ//mlG+n2zWQ5jXQJK/R0dHRkJPXv5/7t9u/vOePx4Uw/Jqp8nrkqXf+bEJC4w374qRKvaGWUG/S1zSPetZpPnF/Vdat3zAyPPX+HXt8OWc7/vuVz/x13eVf+ltt/1Zzt6PF/Tt7xeiG0tdWnfX3r11VayjK60Ad96L9Hbci5hf3XzXd3/PS7Zo3cbv+c6zLjD2+krNd1/3qgSd+esQNL2wPw5XnF09ed9F29aQdoCd5bdO8s+uNa+hLFkxor6bLxyMeH7ds68Wblm25YtubY8JvXX7y8lOHTzn1lGXjW75s6u3PzSNv++P6X9/i9u+f/jT/M9t/HH+21p+K8iraH2N5Fe+Pxozynn9953zhK2+99eGzaw1F/TwuXT+fpNO+seO8PDT0t8n7qtl2Fe2HEMJQs/3w3AtnhMP/af21ReehxiPT+DMjWTH66JK/fPu0by16R61hv5znGxNq8zxfz3pfPuP7q5oej9GDdP/2hnK6Xf1N81r+6MM9N+3+82fr+c2aFS5fs3Xr5uW1n3PSTOckRzbNK9sat2vx+M9ySHdLqHfTJv11TE+o5Zc9fybjlzYhZPdqfxqqP1nYdLuy4n27Vt20tLz6od15ezq5q5bg7DC3Nk1el7PkhswDy/WEm63/YH3+FfWPwdO/dc9H7vnRyZP6x4m1n0XbleRs1w+fuOMr3/3S//xR97br9Hc+NvCXf/7k0lrDzJ9Xxk4YnZ9X6lmn+SSN55UTQyh6/i0Ozbcj9/lXar49Uzz/mq5n3/LN4w1l5vtDua3n64n39z175sPXLcl9vu5p9fl61YS5csHz9WB5Xco+v5LKxDxm7vk1oaMkK0Z/fv0h2x+8euURtYaifl1fulm/PmnsemR7ekfO9WLOdv3svCcHLxn6H/+/e+eN773p7vN/u2bF52oN7R/3mEt3jns13b/VnP1bzzrWnY379y0XXbJhba394L3+TacF9U88lWy5Ytun12zYMLJ5S2vb1erraVxPdi+3+3oaz24LC7arNGm7prwRd1dLC2dvtLK/Wn2+xfzXtr2/Jj7f+kPS1uvCtl8umPPx799w6cCkR6UruqCUxi+1Ff/3Zz723Hk3fOcbufFvifErbcVf8/QjNy8+9MIdufFvS9L41bbir9j5WO/cvfc/kBt/OOY/u634T739/X+484l7n8mNH2L8/vb2//M7Tn1ycPBPufEfT9L1jF0jhXD3iyetq80noSd9vsU8eibkFbLzSWa+lJkvN86XQlqQpCsoJ8nE9rhc2n50Qy7NfDSnPV6FVRfVpi/F+ZC9MXX7wabUcO5v1l50nQoA8EoX3/+P16Dx/f+R9EIpf6QB9um0DluUEzfWYfvGc2ZNuH9RGj8+Po4DDr4lDI9NrxmqXehP932E+HzIjnPG9Rx3zMQY7Y5zFo2/L8nMx7xq4+WVhjo0NbmuqYQWxt8nr2fq8ffM5hePjw9dPymtoYZxq+zx60lHzJp93iGTb2UsQl7/yI6Lxc9zDM4LK8fX12L/yH6OJh6H7Odo4nqOyJw42/0cTaf9I6Y9Rf8YT7n4/Y3Jxy9MsX/3Hb/m0bLHbxrHuzq2/Ey/P9uFccOmp7T9N244s++HGZfMiZ8+wQ72ccPYHrej0uJ44kdy2rs1nhhPFzGvPVPksj8YTwReqWL9H18jxur/sQvw/8gsV3Qdmr1qjPFyPydUbp5PUd0x+XN6fW29jq/euemLvYN7j8u9znmg1c/9bJow11fwuZ+i/bg0M1+4H3MGaIrqvex6ivZ79nMZ/WFuW/v9ju23vu32+TeekbvfV9ZeSIv3+1cmzM0t2O8vg3qheXz1wquiXpjp8bMDVo+kH3yaqXrkwznt061H+ibdqG/XuJddPdKzf/MCAF4+Yv1ff/8srf//JS6QXkcU1a3HZ+ZjvNy6Nef6JK9u/WA6vTyzfH/6GxXTvW4+69j7rp2z996jcuuW21qtQ//XhLmBwjq0s7o5t45Y2Z3Pi+fWEfU6q7M6MTf/ep3YWZ2eG79ep3dWR+fun3od3dk4QD3+6Zn49XGAl3udWzBel1lZnG11vO4VW0envz47U3X0OTnt062jJ/+Wb327xqmjAQAOrFj/x8u4WP8/nFmu0/fZc+uCLl23Z/8eSD3+4/urruxS3ZeN36X3f4vr1pmu62d6XKLLdXFaXO2/unimx4VmdpzsVV8XpystrIszBbK6GACA/SnW/7PT+fz6v7P6pFn91jOhPlGfN43fYX2ehFdofR7jt1Kf90xeUbyva+9b5+R/8Ix/qf8PivfF1f8AABxAsf6Pv/YY//7f/0nns3+3vsU6vZz9/K46/VX6PnqMn9bpc05vb5znlVann5CNX6/Tuz/OFnwO4MCOA8zet7xxAAAADoSe8Upp8u/ZfyydZn/Pvvnv5SfhvJzlW1VJL48v3Lp5ZOT8SzetXbN15PyNl6wd2XL+ZZvXb906srG2XKefv86tW9K6sSdU0v3RfLns+6vz07+HMD/n7yFkl49hjxy/MfnvIWRXO7vg7wjsO36t5Zv3dxVKUyzfrH/kHe+8+B/NWT6qH/+LPnni+eu2nL9+4/qt69dsWL9tZOJyY1Vr3zS+NzPulml9X2rmxySl6X9/Z3fyKE3KoyfdH3nfz55k8liQZrIg7/sPcvL+xf/78meOHf3bnSEMH1Z+XUf7L1kx+r/PHfng1t2/2TSWf2nK/OtLpnkVfV9pdvm4PZUNl2zZesK6Sy7dmP1GyfbE8YxSfX6GxjPSp3+5xfGJ1Tnt0/2cQnnSjYNTy+MTAABMEN//j9ez8f3DL6UXULG99Tq9s/ePc+v04dbq9Oz3khXV6dnl4/a2WqdXO6zTs+svqtObLd+sTs+ru/Pifzhn+elqvZ909jmP3H5yQWv9JPt9BkX9JLv8dPtJ0mE/ya6/qJ80W75ZP8k77nnxP5SzfJ7W+0Nnn8vJ7Q+3tNYf3piZL+oP2eWn2x9KHfaH7PqL+kOz5Zv1h7zjmxf/7JzlWzWxf4x1jPF+MXL+ZZds/nTDcm32j1mtfv9F5/nN7Pd/tKv1/Gf2c18zn//M/n2Wmc+/s8+V5eb/eGcjYa3nP7Pf79Ku/TZem37YrOjzZ0XjuKty2qc7jjtr0o2Dk3FcOHBi/R/f7on1/43ptNtvA3XpOmnSaWH/fU+a7zFrGr9L32NWdB3j9XyKlR0EvJ4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtKa3smh8uvu6LXvPPuJ9v/j8yItXf+AnF1/zhiu/98ehi97z87v6vvvSrrVHr/vtew+56L5PnbHz1m8++MLce/7xdGHggfGflePT2WoIybNJCNWf7vnqF3Y9evhYWxJCKCcD20NYkCx8cEGSiTD81xDC2nqeE++8+8WT1o1Nr7mxd0L7/EyQ7HaF/nLMpzHPEC4v3CJehqppP9u297ITwu/everaXy3+4Q96djyzfd8iSbWhP4Uw74LGx/eEEGan/8fE3rYoPjidrgwh9DU87rSCvI5pMf9lOfNHptNZ6bS/IE68f0lmvpRZLjsf9WSmfQXr61ReHu0uV2ROZj57MupUXp6xfUE6/XE6PX6a8cvxfxJKSajU09+Q7OsjoeG4JSEZP5bV+nypfmxDuv2Z+SQzX8rMl3sy2zW+3rSjlZNkYntcLtMeT8eVtP3oxnN1E+fktL82nVbTJ+pLcT5kb9T0T7pR365xMa89U+SyP5QazkHN2usHPj0Y/Wlbf7Jw0mNGm4j37Vp109Ly6od2D+TkkdyVpPGTtuJv++WCOR///g2XLsqLf0EpjV9qK/7vz3zsufNu+M43cuPfEuOX24p/4v19z5758HVLcvfPnrh/Km3FX/P0IzcvPvTCHbn53xbjV9uKv2LnY71z997/QG7+w3H/zG4r/lNvf/8f7nzi3mdy44cYv6+t+Kt3bvpi7+De43LjPxD3T397/ef5Hac+OTj4p6G8+I/H+HMnxf/yB5sEzMzesf3Wt90+/8Yzco/vyrh/BtrK/6xj77t2zt57j8o7dya3deuVE+DV6ZD0Guv6dL7dOrNTDfXC14cqtWu+Oen/ud1cUcbYeubNYHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF6Zfn3VyR87910fWlVJQkhylhltIt5XnrVixVAb613z9CM3Lz70wh2NbYvaiAMAAAAUi3V4qd5SDYvCZcnscGTT5eMYwZFxLpnYnh1DiHGyYwTtxil1KU65S3EqXYrT06U4s7oUp7dLcaoFcaqhtTizp4hTGesVzfP5+2gmTt+U+eTGmZRPf5fizOlSnLldijOvS3HmdynOwJRxWu+HC7oUZ2GX4hzSpTiHdinOYV2K85ouxTm8sbHafpzsmPJ0++HcdMkj8uKM3ygXxqkk5fodzcbTD0/Xc1SH6+kvWM/cotfjFtczu8X1HJN5XGma66m2uJ7Xd7iepMX1vLHD9ZQK1hP77eXZ/OJ64lyL/f+KLsXZ1qU4V3YpzlVdivPZLsX5XJfiXN1hHIBWxfp/X703EHor7wh96ZklOwoQ693F4z8nv97lnZD60kivy7TPKoqXLdQz8RZPN7/sAEIm3pJMe8+EeJV6PTJFvGpjvKWZOwu3NzugkMnv+Ex7b1G87MACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMygX1918sfOfdeHVoUkjP1rarSJeF951ooVQ22sd9eqm5aWVz+0u7Gtt9JGIAAAAKBQrMN76i3V0FtZHnqTWROWq6bjANV0vjxQmw7OCyvHpslQaXy+L1kw5eMq6eOWbb1407ItV2x78/qL13xi5BMjG9+6/OTlpw6fcuopy9at3zAyXPsZQm9BvBDC+PDDliu2fXrNhg0jm7fUGrP5L0oftyidT9LHDb4lDI9Nr0nzX1iwvtKk9c3cjeKjBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBf7NpfjFxVGQDwc2dmZ4aFyhr+DQ1dJqWQqkRpXUxRwt7ERBJom25IzCy6kkbaSNzSBlpScYQmArbRmECaNDV9sKYSQeILf4QY+ZMmNVht4tbGAFEe9EEDiimkD1oyprtzZmdmZzrLiN2Cv9/DPXe/853z3TMPm3x3BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrKnqyERldGx8MAkh6ZJT6yDOZfNpWu6j7pef2/L9wvCJ5c2xQq6PjQAAAICeYh8+0IgUQyGXDdlw6fRfS0PTRJjt+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP8/U9WRicro2Pi5SQhJl5xaB3Eum0/Tch91X3/7ic+8Mjz81+ZYqY99AAAAgN5iH55pRIqhFK4IA8mlLXnx3cDitvXteXGfJfPMa3930C3vinnmXTXPvI/1yFtbH7cHAAAA+OCL/X+uERkKhdyirv1/r74+5l3elpetj/38VgAAAAD478T+v9CIlEIhV2r06/Pt95e25cX1vb63j+uv7LK+1/f5a+qj7+kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4INjqjoyURkdG88mISRdcmodxLlsPk3LfdRd+fzg328++ODS5lgh18dGAAAAQE+xD59tvYuhkBsMA+Hc6b5/+MZ9T33xqWdGQggzbX4+H7av37r1rpUz15i34vDBge8devNbc/JWzFwX7IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD7Zqo6MlEZHRs/Jwkh6ZJT6yDOZfNpWu6j7muf+8KfHzv27BvNsVIf+wAAAAC9xT58tvcvhlLIh3y4ePqv5l7/lEzb+s7vDAb+F48KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALJC7v3Hv19dPTm64y03Hm8zZ8Rhu3Jzhm4X+zwQAALzfLg9JqL1Hl6xb6KcGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOBlPVkYnK6Nh4MQkh6ZJT6yDOZfNpWn4vBbMzQ/rckcKiE8+/2DxV6usEAAAAQC+xD5/t/YuhFAbCQLho+q/2dwL/jv3/0Bl+UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCsMVUdmaiMjo0vSkJIuuTUOohz2Xyalvuo++iOvZ89cP53b2qOFXJ9bAQAAAD0FPvwfCNSDIXcx0Oh8TZgsnVBkq2Pnd8LFMJl9cQtLcsG572u2rIuO+91O9tOlqufZmZdMe43NDM21pXnris3rSuFRvlyy7qwu2XVoh7PGQAAAGABxf6/0IgMhUKu0NTn/qQlf0ifCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0MVUdmaiMjo0nSQhJl5xaB3Eum0/Tch917/3NR8/7yk93bWuOlfrYBwAAAOgt9uGzvX8xlMKS8JGwZLrvD0Ot+THvH5WTBx7551+Wh3DNxUeHc+3b/jDe/Oq1G15ov4SQac3OhHB+vV7Spd6vf/fIPctqJx8L4ZqLspfNqRdOX691y7T2dGXDmq2Hjm7p8eEAAADAh0Ts/wcakaFQyN3Ztf+PnXeP/r9hugE//54dP7+wfq135G0rMkP1epku9T6/7Ik/Xbnqb2+e6v9PV+9TezcduLCl4EykTZLWRjdtW3v02v2ZeOqZ+tm2+vFz+dI33/jXxu0Pn5ypXwzFenxxrlP9udc256S1ycye8dXv7qm21s91Of+Dv33x2C8X73rnVP23Lx9s1L/qNOc/ff3BWx7afd3eg2tb64cQyp3qv/XOTeGSP9zxQPv5B9s2bv7km69tkrR2eOnx/av2la5vrZ8UWuvHz/9nxx7d/eOHv/NMrB9/K7L8ivnWj++c4vjyzgt2vHT/usWt9TNdzv/Cra8Mby5/+/ft57+95VS5rk8x9/yPX/3kba+uT+9rnwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhwmaqOTFRGx8YzSQhJl5xaB3Eum0/Tch91X7/5yFu37vrRD5pjpT72AQAAAHqLffhs718MpZAP+TA43fc/XdmwZuuho1vC0MxsUh9zk5vv3vqJjZu33blADw4AAADMW+z/c43IUCjkloWBev8/umnb2qPX7s/E/j8T+/+Nd0xuuCY08l7eecGOl+5ft7jxniCE6Z8FFE/lfXo278Ybjgwd/+PXruyYt3I27/DS4/tX7StdH/NCc96K0Hg/8fjVT9726vr0vsbzhVBeHvM++dXNk7fPxOO+g7c8tPu6vQfXNs5RHwfr+8a8ycye8dXv7qnGvGx9LNbPDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMNVUdmaiMjo2HbAhJl5xaB3Eum0/Tch91Vy/7xQPnnXh2SXOskOtjIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+wAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhf36CY2jiuMA/t5uYrbZpE1awaiYplVR6sGiIKIXFRVpRQqeKkWqrT2IgiCi1IOptGKpihfB6qWICmqUgoKNxdIqqfivePGggkJVEEoxoA3Fg0p232w30x03ndiD8vnA8PLezHznN/PezmYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhP6esZabSHdzw8c8cFt3z25H0nnrjtgwe3Xfb4mz+Nbbrp0739r52c2rxiy7c3L9u0//41k7tfPvT74Ht/Hu0a/FizWZW6tRDi8RhC7cPpF56a+vy82bEYQqjGofEQhuPSQ8Mxl7D6jxDC5ladc3e+e+LqLbPttl19c8aX5ELy9xXq1ayepqG59fL/UkvrbOvMo1eE729cv/3L5e+83TtxbPzUIbHWtp5CWLyx/fzeEMKitM3KVttIdnJq14UQ+tvOu7ZLXRfPs/4rC/oXpvac1Na75GT7V+b6ldxx+X6mN9f2d7neQhXVUeq4eRw0kOvnX0YLVVRCNj6c2vdTu+oM86vZFkMlhp5W+Q/EU2sktM1bDLExl7VWv9Ka25DuP9ePuX4l16/25u6rcd200Koxzh3PjsuNZ6/jnjS+ov1d3cGdBePnp7aWPqgns37I/9FUP+2P1n01ZHVN5y+06B+KOwsqbe+gTuOtiU+TUU9j9bj0tHP+6iD83Nw3tf6ZS6sbPjo8VFBH3BtTfjyz/GTrF8MDd7+185GRovyNlZRfKZX/w9ojv96185WXCvOfz/KrpfKvOtB/fO3HO1YWPp/p7Pn0lMq/5+gnzy4/996JTnPdyN+T5ddK5d8weaRvcObAwcL6V2fPZ1Gp/O+uv/XHN77ed6wwP2T5/aXyN0w+9Fzf6MzlhfkHmx+FemOFllg/v01c883o6C9jRflfZc9/sEN+7Jr/+vju615dsmtN4fpclz2foVL1337J/u0DM/suKnp3xj3z/YYFoJNl6X+sp1O/7O/MhWr7vfDiWE/zG2ggbYP/5oVyZq+z+CzmAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA3+zAAQkAAACAoP+v2xEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8FQAAAD//xytHpU=") [ 85.782367][ T5345] Bluetooth: hci0: command tx timeout [ 86.179314][ T5367] loop0: detected capacity change from 0 to 32768 [ 86.428139][ T5367] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 86.428157][ T5367] allowing incompatible features above 0.0: (unknown version) [ 86.428164][ T5367] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 86.446775][ T5367] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 86.451879][ T5367] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 86.456020][ T5367] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 86.456020][ T5367] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 86.456020][ T5367] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 86.539871][ T10] cfg80211: failed to load regulatory.db [ 86.565848][ T5367] bcachefs (loop0): accounting_read... done [ 86.569976][ T5367] bcachefs (loop0): alloc_read... done [ 86.575256][ T5367] bcachefs (loop0): snapshots_read... done [ 86.578645][ T5367] bcachefs (loop0): check_allocations... [ 86.585026][ T5367] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 86.585064][ T5367] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 86.602207][ T5367] bcachefs (loop0): bucket 0:27 data type btree ptr gen 0 missing in alloc btree [ 86.602224][ T5367] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0, fixing [ 86.617532][ T5367] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 86.617548][ T5367] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 86.630123][ T5367] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 86.630138][ T5367] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 86.644375][ T5367] bcachefs (loop0): bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 86.644390][ T5367] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 86.658577][ T5367] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 86.658592][ T5367] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 86.673134][ T5367] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 86.677644][ T5367] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 86.684513][ T5367] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 86.689130][ T5367] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 86.696572][ T5367] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 86.701071][ T5367] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 86.705657][ T5367] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 86.710030][ T5367] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 86.716104][ T5367] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 86.721292][ T5367] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 86.726526][ T5367] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 86.732102][ T5367] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 86.737134][ T5367] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 86.741845][ T5367] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 86.746886][ T5367] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 86.752142][ T5367] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 86.757263][ T5367] bcachefs (loop0): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 86.762115][ T5367] bcachefs (loop0): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 86.767855][ T5367] bcachefs (loop0): bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing [ 86.775098][ T5367] bcachefs (loop0): bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 86.780449][ T5367] bcachefs (loop0): bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing [ 86.780463][ T5367] Ratelimiting new instances of previous error [ 86.788775][ T5367] bcachefs (loop0): bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 86.788790][ T5367] Ratelimiting new instances of previous error [ 86.814000][ T5367] done [ 86.817126][ T5367] bcachefs (loop0): going read-write [ 86.831463][ T5367] bcachefs (loop0): journal_replay... done [ 86.895163][ T5367] bcachefs (loop0): check_extents_to_backpointers... [ 86.896669][ T5367] bcachefs (loop0): scanning for missing backpointers in 5/128 buckets [ 86.905244][ T5367] done [ 86.907443][ T5367] bcachefs (loop0): check_subvols... done [ 86.912397][ T5367] bcachefs (loop0): check_inodes... done [ 86.916339][ T5367] bcachefs (loop0): check_dirents... [ 86.918079][ T5367] bcachefs (loop0): dirent points to missing inode: [ 86.918102][ T5367] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 86.930032][ T5367] bcachefs (loop0): dirent points to missing inode: [ 86.930045][ T5367] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 86.966823][ T5367] bcachefs (loop0): hash table key at wrong offset: should be at 5178636093158006573 [ 86.966833][ T5367] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+foun -> 4097 type dir, fixing [ 87.110302][ T5367] bcachefs (loop0): dirent points to missing inode: [ 87.110318][ T5367] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 172335562754 type reg, fixing [ 87.464865][ T5367] ================================================================== [ 87.468405][ T5367] BUG: KASAN: slab-use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 87.472010][ T5367] Read of size 1 at addr ffff888055ac0190 by task syz.0.0/5367 [ 87.475673][ T5367] [ 87.476973][ T5367] CPU: 0 UID: 0 PID: 5367 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00150-g8d084337a32f #0 PREEMPT(full) [ 87.476990][ T5367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.476999][ T5367] Call Trace: [ 87.477008][ T5367] [ 87.477015][ T5367] dump_stack_lvl+0x189/0x250 [ 87.477035][ T5367] ? __kasan_check_byte+0x12/0x40 [ 87.477051][ T5367] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.477067][ T5367] ? lock_release+0x4b/0x3e0 [ 87.477086][ T5367] ? __virt_addr_valid+0x4a5/0x5c0 [ 87.477104][ T5367] print_report+0xca/0x240 [ 87.477117][ T5367] ? bch2_check_dirents+0x1fac/0x33f0 [ 87.477137][ T5367] kasan_report+0x118/0x150 [ 87.477153][ T5367] ? bch2_check_dirents+0x1fac/0x33f0 [ 87.477173][ T5367] bch2_check_dirents+0x1fac/0x33f0 [ 87.477195][ T5367] ? bch2_check_dirents+0x2f1/0x33f0 [ 87.477214][ T5367] ? desc_read+0x1b8/0x3f0 [ 87.477228][ T5367] ? prb_first_seq+0xfd/0x1a0 [ 87.477240][ T5367] ? __pfx_bch2_check_dirents+0x10/0x10 [ 87.477258][ T5367] ? __pfx_prb_first_seq+0x10/0x10 [ 87.477271][ T5367] ? desc_read+0x1b8/0x3f0 [ 87.477283][ T5367] ? this_cpu_in_panic+0x4f/0x80 [ 87.477295][ T5367] ? _prb_read_valid+0xa07/0xa90 [ 87.477306][ T5367] ? console_flush_all+0x13a/0xc40 [ 87.477322][ T5367] ? up+0xde/0x150 [ 87.477384][ T5367] ? __console_unlock+0x14c/0x1a0 [ 87.477398][ T5367] ? __pfx___console_unlock+0x10/0x10 [ 87.477415][ T5367] ? prb_read_valid+0x3c/0x60 [ 87.477427][ T5367] ? console_unlock+0x21b/0x270 [ 87.477441][ T5367] ? __pfx_console_unlock+0x10/0x10 [ 87.477456][ T5367] ? vprintk_emit+0x63e/0x7a0 [ 87.477475][ T5367] ? __bch2_print+0x176/0x220 [ 87.477488][ T5367] ? bch2_check_dirents+0x2f1/0x33f0 [ 87.477508][ T5367] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.477524][ T5367] __bch2_run_recovery_passes+0x3bd/0x1060 [ 87.477544][ T5367] bch2_run_recovery_passes+0x184/0x210 [ 87.477558][ T5367] bch2_fs_recovery+0x2690/0x3a50 [ 87.477581][ T5367] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 87.477603][ T5367] ? __lock_acquire+0xab9/0xd20 [ 87.477622][ T5367] ? __mutex_trylock_common+0x153/0x260 [ 87.477637][ T5367] ? __lock_acquire+0xab9/0xd20 [ 87.477656][ T5367] ? __lock_acquire+0xab9/0xd20 [ 87.477678][ T5367] ? bch2_fs_start+0xa0f/0xda0 [ 87.477691][ T5367] ? up_write+0x1c4/0x420 [ 87.477704][ T5367] ? bch2_fs_start+0x5e7/0xda0 [ 87.477724][ T5367] bch2_fs_start+0xaaf/0xda0 [ 87.477738][ T5367] ? bch2_fs_start+0x5e7/0xda0 [ 87.477750][ T5367] ? __pfx_bch2_fs_start+0x10/0x10 [ 87.477767][ T5367] ? sget+0x267/0x620 [ 87.477781][ T5367] bch2_fs_get_tree+0xb39/0x1520 [ 87.477798][ T5367] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 87.477825][ T5367] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 87.477846][ T5367] vfs_get_tree+0x8f/0x2b0 [ 87.477861][ T5367] do_new_mount+0x2a2/0x9e0 [ 87.477881][ T5367] ? ns_capable+0x8a/0xf0 [ 87.477893][ T5367] ? __pfx_do_new_mount+0x10/0x10 [ 87.477907][ T5367] ? path_mount+0x61c/0xfe0 [ 87.477920][ T5367] ? user_path_at+0x44/0x60 [ 87.477933][ T5367] __se_sys_mount+0x317/0x410 [ 87.477952][ T5367] ? __pfx___se_sys_mount+0x10/0x10 [ 87.477969][ T5367] ? do_syscall_64+0xbe/0x3b0 [ 87.477985][ T5367] ? __x64_sys_mount+0x20/0xc0 [ 87.478001][ T5367] do_syscall_64+0xfa/0x3b0 [ 87.478018][ T5367] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.478032][ T5367] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.478044][ T5367] ? clear_bhb_loop+0x60/0xb0 [ 87.478057][ T5367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.478070][ T5367] RIP: 0033:0x7fc80ab9038a [ 87.478082][ T5367] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.478093][ T5367] RSP: 002b:00007fc80b948e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 87.478108][ T5367] RAX: ffffffffffffffda RBX: 00007fc80b948ef0 RCX: 00007fc80ab9038a [ 87.478118][ T5367] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 00007fc80b948eb0 [ 87.478127][ T5367] RBP: 0000200000000080 R08: 00007fc80b948ef0 R09: 0000000000000000 [ 87.478134][ T5367] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000000c0 [ 87.478141][ T5367] R13: 00007fc80b948eb0 R14: 0000000000005993 R15: 00002000000001c0 [ 87.478154][ T5367] [ 87.478159][ T5367] [ 87.660617][ T5367] Allocated by task 3053: [ 87.662551][ T5367] kasan_save_track+0x3e/0x80 [ 87.664626][ T5367] __kasan_slab_alloc+0x6c/0x80 [ 87.666809][ T5367] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 [ 87.669413][ T5367] kmalloc_reserve+0xbd/0x290 [ 87.671570][ T5367] __alloc_skb+0x142/0x2d0 [ 87.673547][ T5367] synproxy_send_client_synack+0x16c/0xe20 [ 87.676287][ T5367] nft_synproxy_eval_v4+0x36e/0x560 [ 87.678837][ T5367] nft_synproxy_do_eval+0x345/0x570 [ 87.681235][ T5367] nft_do_chain+0x40c/0x1920 [ 87.683340][ T5367] nft_do_chain_inet+0x25d/0x340 [ 87.685492][ T5367] nf_hook_slow+0xc5/0x220 [ 87.687467][ T5367] NF_HOOK+0x206/0x3a0 [ 87.689296][ T5367] NF_HOOK+0x30c/0x3a0 [ 87.691052][ T5367] __netif_receive_skb+0x143/0x380 [ 87.693214][ T5367] process_backlog+0x60e/0x14f0 [ 87.695334][ T5367] __napi_poll+0xc7/0x360 [ 87.697176][ T5367] net_rx_action+0x707/0xe30 [ 87.699163][ T5367] handle_softirqs+0x283/0x870 [ 87.701235][ T5367] do_softirq+0xec/0x180 [ 87.703205][ T5367] __local_bh_enable_ip+0x17d/0x1c0 [ 87.705527][ T5367] addrconf_dad_work+0xd83/0x14b0 [ 87.707759][ T5367] process_scheduled_works+0xade/0x17b0 [ 87.710257][ T5367] worker_thread+0x8a0/0xda0 [ 87.712246][ T5367] kthread+0x70e/0x8a0 [ 87.714054][ T5367] ret_from_fork+0x3f9/0x770 [ 87.716174][ T5367] ret_from_fork_asm+0x1a/0x30 [ 87.718522][ T5367] [ 87.719890][ T5367] Freed by task 3053: [ 87.722029][ T5367] kasan_save_track+0x3e/0x80 [ 87.724527][ T5367] kasan_save_free_info+0x46/0x50 [ 87.726701][ T5367] __kasan_slab_free+0x5b/0x80 [ 87.728830][ T5367] kmem_cache_free+0x18f/0x400 [ 87.730892][ T5367] skb_release_data+0x62d/0x7c0 [ 87.733092][ T5367] consume_skb+0x9e/0xf0 [ 87.735037][ T5367] nft_synproxy_eval_v4+0x376/0x560 [ 87.737367][ T5367] nft_synproxy_do_eval+0x345/0x570 [ 87.739725][ T5367] nft_do_chain+0x40c/0x1920 [ 87.741780][ T5367] nft_do_chain_inet+0x25d/0x340 [ 87.743939][ T5367] nf_hook_slow+0xc5/0x220 [ 87.745873][ T5367] NF_HOOK+0x206/0x3a0 [ 87.747827][ T5367] NF_HOOK+0x30c/0x3a0 [ 87.749787][ T5367] __netif_receive_skb+0x143/0x380 [ 87.752085][ T5367] process_backlog+0x60e/0x14f0 [ 87.754097][ T5367] __napi_poll+0xc7/0x360 [ 87.755862][ T5367] net_rx_action+0x707/0xe30 [ 87.757804][ T5367] handle_softirqs+0x283/0x870 [ 87.759894][ T5367] do_softirq+0xec/0x180 [ 87.761778][ T5367] __local_bh_enable_ip+0x17d/0x1c0 [ 87.764164][ T5367] addrconf_dad_work+0xd83/0x14b0 [ 87.766468][ T5367] process_scheduled_works+0xade/0x17b0 [ 87.768975][ T5367] worker_thread+0x8a0/0xda0 [ 87.770898][ T5367] kthread+0x70e/0x8a0 [ 87.772778][ T5367] ret_from_fork+0x3f9/0x770 [ 87.774809][ T5367] ret_from_fork_asm+0x1a/0x30 [ 87.776900][ T5367] [ 87.777946][ T5367] The buggy address belongs to the object at ffff888055ac0000 [ 87.777946][ T5367] which belongs to the cache skbuff_small_head of size 704 [ 87.784686][ T5367] The buggy address is located 400 bytes inside of [ 87.784686][ T5367] freed 704-byte region [ffff888055ac0000, ffff888055ac02c0) [ 87.790411][ T5367] [ 87.791507][ T5367] The buggy address belongs to the physical page: [ 87.794303][ T5367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55ac0 [ 87.798121][ T5367] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 87.802119][ T5367] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 87.805434][ T5367] page_type: f5(slab) [ 87.807273][ T5367] raw: 04fff00000000040 ffff8880304eb000 dead000000000122 0000000000000000 [ 87.810902][ T5367] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 87.814875][ T5367] head: 04fff00000000040 ffff8880304eb000 dead000000000122 0000000000000000 [ 87.819270][ T5367] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 87.823024][ T5367] head: 04fff00000000002 ffffea000156b001 00000000ffffffff 00000000ffffffff [ 87.826735][ T5367] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 87.830539][ T5367] page dumped because: kasan: bad access detected [ 87.833315][ T5367] page_owner tracks the page as allocated [ 87.835874][ T5367] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3053, tgid 3053 (kworker/u4:11), ts 87426204296, free_ts 87400383393 [ 87.844501][ T5367] post_alloc_hook+0x240/0x2a0 [ 87.846562][ T5367] get_page_from_freelist+0x21e4/0x22c0 [ 87.849138][ T5367] __alloc_frozen_pages_noprof+0x181/0x370 [ 87.851958][ T5367] alloc_pages_mpol+0x232/0x4a0 [ 87.854243][ T5367] allocate_slab+0x8a/0x370 [ 87.856231][ T5367] ___slab_alloc+0xbeb/0x1410 [ 87.858282][ T5367] kmem_cache_alloc_node_noprof+0x280/0x3c0 [ 87.860857][ T5367] kmalloc_reserve+0xbd/0x290 [ 87.862889][ T5367] __alloc_skb+0x142/0x2d0 [ 87.864830][ T5367] synproxy_send_client_synack+0x16c/0xe20 [ 87.867331][ T5367] nft_synproxy_eval_v4+0x36e/0x560 [ 87.869733][ T5367] nft_synproxy_do_eval+0x345/0x570 [ 87.872132][ T5367] nft_do_chain+0x40c/0x1920 [ 87.874095][ T5367] nft_do_chain_inet+0x25d/0x340 [ 87.876333][ T5367] nf_hook_slow+0xc5/0x220 [ 87.878336][ T5367] NF_HOOK+0x206/0x3a0 [ 87.880171][ T5367] page last free pid 5367 tgid 5366 stack trace: [ 87.882893][ T5367] __free_pages_ok+0xa83/0xbe0 [ 87.884939][ T5367] free_large_kmalloc+0x13a/0x1f0 [ 87.887171][ T5367] btree_node_sort+0x117f/0x1760 [ 87.889427][ T5367] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 87.891975][ T5367] bch2_btree_node_prep_for_write+0x337/0x650 [ 87.894575][ T5367] bch2_trans_lock_write+0x669/0xba0 [ 87.896889][ T5367] __bch2_trans_commit+0x2773/0x8870 [ 87.899091][ T5367] bch2_check_dirents+0x1c5c/0x33f0 [ 87.901423][ T5367] __bch2_run_recovery_passes+0x3bd/0x1060 [ 87.903871][ T5367] bch2_run_recovery_passes+0x184/0x210 [ 87.906023][ T5367] bch2_fs_recovery+0x2690/0x3a50 [ 87.907974][ T5367] bch2_fs_start+0xaaf/0xda0 [ 87.909786][ T5367] bch2_fs_get_tree+0xb39/0x1520 [ 87.911621][ T5367] vfs_get_tree+0x8f/0x2b0 [ 87.913302][ T5367] do_new_mount+0x2a2/0x9e0 [ 87.914885][ T5367] __se_sys_mount+0x317/0x410 [ 87.916905][ T5367] [ 87.917944][ T5367] Memory state around the buggy address: [ 87.920302][ T5367] ffff888055ac0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.923660][ T5367] ffff888055ac0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.926884][ T5367] >ffff888055ac0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.930181][ T5367] ^ [ 87.932203][ T5367] ffff888055ac0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.935847][ T5367] ffff888055ac0280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 87.939428][ T5367] ================================================================== [ 88.313674][ T4706] Bluetooth: hci0: command tx timeout [ 90.574316][ T5345] Bluetooth: hci0: command tx timeout [ 92.315402][ T5367] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 92.318634][ T5367] CPU: 0 UID: 0 PID: 5367 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00150-g8d084337a32f #0 PREEMPT(full) [ 92.323673][ T5367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.328311][ T5367] Call Trace: [ 92.329707][ T5367] [ 92.331015][ T5367] dump_stack_lvl+0x99/0x250 [ 92.332960][ T5367] ? __asan_memcpy+0x40/0x70 [ 92.334966][ T5367] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.336982][ T5367] ? __pfx__printk+0x10/0x10 [ 92.338920][ T5367] vpanic+0x281/0x750 [ 92.340617][ T5367] ? preempt_schedule+0xae/0xc0 [ 92.342703][ T5367] ? __pfx_vpanic+0x10/0x10 [ 92.344694][ T5367] ? preempt_schedule_common+0x83/0xd0 [ 92.347184][ T5367] ? preempt_schedule+0xae/0xc0 [ 92.349236][ T5367] ? __pfx_preempt_schedule+0x10/0x10 [ 92.351506][ T5367] panic+0xb9/0xc0 [ 92.353129][ T5367] ? __pfx_panic+0x10/0x10 [ 92.355116][ T5367] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 92.357820][ T5367] ? bch2_check_dirents+0x1fac/0x33f0 [ 92.359912][ T5367] check_panic_on_warn+0x89/0xb0 [ 92.362055][ T5367] ? bch2_check_dirents+0x1fac/0x33f0 [ 92.364251][ T5367] end_report+0x78/0x160 [ 92.365989][ T5367] kasan_report+0x129/0x150 [ 92.367857][ T5367] ? bch2_check_dirents+0x1fac/0x33f0 [ 92.370027][ T5367] bch2_check_dirents+0x1fac/0x33f0 [ 92.372291][ T5367] ? bch2_check_dirents+0x2f1/0x33f0 [ 92.374797][ T5367] ? desc_read+0x1b8/0x3f0 [ 92.376910][ T5367] ? prb_first_seq+0xfd/0x1a0 [ 92.379103][ T5367] ? __pfx_bch2_check_dirents+0x10/0x10 [ 92.381569][ T5367] ? __pfx_prb_first_seq+0x10/0x10 [ 92.383847][ T5367] ? desc_read+0x1b8/0x3f0 [ 92.385835][ T5367] ? this_cpu_in_panic+0x4f/0x80 [ 92.388140][ T5367] ? _prb_read_valid+0xa07/0xa90 [ 92.390638][ T5367] ? console_flush_all+0x13a/0xc40 [ 92.393060][ T5367] ? up+0xde/0x150 [ 92.394523][ T5367] ? __console_unlock+0x14c/0x1a0 [ 92.396550][ T5367] ? __pfx___console_unlock+0x10/0x10 [ 92.398892][ T5367] ? prb_read_valid+0x3c/0x60 [ 92.400953][ T5367] ? console_unlock+0x21b/0x270 [ 92.403130][ T5367] ? __pfx_console_unlock+0x10/0x10 [ 92.405691][ T5367] ? vprintk_emit+0x63e/0x7a0 [ 92.407828][ T5367] ? __bch2_print+0x176/0x220 [ 92.410112][ T5367] ? bch2_check_dirents+0x2f1/0x33f0 [ 92.412570][ T5367] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.414886][ T5367] __bch2_run_recovery_passes+0x3bd/0x1060 [ 92.417561][ T5367] bch2_run_recovery_passes+0x184/0x210 [ 92.420218][ T5367] bch2_fs_recovery+0x2690/0x3a50 [ 92.422539][ T5367] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 92.425120][ T5367] ? __lock_acquire+0xab9/0xd20 [ 92.427179][ T5367] ? __mutex_trylock_common+0x153/0x260 [ 92.429269][ T5367] ? __lock_acquire+0xab9/0xd20 [ 92.431373][ T5367] ? __lock_acquire+0xab9/0xd20 [ 92.433517][ T5367] ? bch2_fs_start+0xa0f/0xda0 [ 92.435731][ T5367] ? up_write+0x1c4/0x420 [ 92.437932][ T5367] ? bch2_fs_start+0x5e7/0xda0 [ 92.440164][ T5367] bch2_fs_start+0xaaf/0xda0 [ 92.442273][ T5367] ? bch2_fs_start+0x5e7/0xda0 [ 92.444260][ T5367] ? __pfx_bch2_fs_start+0x10/0x10 [ 92.446298][ T5367] ? sget+0x267/0x620 [ 92.447991][ T5367] bch2_fs_get_tree+0xb39/0x1520 [ 92.449904][ T5367] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 92.451907][ T5367] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 92.454367][ T5367] vfs_get_tree+0x8f/0x2b0 [ 92.456453][ T5367] do_new_mount+0x2a2/0x9e0 [ 92.458515][ T5367] ? ns_capable+0x8a/0xf0 [ 92.460459][ T5367] ? __pfx_do_new_mount+0x10/0x10 [ 92.462589][ T5367] ? path_mount+0x61c/0xfe0 [ 92.464652][ T5367] ? user_path_at+0x44/0x60 [ 92.466538][ T5367] __se_sys_mount+0x317/0x410 [ 92.468697][ T5367] ? __pfx___se_sys_mount+0x10/0x10 [ 92.471010][ T5367] ? do_syscall_64+0xbe/0x3b0 [ 92.473051][ T5367] ? __x64_sys_mount+0x20/0xc0 [ 92.475131][ T5367] do_syscall_64+0xfa/0x3b0 [ 92.477107][ T5367] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.479446][ T5367] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.482025][ T5367] ? clear_bhb_loop+0x60/0xb0 [ 92.483957][ T5367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.486362][ T5367] RIP: 0033:0x7fc80ab9038a [ 92.488144][ T5367] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.496776][ T5367] RSP: 002b:00007fc80b948e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 92.500232][ T5367] RAX: ffffffffffffffda RBX: 00007fc80b948ef0 RCX: 00007fc80ab9038a [ 92.503626][ T5367] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 00007fc80b948eb0 [ 92.507181][ T5367] RBP: 0000200000000080 R08: 00007fc80b948ef0 R09: 0000000000000000 [ 92.510820][ T5367] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000000c0 [ 92.514760][ T5367] R13: 00007fc80b948eb0 R14: 0000000000005993 R15: 00002000000001c0 [ 92.518429][ T5367] [ 92.520154][ T5367] Kernel Offset: disabled [ 92.522010][ T5367] Rebooting in 86400 seconds..