program: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000380)=0x4, 0x4) (async) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) (async) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) (async) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) (async) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa08, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) syz_clone(0x20804000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) connect$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x1, @dev={0xfe, 0x80, '\x00', 0x42}, 0x9, 0x4}, 0x20) (async) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000140)) (async) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x800000, &(0x7f0000005b00)=ANY=[@ANYBLOB="696e6c696e655f646174612c6469726563745f696f2c6e6f7265636f7608000000000000002c6a6f75726e616c5f666c7573680164697361626c65642c6e6f7265636f766572792c6a6f75726e616c5f7437b32492331872616e73616374696f6e5f6e616d65732c7265636f6e7374727563745f616c6c6f632c6e675f646174615f696f2c66756e633d4b455845435f494e495452414d46535f434845434b2c66", @ANYRESDEC=0xee01, @ANYBLOB=',mand,\x00'], 0x1, 0x5939, &(0x7f0000005bc0)="$eJzs3W2QXFWdMPBzu3synZm8TAJIBJkMgSiCmglvhS+l0ce3AqRiYSnhicJAJhhNQioJAgEl+IAPFGChpaWoH9BC6kGjRRU8SqREXjZhFaVYXWoLqdVd9INbyJISyFKW62zN9D2dnjt95/b09OQFfr9K5vY9fft/zj339O37P90zHQAAAHhV2H39lr3nHPW+X3x++KVrPviTDdeG3vJYeTVu0JcurzhQLWR/6q4sGltmx8UbrvreHwcufs/P7+757su71hy79rfvPezi+z915s7bvvnQi3Pv/fszRXHjeDpx33ryXBJC9ad7vvqFXY8dOVqWhBDKSd/2EBYkCx9akGRCDP41hLAmXVmUufOel05ZO7q89qbuceXzM9sZ769u1XScbdt7+Unhd+9edd2vFv/wB107nt2+b5Ok2jCeQph3YePju0IIs9P/o+Joi+MxDtqVIYSehsedUdCu48JIdrw3tSxn/eh0OStd9hbEifcvyayXMttl16OuzLKnoL7pymtHu9sVmZNZb+ngTEFeO2P5gnT543R54hTjl+P/JJSSUKk3f32yb4yEhuOWhGTsWFbr66X6sQ3p/mfWk8x6KbNe7srs11i96UArJ8n48rhdpjyejitp+bGN5+omzs0pf226rKZP1JfjesjeqOmdcKO+X2Niu/ZM0pb9odRwDmpWXj/w6cHoTct6k4UTHjPSRLxv16qbl5ZXP7y7L6cdyd1JGj9pK/62Xy6Y84nv33hZ9nW9Hv/CUhq/1Fb835/1+PPn3/idb+TGvzXGL7cV/+QHep4765Hrl0zsn1rHJ3ti/1Taij/0zKO3LD78oh257b89xq+2FX/Fzse75+594MHc4zsY+2d2W/Gffvv7/3DXk/c9mxs/xPg9bcVfvXPTF7v7956QG//B2D+97Y2fF3ac/lR//58G8uI/EePPbSv+ndtve9sd8286M/f4roz909dW/LOPv/+6OXvvOybv3JncXqrk3AVACw5Lr7FuSNfbzTOnqyFf+PpApXbNNyf9P7eTFWUuPkfrmdfJ+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQQjjipH/8wL9/tO+5Srrend54ulRbxvJZISSzQwhbtg5t3rpu4yUDn7r0ss0bh9YPDG0dGN64dfOVA6e+aWDz8Kb1Q1eO3jv45lNqj1sYktoyOWZC3d0jIyOlvvFlsb7/dfyO3y094z/+HMLgEb/pr+S2f9ltG+44vMnPjGTFyLs2XHbOb077drpffWm7+pq0a2RkZCTktOs/z/vbHV/e88cTQhh8zWTtevTpd/5sXIPGCvbFSZW6Q61B3UlP03bUW522J/ZXZe269cODk/fv6OPLOfvxv6969q9rr/jS32r9W83djxb7d/aKkfWlr606+7+/dnWtoKhdB+q4F/V33IvYvth/1bS/56X7NS9nvyo5+3X9rx588qdH3fji9jBYeWHxxLqL9qsrHQBdyWtbqjfW0JMsGFdeTbePRzw+btnWDZuWbbly25vXbRi6ZPiS4Y1vXX7q8tMHTzv9tGVje76sw/sf6399i/u/f8bT/M9s/3H82dp4KmpXUX+Mtqu4PxpblPf86zn3C195622PnFMrKBrncev6+SRd9owe5+WhYbxN7Ktm+1XUDyGEgWb98PyLZ4Yj/2XddUXnocYj0/gzI1kx8tiSv3z7jG8teketYL+c5xsb1OZ5vt7qfe0Z669qejxG9nP/jtbWSv92h3K6X71N27X8sUe6bt7958/W2zdrVrhiaOvWzctrP+ekLZ2THN20XdnSuF+Lx36WQ9otoT5Mm4zXUV2h1r7s+TNunu3V3vS+3mRh0/3KivftWnXz0vLqh3fn9XRyd63G2WFubZm8LmfL9ZkHlusNblb/wfr8Kxof/R/41r0fvfdHp04YHyfXfhbtV5KzXz988s6vfPdL//dHnduvD7zz8b6//Osnl9YKDpXzSr3VaXuSxvPKySEUPf8Wh+b7kfv8KzXfn6LnX7aefds3jzeQWe8N5baeryc/0PPcWY9cvyT3+bqn1efr1ePWygXP14Nl/GSfX0llfDtm7vk1bqAkK0Z+fsNh2x+6ZuVRtYKicV3futm4PqWF/CNnv352/lP9lw78n3/u3Hnje2+654LfDq34XK2g/eMe29KZ415N+7ea07/1Vse8s7F/33LxpevX1MoP3uvfdFmQ/8RTyZYrt316aP364c1bWtuvVl9PYz3ZXm739TSe3RYW7Fdpwn7N3I1W+qvV51ts/5q2+2v88603JG29Lmz75YI5n/j+jZf1TXhUWtGFpTR+qa34vz/r8efPv/E738iNf2uMX2kr/tAzj96y+PCLduTGvz1J41fbir9i5+Pdc/c+8GBu/MHY/tltxX/67e//w11P3vdsbvwQ4/e21/8v7Dj9qf7+P+XGfyJJ6xm9RgrhnpdOWVtbT0JX+nyL7ega166QXU8y66XMerlxvVSba61XUE6S8eVxu7T82Ia2NPOxnPJ4FVZdVFu+HNdD9sbk5QebUsO5v1l50XUqAMArXXz/P16Dxvf/h9MLpfyZBthnunnYopy4MQ/bN58za9z9i9L48fFxHrD/LWFwdHntQO1Cf6rvI8TnQ3aeM9ZzwnHjY7Q7z1k0/74ksx7bVZsvrzTkoamJeU0ltDD/PrGeyeffM7tfPD8+cMOEZg00zFtlj19XOmPW7PMOmfZWRiPkjY/svFj8PEf/vLByrL4Wx0f2czTxOGQ/RxPrOSpz4mz3czTTHR+x2ZOMj7EmF7+/MfH4hUn6d9/xax4te/ymcLyro9vP9Puz6bxh05e/yeI3zBs2PaXtv3nDmX0/zLxkTvz0CXawzxvG8rgflRbnEz+aU96p+cR4uojt2jNJW/YH84nAK1XM/+NrxGj+P3oB/l+Z7YquQ7NXjTFe7ueEys3bU5R3TPycXk9br+Ord276Ynf/3hNyr3MebPVzP5vGrfUUfO6nqB+XZtYL+zFngqYo38vWU9Tv2c9l9Ia5bfX7ndtve9sd8286M7ffV9ZeSIv7/Svj1uYW9Pt+yhcO4c8ZyBeaxt8f+cLskI6gmZs/O2D5SPrBp5nKRz6SUz7VfKRnwo36fo055PKRrv3bLgDg0BHz//r7Z2n+/29xg/Q6oihvPTGzHuPl5q051yd5eeuH0uUVme1709+omOp189nH33/dnL33HZObt9zeah76/8at9RXmodPLm3PziJWd+bx4bh5Rz7Omlyfmtr+eJ04vT8+NX8/Tp5dH5/ZPPY+e3jxAbvz6PMAhnOe2Ml+XqSyuTj5fV67P183051AOWB6d/vrsTOXR5+aUTzWP7p1wo75fY+TRAAAHVsz/42VczP8fyWw33ffZc/OCDl23Z/8eSD3+E/srr5zpvG+m89aZzutnel7iUM+LZ3peaGbnyV71eXFaqbwYAICDWcz/Z6fr+fn/9PKTZvlb17j8RH7eNL78/CDJzw/1+S/5v/fFi8n/AQBe2WL+H3/tMf79v39I17N/t16enhNfnn7A8vSR+a+kPL3z82yhPs9WMQ9wIOYBZu/b3jwAAAAHQtdYpjTx9+w/ni6zv2ef93v55+ds36pKenl80dbNw8MXXLZpzdDW4Qs2XrpmeMsFl29et3Xr8MbadtPNG3PzljRv7AqVtD+ab5fN2+anfw9hfs7fQ8huH8MePXZj4t9DyFY7u+DvCOw7fq21N+/4lSbZvtn4yDveefE/lrN9VD/+F3/y5AvWbrlg3cZ1W9cNrV+3bXj8dqNZa88UvjczdsuUvi8182OC0tS/v7Mz7ShNaEdX2h9538+eZNqxIG3JgrzvP8hp9y/+6cufOX7kb3eFMHhE+XXT6r9kxcj/P2/4Q1t3/2bTaPtLk7a/vmXarqLvK81uH/ensv7SLVtPWnvpZRuz3yjZnjifUaqvz9B8Rvr0L7c4P7E6p3yqn1MoT7hxcGp5fgIAgHHi+//xeja+f/il9AIqlreep0/v/ePcPH2wtTw9+71kRXl6dvu4v63m6dVp5unZ+ovy9GbbN8vT8/LuvPgfydl+qlofJ9P7nEfuOLmwtXGS/T6DonGS3X6q4ySZ5jjJ1l80Tppt32yc5B33vPgfztk+T+vjYXqfy8kdD7e2Nh7emFkvGg/Z7ac6HkrTHA/Z+ovGQ7Ptm42HvOObF/+cnO1bNX58jA6MsXExfMHll27+dMN2M/39F9Nv38x+/0e7Wm//zH7ua+bbP7O//zXz7Z/e58py2//E9GbCWm//zH6/S7v223xt+mGzos+fFc3jrsopn+o87qwJNw5O5nHhwIn5f3y7J+b/N6XLTr8NdOh/T5rvMWsav/75+5m9jvF6PkllBwGv5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACt6a4sGlvuvn7L3nOOet8vPj/80jUf/MmGa99w1ff+OHDxe35+d893X9615ti1v33vYRff/6kzd972zYdenHvv358pDNw39rNyYrpaDSF5Lgmh+tM9X/3CrseOHC1LQgjlpG97CAuShQ8tSDIRBv8aQlhTb+f4O+956ZS1o8trb+oeVz4/EyS7X6G3HNvT2M4QrijcIw5B1XScbdt7+Unhd+9edd2vFv/wB107nt2+b5Ok2jCeQph3YePju0IIs9P/o+JoWxQfnC5XhhB6Gh53RkG7jmux/cty1o9Ol7PSZW9BnHj/ksx6KbNddj3qyix7Cuqbrrx2tLtdkTmZ9ezJaLry2hnLF6TLH6fLE6cYvxz/J6GUhEq9+euTfWMkNBy3JCRjx7JaXy/Vj21I9z+znmTWS5n1cldmv8bqTQdaOUnGl8ftMuXxdFxJy49tPFc3cW5O+WvTZTV9or4c10P2Rk3vhBv1/RoT27VnkrbsD6WGc1Cz8vqBTw9Gb1rWmyyc8JiRJuJ9u1bdvLS8+uHdfTntSO5O0vhJW/G3/XLBnE98/8bLFuXFv7CUxi+1Ff/3Zz3+/Pk3fucbufFvjfHLbcU/+YGe58565Poluf2zJ/ZPpa34Q888esviwy/akdv+22P8alvxV+x8vHvu3gcezG3/YOyf2W3Ff/rt7//DXU/e92xu/BDj97QVf/XOTV/s7t97Qm78B2P/9LY3fl7YcfpT/f1/GsiL/0SMP7et+Hduv+1td8y/6czc47sy9k9fW/HPPv7+6+bsve+YvHNncnunXjkBXp0OS6+xbkjX280zp6shX/j6QKV2zTcn/T+3kxVljNYzb2LxZJfsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQfn31qR8/710fXlVJQkhythlpIt5XnrVixUAb9Q498+gtiw+/aEdj2aI24gAAAADFYh5eqpdUw6JweTI7HN10+zhHcHRcS8aXZ+cQYpzsHEG7cUodilPuUJxKh+J0dSjOrA7F6e5QnGpBnGpoLc7sSeJURkdFi+3pmbQ9rcfp7VCcOS3G6SqIM7dD7ZnXoTjzOxSnb9I4rY/DBR2Ks7BDcQ7rUJzDOxTniA7FeU2H4hzZoTjZOeWpjsO56ZZH5cUZu1EujFNJyvU7ms2nH5nWc8w06+ktqGdu0etxi/XMbrGe4zKPK02xnmqL9bx+mvUkLdbzxmnWUyqoJ47bK7Lti/XEtRbH/5XTjlO7otjWofZc1aE4V3cozmc7FOdzHYpzzTTjALQq5v/78r2+0F15R+hJzzjZWYCY7y4e+znx9S7vhBTjvS5TPqsoXjZRz8RbPNX2ZScQMvGWZMq7xsWr1PORSeJVG+MtzdxZuL/ZCYVM+07MlHcXxctOLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADPr11ad+/Lx3fXhVSMLov6ZGmoj3lWetWDHQRr27Vt28tLz64d2NZd2VNgIBAAAAhWIe3lUvqYbuyvLQncwat101nQeopuvlvtqyf15YObpMBkpj6z3JgkkfV0kft2zrhk3Ltly57c3rNgxdMnzJ8Ma3Lj91+emDp51+2rK169YPD9Z+htBdEC+EMDb9sOXKbZ8eWr9+ePOWWmG2/YvSxy1K15P0cf1vCYOjy2vT9i8sqK80ob6Zu1F89AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/2HX7kLkKu8/gP/OzOzMuJq/+8e3MZh1SKLYVlq1a9FW3AOFCr4EF6HM2m4l1EilqwmaiLVTDVStoaWgBEJKLpqSSrXSG1+qlPpCIMWmDXTTUFRaL9qLFm0tUXJRIlOyO2d2ZnbG2U7FaPr5XMw58zy/5/mdZy4C35MFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPlhz9YmZ2uTU9GgSkfSpafSQzeWLaVodou+Xn9v0/dL4kQvax0qFITYCAAAABspy+EhrpBylQj7ycfb8t9XRNhGLuR8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjfM1efmKlNTk2fnEQkfWoaPWRz+WKaVofo+/rbT3zmlfHxv7aPVYbYBwAAABgsy+G51kg5KrEmRpKzO+qydwMru9Z312X7rFpmXfe7g351a5ZZd/4y6z42oG5d83p3AAAAwEdflv8LrZGxKBVW9M3/g3J9VnduV12+eR3mbwUAAACA/06W/0utkUqUCpVWXl9u3l/dVZetXxO5Za0/r8/6Qf+ff13z6v/pAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCjY64+MVObnJrOJxFJn5pGD9lcvpim1SH6XvL86N+v2fvA6vaxUmGIjQAAAICBshy+GL3LUSqMxkicPJ/7x6/a9dQXn3pmIiIWYn6xGHev37z5jksWPrO6i/fvHfnevje/taTu4oXP43ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfTNXn5ipTU5Nn5REJH1qGj1kc/limlaH6Pva577w58cOPftG+1hliH0AAACAwbIcvpj9y1GJYhTjzPlv7Vn/mFzX+n7vDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIATx53fuOfr62dnN9zhxo0bN62b4/0vEwAA8H47N5Jo/IfOuv54PzUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBhMFefmKlNTk2Xk4ikT02jh2wuX0zT6hB90+cOlFYcef7F9rHKEPsAAAAAg2U5fDH7l6MSIzESZ8x/6/VOYD7/j32ADwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8qMzVJ2Zqk1PTK5KIpE9No4dsLl9M0+oQfR/duvOze0797tXtY6XCEBsBAAAAA2U5vNgaKUep8PEoxTnN77OdC5J889r7vcDiuk0dy0aXva7esS6/7HUPdZ2s0DzNwrpytt/YwrW1rrp0XbVtXSVa7asd62J7x6oVA54zAAAA4DjK8n+pNTIWpUKpLef+pKN+TM4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPqYq0/M1CanppMkIulT0+ghm8sX07Q6RN97fvP/p3zlp9u2tI9VhtgHAAAAGCzL4YvZvxyVWBX/F6vmc3+MddZndf+oHd3zyD//ckHERWceHC90b/vD7OZXr135QvdHRK6zOhdxarNf0qffr3/3yF1rG0cfi7jojPw5S/rFe/fr3DJtPF3bcN3mfQc3DfhxAAAA4ASR5f+R1shYlAq3983/WfIekP9b5gP4qXdt/fnpzc9mIu9akRtr9sv16ff5tU/86bzL/vbmsfz/Xv0+tfO2Pad3NFwY6ZKkjcnbtqw7eOnuXHbqhf75rv7Z7/Klb77xr1vufvjoQv9ylJvjKwu9+i/97HJS2pjN7Zi+9t0d9c7+hT7nf+C3Lx765cpt7xzr//a5o63+5/c4fzEiFk/er//oDQ9uv3zn3nWd/SOi2qv/W+9cHWf94db7u88/2rVx+y/f/tklSRv7Vx/efdmuyhWd/ZOu/tnv/7NDj27/8cPfeSbrn/2tyAVrlts/19X/5YdO2/rSfdev7Oyf63P+F258ZXxj9du/7z7/zR27Fvo+xdLzP37hkze9uj69t3sKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgxDJXn5ipTU5N55KIpE9No4dsLl9M0+oQfV+/5sBbN2770Q/axypD7AMAAAAMluXwxexfjkoUoxij87n/6dqG6zbvO7gpxhZmk+a1MLvxzs2fuGXjlttvPk5PDgAAACxXlv8LrZGxKBXWxkgz/0/etmXdwUt357L8n8vy/y23zm64KFp1Lz902taX7rt+Zes9QcT8nwWUj9V9erHuqisPjB3+49fO61l3yWLd/tWHd1+2q3JFVhftdRdH6/3E4xc+edOr69N7W8/XXvfJr26cbb6eyPYdveHB7Zfv3LuudY7mdbS5b1Y3m9sxfe27O+pZXb55LTfPDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsNVefmKlNTk1HPiLpXXJSRDS6ZZP5YppWh+h77dpf3H/KkWdXtY+VCkNsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC/2YEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsJ+/YTGUfZxAH+e3eTNNpu0SfuCUTFNq6LUg0VBRC8qKtKKFDxVilRbexAFQUSpB1NpxVIVL4LVSxEV1CgFBRuLpVVS8V/x4kEFhepBKMWAdikeVLL7zHYz3XF1UgX184HhyfPMzHd+M8+zs1kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf5SBvrFme3jH/Y1bzrnho0fvOvHITe/cu+2ih1/9bmLTdR/uHXzp5MzmFVu+vH7Zpv13r5ne/fyhn4bf+uVoz+CHWs2q1K2FEI/HEGrvzj7z2MzHZ82NxRBCNY5MhjAalx4ajbmE1T+HEDa365y/880Tl2+Za7ftGpg3viQXkr+vUK9m9bSMzK+Xf5daWmdbGw9eEr6+dv32T5e/8Xr/1LHJU4fEWsd6CmHxxs7z+0MIi9I2J1ttY9nJqV0XQhjsOO/KHnWd/wfrv7Sgf25q/5faeo+cbP/KXL+SOy7fz/Tn2sEe11uoojrKHtfLUK6ffxktVFGd2fhoat9O7ao/mV/NthgqMfS1y78nnlojoWPeYojNuay1+5X23IZ0/7l+zPUruX61P3dfzeumhVaNcf54dlxuPHsd96XxFZ3v6i5uLRg/O7W19EE9mfVD/o+W+ml/tO+rKatr9ndq+TtUOt5B3cbbE58mo57G6nHpaef82kW2b2b9ExdWN7x3eKSgjrg3pvxYKn/rJ6NDt7+284GxovyNlZRfKZX/zdojP9y284XnCvOfzvKrpfIvOzB4fO37O1YWPp/Z7Pn0lcq/4+gHTy7//51T3ea6mb8ny6+Vyr9m+sjAcOPAwcL6V2fPZ1Gp/K+uvvHbVz7fd6wwP2T5g6XyN0zf99TAeOPiwvyDrY9CvblCS6yfH6eu+GJ8/PuJovzPsuc/3CU/9sx/eXL3VS8u2bWmcH2uy57PSKn6b75g//ahxr7zit6dcc+Z+uYE+G9alv7Hejz1y/7OXKiO3wvPTvS1voGG0jZ8Ji+UM3edxX9hPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7EDByQAAAAAgv6/bkegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE8FAAD//wRAJiE=") [ 120.888103][ T4674] Bluetooth: hci0: command tx timeout [ 121.206671][ T5348] loop0: detected capacity change from 0 to 32768 [ 121.319041][ T5348] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 121.319058][ T5348] allowing incompatible features above 0.0: (unknown version) [ 121.319065][ T5348] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 121.335127][ T5348] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 121.340491][ T5348] bcachefs (loop0): invalid bkey in superblock btree=deleted_inodes level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:16426:0 gen 0 invalid [ 121.340525][ T5348] pointer past last bucket (16426 > 128), deleting [ 121.354679][ T5348] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 121.359129][ T5348] bcachefs (loop0): Version upgrade required: [ 121.359129][ T5348] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 121.359129][ T5348] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 121.359129][ T5348] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 121.408049][ T5348] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4100:U32_MAX len 0 ver 0: (unpack error) [ 121.408073][ T5348] invalid variable length fields, deleting [ 121.421612][ T5348] bcachefs (loop0): btree node read error at btree xattrs level 0/0 [ 121.421644][ T5348] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key 327680:0:0 durability: 1 ptr: 0:31:0 gen 0 [ 121.421652][ T5348] loop0 node offset 0/16: incorrect min_key: got POS_MIN should be 327680:0:0 [ 121.421657][ T5348] flagging btree xattrs lost data [ 121.421662][ T5348] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 121.421667][ T5348] ret btree_node_read_validate_error [ 121.450916][ T5348] bcachefs (loop0): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing [ 121.463016][ T5348] bcachefs (loop0): check_topology... [ 121.463196][ T5348] bcachefs (loop0): btree root xattrs unreadable, must recover from scan [ 121.470957][ T5348] bcachefs (loop0): no nodes found for btree xattrs, continuing [ 121.476063][ T5348] done [ 121.477327][ T5348] bcachefs (loop0): accounting_read... done [ 121.481414][ T5348] bcachefs (loop0): alloc_read... done [ 121.484998][ T5348] bcachefs (loop0): snapshots_read... done [ 121.489457][ T5348] bcachefs (loop0): check_allocations... [ 121.493150][ T5348] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 121.493173][ T5348] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 121.509275][ T5348] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 121.509289][ T5348] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 121.521505][ T5348] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 121.521520][ T5348] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 121.535070][ T5348] bcachefs (loop0): bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 121.535085][ T5348] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 121.549858][ T5348] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 121.549872][ T5348] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 121.562541][ T5348] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 121.568477][ T5348] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 121.574370][ T5348] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 121.579558][ T5348] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 121.584867][ T5348] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 121.589691][ T5348] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 121.594486][ T5348] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 121.599028][ T5348] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 121.604433][ T5348] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 121.610132][ T5348] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 121.614725][ T5348] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 121.618832][ T5348] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 121.623799][ T5348] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 121.630100][ T5348] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 121.635258][ T5348] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 121.640029][ T5348] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 121.645006][ T5348] bcachefs (loop0): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 121.650369][ T5348] bcachefs (loop0): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 121.656292][ T5348] bcachefs (loop0): bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing [ 121.660576][ T5348] bcachefs (loop0): bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 121.666718][ T5348] bcachefs (loop0): bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing [ 121.666730][ T5348] Ratelimiting new instances of previous error [ 121.674142][ T5348] bcachefs (loop0): bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 121.674154][ T5348] Ratelimiting new instances of previous error [ 121.693280][ T5348] done [ 121.695069][ T5348] bcachefs (loop0): going read-write [ 121.721987][ T1039] bcachefs (loop0): u64s 12 type alloc_v4 0:37:0 len 0 ver 0: [ 121.722010][ T1039] gen 0 oldest_gen 0 data_type btree [ 121.722015][ T1039] journal_seq_nonempty 6 [ 121.722020][ T1039] journal_seq_empty 0 [ 121.722024][ T1039] need_discard 1 [ 121.722029][ T1039] need_inc_gen 1 [ 121.722034][ T1039] dirty_sectors 256 [ 121.722039][ T1039] stripe_sectors 0 [ 121.722043][ T1039] cached_sectors 0 [ 121.722048][ T1039] stripe 0 [ 121.722053][ T1039] stripe_redundancy 0 [ 121.722058][ T1039] io_time[READ] 1 [ 121.722063][ T1039] io_time[WRITE] 1024 [ 121.722068][ T1039] fragmentation 0 [ 121.722072][ T1039] bp_start 7 [ 121.722077][ T1039] [ 121.722081][ T1039] incorrectly set at freespace:0:37:0 (free 0, genbits 0 should be 0), fixing [ 121.725960][ T5348] bcachefs (loop0): journal_replay... [ 121.766936][ T1039] bcachefs (loop0): u64s 13 type alloc_v4 0:42:0 len 0 ver 0: [ 121.766948][ T1039] gen 0 oldest_gen 0 data_type need_discard [ 121.766954][ T1039] journal_seq_nonempty 7 [ 121.766959][ T1039] journal_seq_empty 0 [ 121.766965][ T1039] need_discard 1 [ 121.766970][ T1039] need_inc_gen 1 [ 121.766975][ T1039] dirty_sectors 0 [ 121.766981][ T1039] stripe_sectors 0 [ 121.766986][ T1039] cached_sectors 0 [ 121.766991][ T1039] stripe 0 [ 121.766996][ T1039] stripe_redundancy 0 [ 121.767000][ T1039] io_time[READ] 1 [ 121.767005][ T1039] io_time[WRITE] 1280 [ 121.767010][ T1039] fragmentation 0 [ 121.767015][ T1039] bp_start 8 [ 121.767021][ T1039] [ 121.767026][ T1039] incorrectly set at freespace:0:42:0 (free 0, genbits 0 should be 0), fixing [ 121.807652][ T1039] ================================================================== [ 121.810675][ T1039] BUG: KASAN: slab-use-after-free in bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 121.814070][ T1039] Read of size 8 at addr ffff888040569120 by task kworker/u4:7/1039 [ 121.817208][ T1039] [ 121.818256][ T1039] CPU: 0 UID: 0 PID: 1039 Comm: kworker/u4:7 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 121.818269][ T1039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 121.818276][ T1039] Workqueue: btree_node_rewrite async_btree_node_rewrite_work [ 121.818298][ T1039] Call Trace: [ 121.818305][ T1039] [ 121.818311][ T1039] dump_stack_lvl+0x189/0x250 [ 121.818328][ T1039] ? __virt_addr_valid+0x1c8/0x5c0 [ 121.818341][ T1039] ? rcu_is_watching+0x15/0xb0 [ 121.818356][ T1039] ? __kasan_check_byte+0x12/0x40 [ 121.818366][ T1039] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.818381][ T1039] ? rcu_is_watching+0x15/0xb0 [ 121.818394][ T1039] ? lock_release+0x4b/0x3e0 [ 121.818408][ T1039] ? __virt_addr_valid+0x1c8/0x5c0 [ 121.818418][ T1039] ? __virt_addr_valid+0x4a5/0x5c0 [ 121.818429][ T1039] print_report+0xd2/0x2b0 [ 121.818442][ T1039] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 121.818456][ T1039] kasan_report+0x118/0x150 [ 121.818466][ T1039] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 121.818482][ T1039] bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 121.818501][ T1039] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 121.818518][ T1039] ? __pfx_bch2_bucket_alloc_trans+0x10/0x10 [ 121.818533][ T1039] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 121.818548][ T1039] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 121.818562][ T1039] bch2_bucket_alloc_set_trans+0x5a6/0xe70 [ 121.818578][ T1039] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 121.818593][ T1039] ? __open_bucket_add_buckets+0x783/0x1e40 [ 121.818609][ T1039] __open_bucket_add_buckets+0x1437/0x1e40 [ 121.818631][ T1039] open_bucket_add_buckets+0x2ee/0x440 [ 121.818647][ T1039] bch2_alloc_sectors_start_trans+0xd26/0x1e80 [ 121.818662][ T1039] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 121.820381][ T1039] bch2_btree_reserve_get+0x641/0x1810 [ 121.820400][ T1039] ? __pfx_bch2_btree_reserve_get+0x10/0x10 [ 121.820409][ T1039] ? rcuwait_wake_up+0x1c/0x230 [ 121.820421][ T1039] ? rcuwait_wake_up+0x1c/0x230 [ 121.820436][ T1039] ? __pfx___bch2_disk_reservation_add+0x10/0x10 [ 121.820449][ T1039] ? bch2_btree_update_start+0xadb/0x1dc0 [ 121.820465][ T1039] bch2_btree_update_start+0x147e/0x1dc0 [ 121.820478][ T1039] ? bch2_btree_path_traverse_one+0x91e/0x21d0 [ 121.820494][ T1039] ? bch2_btree_node_rewrite+0x17e/0x1120 [ 121.820508][ T1039] ? __pfx_bch2_btree_update_start+0x10/0x10 [ 121.820524][ T1039] ? bch2_btree_path_traverse_one+0x91e/0x21d0 [ 121.820537][ T1039] ? async_btree_node_rewrite_work+0x1e1/0x840 [ 121.820552][ T1039] ? bch2_btree_iter_peek_node+0x566/0xbe0 [ 121.820561][ T1039] ? bch2_btree_iter_verify+0x1d/0x360 [ 121.820571][ T1039] bch2_btree_node_rewrite+0x17e/0x1120 [ 121.820589][ T1039] async_btree_node_rewrite_work+0x370/0x840 [ 121.820606][ T1039] ? __pfx_async_btree_node_rewrite_work+0x10/0x10 [ 121.820622][ T1039] ? async_btree_node_rewrite_work+0x1d2/0x840 [ 121.820637][ T1039] ? _raw_spin_unlock_irq+0x23/0x50 [ 121.820649][ T1039] ? process_scheduled_works+0x9ef/0x17b0 [ 121.820663][ T1039] ? process_scheduled_works+0x9ef/0x17b0 [ 121.820676][ T1039] process_scheduled_works+0xae1/0x17b0 [ 121.820696][ T1039] ? __pfx_process_scheduled_works+0x10/0x10 [ 121.820713][ T1039] worker_thread+0x8a0/0xda0 [ 121.820731][ T1039] kthread+0x70e/0x8a0 [ 121.820743][ T1039] ? __pfx_worker_thread+0x10/0x10 [ 121.820757][ T1039] ? __pfx_kthread+0x10/0x10 [ 121.820767][ T1039] ? _raw_spin_unlock_irq+0x23/0x50 [ 121.820777][ T1039] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.820790][ T1039] ? __pfx_kthread+0x10/0x10 [ 121.820800][ T1039] ret_from_fork+0x3fc/0x770 [ 121.820814][ T1039] ? __pfx_ret_from_fork+0x10/0x10 [ 121.820827][ T1039] ? __pfx_kthread+0x10/0x10 [ 121.820838][ T1039] ret_from_fork_asm+0x1a/0x30 [ 121.820851][ T1039] [ 121.820854][ T1039] [ 121.973938][ T1039] Allocated by task 1039: [ 121.975684][ T1039] kasan_save_track+0x3e/0x80 [ 121.977586][ T1039] __kasan_kmalloc+0x93/0xb0 [ 121.979544][ T1039] __kmalloc_node_track_caller_noprof+0x271/0x4e0 [ 121.982403][ T1039] krealloc_noprof+0x124/0x340 [ 121.984949][ T1039] __bch2_trans_kmalloc+0x26c/0xc80 [ 121.987477][ T1039] bch2_alloc_sectors_start_trans+0x1d59/0x1e80 [ 121.990291][ T1039] bch2_btree_reserve_get+0x641/0x1810 [ 121.992744][ T1039] bch2_btree_update_start+0x147e/0x1dc0 [ 121.995264][ T1039] bch2_btree_node_rewrite+0x17e/0x1120 [ 121.997723][ T1039] async_btree_node_rewrite_work+0x370/0x840 [ 122.000197][ T1039] process_scheduled_works+0xae1/0x17b0 [ 122.002504][ T1039] worker_thread+0x8a0/0xda0 [ 122.004448][ T1039] kthread+0x70e/0x8a0 [ 122.006215][ T1039] ret_from_fork+0x3fc/0x770 [ 122.008095][ T1039] ret_from_fork_asm+0x1a/0x30 [ 122.010126][ T1039] [ 122.011161][ T1039] Freed by task 1039: [ 122.012750][ T1039] kasan_save_track+0x3e/0x80 [ 122.014663][ T1039] kasan_save_free_info+0x46/0x50 [ 122.016807][ T1039] __kasan_slab_free+0x62/0x70 [ 122.018891][ T1039] kfree+0x18e/0x440 [ 122.020561][ T1039] krealloc_noprof+0x1cd/0x340 [ 122.022614][ T1039] __bch2_trans_kmalloc+0x26c/0xc80 [ 122.024875][ T1039] __bch2_trans_subbuf_alloc+0x2da/0x460 [ 122.027200][ T1039] bch2_trans_log_str+0xd5/0x3c0 [ 122.029299][ T1039] __bch2_fsck_err+0xc11/0xfb0 [ 122.031352][ T1039] bch2_check_discard_freespace_key+0x71b/0xce0 [ 122.033922][ T1039] bch2_bucket_alloc_trans+0x1333/0x2410 [ 122.036292][ T1039] bch2_bucket_alloc_set_trans+0x5a6/0xe70 [ 122.038850][ T1039] __open_bucket_add_buckets+0x1437/0x1e40 [ 122.041389][ T1039] open_bucket_add_buckets+0x2ee/0x440 [ 122.043768][ T1039] bch2_alloc_sectors_start_trans+0xd26/0x1e80 [ 122.046398][ T1039] bch2_btree_reserve_get+0x641/0x1810 [ 122.048747][ T1039] bch2_btree_update_start+0x147e/0x1dc0 [ 122.051187][ T1039] bch2_btree_node_rewrite+0x17e/0x1120 [ 122.053571][ T1039] async_btree_node_rewrite_work+0x370/0x840 [ 122.056105][ T1039] process_scheduled_works+0xae1/0x17b0 [ 122.058374][ T1039] worker_thread+0x8a0/0xda0 [ 122.060405][ T1039] kthread+0x70e/0x8a0 [ 122.062147][ T1039] ret_from_fork+0x3fc/0x770 [ 122.064173][ T1039] ret_from_fork_asm+0x1a/0x30 [ 122.066147][ T1039] [ 122.067232][ T1039] The buggy address belongs to the object at ffff888040569000 [ 122.067232][ T1039] which belongs to the cache kmalloc-512 of size 512 [ 122.072966][ T1039] The buggy address is located 288 bytes inside of [ 122.072966][ T1039] freed 512-byte region [ffff888040569000, ffff888040569200) [ 122.078733][ T1039] [ 122.079820][ T1039] The buggy address belongs to the physical page: [ 122.082648][ T1039] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40568 [ 122.086492][ T1039] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 122.090175][ T1039] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 122.093520][ T1039] page_type: f5(slab) [ 122.095283][ T1039] raw: 04fff00000000040 ffff88801a441c80 ffffea0001013e00 dead000000000004 [ 122.099014][ T1039] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 122.102769][ T1039] head: 04fff00000000040 ffff88801a441c80 ffffea0001013e00 dead000000000004 [ 122.106575][ T1039] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 122.110543][ T1039] head: 04fff00000000001 ffffea0001015a01 00000000ffffffff 00000000ffffffff [ 122.114443][ T1039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 122.118049][ T1039] page dumped because: kasan: bad access detected [ 122.120712][ T1039] page_owner tracks the page as allocated [ 122.123031][ T1039] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5311, tgid 5311 (syz-executor), ts 108244341273, free_ts 92665643762 [ 122.131390][ T1039] post_alloc_hook+0x240/0x2a0 [ 122.133477][ T1039] get_page_from_freelist+0x21e4/0x22c0 [ 122.135796][ T1039] __alloc_frozen_pages_noprof+0x181/0x370 [ 122.138425][ T1039] alloc_pages_mpol+0x232/0x4a0 [ 122.140487][ T1039] allocate_slab+0x8a/0x3b0 [ 122.142571][ T1039] ___slab_alloc+0xbfc/0x1480 [ 122.144574][ T1039] __kmalloc_cache_noprof+0x296/0x3d0 [ 122.146938][ T1039] __debugfs_file_get+0x144/0x710 [ 122.149096][ T1039] open_proxy_open+0x53/0x4e0 [ 122.151122][ T1039] do_dentry_open+0xdf0/0x1970 [ 122.152870][ T1039] vfs_open+0x3b/0x340 [ 122.154571][ T1039] path_openat+0x2ee5/0x3830 [ 122.156459][ T1039] do_filp_open+0x1fa/0x410 [ 122.158279][ T1039] do_sys_openat2+0x121/0x1c0 [ 122.160140][ T1039] __x64_sys_openat+0x138/0x170 [ 122.162309][ T1039] do_syscall_64+0xfa/0x3b0 [ 122.164355][ T1039] page last free pid 5251 tgid 5251 stack trace: [ 122.167056][ T1039] __free_frozen_pages+0xc71/0xe70 [ 122.169292][ T1039] __put_partials+0x161/0x1c0 [ 122.171355][ T1039] put_cpu_partial+0x17c/0x250 [ 122.173425][ T1039] __slab_free+0x2f7/0x400 [ 122.175358][ T1039] qlist_free_all+0x97/0x140 [ 122.177372][ T1039] kasan_quarantine_reduce+0x148/0x160 [ 122.179683][ T1039] __kasan_slab_alloc+0x22/0x80 [ 122.181714][ T1039] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 122.184138][ T1039] getname_flags+0xb8/0x540 [ 122.186150][ T1039] do_sys_openat2+0xbc/0x1c0 [ 122.188048][ T1039] __x64_sys_openat+0x138/0x170 [ 122.189951][ T1039] do_syscall_64+0xfa/0x3b0 [ 122.191840][ T1039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.194321][ T1039] [ 122.195385][ T1039] Memory state around the buggy address: [ 122.197689][ T1039] ffff888040569000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.200852][ T1039] ffff888040569080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.204358][ T1039] >ffff888040569100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.207722][ T1039] ^ [ 122.209715][ T1039] ffff888040569180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.212928][ T1039] ffff888040569200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 122.215826][ T1039] ================================================================== [ 122.244877][ T1039] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 122.247791][ T1039] CPU: 0 UID: 0 PID: 1039 Comm: kworker/u4:7 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 122.252977][ T1039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 122.257442][ T1039] Workqueue: btree_node_rewrite async_btree_node_rewrite_work [ 122.260579][ T1039] Call Trace: [ 122.261987][ T1039] [ 122.263297][ T1039] dump_stack_lvl+0x99/0x250 [ 122.265186][ T1039] ? __asan_memcpy+0x40/0x70 [ 122.267174][ T1039] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.269385][ T1039] ? __pfx__printk+0x10/0x10 [ 122.271410][ T1039] panic+0x2db/0x790 [ 122.273065][ T1039] ? __pfx_panic+0x10/0x10 [ 122.274937][ T1039] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 122.277406][ T1039] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 122.280070][ T1039] ? print_memory_metadata+0x314/0x400 [ 122.282300][ T1039] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 122.285246][ T1039] check_panic_on_warn+0x89/0xb0 [ 122.287460][ T1039] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 122.289791][ T1039] end_report+0x78/0x160 [ 122.291666][ T1039] kasan_report+0x129/0x150 [ 122.293721][ T1039] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 122.296216][ T1039] bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 122.298498][ T1039] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 122.301083][ T1039] ? __pfx_bch2_bucket_alloc_trans+0x10/0x10 [ 122.303612][ T1039] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 122.305889][ T1039] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 122.308373][ T1039] bch2_bucket_alloc_set_trans+0x5a6/0xe70 [ 122.310801][ T1039] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 122.313352][ T1039] ? __open_bucket_add_buckets+0x783/0x1e40 [ 122.315619][ T1039] __open_bucket_add_buckets+0x1437/0x1e40 [ 122.317949][ T1039] open_bucket_add_buckets+0x2ee/0x440 [ 122.320154][ T1039] bch2_alloc_sectors_start_trans+0xd26/0x1e80 [ 122.322793][ T1039] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 122.325146][ T1039] bch2_btree_reserve_get+0x641/0x1810 [ 122.327574][ T1039] ? __pfx_bch2_btree_reserve_get+0x10/0x10 [ 122.329989][ T1039] ? rcuwait_wake_up+0x1c/0x230 [ 122.332142][ T1039] ? rcuwait_wake_up+0x1c/0x230 [ 122.334209][ T1039] ? __pfx___bch2_disk_reservation_add+0x10/0x10 [ 122.336914][ T1039] ? bch2_btree_update_start+0xadb/0x1dc0 [ 122.339266][ T1039] bch2_btree_update_start+0x147e/0x1dc0 [ 122.341747][ T1039] ? bch2_btree_path_traverse_one+0x91e/0x21d0 [ 122.344287][ T1039] ? bch2_btree_node_rewrite+0x17e/0x1120 [ 122.346588][ T1039] ? __pfx_bch2_btree_update_start+0x10/0x10 [ 122.349019][ T1039] ? bch2_btree_path_traverse_one+0x91e/0x21d0 [ 122.351615][ T1039] ? async_btree_node_rewrite_work+0x1e1/0x840 [ 122.354136][ T1039] ? bch2_btree_iter_peek_node+0x566/0xbe0 [ 122.356412][ T1039] ? bch2_btree_iter_verify+0x1d/0x360 [ 122.358782][ T1039] bch2_btree_node_rewrite+0x17e/0x1120 [ 122.361279][ T1039] async_btree_node_rewrite_work+0x370/0x840 [ 122.363692][ T1039] ? __pfx_async_btree_node_rewrite_work+0x10/0x10 [ 122.366285][ T1039] ? async_btree_node_rewrite_work+0x1d2/0x840 [ 122.368813][ T1039] ? _raw_spin_unlock_irq+0x23/0x50 [ 122.370889][ T1039] ? process_scheduled_works+0x9ef/0x17b0 [ 122.373261][ T1039] ? process_scheduled_works+0x9ef/0x17b0 [ 122.375494][ T1039] process_scheduled_works+0xae1/0x17b0 [ 122.377718][ T1039] ? __pfx_process_scheduled_works+0x10/0x10 [ 122.380557][ T1039] worker_thread+0x8a0/0xda0 [ 122.382411][ T1039] kthread+0x70e/0x8a0 [ 122.384139][ T1039] ? __pfx_worker_thread+0x10/0x10 [ 122.386208][ T1039] ? __pfx_kthread+0x10/0x10 [ 122.388134][ T1039] ? _raw_spin_unlock_irq+0x23/0x50 [ 122.390279][ T1039] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.392593][ T1039] ? __pfx_kthread+0x10/0x10 [ 122.394383][ T1039] ret_from_fork+0x3fc/0x770 [ 122.396326][ T1039] ? __pfx_ret_from_fork+0x10/0x10 [ 122.398331][ T1039] ? __pfx_kthread+0x10/0x10 [ 122.400233][ T1039] ret_from_fork_asm+0x1a/0x30 [ 122.402276][ T1039] [ 122.404014][ T1039] Kernel Offset: disabled [ 122.405709][ T1039] Rebooting in 86400 seconds..