program: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301000009210000000122010009058103"], 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_ep_write(r0, 0x81, 0xff08, &(0x7f0000000c40)="2318e78a8110b1c89f478f51e1a8dc6a90c8e40855f1484f523e935f5b4f4a225183bfd4ca317400"/49) read$char_usb(r1, &(0x7f0000000100)=""/242, 0xf2) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000011000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="000000000000000314001a80100005800c00028008000100"], 0x34}}, 0x10) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000300)=ANY=[@ANYBLOB="7265636f766572795f706073735f6c6173743d636865636b5f616c6c6f635f746f5f6c72755f726566732c6d756d3d6372633332632c6572726f72733d636f6e74696e75652c696e6c696e655f646174613c7374725f686173683d736970686163682c6e6f6368616e6765732c6e6f636f772c6e6f6578636c2c6e6f636f772c009de64b13c7fe6458bcd6d2d7793dd0d582fa215cdb447daefca877f332de059c1ce3af538bd2704deba5435b74a9d2603c05922ff0efdfdcde03b87b29fa1c67cc652304af76370c95a26cb157"], 0x1, 0x59cb, &(0x7f0000005dc0)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkIMpjVIlBCILZW/CpsUrGSS+wUEEouUg7iZMOCVkT2SqgkEZAgQeSAgwJcOOVUAskf2IWpw1ZcVMHFKJQxP07ibGyKs4+6wtTZd9hX5SvMoTKgo3w+b2p3+s3O9k5vz87OCkl8PiVtT7/p+b7Xr9/09PfN7E4AAADgfeHA7TsOXXrSH33nr0feueWP/2XLraGvPFFejRv0p8sb36sWcjh1V5ZPLLPj4rdu+upPB6/5g28/2vuVd/dvPHXTD//wuGue/OxF++7/h2feXvT4r18rihvH05mT68kbSQjVbx782zv2v3DieFkSQign/XtCWJose2Zpkgkx9MsQwsZ0pVyZeudj75yzaXx5693dU8qXZILkjffBuIHxfkyrpuNs96Ebzgo/+v31t31vxdf/qWvv63smN0mqDeMphMVXNT6+K4TQ0zBe4iBdnllfF0LobXjcBQXtOq3F9q/OWT85XS5Il30FceL9KzPrpcx22fWoK7PsLahvrvLa0e52RRZm1rMno7nKa2csX5ouv5Euz5xl/HL8n4RSEir15o8mk2MkNBy3JCQTx7JaXy/Vj21I9z+znmTWS5n1cldmvybqTQdaOUmmlsftMuXxdFxJy09tvDZp4rKc8g+ky2r6RH03rofsjZq+aTfq+zUhtuvgDG05HMb7qXuG8vo4Sw9GX1rWlyyb9pixJuJ9+9ffs6q84dkD/TntSB5N0vjJRB/NNv7u7y5d+Jmv3XX98rz4V5XS+KW24v/44hffvOKuLz+QG/++GL/cVvyzn+p94+Lnbl+Z1z9xePWFSlvxh197/t4Vx1+9N7f9D8b+r7YVf+2+F7sXHXrq6dzjOxT7p6et+K9e+PGfPPLyE6/nxg8xfm9b8Tfs2/b57oFDZ+TGfzr2T1974+etvee/MjDws8G8+C/F+Ivaiv/wnvs/+tCSuy/KPb7rYv/0txX/ktOfvG3hoSdOyTt3Jg926pUT4P3puPQa6850faY8s3uGPHOuGvKFvx+s1K5bF6b/F3WyoszF53g9izsZHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCCCec9Z8/8T8/1f9GJV3vTm+8WqotY/mCEJKeEMKOncPbd27eeu3gZ6+7fvvW4dHB4Z2DI6Ol7bsGz/2dwe0j20aHd43fO/Shc2qPWxaS2jI5ZVrd3WNjY6X+qWWxvn9z+t4frbrgf/88hKETfjBQyW3/6vu3PHR8k58Zydqxj225/tIfnPeldL/603b1N2nX2NjYWMhp1/+5/FcP/c3Bn54RwtBvzNSu51/9vW9NadBEwWScVKk71BrUnfQ2bUe91Wl7Yn9VNm0eHRmauX/HH1/O2Y9/e9Prv9x04xd+Vevfau5+tNi/PWvHRkt/t/6S//93N9cKitpV349Mu+b7uBf1d9yL2L7Yf9W0vxen+7U4Z78qOf19+/eefvmbJ9319p4wVHlrxfS6i/arKx0AXckHWqo31tCbLJ1SXk23j0c8Pm71zi3bVu/YtftDm7cMXzty7cjWj6w5d835Q+edf97qiT1f3eH9j/X/Zov73+p4ytY7u/G05C/2fCP+bG08FbWrqD/G21XcH40tynv+9V52xxc/cv9zl9YKisZ53Lr+PEyXvePHeU1oGG/T+6rZfhX1QwhhsFk/vPn2ReHE/7b5tqLzUOORafyZkawde2HlL750wT8u/91awWE5zzc2qM3zfL3Vk+2Z6K9qejzGjtD+7Q7ldL/6mrZrzQvPdd1z4Od/WW/fggXhxuGdO7evqf1cmLZ0YXJy03ZlS+N+rZj4WQ5pt4T6MG0yXsd1hVr7sufPuHm2V/vS+/qSZU33Kyvet3/9PavKG549kNfTyaO1GnvCotoy+WDOlqOZB5brDW5W/5H6/CsaHwOf+MfHP/X4P587bXycXftZtF9Jzn59/eWHv/iVL/z7f+7cfn3i917s/8V///NVtYLOnVeeu7tZuzp1Xqm3Om1P0nheOTuEouffitB8P3Kff6WmYQqff9l6JrdvHm8ws94XysXP12qY9nw9+6neNy5+7vaVuc/Xg60+X2+eslYueL4eKa9L2edXUpnajvl7fk0ZKMnasW/fedyeZ25Zd1KtoGhc17duNq7PaSH/yNmvb13xysB1g//uv3buvPHV33nsyh8Or/2rWkH7xz22pTPHvZr2bzWnf+utjnlnY/9++JrrRjfWyo/c6990WZD/xFPJjl27Pzc8OjqyfUdr+9Xq62msJ9vLrY6fVZnX03h2W5bdr9LU/SpN26/5u9FKf7X6fIvt39hmf2Wfb30haes6bvd3ly78zNfuur5/2qPSiq4qpfFLbcX/8cUvvnnFXV9+IDf+fTF+pa34w689f++K46/emxv/wRi/2lb8tfte7F506Kmnc+MPxfg9bcV/9cKP/+SRl594PTd+iPH72uv/t/ae/8rAwM9y47+UpPWMXyOF8Ng752yqrSehKz2PxHZ0TWlXyK4nmfVSZr3cuF6qzbXWKygnydTyuF1afmpDW5r5s5zyeBVWXV5bvhvXQ/bGzOVHmlLDub9ZedF1KgDAsS6+/x+vQeP7/yPphVL+TANMmmsetjwnbszDJudzFky5f3kaPz4+zgMOfDgMjS9vHaxd6M/2fYT4fMjOc8Z6zjhtaox25zmL5t9XZtZju2rz5ZWGPDQ1Pa+phBbm36fXM/P8e2b3i+fHB++c1qzBhvm47PHrSmfMmn3eIdPeyniEvPGRne+Ln+cYWBzWTdTX4vjIfo4mHofs52hiPSdlTpztfo5mruMjNnuG8THR5OL3N6YfvzBD/04ev+bRssdvFse7Or79fL8/24F5w6antMM3b9jC+2FN4rf6flh9XnLt9G1mil88LxnjH93zkkf6vGEsj/tRaXE+8VM55a3MJzbOy+XNJ8bTRWzXwRnacjiYTwSOVTH/j68R4/n/+AX4/81sV3Qdmr1qjPFyPydUbt6eorxj+uf0ett6Hd+wb9vnuwcOnZF7nfN0q5/72TZlrbfgcz9F/bgqs17YjzkTNEX5Xraeon7Pfi6jLyxqq98f3nP/Rx9acvdFuf2+rvZCWtzvX5yytqig34+CfKF5/GMtX+j45xiOjXxhvufP3rN8JP3g03zlI3+aUz7bzzf0TrtR368JR10+0nV42wUAHD1i/l9//yzN//9H3CC9jijKW8/MrMd4uXlrzvVJXt76J+nyxsz2felvVMz2uvmS05+8beGhJ07JzVsebDUP/Q9T1voL89C55c25ecS6znxePDePqOdZbeeJlfE8Mbf99Txxbnl6bvx6nj63PDq3f+p59NzmAXLjX3WsfF4/f75uooZMZXG11fm6YzaPTn99dr7y6MtyymebR/dNu1HfrwnyaACA91bM/+NlXMz/n8tsN9f32XPzgrletyd5f/Enjf/S4cor5zvvm++8dW7v/xbn9fM9L3G058XzPS80v/Nk7/u8OK1UXgwAwJEs5v896Xp+/j+3/KRZ/tY1JT+RnzeNLz8/QvLzI3T+K33fOvv3cOvx6/Nf8n/vixfL5P/d2XL5PwDA0S3m//HXHuPf//tP6Xr279a3kKd/qTGliPfJ0+XpQZ7eQp7e+Xm24HMA7+08QM/k9kfpPMC0cvMAAABHl66JTGn679l/Ol1mf88+7/fyr8jZvlWV9PL46p3bR0auvH7bxuGdI1duvW7jyI4rb9i+eefOka217eaaN+bmLWne2BUqaX803y6bty1J/x7Ckpy/h5DdPoY9eeLG9L+HkK22p+DvCEwev9bam3f8SjNs32x85B3vvPh/lrN9VD/+1/z52Vdu2nHl5q2bd24eHt28e2TqduNZa+8svjczdsusvi8182Oa0uy/v7Mz7ShNa0dX2h9538+eZNqxNG3J0rzvP8hp93f+y9/8xeljv3okhKETyh+cU/8la8f+4+Ujf7LzwA+2jbe/Z8b217dM21X0faXZ7eP+VEav27HzrE3XXb81+42S7YnzGaX6+jzNZ6RP/3KL8xMbcspn+zmF8rQbR6aW5ycAAJgivv8fr2fj+4dfSC+gYnnrefrc3j/OzdOHWsvTs99LVpSnZ7eP+9tqnl6dY56erb8oT2+2fbM8PS/vzov/pznbz1br42Run/PIHSdXtTZOst9nUDROstvPdpwkxeNkQc4uNa2/aJw0277ZOMk77nnxP5mzfZ7Wx8PcPpeTOx7ua208/HZmvWg8ZLef7XgozfG8ka2/aDw0277ZeMg7vnnxL83ZvlVTx8f4wJgYFyNX3nDd9s81bDff338x9/bN7/d/tKv19s/v577mv/3z+7my+W//3D5Xltv+l+Y2E9Z6++f3+13addjma9NX76LPnxXN467PKZ/tPO6CaTeOTOZx4b0T8//4dk/M/+9Ol51+G+jo/54032PWNH6Hvses6DrG6/kMlR0BOvN6foS/+QwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQAd2V5RPLA7fvOHTpSX/0nb8eeeeWP/6XLbf+1k1f/engNX/w7Ud7v/Lu/o2nbvrhHx53zZOfvWjf/f/wzNuLHv/1a4WB+yd+Vs5MV6shJG8kIVS/efBv79j/wonjZUkIoZz07wlhabLsmaVJJsLQL0MIG+vtnHrnY++cs2l8eevd3VPKl2SCZPcr9JVjexrbGcKNhXvEUaiajrPdh244K/zo99ff9r0VX/+nrr2v75ncJKk2jKcQFl/V+PiuEEJP+n9cHG3L44PT5boQQm/D4y4oaNdpLbZ/dc76yelyQbrsK4gT71+ZWS/Vt0gy61N1ZZa9BfXNVV472t2uyMLMevZkNFd57YzlS9PlN9LlmbOMX47/k1BKQqXe/NFkcoyEhuOWhGTiWFbr66X6sQ3p/mfWk8x6KbNeblj/f6U4NtOBVk4mx1dje0qZ8ng6rqTlpzaeq5u4LKf8A+mymj5R343rIXujpm/ajfp+TYjtOjhDWw6HUsM5qFl5/cCnB6MvLetLlk17zFgT8b796+9ZVd7w7IH+nHYkjyZp/KSt+Lu/u3ThZ7521/XL8+JfVUrjl9qK/+OLX3zziru+/EBu/Pti/HJb8c9+qveNi5+7fWVu/xyM/VNpK/7wa8/fu+L4q/fmtv/BGL/aVvy1+17sXnToqadz2z8U+6enrfivXvjxnzzy8hOv58YPMX5vW/E37Nv2+e6BQ2fkxn869k9fe+Pnrb3nvzIw8LPBvPgvxfiL2or/8J77P/rQkrsvyj2+62L/9LcV/5LTn7xt4aEnTsk7dyYPduqVE+D96bj0GuvOdL3dPHOuGvKFvx+s1K75Fqb/F3WyoozxehbPY3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI5N37/53E9f/rFPrq8kISQ524w1Ee8rL1i7drCNeodfe/7eFcdfvbexbHkbcQAAAIBiMQ8v1UuqYXm4IekJJzfdPs4RnBzXJgq66+XZOYQYJztH0DxOKIxT6lCccofiVDoUp6tDcRZ0KE53h+JUC+JUQ2txemaIUxkfFS22p3fG9rQep69DcRZ2KM6iDsVZ3KE4SzoUp3/GOK2Pw6UdirOsQ3GO61Cc4zsU54QOxfmNDsU5sUNxsnPKsx2Hi9ItT8qLM3GjXBinkpTrdzSbTz8xreeUOdbTV1DPoqLX4xbr6WmxntMyjyvNsp5qi/X85hzrSVqs57fnWE+poJ44bm/Mti/WE9cm6+lpVk+Msys/zgOzeR7tbr09zeL8r3i9ddPc4tTbc3OH4vxlh+L8VYfi3DLHOACtivn/ZL7XH7orvxt60zNOdhYg5rsrQrgjafJ6l3dCivE+mClfMBmv6evntEQ9E29Ffvuax8tOIGTircyUd02JV6nnIzPEqzbGW5W5s3B/sxMKmfadmSnvLoqXnVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHn0/ZvP/fTlH/vk+pCE8X9NjTUR7ysvWLt2sI1696+/Z1V5w7MHGsu6K20EAgAAAArFPLyrXlIN3ZU1oTtZMGW7ajoPUE3Xy/215cDisG58mQyWJtZ7k6UzPq6SPm71zi3bVu/YtftDm7cMXzty7cjWj6w5d835Q+edf97qTZtHR4ZqP0PoLogXQpiYftixa/fnhkdHR7bvqBWOt7+n4XHL08ctT9eT9HEDHw5D48tb0/YvK6ivNK2+Xa9cWLtrsqRDNwoPHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAv7JrdyFyneUDwN8zMzsz3Tb/7p9+TUOzHfJRohZN4lZSLd0DgoU2CVkKMlNdS7AJFjdNaJMS69hGbGuCIrQEQiQXRmKxtYjQD1vEfhCI1GjAjUHaor3QC6XVSlpyISkjOztnvjKTWceSTeLvd3E+nvd53+e852LhOTsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwlk1XxiZL4xPl4SiEqEdOtYtkLJ2N4+IAdb/44tbv5UZPLm+N5TIDLAQAAAD0lfThQ41IPuQy6ZAOV9fuFs8csvWB0Oz7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/z3TlbHJ0vhE+eIohKhHTrWLZCydjePiAHXfeu/pT70+OvrX1lhhgHUAAACA/pI+PNWI5EMhLAlD0dVtecm3gYUd8zvzknUWzTGv89tBr7wlc8y7bo55H+mTt65+3hEAAADg/Jf0/5lGZCTkMgt69v/9+vok79qOvHT4Zu08yG8FAAAAgP9O0v/nGpFCyGUKIV2/m2u/v7gjL5nf7//2yfxlPeb3+3/+2vrZ/+kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4PwxXRmbLI1PlNNRCFGPnGoXyVg6G8fFAequemn477cdemRxayyXGWAhAAAAoK+kD2+23vmQywyHoXBxre8fvWX/s59/9vmxEMJsm5/Nhh0btm27d9XsMclbeeTQ0HcPv/ONxjJJ3srZ47xsDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+FBNV8YmS+MT5YuiEKIeOdUukrF0No6LA9R98zOf+/OTx194uzVWGGAdAAAAoL+kD2/2/vlQCNmQDVfW7lp7/Rmpjvm9vhkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF477vvbAVzdMTW2818V5fhGFEFoi2fl+Hhfn98V8/2UCAAA+bNeGKFT/Q1etn++nBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzgXTlbHJ0vhEOR+FEPXIqXaRjKWzcRwPUDd+8WhuwcmXXmmNFQZYBwAAAOgv6cObvX8+FMJQGApX1O66fROo9f8jZ/EhAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHPKdGVssjQ+UV4QhRD1yKl2kYyls3FcHKDuEzv3ffrgpd+5tTWWywywEAAAANBX0odnG5F8yGU+GnLhmvr9VPuEKF0/d/8u0Jy3tW3acPu8bOfk5rxK27z0nOvt6thZ82PCTF4+WW9k9tyYVzx9XrH2FmbnFUKjfLFtXtjTNmtBn+cMAAAAMI+S/j/XiIyEXCbX0uf+uC1/pGef+7NNZ/O5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBzz3RlbLI0PlGOohCiHjnVLpKxdDaOiwPUfeA3/3/Jl36ye3trrDDAOgAAAEB/SR/e7P3zoRAWhf8Li2p9fxhpz0/y/lE6dfDxf/5leQgrrjw2mulc9gfJxa/evPnlzkMIqfbsVAiX1utFPer9+neP37+0eurJEFZckb7mtHrhzPXal4yrz5U2rt12+NjWPi8HAAAALgQzzXW9/x9qBEdCLnNPz/4/6bz79P8NtQb80vt3/vzy+rHekXfMSI3U66V61Pvs0qf/tGz1396Z6f/PVO8T+zYfvLyt4Gykc+dxdXzz9nXHbjiQSnY9Wz/dUT95L1/4+tv/2rTjsVOz9fMhX48vzHSrf/qxw0VxdSq1t7zmg72V9vqZHvt/5LevHP/lwt3vz9R/79rhRv3rzrD/M9cfvv3RPTfuO7SuvX4Iodit/rvv3xqu+sPdD3fuf7hj4dY333rsEMXVI4tPHFi9v3BTe/2oo37y/n96/Ik9P3rs288n9ZPfiixfMtf6qY76r+26bOerD61f2F4/1WP/L9/x+uiW4rd+37n/u9pWzfR8itP3/9T1z9z5xob4wc4hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC8t0ZWyyND5RTkUhRD1yql0kY+lsHBcHqPvWbUffvWP3D7/fGisMsA4AAADQX9KHN3v/fCiEbMiG4Vrf/1xp49pth49tDSOzo1H9nJnact+2j23asv2eu+bpyQEAAIC5Svr/TCMyEnKZpWGo3v+Pb96+7tgNB1JJ/59K+v9Nd09tXBEaea/tumznqw+tX9j4ThBC7WcB+Zm8Tzbzbrn56MiJP35lWde8Vc28I4tPHFi9v3BTkhda81aGxveJp65/5s43NsQPNp6vNe/jX94yVf88kaw7fPuje27cd2hdYx/183B93SRvKrW3vOaDvZUkL10/5+v7BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABON10ZmyyNT5RDOoSoR061i2QsnY3j4gB11yz9xcOXnHxhUWsslxlgIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4N/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYb/+QqSq4jiAnzOz2447u7qrQVa0rlYU9pAURNRLRUVohNCTIWFpPkRBEFHYQ2toJFb0EmS9SFRQbSEU5CaJFmv0T3rpoYIC6yEQaaEcpIeMmTl3nL3ubequBdXnA3fPnHPv/d7fvffMvTsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCvMtC3tNUe2v5g47bzbvrk8XuOP3bLe/dvveTR138Y33jDx3sGXzkxvWn55q9vXLJx372rp3a9ePCX4Xd+O9Iz+JF2szJ1ayHEYzGE2vszzz0x/ek5zbEYQqjGkYkQRuPig6Mxl7Dq1xDCpk6ds1e+ffzKzc12686BWeOLciH58wr1alZP28jsevlvqaV5tqXx8GXh2+vXbft82Vtv9k8enTi1Sax1zacQFm7o3r8/hLAgLU3ZbFua7ZzatSGEwa79ru5R14XNPycHetZ/eUH//NSeldp6j5xs/Ypcv5LbLt/P9OfawR7Hm6+iOspu18tQrp9/GM1XUZ3Z+Ghq303tyr+YX82WGCox9HXKvy+emiOh677FEFv3stbpVzr3NqTzz/Vjrl/J9av9ufNqHTdNtGqMs8ez7XLj2eO4L40v735Wz+H2gvFzU1tLX9QTWT/kP7TVT/vQOa+WrK6ZP6jln1DpegbNNd658elm1NNYPS4+bZ+Tc8jWTa976uLq+g8OjRTUEffElB9L5W/5bHTozjd2PLS0KH9DJeVXSuV/t+bwT3fseOmFwvxns/xqqfwr9g8eW/Ph9hWF12cmuz59pfLvOvLR08vOvnuy6A0Rd2f5ta782p/Ov27q8MBwY/+BwvpXZddnQan6v7n25u9f+3Lv0cL8kOUPlspfP/XAMwNjjUsL8w+0vwr11gwtMX9+nrzqq7GxH8eL8r/Irv/wHPmxZ/6rE7uueXnRztWF83Ntdn1GStV/60X7tg019l5Q9OyMu8/UmxPg/2lJ+h/rydQv+ztzvrp+Lzw/3td+Aw2lZfhMHiineZyFf2M+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zg4ckAAAAAAI+v+6HYECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATwUAAP//i60U7g==") [ 74.736514][ T4684] Bluetooth: hci0: command tx timeout [ 75.026512][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 75.181472][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.186921][ T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 75.191063][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.202674][ T9] usb 5-1: config 0 descriptor?? [ 75.420614][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 75.423600][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 75.442848][ T9] usb 5-1: USB disconnect, device number 2 [ 75.866572][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 76.016141][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 76.020939][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 76.027218][ T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 76.031307][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.039033][ T9] usb 5-1: config 0 descriptor?? [ 76.049942][ T9] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 76.069274][ T9] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 76.320329][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.323246][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.453734][ T5336] ldusb 5-1:0.0: Read buffer overflow, 270 bytes dropped [ 76.737716][ T5336] loop0: detected capacity change from 0 to 32768 [ 76.797505][ T4684] Bluetooth: hci0: command tx timeout [ 76.909822][ T5336] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nochanges,nojournal_transaction_names,noexcl,read_only,nocow [ 76.909843][ T5336] allowing incompatible features above 0.0: (unknown version) [ 76.909851][ T5336] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 76.942805][ T5336] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 76.950266][ T5336] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 76.958268][ T5336] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 76.958288][ T5336] has non ptr field, deleting [ 76.976127][ T5336] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 76.979270][ T5336] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 76.979270][ T5336] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 76.979270][ T5336] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 77.008080][ T5336] bcachefs (loop0): btree node read error at btree inodes level 0/0 [ 77.008119][ T5336] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 77.008130][ T5336] loop0 node offset 16/24: btree node data missing: expected 24 sectors, found 16 [ 77.008210][ T5336] repair success (rewriting node) [ 77.032533][ T5336] bcachefs (loop0): btree node read error at btree subvolumes level 0/0 [ 77.032549][ T5336] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0 [ 77.032558][ T5336] loop0 node offset 0/16 bset u64s 0: invalid bkey format: field 2 too large: 18446744073709551615 + 0 > 4294967295 [ 77.032575][ T5336] u64s 3 fields 64:0, 64:0, 64:0, 0:0, 0:0, 0:0 [ 77.032581][ T5336] flagging btree subvolumes lost data [ 77.032585][ T5336] running recovery pass check_lrus (14), currently at recovery_pass_empty (0) [ 77.032593][ T5336] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 77.032600][ T5336] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 77.032607][ T5336] ret btree_node_read_validate_error [ 77.076733][ T5336] bcachefs (loop0): error reading btree root btree=subvolumes level=0: btree_node_read_error, fixing [ 77.087564][ T5336] bcachefs (loop0): invalid bkey in btree_node btree=freespace level=0: u64s 5 type 129 0:32:0 len 0 ver 0 [ 77.087659][ T5336] size == 0, deleting [ 77.095344][ T5336] bcachefs (loop0): error reading btree root btree=freespace level=0: btree_node_read_error, fixing [ 77.104139][ T5336] bcachefs (loop0): check_topology... [ 77.104539][ T5336] bcachefs (loop0): btree root subvolumes unreadable, must recover from scan [ 77.113859][ T5336] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 77.125564][ T5336] bcachefs (loop0): bch2_check_root(): error restart_recovery [ 77.129885][ T5336] bcachefs (loop0): scan_for_btree_nodes... [ 77.149629][ T5336] bcachefs (loop0): btree node scan found 6 nodes after overwrites [ 77.158246][ T5336] done [ 77.159508][ T5336] bcachefs (loop0): check_topology... [ 77.159889][ T5336] bcachefs (loop0): btree root subvolumes unreadable, must recover from scan [ 77.168309][ T5336] bcachefs (loop0): no nodes found for btree subvolumes, continuing [ 77.173150][ T5336] done [ 77.174479][ T5336] bcachefs (loop0): accounting_read... done [ 77.180335][ T5336] bcachefs (loop0): alloc_read... done [ 77.183470][ T5336] bcachefs (loop0): snapshots_read... done [ 77.187905][ T5336] bcachefs (loop0): check_allocations... [ 77.193764][ T5336] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 77.193797][ T5336] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 77.211274][ T5336] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 77.211289][ T5336] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 77.223968][ T5336] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 77.223984][ T5336] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 77.239237][ T5336] bcachefs (loop0): bucket 0:32 gen 0 different types of data in same bucket: journal, btree [ 77.239253][ T5336] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 77.257960][ T5336] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong dirty_sectors: got 256, should be 224, fixing [ 77.262994][ T5336] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong cached_sectors: got 458752, should be 0, fixing [ 77.271579][ T5336] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.275754][ T5336] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.292206][ T5336] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.302902][ T5336] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.317295][ T5336] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.321722][ T5336] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.339421][ T5336] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.343972][ T5336] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.364004][ T5336] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.383439][ T5336] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.393737][ T5336] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.399878][ T5336] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.405002][ T5336] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.410349][ T5336] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.417851][ T5336] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.422233][ T5336] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 32, fixing [ 77.427894][ T5336] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.432305][ T5336] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.438839][ T5336] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.443354][ T5336] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 77.443367][ T5336] Ratelimiting new instances of previous error [ 77.452527][ T5336] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 77.452541][ T5336] Ratelimiting new instances of previous error [ 77.475361][ T5336] done [ 77.478113][ T5336] bcachefs (loop0): going read-write [ 77.517114][ T5336] bcachefs (loop0): journal_replay... [ 77.534258][ T1038] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 77.534348][ T1038] u64s 5 type deleted 0:9:0 len 0 ver 0, , continuing [ 77.563030][ T1038] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 77.563123][ T1038] u64s 5 type deleted 0:10:0 len 0 ver 0, , continuing [ 77.574073][ T1038] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 77.574146][ T1038] u64s 5 type deleted 0:12:0 len 0 ver 0, , continuing [ 77.605466][ T43] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 77.605482][ T43] u64s 5 type deleted 0:25:0 len 0 ver 0, , continuing [ 77.620637][ T5336] done [ 77.622185][ T5336] bcachefs (loop0): check_alloc_info... [ 77.624793][ T5336] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 77.624823][ T5336] device 0 buckets 11-12, fixing [ 77.639153][ T5336] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 77.639168][ T5336] device 0 buckets 13-16, fixing [ 77.645566][ T5336] bcachefs (loop0): bucket incorrectly unset in need_discard btree [ 77.645659][ T5336] u64s 13 type alloc_v4 0:27:0 len 0 ver 0: [ 77.645668][ T5336] gen 1 oldest_gen 0 data_type need_discard [ 77.645674][ T5336] journal_seq_nonempty 4 [ 77.645680][ T5336] journal_seq_empty 0 [ 77.645686][ T5336] need_discard 1 [ 77.645691][ T5336] need_inc_gen 1 [ 77.645698][ T5336] dirty_sectors 0 [ 77.645703][ T5336] stripe_sectors 0 [ 77.645709][ T5336] cached_sectors 0 [ 77.645716][ T5336] stripe 0 [ 77.645721][ T5336] stripe_redundancy 0 [ 77.645726][ T5336] io_time[READ] 1 [ 77.645731][ T5336] io_time[WRITE] 256 [ 77.645737][ T5336] fragmentation 0 [ 77.645742][ T5336] bp_start 8 [ 77.645747][ T5336] , fixing [ 77.689505][ T5336] bcachefs (loop0): incorrect gen in bucket_gens btree (got 0 should be 1) [ 77.689521][ T5336] u64s 13 type alloc_v4 0:27:0 len 0 ver 0: [ 77.689535][ T5336] gen 1 oldest_gen 0 data_type need_discard [ 77.689541][ T5336] journal_seq_nonempty 4 [ 77.689547][ T5336] journal_seq_empty 0 [ 77.689553][ T5336] need_discard 1 [ 77.689558][ T5336] need_inc_gen 1 [ 77.689564][ T5336] dirty_sectors 0 [ 77.689570][ T5336] stripe_sectors 0 [ 77.689575][ T5336] cached_sectors 0 [ 77.689581][ T5336] stripe 0 [ 77.689587][ T5336] stripe_redundancy 0 [ 77.689593][ T5336] io_time[READ] 1 [ 77.689599][ T5336] io_time[WRITE] 256 [ 77.689668][ T5336] fragmentation 0 [ 77.689676][ T5336] bp_start 8 [ 77.689682][ T5336] , fixing [ 77.750054][ T43] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 77.750073][ T43] u64s 5 type deleted 0:35:0 len 0 ver 0, , continuing [ 77.770402][ T1038] bcachefs (loop0): bucket incorrectly unset in freespace btree [ 77.770418][ T1038] u64s 5 type deleted 0:40:0 len 0 ver 0, , continuing [ 77.782188][ T5336] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 77.782277][ T5336] device 0 buckets 29-31, fixing [ 77.791467][ T5336] bcachefs (loop0): bucket incorrectly unset in need_discard btree [ 77.791482][ T5336] u64s 13 type alloc_v4 0:31:0 len 0 ver 0: [ 77.791490][ T5336] gen 0 oldest_gen 0 data_type need_discard [ 77.791496][ T5336] journal_seq_nonempty 4 [ 77.791503][ T5336] journal_seq_empty 0 [ 77.791509][ T5336] need_discard 1 [ 77.791516][ T5336] need_inc_gen 1 [ 77.791522][ T5336] dirty_sectors 0 [ 77.791598][ T5336] stripe_sectors 0 [ 77.791606][ T5336] cached_sectors 0 [ 77.791612][ T5336] stripe 0 [ 77.791618][ T5336] stripe_redundancy 0 [ 77.791624][ T5336] io_time[READ] 1 [ 77.791630][ T5336] io_time[WRITE] 512 [ 77.791636][ T5336] fragmentation 0 [ 77.791642][ T5336] bp_start 8 [ 77.791648][ T5336] , fixing [ 77.844052][ T5336] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 77.844066][ T5336] device 0 buckets 33-34, fixing [ 77.852015][ T5336] bcachefs (loop0): bucket incorrectly unset in need_discard btree [ 77.852030][ T5336] u64s 13 type alloc_v4 0:34:0 len 0 ver 0: [ 77.852038][ T5336] gen 0 oldest_gen 0 data_type need_discard [ 77.852044][ T5336] journal_seq_nonempty 5 [ 77.852050][ T5336] journal_seq_empty 134217728 [ 77.852057][ T5336] need_discard 1 [ 77.852063][ T5336] need_inc_gen 1 [ 77.852069][ T5336] dirty_sectors 0 [ 77.852074][ T5336] stripe_sectors 0 [ 77.852080][ T5336] cached_sectors 0 [ 77.852087][ T5336] stripe 0 [ 77.852092][ T5336] stripe_redundancy 0 [ 77.852098][ T5336] io_time[READ] 1 [ 77.852104][ T5336] io_time[WRITE] 512 [ 77.852174][ T5336] fragmentation 0 [ 77.852182][ T5336] bp_start 8 [ 77.852188][ T5336] , fixing [ 77.923880][ T5336] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 77.923895][ T5336] device 0 buckets 36-37, fixing [ 77.932390][ T5336] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 77.932405][ T5336] device 0 buckets 39-40, fixing [ 77.940194][ T5336] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 77.940208][ T5336] device 0 buckets 43-120, fixing [ 77.949179][ T5336] done [ 77.950815][ T5336] bcachefs (loop0): check_lrus... [ 77.954056][ T5336] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 77.954071][ T5336] u64s 5 type set 18446462598867058688:6597069766690:0 len 0 ver 0 [ 77.954129][ T5336] for u64s 5 type deleted 0:6597069766690:0 len 0 ver 0, fixing [ 77.972036][ T5336] done [ 77.973490][ T5336] bcachefs (loop0): check_backpointers_to_extents... done [ 77.981454][ T5336] bcachefs (loop0): check_extents_to_backpointers... [ 77.982798][ T5336] bcachefs (loop0): scanning for missing backpointers in 3/128 buckets [ 77.990701][ T5336] done [ 77.992356][ T5336] bcachefs (loop0): check_subvols... done [ 77.996822][ T5336] bcachefs (loop0): check_inodes... [ 77.997442][ T5336] bcachefs (loop0): directory 4096:4294967295 with nonzero i_size -6917529027641081856, fixing [ 78.004539][ T5336] bcachefs (loop0): reconstructing subvol 1 with root inode 4096 [ 78.008963][ T5336] bcachefs (loop0): reconstructing subvol 1 with root inode 4096 [ 78.013126][ T5336] bcachefs (loop0): reconstruct_subvol(): error getting snapshot tree 0 ENOENT_bkey_type_mismatch [ 78.018664][ T5336] bcachefs (loop0): reconstructing subvol 1 with root inode 4096 [ 78.022059][ T5336] bcachefs (loop0): reconstruct_subvol(): error getting snapshot tree 0 ENOENT_bkey_type_mismatch [ 78.032022][ T5336] bcachefs (loop0): reconstructing subvol 1 with root inode 4096 [ 78.035756][ T5336] bcachefs (loop0): reconstruct_subvol(): error getting snapshot tree 0 ENOENT_bkey_type_mismatch [ 78.046633][ T5336] done [ 78.049965][ T5336] bcachefs (loop0): check_dirents... [ 78.050766][ T5336] bcachefs (loop0): dirent points to missing inode: [ 78.050780][ T5336] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 78.069281][ T5336] bcachefs (loop0): dirent points to missing inode: [ 78.069296][ T5336] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 78.879952][ T5315] Bluetooth: hci0: command tx timeout [ 79.119578][ T5336] ================================================================== [ 79.123002][ T5336] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 79.126272][ T5336] Read of size 1 at addr ffff888054b800e8 by task syz.0.0/5336 [ 79.129345][ T5336] [ 79.130406][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 79.130421][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.130428][ T5336] Call Trace: [ 79.130437][ T5336] [ 79.130443][ T5336] dump_stack_lvl+0x189/0x250 [ 79.130462][ T5336] ? __virt_addr_valid+0x1c8/0x5c0 [ 79.130478][ T5336] ? rcu_is_watching+0x15/0xb0 [ 79.130491][ T5336] ? __kasan_check_byte+0x12/0x40 [ 79.130505][ T5336] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.130518][ T5336] ? rcu_is_watching+0x15/0xb0 [ 79.130530][ T5336] ? lock_release+0x4b/0x3e0 [ 79.130541][ T5336] ? __virt_addr_valid+0x1c8/0x5c0 [ 79.130555][ T5336] ? __virt_addr_valid+0x4a5/0x5c0 [ 79.130569][ T5336] print_report+0xd2/0x2b0 [ 79.130580][ T5336] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.130593][ T5336] kasan_report+0x118/0x150 [ 79.130608][ T5336] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.130621][ T5336] bch2_check_dirents+0x1fac/0x33f0 [ 79.130638][ T5336] ? bch2_check_dirents+0x2f1/0x33f0 [ 79.130651][ T5336] ? desc_read+0x1b8/0x3f0 [ 79.130665][ T5336] ? prb_first_seq+0xfd/0x1a0 [ 79.130677][ T5336] ? __pfx_bch2_check_dirents+0x10/0x10 [ 79.130689][ T5336] ? __pfx_prb_first_seq+0x10/0x10 [ 79.130702][ T5336] ? desc_read+0x1b8/0x3f0 [ 79.130715][ T5336] ? this_cpu_in_panic+0x4f/0x80 [ 79.130727][ T5336] ? _prb_read_valid+0xa07/0xa90 [ 79.130739][ T5336] ? console_flush_all+0x13a/0xc40 [ 79.130755][ T5336] ? up+0xde/0x150 [ 79.130818][ T5336] ? __console_unlock+0x14c/0x1a0 [ 79.130839][ T5336] ? __pfx___console_unlock+0x10/0x10 [ 79.130856][ T5336] ? prb_read_valid+0x3c/0x60 [ 79.130869][ T5336] ? console_unlock+0x21b/0x270 [ 79.130882][ T5336] ? __pfx_console_unlock+0x10/0x10 [ 79.130898][ T5336] ? vprintk_emit+0x63e/0x7a0 [ 79.130916][ T5336] ? __bch2_print+0x176/0x220 [ 79.130932][ T5336] ? bch2_check_dirents+0x2f1/0x33f0 [ 79.130945][ T5336] ? _raw_spin_unlock_irq+0x23/0x50 [ 79.130960][ T5336] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.130977][ T5336] __bch2_run_recovery_passes+0x395/0x1010 [ 79.130995][ T5336] bch2_run_recovery_passes+0x184/0x210 [ 79.131009][ T5336] bch2_fs_recovery+0x2690/0x3a50 [ 79.131020][ T5336] ? check_noncircular+0xe0/0x160 [ 79.131038][ T5336] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 79.131050][ T5336] ? irqentry_exit+0x74/0x90 [ 79.131059][ T5336] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.131076][ T5336] ? bch2_fs_start+0x4df/0xda0 [ 79.131092][ T5336] ? __lock_acquire+0xab9/0xd20 [ 79.131105][ T5336] ? __lock_acquire+0xab9/0xd20 [ 79.131120][ T5336] ? bch2_fs_start+0xa0f/0xda0 [ 79.131134][ T5336] ? up_write+0x1c4/0x420 [ 79.131148][ T5336] ? bch2_fs_start+0x5e7/0xda0 [ 79.131161][ T5336] bch2_fs_start+0xaaf/0xda0 [ 79.131175][ T5336] ? bch2_fs_start+0x5e7/0xda0 [ 79.131188][ T5336] ? __pfx_bch2_fs_start+0x10/0x10 [ 79.131205][ T5336] ? sget+0x267/0x620 [ 79.131218][ T5336] bch2_fs_get_tree+0xb39/0x1520 [ 79.131237][ T5336] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 79.131254][ T5336] ? aa_get_newest_label+0xf7/0x5d0 [ 79.131270][ T5336] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 79.131288][ T5336] ? apparmor_capable+0x137/0x1b0 [ 79.131302][ T5336] vfs_get_tree+0x92/0x2b0 [ 79.131327][ T5336] do_new_mount+0x24a/0xa40 [ 79.131344][ T5336] __se_sys_mount+0x317/0x410 [ 79.131361][ T5336] ? __pfx___se_sys_mount+0x10/0x10 [ 79.131376][ T5336] ? do_syscall_64+0xbe/0x3b0 [ 79.131387][ T5336] ? __x64_sys_mount+0x20/0xc0 [ 79.131402][ T5336] do_syscall_64+0xfa/0x3b0 [ 79.131412][ T5336] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.131428][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.131440][ T5336] ? clear_bhb_loop+0x60/0xb0 [ 79.131453][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.131464][ T5336] RIP: 0033:0x7f2a8bf900ca [ 79.131476][ T5336] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.131487][ T5336] RSP: 002b:00007f2a8ceb6e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 79.131500][ T5336] RAX: ffffffffffffffda RBX: 00007f2a8ceb6ef0 RCX: 00007f2a8bf900ca [ 79.131508][ T5336] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f2a8ceb6eb0 [ 79.131516][ T5336] RBP: 00002000000000c0 R08: 00007f2a8ceb6ef0 R09: 0000000000818001 [ 79.131523][ T5336] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 79.131530][ T5336] R13: 00007f2a8ceb6eb0 R14: 00000000000059cb R15: 0000200000000300 [ 79.131541][ T5336] [ 79.131545][ T5336] [ 79.323721][ T5336] The buggy address belongs to the physical page: [ 79.326648][ T5336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54b80 [ 79.330431][ T5336] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 79.333377][ T5336] raw: 04fff00000000000 ffffea000152e108 ffffea0001556f08 0000000000000000 [ 79.336942][ T5336] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 79.340333][ T5336] page dumped because: kasan: bad access detected [ 79.343085][ T5336] page_owner tracks the page as freed [ 79.345732][ T5336] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5336, tgid 5335 (syz.0.0), ts 77027679311, free_ts 78079783213 [ 79.353380][ T5336] post_alloc_hook+0x240/0x2a0 [ 79.355421][ T5336] get_page_from_freelist+0x21e4/0x22c0 [ 79.357682][ T5336] __alloc_frozen_pages_noprof+0x181/0x370 [ 79.360290][ T5336] __alloc_pages_noprof+0xa/0x30 [ 79.362320][ T5336] ___kmalloc_large_node+0x85/0x210 [ 79.364415][ T5336] __kmalloc_large_node_noprof+0x18/0x90 [ 79.366647][ T5336] __kvmalloc_node_noprof+0x6d/0x5f0 [ 79.368919][ T5336] bch2_btree_node_read_done+0x3305/0x5520 [ 79.371431][ T5336] btree_node_read_work+0x426/0xe30 [ 79.373701][ T5336] bch2_btree_node_read+0x887/0x2a00 [ 79.375855][ T5336] bch2_btree_root_read+0x5f0/0x760 [ 79.377924][ T5336] read_btree_roots+0x2c6/0x840 [ 79.379863][ T5336] bch2_fs_recovery+0x261f/0x3a50 [ 79.382034][ T5336] bch2_fs_start+0xaaf/0xda0 [ 79.384038][ T5336] bch2_fs_get_tree+0xb39/0x1520 [ 79.386181][ T5336] vfs_get_tree+0x92/0x2b0 [ 79.388072][ T5336] page last free pid 5336 tgid 5335 stack trace: [ 79.390751][ T5336] __free_pages_ok+0xa44/0xc20 [ 79.392909][ T5336] __folio_put+0x21b/0x2c0 [ 79.394842][ T5336] free_large_kmalloc+0x145/0x200 [ 79.396930][ T5336] btree_node_sort+0x117f/0x1760 [ 79.399058][ T5336] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 79.401752][ T5336] bch2_btree_node_prep_for_write+0x337/0x650 [ 79.404403][ T5336] bch2_trans_lock_write+0x669/0xba0 [ 79.406717][ T5336] __bch2_trans_commit+0x2773/0x8870 [ 79.409257][ T5336] bch2_check_dirents+0x1c5c/0x33f0 [ 79.411455][ T5336] __bch2_run_recovery_passes+0x395/0x1010 [ 79.414011][ T5336] bch2_run_recovery_passes+0x184/0x210 [ 79.416335][ T5336] bch2_fs_recovery+0x2690/0x3a50 [ 79.418502][ T5336] bch2_fs_start+0xaaf/0xda0 [ 79.420518][ T5336] bch2_fs_get_tree+0xb39/0x1520 [ 79.422620][ T5336] vfs_get_tree+0x92/0x2b0 [ 79.424515][ T5336] do_new_mount+0x24a/0xa40 [ 79.426489][ T5336] [ 79.427566][ T5336] Memory state around the buggy address: [ 79.429927][ T5336] ffff888054b7ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 79.433230][ T5336] ffff888054b80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 79.436671][ T5336] >ffff888054b80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 79.439869][ T5336] ^ [ 79.442929][ T5336] ffff888054b80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 79.446415][ T5336] ffff888054b80180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 79.449733][ T5336] ================================================================== [ 79.479903][ T5336] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 79.483241][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 79.488272][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.492787][ T5336] Call Trace: [ 79.494292][ T5336] [ 79.495640][ T5336] dump_stack_lvl+0x99/0x250 [ 79.497558][ T5336] ? __asan_memcpy+0x40/0x70 [ 79.499454][ T5336] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.501646][ T5336] ? __pfx__printk+0x10/0x10 [ 79.503505][ T5336] panic+0x2db/0x790 [ 79.505094][ T5336] ? __pfx_panic+0x10/0x10 [ 79.507033][ T5336] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 79.509670][ T5336] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 79.512448][ T5336] ? print_memory_metadata+0x314/0x400 [ 79.514747][ T5336] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.517236][ T5336] check_panic_on_warn+0x89/0xb0 [ 79.519446][ T5336] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.521823][ T5336] end_report+0x78/0x160 [ 79.523704][ T5336] kasan_report+0x129/0x150 [ 79.525751][ T5336] ? bch2_check_dirents+0x1fac/0x33f0 [ 79.528073][ T5336] bch2_check_dirents+0x1fac/0x33f0 [ 79.530437][ T5336] ? bch2_check_dirents+0x2f1/0x33f0 [ 79.532899][ T5336] ? desc_read+0x1b8/0x3f0 [ 79.534933][ T5336] ? prb_first_seq+0xfd/0x1a0 [ 79.537149][ T5336] ? __pfx_bch2_check_dirents+0x10/0x10 [ 79.539669][ T5336] ? __pfx_prb_first_seq+0x10/0x10 [ 79.542007][ T5336] ? desc_read+0x1b8/0x3f0 [ 79.544045][ T5336] ? this_cpu_in_panic+0x4f/0x80 [ 79.546282][ T5336] ? _prb_read_valid+0xa07/0xa90 [ 79.548483][ T5336] ? console_flush_all+0x13a/0xc40 [ 79.550773][ T5336] ? up+0xde/0x150 [ 79.552453][ T5336] ? __console_unlock+0x14c/0x1a0 [ 79.554712][ T5336] ? __pfx___console_unlock+0x10/0x10 [ 79.557199][ T5336] ? prb_read_valid+0x3c/0x60 [ 79.559306][ T5336] ? console_unlock+0x21b/0x270 [ 79.561594][ T5336] ? __pfx_console_unlock+0x10/0x10 [ 79.563977][ T5336] ? vprintk_emit+0x63e/0x7a0 [ 79.565950][ T5336] ? __bch2_print+0x176/0x220 [ 79.567880][ T5336] ? bch2_check_dirents+0x2f1/0x33f0 [ 79.570291][ T5336] ? _raw_spin_unlock_irq+0x23/0x50 [ 79.572713][ T5336] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.575002][ T5336] __bch2_run_recovery_passes+0x395/0x1010 [ 79.577618][ T5336] bch2_run_recovery_passes+0x184/0x210 [ 79.580058][ T5336] bch2_fs_recovery+0x2690/0x3a50 [ 79.582323][ T5336] ? check_noncircular+0xe0/0x160 [ 79.584606][ T5336] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 79.587024][ T5336] ? irqentry_exit+0x74/0x90 [ 79.589113][ T5336] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.591558][ T5336] ? bch2_fs_start+0x4df/0xda0 [ 79.593943][ T5336] ? __lock_acquire+0xab9/0xd20 [ 79.596273][ T5336] ? __lock_acquire+0xab9/0xd20 [ 79.598395][ T5336] ? bch2_fs_start+0xa0f/0xda0 [ 79.600594][ T5336] ? up_write+0x1c4/0x420 [ 79.602472][ T5336] ? bch2_fs_start+0x5e7/0xda0 [ 79.604666][ T5336] bch2_fs_start+0xaaf/0xda0 [ 79.606686][ T5336] ? bch2_fs_start+0x5e7/0xda0 [ 79.608882][ T5336] ? __pfx_bch2_fs_start+0x10/0x10 [ 79.610989][ T5336] ? sget+0x267/0x620 [ 79.612669][ T5336] bch2_fs_get_tree+0xb39/0x1520 [ 79.614875][ T5336] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 79.617308][ T5336] ? aa_get_newest_label+0xf7/0x5d0 [ 79.619650][ T5336] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 79.622234][ T5336] ? apparmor_capable+0x137/0x1b0 [ 79.624615][ T5336] vfs_get_tree+0x92/0x2b0 [ 79.626606][ T5336] do_new_mount+0x24a/0xa40 [ 79.628658][ T5336] __se_sys_mount+0x317/0x410 [ 79.630783][ T5336] ? __pfx___se_sys_mount+0x10/0x10 [ 79.633065][ T5336] ? do_syscall_64+0xbe/0x3b0 [ 79.634936][ T5336] ? __x64_sys_mount+0x20/0xc0 [ 79.637449][ T5336] do_syscall_64+0xfa/0x3b0 [ 79.639737][ T5336] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.642239][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.644991][ T5336] ? clear_bhb_loop+0x60/0xb0 [ 79.647024][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.649550][ T5336] RIP: 0033:0x7f2a8bf900ca [ 79.651519][ T5336] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.659329][ T5336] RSP: 002b:00007f2a8ceb6e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 79.662957][ T5336] RAX: ffffffffffffffda RBX: 00007f2a8ceb6ef0 RCX: 00007f2a8bf900ca [ 79.666327][ T5336] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f2a8ceb6eb0 [ 79.669648][ T5336] RBP: 00002000000000c0 R08: 00007f2a8ceb6ef0 R09: 0000000000818001 [ 79.675101][ T5336] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 79.679228][ T5336] R13: 00007f2a8ceb6eb0 R14: 00000000000059cb R15: 0000200000000300 [ 79.682335][ T5336] [ 79.684029][ T5336] Kernel Offset: disabled [ 79.685926][ T5336] Rebooting in 86400 seconds..