program: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000018007b30e00212ba0d8105040a601100ff0f040b067c55a1bc0009001e0006990600000015000500fec00000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5000000000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="c400000019000100000000000000000000000000000000000000ffffac1e01010000000000000000000000000000000000000000000000000a"], 0xc4}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000150001"], 0xb8}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x401, 0x0) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000480)={[{@inodes_32bit}, {@shared_inode_numbers}, {@errors_continue}, {@inline_data}, {@direct_io}, {@nochanges}, {@prjquota}, {@recovery_pass_last={'recovery_pass_last', 0x3d, 'delete_dead_inodes'}}, {@version_upgrade={'version_upgrade', 0x3d, 'incompatible'}}]}, 0x1, 0x5968, &(0x7f000000b5c0)="$eJzs3X+QXFW9IPBzu3synZn8mAR4RJDJEMh7PHiaCT9SKK+eeW/f01fAo2LxykfYKAxkwosmIZUEIQEluOBCARZaWor6B1pILRotqmCVSIn82IRVlGJ1qS2kVnfRrXILWVICWcpyna2ZvqfTc6fv3J7unpDA51PJ3L6nb3/P9557+vY9p3umAwAAAG8L+2/ZfvCiE/7hx58aff3Gf/z+5ptCf3mivBo3GEiX171ZGXI49VaWTCyz/eIvrv/mb4au/LsfPdD3jTf2rT95wy/+/pgrH/no+Xvv/srjr81/6E8vFsWN/en0Q+vJy0kI1R8c+MKn9z19/HhZEkIoJwO7Q1iULH58UZIJMfyHEML6dKVcmXzng6+ftWF8edPtvZPKF2aC6O9vb9W0n+06eO0Z4Zd/u/bmny79zrd79ry0+9AmSbWhP4Ww4PLGx/ek/+em67G3LYkPTpdrQgh9DY87tyCvU1rMf0XO+onpck667C+IE+9fllkvZbbLrkc9mWVfQX2dysuj3e2KzMusZ09GncrLM5YvSpffS5enzzB+Of5PQikJlXr6m5JDfSQ0HLckJBPHslpfL9WPbUj3P7OeZNZLmfVyT2a/JupNO1o5SSaXx+0y5fF0XEnLT248VzdxcU75O9JlNX2ivhHXQ/ZGTf+UG/X9mhDzOjBNLodDqeEc1Ky83s/Sg9GflvUni6c8ZqyJeN++tXcsL697Yv9ATh7JA0kaP5loo5nG3/WTRfM+8q3brlmSF//yUhq/1Fb8X13wzCuX3vb1L+fGvyvGL7cV/8xH+16+4MlbluW1T+xe/aHSVvyRF5+6c+mxV+zJzf+e2P7Vto7v6r3P9M4/+Ohjucd3OLbP3Lbyf+G89//6/ucefik3fojx+9qKv27v1s/0Dh48LTf+Y7F9+tvrP6/uWfX84OBvh/LiPxvjz28r/n27737vvQtvPz/3+K6J7TPQVvwLT33k5nkHHz4p79yZ3NOtV06At6dj0musW9P16caZvdOMMzvVMF740lCldt06L/0/v5sVZS4+x+tZ0M34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBCOO6M//yB//mhgZcr6XpveuOFUm0Zy+eEkMwNIWzfMbJtx8YtVw199Oprtm0Z2TQ0smNodMuObTuHzv6roW2jWzeN7By/d/hdZ9UetzgktWVy0pS6e8fGxkoDk8tiff/m1D2/XH7u//5dCMPH/Xywkpv/irs333tsk58Zyeqx922+5qKfn/O1dL8G0rwGmuQ1NjY2FnLy+j+X/PHezx34zWkhDP/ZdHk99cLf/HBSQhMFh+KkSr2hllBv0tc0j3rWaT6xvSobNm4aHZ6+fccfX87Zj397/Ut/2HDdZ/9Ya99q7n602L5zV49tKn1x7YX/74s31AqK8qrvRyav2T7uRe0d9yLmF9uvmrb3gnS/FuTsVyWnvW/56WPP/eCE217bHYYrry6dWnfRfvWkHaAneUdL9cYa+pJFk8qr6fbxiMfHrdixeeuK7Tt3vWvj5pGrRq8a3fKelWevXDV8zqpzVkzs+You73+s/89b3P9W+1O23pn1p4Uf3/29+LO1/lSUV1F7jOdV3B6NGWXymj/xc+7qsb6LP/3599z95EW14qJ+HreuPw/TZd/4cV4ZGvrb1LZqtl9F7RBCGGrWDq+8dn44/r9tvLnoPNR4ZBp/ZiSrx55e9vuvnfvVJX9dKzgs5/nGhNo8z9ezPpTPRHtV0+MxdoS2b28op/vV3zSvlU8/2XPH/t99op7fnDnhupEdO7atrP2cl2Y6LzmxaV7Z0rhfSyd+lkPaLKHeTZv013E9oZZf9vwZN8+2an96X3+yuOl+ZcX79q29Y3l53RP781o6eaBW49z4xE3embPlpswDy/WEm9V/pD7/ivrH4Ae++tCHHvru2VP6x5m1n0X7leTs13eeu+/z3/jsv/9u9/brA3/zzMDv//u/Lq8VHC3nlXrWaT5J43nlzBCKnn9LQ/P9yH3+lZrvT9HzL1vPoe2bxxvKrPeHcvHztRqmPF/PfLTv5QuevGVZ7vP1QKvP1xsmrZULnq9HSv/JPr+SyuQ8Zu/5NamjJKvHfnTrMbsfv3HNCbWCon5d37pZvz6rhfFHzn798NLnB68e+nf/tXvnjW/+1YOX/WJk9SdrBe0f95hLd457NW3fak771rOO487G9n33lVdvWl8rf9Ovf2uaXP+my4LxTzyVbN+562MjmzaNbtve2n61+noa68m2cruvp/Hstrhgv0pT9mv2brTSXq0+32L+69tur8nPt/6QtHUdt+sni+Z95Fu3XTMw5VFpRZeX0viltuL/6oJnXrn0tq9/OTf+XTF+pa34Iy8+defSY6/Ykxv/niSNX20r/uq9z/TOP/joY7nxh2P+c9uK/8J57//1/c89/FJu/BDj97fX/q/uWfX84OBvc+M/m6T1jF8jhfDg62dtqK0noSd9vsU8eiblFbLrSWa9lFkvN66XanOt9QrKSTK5PG6Xlp/ckEsz/5JTHq/CqktqyzfiesjemL78SFNqOPc3Ky+6TgUAeKuL7//Ha9D4/v9oeqGUP9MAh3Q6DluSEzeOww7N58yZdP+SNH58fJwHHHx3GB5f3jRUu9Cf6fsI8fmQneeM9Zx2yuQYM5nnLIVD85xF8+/LMusxr9p8eaVhHJqaOq6phBbm36fWM/38e2b3i+fHh26dktZQw7xV9vj1pDNmzT7vkMm3Mh4hr39k58Xi5zkGF4Q1E/W12D+yn6OJxyH7OZpYzwmZE2e7n6PptH/EtKfpHxMpF7+/MfX4hWna99Dxax4te/xmcLyr49vP9vuzXZg3bHpKO3zzhi28H9Ykfqvvh9XnJVdP3Wa6+G+Xeckjfd4wlsf9qLQ4n/ihnPJW5hMb5+Xy5hPj6SLmdWCaXA4H84nAW1Uc/8fXiPHx//gF+P/NbFd0HZq9aozxcj8nVG6eT9G4Y+rn9Praeh1ft3frZ3oHD56We53zWKuf+9k6aa2v4HM/Re24PLNe2I45EzRF471sPUXtnv1cRn+Y31a737f77vfeu/D283PbfU3thbS43T8/aW1+QbsfBeOF5vHfauMFn2OYHL9Ln2Momj9708Yj6QefZms88s855TP9fEPflBv1/Zpw1I1Heg5vXgDA0SOO/+vvn6Xj//8RN0ivI4rGradn1mO83HFrzvVJ3rj1n9LldZnt+9PfqJjpdfOFpz5y87yDD5+UO265p9Vx6H+YtDZQOA7tbNycO45Y053Pi+eOI+rjrM7Gibn518eJnY3Tc+PXx+mdjaNz26c+ju5sHiA3fn0e4Ggf5xbM12Uqi6utzte9ZcfR6a/PztY4+uKc8pmOo/un3Kjv1wTjaACAN1cc/8fLuDj+fzKzXafvs+eOC7p03Z79eyD1+M8ernHlbI/7ZnvcOtvj+tmelzjax8WzPS80u/Nkb/txcVrp229cPPew5QYAQOfi+D9exeWP/zsbnzQbv/VMGp8YnzeNb3x+hIzPj/b5L+N/74sX8744AMBbWxz/x197jH//7z+l69m/W2+cnhPfON04fbr+8+qeVfcPtDJO7/48W/A5gDd3HqDhLXLzAAAAvBl6JkZKU3/P/sPpMvt79nm/l39pzvatqqSXx1fs2DY6etk1W9eP7Bi9bMvV60e3X3btto07doxuqW3X6bgxd9ySjht7QiVtj+bbZcdtC9O/h7Aw5+8hZLePYU+cuDH17yFkq51b8HcEDh2/1vLNO36labZv1j/yjnde/H/J2T6qH/8r//XMyzZsv2zjlo07No5s2rhrdPJ246PWvhl8b2Zslhl9X2rmxxSlmX9/Z3fyKE3Joydtj7zvZ08yeSxKM1mU9/0HOXn/+L987uOnjv3x/hCGjyu/s6P2S1aP/cdLRv9px/6fbx3Pf+60+de3TPMq+r7S7PZxfyqbrt6+44wNV1+zJfuNku2J8xml+voszWekT/9yi/MT63LKZ/o5hfKUG0emlucnAACYJL7/H69n4/uHn00voGJ56+P0zt4/zh2nD08ep+f91mn2e8mKxunZ7eP+tjpOr3Y4Ts/WXzROb7Z9s3F63rg7L/4/52w/U633k84+55HbTy5vbT4n+30GRf0ku/1M+0nSYT/J1l/UT5pt36yf5B33vPgfzNk+T+v9obPP5eT2h7ta6w9/mVkv6g/Z7WfaH0od9ods/UX9odn2zfpD3vHNi39Rzvatmtw/xjvGRL8Yvezaq7d9rGG72f7+i87zm93v/2hX6/nP7ue+Zj//2f1c2ezn39nvf+Xm/2xnM2Gt5z+73+/SrsM2X5t+2Kzo82dF87hrc8pnOo87Z8qNI5N5XHjzxPF/fLsnjv9vT5fdfhvo6P+eNN9j1jR+l77HrOg6xuv5NJUdAbyeAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALSmt7JkYrn/lu0HLzrhH378qdHXb/zH72++6S+u/+Zvhq78ux890PeNN/atP3nDL/7+mCsf+ej5e+/+yuOvzX/oTy8WBh6Y+Fk5PV2thpC8nIRQ/cGBL3x639PHj5clIYRyMrA7hEXJ4scXJZkIw38IIayv5zn5zgdfP2vD+PKm23snlS/MBMnuV+gvx3wa8wzhusI94ihUTfvZroPXnhF++bdrb/7p0u98u2fPS7sPbZJUG/pTCAsub3x8Twhhbvp/XOxtS+KD0+WaEEJfw+POLcjrlBbzX5GzfmK6nJMu+wvixPuXZdZLme2y61FPZtlXUF+n8vJod7si8zLr2ZNRp/LyjOWL0uX30uXpM4xfjv+TUEpCpZ7+puRQHwkNxy0JycSxrNbXS/VjG9L9z6wnmfVSZr3ck9mviXrTjlZOksnlcbtMeTwdV9LykxvP1U1cnFP+jnRZTZ+ob8T1kL1R0z/lRn2/JsS8DkyTy+FQajgHNSuvH/j0YPSnZf3J4imPGWsi3rdv7R3Ly+ue2D+Qk0fyQJLGT9qKv+sni+Z95Fu3XbMkL/7lpTR+qa34v7rgmVcuve3rX86Nf1eMX24r/pmP9r18wZO3LMttnwOxfSptxR958ak7lx57xZ7c/O+J8attxV+995ne+QcffSw3/+HYPnPbiv/Cee//9f3PPfxSbvwQ4/e1FX/d3q2f6R08eFpu/Mdi+/S3139e3bPq+cHB3w7lxX82xp/fVvz7dt/93nsX3n5+7vFdE9tnoK34F576yM3zDj58Ut65M7mnW6+cAG9Px6TXWLem6+2OMzvVMF740lClds03L/0/v5sVZYzXs2AW4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Nb0sxvO/vAl7/vg2koSQpKzzVgT8b7ynNWrh9qod+TFp+5ceuwVexrLlrQRBwAAACgWx+Glekk1LAnXJnPDiU23j3MEJ8a1ZHJ5dg4hxsnOEbQbp9SlOOUuxal0KU5Pl+LM6VKc3i7FqRbEqYbW4sydJk5lvFe0mE/ftPm0Hqe/S3HmdSnO/C7FWdClOAu7FGdg2jit98NFXYqzuEtxjulSnGO7FOe4LsX5sy7FOb5LcbJzyjPth/PTLU/IizNxo1wYp5KU63c0m08/Pq3npA7r6S+oZ37R63GL9cxtsZ5TMo8rzbCeaov1/HmH9SQt1vOXHdZTKqgn9tvrsvnFeuJai/1/Z5fi7Ooszv+K11vXdymfG7oU5xNdivPJLsW5scM42XWAPHH8f2i8NxB6K38d+tIzTnYWII53l078nPp6l3cCivHemSmfUxQvO1DPxFs60/yyEwiZeMsy5T2T4lXq45Fp4lUb4y3P3Fm4v9kJhUx+p2fKe4viZScWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAW/eyGsz98yfs+uDYkYfxfU2NNxPvKc1avHmqj3n1r71heXvfE/say3kobgQAAAIBCcRzeUy+pht7KytCbzJm0XTWdB6im6+WB2nJwQVgzvkyGShPrfcmiaR9XSR+3YsfmrSu279z1ro2bR64avWp0y3tWnr1y1fA5q85ZsWHjptHh2s8QegvihRAmph+279z1sZFNm0a3ba8VZvNfkj5uSbqepI8bfHcYHl/elOa/uKC+0pT6dj5/Xu2uQyVdulFw6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/8+u3YXIedV/AD/PzOzMdNv8u3/6Ng3NdshLiVo0iVtJtXQfECy0SchSkJnqWoJNsLhpQpuUWMc2YFsTFKElECK5MBKLrcWbvtgi9oVApEYDbgzSFu2FXiitVtKSC0kZye6c2ZnJTGYdS9PGz+fieWbO+Z3zmzMXC99nBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjATdfGJivjE9XhJISkR029iziXzadpeYC+X35+6/cLoyeXt44VcgNsBAAAAPQVc/hQc6QYCrlsyIYrZ94tPn3JNybCXO4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+90zXxiYr4xPVC5MQkh419S7iXDafpuUB+r7xzpOfeXV09K+tY6UB9gEAAAD6izk80xwphlJYEoaSK9vq4rOBhR3rO+viPovmWdf57KBX3ZJ51l0zz7qP9alb17jvCAAAAPDRF/N/rjkyEgq5BT3zf79cH+uu7qjLNu6D/FYAAAAA+O/E/F9ojpRCIVdq5vX55v3FHXVxfb//28f1y3qs7/f//LWNu//TAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBHx3RtbLIyPlHNJiEkPWrqXcS5bD5NywP0XfXC8N9vOfTQ4taxQm6AjQAAAIC+Yg6fi97FUMgNh6Fw4UzuH71p/9NffPrZsRDCbMzP58OODdu23b1q9hrrVh45NPS9w299q7lNrFs5ez0nhwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN5X07Wxycr4RPWCJISkR029iziXzadpeYC+r3/uC39+/Phzb7aOlQbYBwAAAOgv5vC57F8MpZAP+XD5zLvWrH9apmN9r2cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPnjnm/c9/UNU1Mb7/bCCy+8aL4413+ZAACA99vVIQn1/9AV68/1pwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Mpmtjk5XxiWoxCSHpUVPvIs5l82laHqBv+vzRwoKTL7zUOlYaYB8AAACgv5jD57J/MZTCUBgKl8286/ZMYCb/j3yAHxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4UJmujU1WxieqC5IQkh419S7iXDafpuUB+j62c99nD1783Ztbxwq5ATYCAAAA+oo5PN8cKYZC7uOhEK5qvJ9qX5BkG/fuzwXm1m1tWzY873W1tnXZea/b1XGyXOM0s+uKcb+R2XtzXfnMdeWWdaXQbF9uWxf2tK1a0OdzBgAAADiHYv4vNEdGQiFXaMm5P2mrH5FzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAepmtjk5XxiWqShJD0qKl3Eeey+TQtD9D3vt/8/0Vf+enu7a1jpQH2AQAAAPqLOXwu+xdDKSwK/xcWzeT+MNJeH+v+UTl18NF//mV5CCsuPzaa69z2h/HFr16/8cXOSwiZ9upMCBc3+iU9+v36d4/eu7R+6vEQVlyWveqMfuHs/ebU6+UkrT9T2bh22+FjW/t/PwAAAHA+iPl/qDkyEgq5u3rm/5i8++T/ppkAfvG9O39+aePaSOQdKzKFxu8MMj36fX7pk39atvpvb53O/2fr96l9mw9e2tZwdqRDktbHN29fd+y6A5l46tnzZjv6x+/lS99881+bdjxyarZ/MRQb4wtz3fqfee1wQVqfyuytrnlvb629f67H+R/67UvHf7lw97un+79z9XCz/zVnOf/Z+w/f+vCe6/cdWtfeP4RQ7tb/7XdvDlf84c4HO88/3LFx6zffeu2QpPUji08cWL2/dEN7/6Sjf/z+f3b8sT0/fuQ7z8b+8bciy5fMt3+mo/8ruy7Z+fID6xe298/0OP+Lt706uqX87d93nv+Otl1zPT/Fmed/4tqnbn9tQ3p/5xQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD5Zbo2NlkZn6hmkhCSHjX1LuJcNp+m5QH6vnHL0bdv2/2jH7SOlQbYBwAAAOgv5vC57F8MpZAP+TA8k/ufqWxcu+3wsa1hZHY2adxzU1vu2faJTVu233XHOfrkAAAAwHzF/J9rjoyEQm5pGGrk//HN29cdu+5AJub/TMz/m+6c2rgiNOte2XXJzpcfWL+w+ZwghJmfBRRP1316ru6mG4+OnPjj15Z1rVs1V3dk8YkDq/eXboh1obVuZWg+n3ji2qduf21Den/z87XWffKrW6YajyfivsO3Przn+n2H1jXP0bgPN/aNdVOZvdU17+2txbps415snBsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONN0bWyyMj5RDdkQkh419S7iXDafpuUB+q5Z+osHLzr53KLWsUJugI0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODf7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWG/fkLjKPs4gD/PbvJmm03apH3BqJimVVHqwaIgohcVFWlFCp4qRaqtPYiCIKLUg6m0YqmKF8HqpYgKapSCgo3F0iqp+K948aCCQvUglGJAuxQPKtl9ZruZ7rg6qYL6+cDw5Hlm5ju/mefZ2SwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCPMtA31mwP77i/ccs5N3z06F0nHrnpnXu3XfTwq99NbLruw72DL52c2bxiy5fXL9u0/+4107ufP/TT8Fu/HO0Z/FCrWZW6tRDi8RhC7d3ZZx6b+fisubEYQqjGkckQRuPSQ6Mxl7D65xDC5nad83e+eeLyLXPttl0D88aX5ELy9xXq1ayelpH59fLvUkvrbGvjwUvC19eu3/7p8jde7586NnnqkFjrWE8hLN7YeX5/CGFR2uZkq20sOzm160IIgx3nXdmjrvP/YP2XFvTPTe3/UlvvkZPtX5nrV3LH5fuZ/lw72ON6C1VUR9njehnK9fMvo4UqqjMbH03t26ld9Sfzq9kWQyWGvnb598RTayR0zFsMsTmXtXa/0p7bkO4/14+5fiXXr/bn7qt53bTQqjHOH8+Oy41nr+O+NL6i813dxa0F42entpY+qCezfsj/0VI/7Y/2fTVldc3+Ti1/h0rHO6jbeHvi02TU01g9Lj3tnF+7yPbNrH/iwuqG9w6PFNQR98aUH0vlb/1kdOj213Y+MFaUv7GS8iul8r9Ze+SH23a+8Fxh/tNZfrVU/mUHBo+vfX/HysLnM5s9n75S+Xcc/eDJ5f+/c6rbXDfz92T5tVL510wfGRhuHDhYWP/q7PksKpX/1dU3fvvK5/uOFeaHLH+wVP6G6fueGhhvXFyYf7D1Uag3V2iJ9fPj1BVfjI9/P1GU/1n2/Ie75Mee+S9P7r7qxSW71hSuz3XZ8xkpVf/NF+zfPtTYd17RuzPuOVPfnAD/TcvS/1iPp37Z35kL1fF74dmJvtY30FDahs/khXLmrrP4L8wHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA39iBAxIAAAAAQf9ftyNQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgqQAAAP//5S0lKg==") [ 74.632910][ T4703] Bluetooth: hci0: command tx timeout [ 74.702550][ T5355] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'. [ 74.769254][ T5356] netlink: 104 bytes leftover after parsing attributes in process `syz.0.0'. [ 75.307001][ T5356] loop0: detected capacity change from 0 to 32768 [ 75.673175][ T5356] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,prjquota,nochanges,recovery_pass_last=delete_dead_inodes,nojournal_transaction_names,read_only,version_upgrade=incompatible [ 75.673198][ T5356] allowing incompatible features above 0.0: (unknown version) [ 75.673206][ T5356] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 75.929307][ T5356] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 75.934461][ T5356] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 76.031236][ T5356] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 76.031260][ T5356] has non ptr field, deleting [ 76.113914][ T5356] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 76.121999][ T5356] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 76.121999][ T5356] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 76.121999][ T5356] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 76.187867][ T5356] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version) [ 76.187867][ T5356] [ 76.251142][ T5356] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing [ 76.285693][ T5356] bcachefs (loop0): check_topology... [ 76.285807][ T5356] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 76.313927][ T5356] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 76.336524][ T5356] bcachefs (loop0): bch2_check_root(): error restart_recovery [ 76.340275][ T5356] bcachefs (loop0): scan_for_btree_nodes... [ 76.373037][ T5356] bcachefs (loop0): btree node scan found 1 nodes after overwrites [ 76.398625][ T5356] done [ 76.400597][ T5356] bcachefs (loop0): check_topology... [ 76.400677][ T5356] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 76.418428][ T5356] bcachefs (loop0): no nodes found for btree inodes, continuing [ 76.429526][ T5356] done [ 76.432886][ T5356] bcachefs (loop0): accounting_read... done [ 76.444278][ T5356] bcachefs (loop0): alloc_read... done [ 76.460032][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.463099][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.478914][ T5356] bcachefs (loop0): snapshots_read... done [ 76.485324][ T5356] bcachefs (loop0): check_allocations... [ 76.488241][ T5356] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 76.488268][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 76.519060][ T5356] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 76.519075][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 76.554122][ T5356] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 76.554138][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 76.586083][ T5356] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.601594][ T5356] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.616034][ T5356] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.631488][ T5356] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.645844][ T5356] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.662223][ T5356] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.673852][ T5356] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.706154][ T4703] Bluetooth: hci0: command tx timeout [ 76.713236][ T5356] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.727032][ T5356] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.743159][ T5356] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.776536][ T5356] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.781421][ T5356] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.787944][ T5356] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.804624][ T5356] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.809314][ T5356] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.824764][ T5356] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 76.841378][ T5356] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.846780][ T5356] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.857546][ T5356] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.868751][ T5356] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.896297][ T5356] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 76.896314][ T5356] Ratelimiting new instances of previous error [ 76.909795][ T5356] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 76.909812][ T5356] Ratelimiting new instances of previous error [ 76.936687][ T5356] done [ 76.950647][ T5356] bcachefs (loop0): going read-write [ 77.014151][ T5356] bcachefs (loop0): journal_replay... done [ 77.074431][ T5356] bcachefs (loop0): check_lrus... [ 77.075167][ T5356] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 77.075193][ T5356] u64s 5 type set 18446462598867058688:6597069766690:0 len 0 ver 0 [ 77.075201][ T5356] for u64s 5 type deleted 0:6597069766690:0 len 0 ver 0, fixing [ 77.138736][ T5356] done [ 77.140453][ T5356] bcachefs (loop0): check_backpointers_to_extents... done [ 77.157160][ T5356] bcachefs (loop0): check_extents_to_backpointers... [ 77.158132][ T5356] bcachefs (loop0): scanning for missing backpointers in 3/128 buckets [ 77.176630][ T5356] done [ 77.184856][ T5356] bcachefs (loop0): check_subvols... done [ 77.192307][ T5356] bcachefs (loop0): check_inodes... done [ 77.201337][ T5356] bcachefs (loop0): check_dirents... [ 77.218487][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 6997640128193159958 [ 77.218506][ T5356] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 77.287941][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 4943425907094998831 [ 77.287969][ T5356] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.343307][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 6491650929145696667 [ 77.343323][ T5356] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.361939][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 5451160054088237095 [ 77.361955][ T5356] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 77.373214][ T5356] bcachefs (loop0): dirent points to missing inode: [ 77.373230][ T5356] u64s 7 type dirent 4096:4943425907094998831:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 77.432717][ T5356] bcachefs (loop0): dirent points to missing inode: [ 77.432733][ T5356] u64s 7 type dirent 4096:5451160054088237095:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 77.476891][ T5356] bcachefs (loop0): dirent points to missing inode: [ 77.476905][ T5356] u64s 7 type dirent 4096:6491650929145696667:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing [ 77.485728][ T5356] bcachefs (loop0): dirent points to missing inode: [ 77.485742][ T5356] u64s 7 type dirent 4096:6997640128193159958:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing [ 77.542437][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 1336966911844939066 [ 77.542454][ T5356] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 77.576753][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 2735540168956428501 [ 77.576771][ T5356] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 77.625520][ T5356] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 2 should be 1 [ 77.652169][ T5356] bcachefs (loop0): directory with wrong i_nlink: got 0, should be 1 [ 77.652184][ T5356] (disconnected), fixing [ 77.659594][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 2218029601088285025 [ 77.659607][ T5356] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing [ 77.692344][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 5102036658416139420 [ 77.692357][ T5356] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing [ 77.736006][ T5356] bcachefs (loop0): check_dirents requires second pass [ 77.755562][ T5356] bcachefs (loop0): dirent points to missing inode: [ 77.755577][ T5356] u64s 8 type dirent 4096:1336966911844939066:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 77.780093][ T5356] bcachefs (loop0): dirent points to missing inode: [ 77.780109][ T5356] u64s 8 type dirent 4096:2735540168956428501:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing [ 77.793441][ T5356] bcachefs (loop0): dirent points to missing inode: [ 77.793454][ T5356] u64s 7 type dirent 4098:2218029601088285025:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing [ 77.803558][ T5356] bcachefs (loop0): dirent points to missing inode: [ 77.803570][ T5356] u64s 7 type dirent 4098:5102036658416139420:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing [ 77.832398][ T5356] ================================================================== [ 77.836180][ T5356] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0 [ 77.848327][ T5356] Read of size 1 at addr ffff888054cc4048 by task syz.0.0/5356 [ 77.852978][ T5356] [ 77.854539][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 77.854559][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.854567][ T5356] Call Trace: [ 77.854576][ T5356] [ 77.854583][ T5356] dump_stack_lvl+0x189/0x250 [ 77.854602][ T5356] ? __kasan_check_byte+0x12/0x40 [ 77.854618][ T5356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.854641][ T5356] ? lock_release+0x4b/0x3e0 [ 77.854659][ T5356] ? __virt_addr_valid+0x4a5/0x5c0 [ 77.854675][ T5356] print_report+0xca/0x240 [ 77.854686][ T5356] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.854697][ T5356] kasan_report+0x118/0x150 [ 77.854710][ T5356] ? bch2_check_dirents+0x1fac/0x33f0 [ 77.854722][ T5356] bch2_check_dirents+0x1fac/0x33f0 [ 77.854735][ T5356] ? bch2_check_dirents+0x2f1/0x33f0 [ 77.854746][ T5356] ? desc_read+0x1b8/0x3f0 [ 77.854758][ T5356] ? prb_first_seq+0xfd/0x1a0 [ 77.854768][ T5356] ? __pfx_bch2_check_dirents+0x10/0x10 [ 77.854778][ T5356] ? __pfx_prb_first_seq+0x10/0x10 [ 77.854790][ T5356] ? desc_read+0x1b8/0x3f0 [ 77.854800][ T5356] ? this_cpu_in_panic+0x4f/0x80 [ 77.854811][ T5356] ? _prb_read_valid+0xa07/0xa90 [ 77.854821][ T5356] ? console_flush_all+0x13a/0xc40 [ 77.854834][ T5356] ? up+0xde/0x150 [ 77.854901][ T5356] ? __console_unlock+0x14c/0x1a0 [ 77.854914][ T5356] ? __pfx___console_unlock+0x10/0x10 [ 77.854930][ T5356] ? prb_read_valid+0x3c/0x60 [ 77.854941][ T5356] ? console_unlock+0x21b/0x270 [ 77.854954][ T5356] ? __pfx_console_unlock+0x10/0x10 [ 77.854969][ T5356] ? vprintk_emit+0x63e/0x7a0 [ 77.854988][ T5356] ? __bch2_print+0x176/0x220 [ 77.855002][ T5356] ? bch2_check_dirents+0x2f1/0x33f0 [ 77.855015][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.855032][ T5356] __bch2_run_recovery_passes+0x3bd/0x1060 [ 77.855052][ T5356] bch2_run_recovery_passes+0x184/0x210 [ 77.855065][ T5356] bch2_fs_recovery+0x2690/0x3a50 [ 77.855081][ T5356] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 77.855094][ T5356] ? __lock_acquire+0xab9/0xd20 [ 77.855112][ T5356] ? __mutex_trylock_common+0x153/0x260 [ 77.855124][ T5356] ? __lock_acquire+0xab9/0xd20 [ 77.855142][ T5356] ? __lock_acquire+0xab9/0xd20 [ 77.855163][ T5356] ? bch2_fs_start+0xa0f/0xda0 [ 77.855176][ T5356] ? up_write+0x1c4/0x420 [ 77.855187][ T5356] ? bch2_fs_start+0x5e7/0xda0 [ 77.855200][ T5356] bch2_fs_start+0xaaf/0xda0 [ 77.855212][ T5356] ? bch2_fs_start+0x5e7/0xda0 [ 77.855224][ T5356] ? __pfx_bch2_fs_start+0x10/0x10 [ 77.855241][ T5356] ? sget+0x267/0x620 [ 77.855255][ T5356] bch2_fs_get_tree+0xb39/0x1520 [ 77.855273][ T5356] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 77.855292][ T5356] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 77.855314][ T5356] vfs_get_tree+0x92/0x2b0 [ 77.855329][ T5356] do_new_mount+0x2a2/0x9e0 [ 77.855346][ T5356] ? ns_capable+0x8a/0xf0 [ 77.855358][ T5356] ? __pfx_do_new_mount+0x10/0x10 [ 77.855373][ T5356] ? path_mount+0x61c/0xfe0 [ 77.855386][ T5356] ? user_path_at+0x44/0x60 [ 77.855400][ T5356] __se_sys_mount+0x317/0x410 [ 77.855416][ T5356] ? __pfx___se_sys_mount+0x10/0x10 [ 77.855431][ T5356] ? do_syscall_64+0xbe/0x3b0 [ 77.855445][ T5356] ? __x64_sys_mount+0x20/0xc0 [ 77.855459][ T5356] do_syscall_64+0xfa/0x3b0 [ 77.855474][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.855488][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.855500][ T5356] ? clear_bhb_loop+0x60/0xb0 [ 77.855512][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.855523][ T5356] RIP: 0033:0x7fceb879038a [ 77.855537][ T5356] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.855546][ T5356] RSP: 002b:00007fceb9559e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.855559][ T5356] RAX: ffffffffffffffda RBX: 00007fceb9559ef0 RCX: 00007fceb879038a [ 77.855568][ T5356] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fceb9559eb0 [ 77.855575][ T5356] RBP: 00002000000000c0 R08: 00007fceb9559ef0 R09: 0000000000818001 [ 77.855583][ T5356] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 77.855590][ T5356] R13: 00007fceb9559eb0 R14: 0000000000005968 R15: 0000200000000480 [ 77.855602][ T5356] [ 77.855607][ T5356] [ 78.258503][ T5356] The buggy address belongs to the physical page: [ 78.261548][ T5356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54cc4 [ 78.265533][ T5356] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 78.268903][ T5356] raw: 04fff00000000000 0000000000000000 ffffea0001533108 0000000000000000 [ 78.280820][ T5356] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 78.285644][ T5356] page dumped because: kasan: bad access detected [ 78.289067][ T5356] page_owner tracks the page as freed [ 78.301524][ T5356] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5356, tgid 5354 (syz.0.0), ts 77735363775, free_ts 77832317439 [ 78.308605][ T5356] post_alloc_hook+0x240/0x2a0 [ 78.321024][ T5356] get_page_from_freelist+0x21e4/0x22c0 [ 78.323605][ T5356] __alloc_frozen_pages_noprof+0x181/0x370 [ 78.328515][ T5356] alloc_pages_mpol+0x232/0x4a0 [ 78.332220][ T5356] ___kmalloc_large_node+0x5f/0x1b0 [ 78.334685][ T5356] __kmalloc_large_node_noprof+0x18/0x90 [ 78.337386][ T5356] __kvmalloc_node_noprof+0x6d/0x5f0 [ 78.340462][ T5356] btree_node_sort+0x666/0x1760 [ 78.342989][ T5356] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.346050][ T5356] bch2_btree_node_prep_for_write+0x337/0x650 [ 78.350439][ T5356] bch2_trans_lock_write+0x669/0xba0 [ 78.354103][ T5356] __bch2_trans_commit+0x2773/0x8870 [ 78.357681][ T5356] bch2_str_hash_repair_key+0x2a2d/0x3fa0 [ 78.360088][ T5356] __bch2_str_hash_check_key+0xa65/0xd40 [ 78.362335][ T5356] bch2_check_dirents+0x2166/0x33f0 [ 78.365143][ T5356] __bch2_run_recovery_passes+0x3bd/0x1060 [ 78.371101][ T5356] page last free pid 5356 tgid 5354 stack trace: [ 78.374843][ T5356] __free_pages_ok+0xa83/0xbe0 [ 78.377081][ T5356] free_large_kmalloc+0x13a/0x1f0 [ 78.380543][ T5356] btree_node_sort+0x117f/0x1760 [ 78.383170][ T5356] bch2_btree_post_write_cleanup+0x11f/0xad0 [ 78.386582][ T5356] bch2_btree_node_prep_for_write+0x337/0x650 [ 78.389697][ T5356] bch2_trans_lock_write+0x669/0xba0 [ 78.392412][ T5356] __bch2_trans_commit+0x2773/0x8870 [ 78.394761][ T5356] bch2_check_dirents+0x1c5c/0x33f0 [ 78.397150][ T5356] __bch2_run_recovery_passes+0x3bd/0x1060 [ 78.400308][ T5356] bch2_run_recovery_passes+0x184/0x210 [ 78.404045][ T5356] bch2_fs_recovery+0x2690/0x3a50 [ 78.407745][ T5356] bch2_fs_start+0xaaf/0xda0 [ 78.411008][ T5356] bch2_fs_get_tree+0xb39/0x1520 [ 78.415009][ T5356] vfs_get_tree+0x92/0x2b0 [ 78.420352][ T5356] do_new_mount+0x2a2/0x9e0 [ 78.424859][ T5356] __se_sys_mount+0x317/0x410 [ 78.428509][ T5356] [ 78.430927][ T5356] Memory state around the buggy address: [ 78.435105][ T5356] ffff888054cc3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.442153][ T5356] ffff888054cc3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.447708][ T5356] >ffff888054cc4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.455485][ T5356] ^ [ 78.461265][ T5356] ffff888054cc4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.467069][ T5356] ffff888054cc4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.472026][ T5356] ================================================================== [ 78.502669][ T5356] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 78.509266][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 78.515095][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.522479][ T5356] Call Trace: [ 78.524447][ T5356] [ 78.526231][ T5356] dump_stack_lvl+0x99/0x250 [ 78.528429][ T5356] ? __asan_memcpy+0x40/0x70 [ 78.530456][ T5356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.533707][ T5356] ? __pfx__printk+0x10/0x10 [ 78.535761][ T5356] vpanic+0x281/0x750 [ 78.537822][ T5356] ? preempt_schedule+0xae/0xc0 [ 78.540651][ T5356] ? __pfx_vpanic+0x10/0x10 [ 78.543819][ T5356] ? preempt_schedule_common+0x83/0xd0 [ 78.546462][ T5356] ? preempt_schedule+0xae/0xc0 [ 78.548832][ T5356] ? __pfx_preempt_schedule+0x10/0x10 [ 78.551634][ T5356] panic+0xb9/0xc0 [ 78.553327][ T5356] ? __pfx_panic+0x10/0x10 [ 78.555948][ T5356] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 78.560251][ T5356] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.564196][ T5356] check_panic_on_warn+0x89/0xb0 [ 78.567775][ T5356] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.572505][ T5356] end_report+0x78/0x160 [ 78.575317][ T5356] kasan_report+0x129/0x150 [ 78.577785][ T5356] ? bch2_check_dirents+0x1fac/0x33f0 [ 78.582336][ T5356] bch2_check_dirents+0x1fac/0x33f0 [ 78.585618][ T5356] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.589883][ T5356] ? desc_read+0x1b8/0x3f0 [ 78.591756][ T5356] ? prb_first_seq+0xfd/0x1a0 [ 78.593709][ T5356] ? __pfx_bch2_check_dirents+0x10/0x10 [ 78.596013][ T5356] ? __pfx_prb_first_seq+0x10/0x10 [ 78.598135][ T5356] ? desc_read+0x1b8/0x3f0 [ 78.600081][ T5356] ? this_cpu_in_panic+0x4f/0x80 [ 78.605064][ T5356] ? _prb_read_valid+0xa07/0xa90 [ 78.610470][ T5356] ? console_flush_all+0x13a/0xc40 [ 78.613953][ T5356] ? up+0xde/0x150 [ 78.616258][ T5356] ? __console_unlock+0x14c/0x1a0 [ 78.618558][ T5356] ? __pfx___console_unlock+0x10/0x10 [ 78.620869][ T5356] ? prb_read_valid+0x3c/0x60 [ 78.622808][ T5356] ? console_unlock+0x21b/0x270 [ 78.624792][ T5356] ? __pfx_console_unlock+0x10/0x10 [ 78.626882][ T5356] ? vprintk_emit+0x63e/0x7a0 [ 78.628835][ T5356] ? __bch2_print+0x176/0x220 [ 78.630894][ T5356] ? bch2_check_dirents+0x2f1/0x33f0 [ 78.635293][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.641195][ T5356] __bch2_run_recovery_passes+0x3bd/0x1060 [ 78.647643][ T5356] bch2_run_recovery_passes+0x184/0x210 [ 78.652470][ T5356] bch2_fs_recovery+0x2690/0x3a50 [ 78.657073][ T5356] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 78.662250][ T5356] ? __lock_acquire+0xab9/0xd20 [ 78.664892][ T5356] ? __mutex_trylock_common+0x153/0x260 [ 78.668358][ T5356] ? __lock_acquire+0xab9/0xd20 [ 78.670468][ T5356] ? __lock_acquire+0xab9/0xd20 [ 78.672537][ T5356] ? bch2_fs_start+0xa0f/0xda0 [ 78.674534][ T5356] ? up_write+0x1c4/0x420 [ 78.676390][ T5356] ? bch2_fs_start+0x5e7/0xda0 [ 78.680231][ T5356] bch2_fs_start+0xaaf/0xda0 [ 78.687873][ T5356] ? bch2_fs_start+0x5e7/0xda0 [ 78.693597][ T5356] ? __pfx_bch2_fs_start+0x10/0x10 [ 78.697804][ T5356] ? sget+0x267/0x620 [ 78.701746][ T5356] bch2_fs_get_tree+0xb39/0x1520 [ 78.705743][ T5356] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 78.710024][ T5356] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 78.713630][ T5356] vfs_get_tree+0x92/0x2b0 [ 78.716402][ T5356] do_new_mount+0x2a2/0x9e0 [ 78.719878][ T5356] ? ns_capable+0x8a/0xf0 [ 78.722130][ T5356] ? __pfx_do_new_mount+0x10/0x10 [ 78.724673][ T5356] ? path_mount+0x61c/0xfe0 [ 78.727221][ T5356] ? user_path_at+0x44/0x60 [ 78.730632][ T5356] __se_sys_mount+0x317/0x410 [ 78.733617][ T5356] ? __pfx___se_sys_mount+0x10/0x10 [ 78.739496][ T5356] ? do_syscall_64+0xbe/0x3b0 [ 78.745110][ T5356] ? __x64_sys_mount+0x20/0xc0 [ 78.748852][ T5356] do_syscall_64+0xfa/0x3b0 [ 78.753921][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.759087][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.764302][ T5356] ? clear_bhb_loop+0x60/0xb0 [ 78.768114][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.774943][ T5356] RIP: 0033:0x7fceb879038a [ 78.778920][ T5356] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.798069][ T5356] RSP: 002b:00007fceb9559e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 78.805604][ T5356] RAX: ffffffffffffffda RBX: 00007fceb9559ef0 RCX: 00007fceb879038a [ 78.822340][ T5356] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fceb9559eb0 [ 78.825561][ T5356] RBP: 00002000000000c0 R08: 00007fceb9559ef0 R09: 0000000000818001 [ 78.833662][ T5356] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080 [ 78.842565][ T5356] R13: 00007fceb9559eb0 R14: 0000000000005968 R15: 0000200000000480 [ 78.851514][ T5356] [ 78.853938][ T5356] Kernel Offset: disabled [ 78.857756][ T5356] Rebooting in 86400 seconds..