program: r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d80)=@newsa={0x150, 0x10, 0x713, 0x70bd28, 0x0, {{@in=@local, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x1, 0x0, 0x0, 0xa, 0x0, 0x80, 0x84, 0x0, 0xffffffffffffffff}, {@in6=@mcast1, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x3, 0x2, 0xfffffffffffffffc}, {0xc}, 0x70bd28, 0x0, 0xa, 0x4}, [@algo_aead={0x60, 0x12, {{'rfc4543(gcm(aes))\x00'}, 0xa0, 0x80, "e30c4a833114d85163740408cffe3c2c1be2ca05"}}]}, 0x150}, 0x1, 0x0, 0x0, 0xc0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000005e00)=@newqdisc={0x30, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x30}}, 0x0) syz_mount_image$bcachefs(&(0x7f0000000080), &(0x7f00000000c0)='./file1\x00', 0x804804, &(0x7f0000000280)=ANY=[@ANYBLOB="682c000000000000000000de0eda4671674eecc63e556b0bd426212032ee23d153c2b747a1925a626291f4c489e7bbb09bc275b99c838ad1e4fe5e5016cd05aec5a7bdc2e3935c939b2030d873c566060c4e0d0971ab9e8472e8f28116957e0daf4e4243417b02009d56c2e01c52d9710b111566d6d71cf55aeba0695e8a2d9d1aec2bf4733e458014e9d86f7afd0abbc5476aed858b4c45d5273b74da148490f49ffd181c465db655f5"], 0x1, 0x594c, &(0x7f000000b480)="$eJzs3W2QXFXdIPBzu3synZlMMgkgEWQyBKIIaia8Fb6URte3AqRiYSlhozCQCUaTkEqCQEAJLrhQgIWWlqJ+QAupRaNFFawSKZGXTVhFKVaX2kJqdRf94FPIQ0ogD2X5OE/N9D2dnjt95/b09IQEfr9K5vY5fft/zr339O37P90zHQAAAHhN2HP91n3nHPWBX31x5KVrPtwVrg295fH6alyhP11e8Ur1kAOpu7J4fDlhXPxs47VvuuoHfx68+H2/vLvn+y/vXnvsut+//7CL7//Mmbtu+/ZDL/bd+89niuLG8XTi/nLyXBJC9ed7v/6l3Y8dOVaXhBDKSf+OEBYmix5amGRCDP09hLA2LSzO3HnPS6esG1tee1P3hPoFmfWy22W8v7ZU03G2fd/lJ4U/vHf1db9Z8uMfde18dsf+VZJqw3gKYf6FjY/vCiHMTf+PiaMtjsc4aFeFEHoaHndGQb+Oa7H/y3PKR6fLOemytyBOvH9pplzKrJctR12ZZU9BezOV14921ysyL1POnoxmKq+fsX5huvxpujxxmvHL8X8SSkmo1Lu/Idk/RkLDcUtCMn4sq/VyqX5sQ7r9mXKSKZcy5XJXZrvG200HWjlJJtbH9TL1tdNxV6ik9cc2nqubODen/vXpspo+UV+O5ZC9UdM76UZ9u8bFl4m9U/TlQCg1nIOa1dcPfHowetO63mTRpMeMNhHv27365mXlNQ/v6c/pR3J3ksZP2oq//dcL533qhzdeln1dr8e/sJTGL7UV/49nPf78+Td+71u58W+N8cttxT/5gZ7nznrk+qW5+2dv3D+VtuIPP/PoLUsOv2hnbv9vj/GrbcVfuevx7r59DzyY2/+huH/mthX/6Xd+8E93PXnfs7nxQ4zf01b8Nbs2f7l7YN8JufEfjPunt73x88LO058aGPjLYF78J2L8vrbi37njtnfcseCmM3OP76q4f/rbin/28fdfN2/ffcfknTuT2zv1ygnw2nRYeo11Q1puN8+cqYZ84ZuDldo137z0f18nG8pcfI61M7+T8QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAghHDESf/zQ///4/3PVdJyd3rj6VJtGevnhJDMDSFs3Ta8Zdv6TZcMfubSy7ZsGt4wOLxtcGTTti1XDp76lsEtI5s3DF85du/QW0+pPW5RSGrL5JhJbXePjo6W+ifWxfb+0/E7/7DsjH/5awhDR/xuoJLb/+W3bbzj8CY/M5KVo+/ZeNk5vzvtu+l29af96m/Sr9HR0dGQ069/Pe8fd3x1759PCGHodVP169Gn3/2LCR0ar9gfJ1XqDrUOdSc9TftR73Xan7i/KuvWbxgZmnr/jj2+nLMd//mqZ/++7oqv/KO2f6u529Hi/p27cnRD6Rurz/73b1xdqyjq1yt13Iv2d9yK2L+4/6rp/p6fbtf8nO2q5GzX9b958MmfH3XjizvCUOWFJZPbLtqurnQAdCWvb6nd2EJPsnBCfTVdPx7x+Ljl2zZuXr71yu1vXb9x+JKRS0Y2vX3FqStOHzrt9NOWj2/58g5vf2z/jS1u/4EZTws+t+On8Wdr46moX0X7Y6xfxfujsUd5z7+ec7/0tbff9sg5tYqicR7Xrp9P0mXP2HFeERrG2+R91Wy7ivZDCGGw2X54/sUzw5H/Z/11ReehxiPT+DMjWTn62NK/ffeM7yx+V63igJznGzvU5nm+3uv9/RnfX9X0eIwepPu3O5TT7ept2q8Vjz3SdfOev36+3r85c8IVw9u2bVlR+zkv7em85Oim/crWxu1aMv6zHNLdEurDtMl4HdMVav3Lnj/j6tm92pve15ssarpdWfG+3atvXlZe8/CevD2d3F1rcW7oqy2TN+SsuSHzwHK9w83aP1iff0XjY+BD37n34/f+5NRJ4+Pk2s+i7UpytuvHT975te9/5b/+pHPb9aF3P97/t//76WW1ikPlvFLvddqfpPG8cnIIRc+/JaH5duQ+/0rNt6fo+ZdtZ//6zeMNZsq9odzW8/XkB3qeO+uR65fmPl/3tvp8vXpCqVzwfD1Yxk/2+ZVUJvZj9p5fEwZKsnL0lzcctuOha1YdVasoGtf1tZuN61NayD9ytusX5z81cOngf/nfnTtv/OAt91zw++GVX6hVtH/cY186c9yr6f6t5uzfeq9j3tm4f9928aUb1tbqD97r33RZkP/EU8nWK7d/dnjDhpEtW1vbrlZfT2M72b3c7utpPLstKtiu0qTtmr0breyvVp9vsf9r295fE59vvSFp63Vh+68XzvvUD2+8rH/So9KGLiyl8Uttxf/jWY8/f/6N3/tWbvxbY/xKW/GHn3n0liWHX7QzN/7tSRq/2lb8lbse7+7b98CDufGHYv/nthX/6Xd+8E93PXnfs7nxQ4zf297+f2Hn6U8NDPwlN/4TSdrO2DVSCPe8dMq6WjkJXenzLfaja0K/QracZMqlTLncWC7V5lrrDZSTZGJ9XC+tP7ahL818Iqc+XoVVF9eWL8dyyN6Yuv5gU2o49zerz71OnTP7fQMAOBjE9//jNWh8/38kvVDKn2mA/Waahy3OiRvzsP3zORMv1Ben8ePj4zzgwNvC0Njy2sHahf5030eIz4dSmDjPGds54biJMdqd5yyaf1+aKcd+1ebLKw15aL3DWZXQwvz75Hamnn/PbH7x/PjgDZO6Ndgwb5U9fl3pjFmzzztk+lsZi5A3PrLzYvHzHAPzw6rx9locH9nP0cTjkP0cTWznqMyJs93P0cx0fMRuTzE+xrtc/P7G5OMXpti/+49f82jZ4zeN410dW3+235/twLxh01PagZs3nN33w14V85Ll5utMFb/VecmDfd4w1sftqIzV9zWfT2xs5+M5292p+cR4uoj92pvT3syNNpsmnKTt+USAg1zM/+NrxFj+P3YB/m+Z9YquQ7NXjTFe7ueEcl57i/KOyZ/T62nrOmHNrs1f7h7Yd0Ludc6DrX7uZ/OEUk/B536K9uOyTLlwP+ZM0BTle9l2ivZ79nMZvaGvrf1+547b3nHHgpvOzN3vq2ovpMX7/WsTSn0F+/0QyBeax5cvHDz5wkH8OYai+bNXLB9JP/jUVj7SwucbPpZTP918pGfSjfp2jZv9fKQ1LecjXQe2XwDAoSPm//X3z9L8///FFdLriKK89cRMOcbLzVtzrk/y8taPpMsrMuv3pr9RMd3r5rOPv/+6efvuOyY3b7m91Tz0v00o9RfmoTPLm3PziFWd+bx4bh5Rz7Nmlifm9r+eJ84sT8+NX8/TZ5ZH5+6feh49s3mA3Pj1eYBDPc8tmK/LNBaLrc7XvWrz6PTXZ2crjz43p366eXTvpBv17RonjwYAeGXF/D9exsX8/5HMejN9nz03L+jQdXv274HU4z9xoPLK2c77Zjtvne28frbnJTqSF0/6VMqBy4tne15odufJXvN5cdqovBgAgINZzP/npuX8/H9m+Umz/K1rQn4iP28aX35+aLxvnRP/4Jn/kv97X7yY/B8A4NUt5v/x1x7j3//7H2k5+3fr5ek58eXp8vSpxk/LeXrn59mCzwG8svMAc/evbx4AAIBXQtd4pjT59+w/mS6zv2ef93v55+es36pKenl80bYtIyMXXLZ57fC2kQs2Xbp2ZOsFl29Zv23byKbaejPNG3PzljRv7AqVdH80Xy+bty1I/x7Cgpy/h5BdP4Y9evzG5L+HkG12bsHfEdh//LItl5q2n3f8Sjn9zRsfecc7L/4nctaP6sf/4k+ffMG6rRes37R+2/rhDeu3j0xcbyxr7ZnG92bG3TKt70vN/JikNP3v7+xMP0qT+tGV7o+872dPMv1YmPZkYd73H+T0+1f/66ufO370H3eFMHRE+Q0z2n/JytH/ft7IR7bt+d3msf6Xpux/fc20X0XfV5pdP25PZcOlW7edtO7SyzZlv1GyPXE+o1Qvz9J8Rvr0L7c4P7Emp366n1MoT7pxcGp5fgIAgAni+//xeja+f/iV9AIq1reep8/s/ePcPH2otTw9+71kRXl6dv24va3m6dW28/Tm7Rfl6c3Wb5an5+XdefE/lrP+dLU+Tmb2OY/ccXJha+Mk+30GReMku/50x0kyw3GSbb9onDRbv9k4yTvuefE/mrN+ntbHw8w+l5M7Hm5tbTy8OVMuGg/Z9ac7HkozHA/Z9ovGQ7P1m42HvOObF/+cnPVbNXF8jA2M8XExcsHll275bMN6s/39FzPv3+x+/0e7Wu//7H7ua/b7P7ufK5v9/s/sc2W5/X9iZjNhrfd/Gp9LnBOm/f0u7Tpg87Xph82KPn821TzuWNzVOfdNdx53zqQbByfzuPDKifl/fLsn5v83pctOvw106H9Pmu8xaxq/Q99jVnQdcyi9ngev55PqvZ4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1HRXFo8v91y/dd85R33gV18ceemaD/9s47VvuuoHfx68+H2/vLvn+y/vXnvsut+//7CL7//Mmbtu+/ZDL/bd+89nCgP3j/+snJgWqyEkzyUhVH++9+tf2v3YkWN1SQihnPTvCGFhsuihhUkmwtDfQwhr6/2ceOc9L52ybmx57U3dE+oXZIJktyv0lmN/GvsZwhWFW8QhqJqOs+37Lj8p/OG9q6/7zZIf/6hr57M79q+SVBvGUwjzL2x8fFcIYW76f0wcbYvjg9PlqhBCT8Pjzijo13Et9n95TvnodDknXfYWxIn3L82US5n1suWoK7PsKWhvpvL60e56ReZlytmT0Uzl9TPWL0yXP02XJ04zfjn+T0IpCZV69zck+8dIaDhuSUjGj2W1Xi7Vj21Itz9TTjLlUqZc7sps13i76UArJ8nE+rhepj6ejitp/bGN5+omzs2pf326rKZP1JdjOWRv1PROulHfrnGxX3un6MuBUGo4BzWrrx/49GD0pnW9yaJJjxltIt63e/XNy8prHt7Tn9OP5O4kjZ+0FX/7rxfO+9QPb7xscV78C0tp/FJb8f941uPPn3/j976VG//WGL/cVvyTH+h57qxHrl+au3/2xv1TaSv+8DOP3rLk8It25vb/9hi/2lb8lbse7+7b98CDuf0fivtnblvxn37nB/9015P3PZsbP8T4PW3FX7Nr85e7B/adkBv/wbh/etsbPy/sPP2pgYG/DObFfyLG72sr/p07bnvHHQtuOjP3+K6K+6e/rfhnH3//dfP23XdM3rkzub1Tr5wAr02HpddYN6TldvPMmWrIF745WKld881L//d1sqGMsXbmz2J8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABenX579amfPO89H11dSUJIctYZbSLeV56zcuVgG+0OP/PoLUsOv2hnY93iNuIAAAAAxWIeXqrXVMPicHkyNxzddP04R3B0LCUT67NzCDFOdo6g3TilDsUpdyhOpUNxujoUZ06H4nR3KE61IE41tBZn7hRxKmOjosX+9EzZn9bj9HYozrwOxenrUJz5HYqzoENx+qeM0/o4XNihOIs6FOewDsU5vENxjuhQnNd1KM6RHYqTnVOe7jjsS9c8Ki/O+I1yYZxKUq7f0Ww+/ci0nWNm2E5vQTt9Ra/HLbYzt8V2jss8rjTNdqottvPGGbaTtNjOm2fYTqmgnThur8j2L7YTSy2O/ys7FGd7h+Jc1aE4V3cozuc7FOcLHYpzzQzjALQq5v/7873+0F15V+hJzzjZWYCY7y4Z/zn59S7vhBTjvSFTH/PVJaWceNlEPRNvyXT7l51AyMRbmqnvmhCvUs9HpohXbYy3LHPnnKL+ZScUMv07MVPfXRQvO7EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALPot1ef+snz3vPR1SEJY/+aGm0i3lees3LlYBvt7l5987Lymof3NNZ1V9oIBAAAABSKeXhXvaYauisrQncyZ8J61XQeoJqWy/215cD8sGpsmQyWxss9ycIpH1dJH7d828bNy7deuf2t6zcOXzJyycimt684dcXpQ6edftrydes3jAzVfobQXRAvhDA+/bD1yu2fHd6wYWTL1lpltv+L08ctTstJ+riBt4WhseW1af8XFbRXmtTe7N0oPnoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8B7t2FyLXWcYB/D0zszPTbWNG+jUNzWbIR4laNInbkmrpHBAstEnIUpCZ6lqDTbC4aUKblFjHNmBbExShJRAiuTASi63Fm37YIvaDQKRGA24M0hbthV4orVbTkgtJGcnunNmZ2ZnMOpZsW3+/i3POvO/zvs85Ewj8zw4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOfXZG10vFIeqw5HIUQ9aupdJHPpbByXBuj7pee2fz83cnpl61guM8BGAAAAQF9JDh9qjuRDLpMO6XDF1KeloWUizOR+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/89kbXS8Uh6rXhiFEPWoqXeRzKWzcVwaoO/rbz9x7SsjI39tHSsOsA8AAADQX5LDU82RfCiGZWEouqKtLnk3sKhjfWddss/iOdZ1vjvoVbdsjnVXzbHuY33qNjTOuwIAAAB88CX5P9McKYRcZkHP/N8v1yd1Szrq0o3zIL8VAAAAAP43Sf7PNUeKIZcpNvP6XPP+0o66ZP303+3/1Xf9ih7r+/09f33j7O/0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDBMVkbHa+Ux6rpKISoR029i2QunY3j0gB91zw//Pebjzy4tHUslxlgIwAAAKCvJIfPRO98yGWGw1C4cCr3j9x48KkvPPXMaAhhOuZns2HXph077lozfUzqVh87MvS9o29+a1bd6unjvD0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwnpmsjY5XymPVC6IQoh419S6SuXQ2jksD9H3ts5//82Mnn32jdaw4wD4AAABAf0kOn8n++VAM2ZANl019as36Z6XaVn/l2vN1nwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD8ufsb935908TE5rtcuHDhonkx3/8zAQAA77UlIQr1/9LlG+f7rgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPeDydroeKU8Vs1HIUQ9aupdJHPpbByXBugbP3c8t+D08y+2jhUH2AcAAADoL8nhM9k/H4phKAyFS6c+dXsnMJX/C+fxJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID3lcna6HilPFZdEIUQ9aipd5HMpbNxXBqg76O7D3zm8MLv3tQ6lssMsBEAAADQV5LDs82RfMhlPh5y4crG54n2BVG6ce7+XmBm3fa2ZcNzXldrW5ee87o9HU+WaTzN9Lp8sl9h+txcV5q9rtSyrhia7Utt68K+tlUL+txnAAAAgHmU5P9cc6QQcplcS879SVt9Qc4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHqYrI2OV8pj1SgKIepRU+8imUtn47g0QN97f/PRi7780707W8eKA+wDAAAA9Jfk8Jnsnw/FsDh8JCyeyv2h0F6f1P2jcubwI//8y8oQVl12YiTTue0Pk4tfvXbDC52HEFLt1akQFjb6RT36/fp3j9yzvH7msRBWXZq+cla/cO5+7VvG9acrm9fvOHpie58vBwAAAD4kkvw/1BwphFzmzp75P0neffJ/01QAX3jP7p9f0jg2EnnHilSh0S/Vo9/nlj/xpxVr//bm2fx/rn6fOrD18CVtDadHOkRxvbx154YT1xxKJU893T/d0T/5Xr74zTf+vWXXw2em++dDvjG+KNOt/+xjhwvi+kRqf3Xdu/tr7f0zPZ7/wd++ePKXi/a+c7b/20uGm/2vOsfzn7v/8C0P7bvuwJEN7f1DCKVu/d9656Zw+R/ueCB0/ExkuGPj1m++9dghiuvHlp46tPZg8fr2/lFH/+T7/9nJR/f9+OHvPJN8/8lvRVYum2v/VEf/l/dcvPul+zcuau+f6vH8L9z6ysi20rd/3/nvf3vbrpmedzH7+R+/+snbXt0U39c5BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OEyWRsdr5THqqkohKhHTb2LZC6djePSAH1fv/n4W7fu/dEPWseKA+wDAAAA9Jfk8Jnsnw/FkA3ZMDyV+5+ubF6/4+iJ7aEwPRs1zpmJbXfv+MSWbTvvvH2e7hwAAACYqyT/Z5ojhZDLLA9Djfxf3rpzw4lrDqWS/J9K8v+WOyY2rwrNupf3XLz7pfs3Lmq+Jwhh6mcB+bN1n56pu/GG44VTf/zaiq51a2bqji09dWjtweL1SV1orVsdmu8nHr/6ydte3RTf17y/1rpPfnXbROP1RLLv8C0P7bvuwJENzedonIcb+yZ1E6n91XXv7q8ldenGOd94bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgtsna6HilPFYN6RCiHjX1LpK5dDaOSwP0Xbf8Fw9cdPrZxa1jucwAGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf9iBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCfv2ExlH2cQB/nt3kzTabtEn7glExTaui1INFQUQvKirSihQ8VYpUW3sQBUFEqQdTacVSFS+C1UsRFdQoBQUbi6VVUvFf8eJBBYXqQSjFgHYpHlSy+8x2M91xdVIF9fOB4cnzzMx3fjPPs7NZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4B9loG+s2R7ecX/jlnNu+OjRu048ctM792676OFXv5vYdN2HewdfOjmzecWWL69ftmn/3Wumdz9/6Kfht3452jP4oVazKnVrIcTjMYTau7PPPDbz8VlzYzGEUI0jkyGMxqWHRmMuYfXPIYTN7Trn73zzxOVb5tptuwbmjS/JheTvK9SrWT0tI/Pr5d+lltbZ1saDl4Svr12//dPlb7zeP3Vs8tQhsdaxnkJYvLHz/P4QwqK0zclW21h2cmrXhRAGO867skdd5//B+i8t6J+b2v+ltt4jJ9u/Mtev5I7L9zP9uXawx/UWqqiOssf1MpTr519GC1VUZzY+mtq3U7vqT+ZXsy2GSgx97fLviafWSOiYtxhicy5r7X6lPbch3X+uH3P9Sq5f7c/dV/O6aaFVY5w/nh2XG89ex31pfEXnu7qLWwvGz05tLX1QT2b9kP+jpX7aH+37asrqmv2dWv4OlY53ULfx9sSnyainsXpceto5v3aR7ZtZ/8SF1Q3vHR4pqCPujSk/lsrf+sno0O2v7XxgrCh/YyXlV0rlf7P2yA+37XzhucL8p7P8aqn8yw4MHl/7/o6Vhc9nNns+faXy7zj6wZPL/3/nVLe5bubvyfJrpfKvmT4yMNw4cLCw/tXZ81lUKv+rq2/89pXP9x0rzA9Z/mCp/A3T9z01MN64uDD/YOujUG+u0BLr58epK74YH/9+oij/s+z5D3fJjz3zX57cfdWLS3atKVyf67LnM1Kq/psv2L99qLHvvKJ3Z9xzpr45Af6blqX/sR5P/bK/Mxeq4/fCsxN9rW+gobQNn8kL5cxdZ/FfmA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+xAwckAAAAAIL+v25HoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBTAQAA///rayT/") r4 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0x73, 0x2) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r4, 0xc06c4124, &(0x7f0000000180)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000005a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004018}}, {{&(0x7f0000005840)=@file={0x1, './file1\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x4050) [ 92.563097][ T5305] Bluetooth: hci0: command tx timeout [ 92.566361][ T50] cfg80211: failed to load regulatory.db [ 93.174964][ T5330] loop0: detected capacity change from 0 to 32768 [ 93.308849][ T5330] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 93.308866][ T5330] allowing incompatible features above 0.0: (unknown version) [ 93.308873][ T5330] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 93.326079][ T5330] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 93.329828][ T5330] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 93.334575][ T5330] bcachefs (loop0): Version upgrade required: [ 93.334575][ T5330] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 93.334575][ T5330] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 93.334575][ T5330] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 93.420300][ T5330] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:536870912:U32_MAX len 0 ver 0: [ 93.420339][ T5330] mode=0 [ 93.420346][ T5330] flags=(1000000) [ 93.420352][ T5330] journal_seq=4 [ 93.420358][ T5330] hash_seed=8469d717004af4ef [ 93.420365][ T5330] hash_type=crc32c [ 93.420371][ T5330] bi_size=10 [ 93.420377][ T5330] bi_sectors=0 [ 93.420383][ T5330] bi_version=0 [ 93.420389][ T5330] bi_atime=2780562352 [ 93.420395][ T5330] bi_ctime=0 [ 93.420401][ T5330] bi_mtime=0 [ 93.420407][ T5330] bi_otime=0 [ 93.420413][ T5330] bi_uid=0 [ 93.420419][ T5330] bi_gid=0 [ 93.420425][ T5330] bi_nlink=0 [ 93.420431][ T5330] bi_generation=0 [ 93.420437][ T5330] bi_dev=0 [ 93.420443][ T5330] bi_data_checksum=0 [ 93.420449][ T5330] bi_compression=0 [ 93.420455][ T5330] bi_project=0 [ 93.420461][ T5330] bi_background_compression=0 [ 93.420468][ T5330] bi_data_replicas=0 [ 93.420474][ T5330] bi_promote_target=0 [ 93.420481][ T5330] bi_foreground_target=0 [ 93.420488][ T5330] bi_background_target=0 [ 93.420494][ T5330] bi_erasure_code=0 [ 93.420500][ T5330] bi_fields_set=0 [ 93.420506][ T5330] bi_dir=0 [ 93.420512][ T5330] bi_dir_offset=0 [ 93.420518][ T5330] bi_subvol=0 [ 93.420524][ T5330] bi_parent_subvol=0 [ 93.420530][ T5330] bi_nocow=0 [ 93.420536][ T5330] bi_depth=0 [ 93.420542][ T5330] bi_inodes_32bit=0 [ 93.420547][ T5330] bi_casefold=0 [ 93.420554][ T5330] invalid fields_start (got 0, min 6 max 13), deleting [ 93.508401][ T5330] bcachefs (loop0): invalid bkey in btree_node btree=alloc level=0: u64s 12 type alloc_v4 0:28:0 len 0 ver 0: [ 93.508419][ T5330] gen 0 oldest_gen 0 data_type btree [ 93.508425][ T5330] journal_seq_nonempty 6 [ 93.508432][ T5330] journal_seq_empty 0 [ 93.508439][ T5330] need_discard 1 [ 93.508445][ T5330] need_inc_gen 1 [ 93.508451][ T5330] dirty_sectors 256 [ 93.508458][ T5330] stripe_sectors 1769482 [ 93.508464][ T5330] cached_sectors 0 [ 93.508470][ T5330] stripe 0 [ 93.508477][ T5330] stripe_redundancy 0 [ 93.508482][ T5330] io_time[READ] 1 [ 93.508489][ T5330] io_time[WRITE] 768 [ 93.508495][ T5330] fragmentation 0 [ 93.508501][ T5330] bp_start 7 [ 93.508507][ T5330] [ 93.508512][ T5330] bad val size (15 > 7), deleting [ 93.552600][ T5330] bcachefs (loop0): invalid bkey in btree_node btree=snapshots level=0: u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: subvol parent 0 children 0 912261120 subvol 0 tree 0 [ 93.552620][ T5330] children not normalized, deleting [ 93.566958][ T5330] bcachefs (loop0): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing [ 93.577841][ T5330] bcachefs (loop0): check_topology... [ 93.578193][ T5330] bcachefs (loop0): btree root snapshots unreadable, must recover from scan [ 93.585688][ T5330] bcachefs (loop0): no nodes found for btree snapshots, continuing [ 93.590542][ T5330] done [ 93.591830][ T5330] bcachefs (loop0): accounting_read... done [ 93.597494][ T5330] bcachefs (loop0): alloc_read... done [ 93.600576][ T5330] bcachefs (loop0): snapshots_read... done [ 93.604646][ T5330] bcachefs (loop0): check_allocations... [ 93.608145][ T5330] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 93.608166][ T5330] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 93.637511][ T5330] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 93.637529][ T5330] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 93.652383][ T5330] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 93.652399][ T5330] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 93.666539][ T5330] bcachefs (loop0): bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 93.666551][ T5330] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 93.677802][ T5330] bcachefs (loop0): bucket 0:28 data type btree ptr gen 0 missing in alloc btree [ 93.677815][ T5330] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 93.689776][ T5330] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 93.689791][ T5330] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 93.702016][ T5330] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 93.713124][ T5330] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 93.719072][ T5330] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 93.724081][ T5330] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 93.729171][ T5330] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 93.733961][ T5330] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 93.739417][ T5330] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 93.745275][ T5330] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 93.750133][ T5330] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 93.754576][ T5330] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 93.759303][ T5330] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 93.764371][ T5330] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 93.769241][ T5330] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 93.774710][ T5330] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 93.779501][ T5330] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 93.785061][ T5330] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 93.790017][ T5330] bcachefs (loop0): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 93.794814][ T5330] bcachefs (loop0): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 93.800525][ T5330] bcachefs (loop0): bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing [ 93.805801][ T5330] bcachefs (loop0): bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 93.810972][ T5330] bcachefs (loop0): bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing [ 93.810985][ T5330] Ratelimiting new instances of previous error [ 93.819012][ T5330] bcachefs (loop0): bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 93.819026][ T5330] Ratelimiting new instances of previous error [ 93.837987][ T5330] done [ 93.840186][ T5330] bcachefs (loop0): going read-write [ 93.958661][ T43] bcachefs (loop0): u64s 12 type alloc_v4 0:37:0 len 0 ver 0: [ 93.958685][ T43] gen 0 oldest_gen 0 data_type btree [ 93.958691][ T43] journal_seq_nonempty 6 [ 93.958697][ T43] journal_seq_empty 0 [ 93.958702][ T43] need_discard 1 [ 93.958706][ T43] need_inc_gen 1 [ 93.958709][ T43] dirty_sectors 256 [ 93.958713][ T43] stripe_sectors 0 [ 93.958716][ T43] cached_sectors 0 [ 93.958720][ T43] stripe 0 [ 93.958723][ T43] stripe_redundancy 0 [ 93.958727][ T43] io_time[READ] 1 [ 93.958730][ T43] io_time[WRITE] 1024 [ 93.958734][ T43] fragmentation 0 [ 93.958737][ T43] bp_start 7 [ 93.958740][ T43] [ 93.958744][ T43] incorrectly set at freespace:0:37:0 (free 0, genbits 0 should be 0), fixing [ 93.962388][ T5330] bcachefs (loop0): journal_replay... [ 94.001213][ T43] bcachefs (loop0): u64s 12 type alloc_v4 0:42:0 len 0 ver 0: [ 94.001227][ T43] gen 0 oldest_gen 0 data_type btree [ 94.001234][ T43] journal_seq_nonempty 7 [ 94.001240][ T43] journal_seq_empty 0 [ 94.001247][ T43] need_discard 1 [ 94.001252][ T43] need_inc_gen 1 [ 94.001258][ T43] dirty_sectors 256 [ 94.001264][ T43] stripe_sectors 0 [ 94.001269][ T43] cached_sectors 0 [ 94.001275][ T43] stripe 0 [ 94.001280][ T43] stripe_redundancy 0 [ 94.001285][ T43] io_time[READ] 1 [ 94.001293][ T43] io_time[WRITE] 1280 [ 94.001298][ T43] fragmentation 0 [ 94.001303][ T43] bp_start 7 [ 94.001309][ T43] [ 94.001314][ T43] incorrectly set at freespace:0:42:0 (free 0, genbits 0 should be 0), fixing [ 94.043989][ T43] ================================================================== [ 94.047293][ T43] BUG: KASAN: slab-use-after-free in bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 94.051035][ T43] Read of size 8 at addr ffff88803ff7b920 by task kworker/u4:3/43 [ 94.054542][ T43] [ 94.055821][ T43] CPU: 0 UID: 0 PID: 43 Comm: kworker/u4:3 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 94.055837][ T43] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.055847][ T43] Workqueue: btree_node_rewrite async_btree_node_rewrite_work [ 94.055873][ T43] Call Trace: [ 94.055881][ T43] [ 94.055887][ T43] dump_stack_lvl+0x189/0x250 [ 94.055908][ T43] ? __virt_addr_valid+0x1c8/0x5c0 [ 94.055934][ T43] ? rcu_is_watching+0x15/0xb0 [ 94.055951][ T43] ? __kasan_check_byte+0x12/0x40 [ 94.055963][ T43] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.055979][ T43] ? rcu_is_watching+0x15/0xb0 [ 94.055994][ T43] ? lock_release+0x4b/0x3e0 [ 94.056010][ T43] ? __virt_addr_valid+0x1c8/0x5c0 [ 94.056021][ T43] ? __virt_addr_valid+0x4a5/0x5c0 [ 94.056032][ T43] print_report+0xd2/0x2b0 [ 94.056047][ T43] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 94.056063][ T43] kasan_report+0x118/0x150 [ 94.056075][ T43] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 94.056091][ T43] bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 94.056110][ T43] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 94.056128][ T43] ? __pfx_bch2_bucket_alloc_trans+0x10/0x10 [ 94.056145][ T43] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 94.056160][ T43] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 94.056176][ T43] bch2_bucket_alloc_set_trans+0x5a6/0xe70 [ 94.056193][ T43] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 94.056209][ T43] ? __open_bucket_add_buckets+0x783/0x1e40 [ 94.056226][ T43] __open_bucket_add_buckets+0x1437/0x1e40 [ 94.056250][ T43] open_bucket_add_buckets+0x2ee/0x440 [ 94.056267][ T43] bch2_alloc_sectors_start_trans+0xd26/0x1e80 [ 94.056285][ T43] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 94.056377][ T43] bch2_btree_reserve_get+0x641/0x1810 [ 94.056396][ T43] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 94.056407][ T43] ? __pfx_bch2_btree_reserve_get+0x10/0x10 [ 94.056422][ T43] ? __pfx___bch2_disk_reservation_add+0x10/0x10 [ 94.056437][ T43] ? bch2_btree_update_start+0xadb/0x1dc0 [ 94.056453][ T43] bch2_btree_update_start+0x147e/0x1dc0 [ 94.056467][ T43] ? bch2_btree_path_traverse_one+0x91e/0x21d0 [ 94.056486][ T43] ? bch2_btree_node_rewrite+0x17e/0x1120 [ 94.056503][ T43] ? __pfx_bch2_btree_update_start+0x10/0x10 [ 94.056521][ T43] ? bch2_btree_path_traverse_one+0x91e/0x21d0 [ 94.056537][ T43] ? async_btree_node_rewrite_work+0x1e1/0x840 [ 94.056553][ T43] ? bch2_btree_iter_peek_node+0x566/0xbe0 [ 94.056563][ T43] ? bch2_btree_iter_verify+0x1d/0x360 [ 94.056574][ T43] bch2_btree_node_rewrite+0x17e/0x1120 [ 94.056593][ T43] async_btree_node_rewrite_work+0x370/0x840 [ 94.056610][ T43] ? __pfx_async_btree_node_rewrite_work+0x10/0x10 [ 94.056628][ T43] ? async_btree_node_rewrite_work+0x1d2/0x840 [ 94.056643][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 94.056657][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 94.056672][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 94.056687][ T43] process_scheduled_works+0xae1/0x17b0 [ 94.056707][ T43] ? __pfx_process_scheduled_works+0x10/0x10 [ 94.056725][ T43] worker_thread+0x8a0/0xda0 [ 94.056743][ T43] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 94.056759][ T43] ? __kthread_parkme+0x7b/0x200 [ 94.056770][ T43] kthread+0x70e/0x8a0 [ 94.056782][ T43] ? __pfx_worker_thread+0x10/0x10 [ 94.056797][ T43] ? __pfx_kthread+0x10/0x10 [ 94.056808][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 94.056820][ T43] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.056836][ T43] ? __pfx_kthread+0x10/0x10 [ 94.056847][ T43] ret_from_fork+0x3fc/0x770 [ 94.056862][ T43] ? __pfx_ret_from_fork+0x10/0x10 [ 94.056877][ T43] ? __pfx_kthread+0x10/0x10 [ 94.056888][ T43] ret_from_fork_asm+0x1a/0x30 [ 94.056902][ T43] [ 94.056907][ T43] [ 94.216321][ T43] Allocated by task 43: [ 94.218091][ T43] kasan_save_track+0x3e/0x80 [ 94.220203][ T43] __kasan_kmalloc+0x93/0xb0 [ 94.222230][ T43] __kmalloc_node_track_caller_noprof+0x271/0x4e0 [ 94.224966][ T43] krealloc_noprof+0x124/0x340 [ 94.227014][ T43] __bch2_trans_kmalloc+0x26c/0xc80 [ 94.229270][ T43] bch2_alloc_sectors_start_trans+0x1d59/0x1e80 [ 94.231948][ T43] bch2_btree_reserve_get+0x641/0x1810 [ 94.234284][ T43] bch2_btree_update_start+0x147e/0x1dc0 [ 94.236697][ T43] bch2_btree_node_rewrite+0x17e/0x1120 [ 94.239202][ T43] async_btree_node_rewrite_work+0x370/0x840 [ 94.241980][ T43] process_scheduled_works+0xae1/0x17b0 [ 94.244385][ T43] worker_thread+0x8a0/0xda0 [ 94.246520][ T43] kthread+0x70e/0x8a0 [ 94.248342][ T43] ret_from_fork+0x3fc/0x770 [ 94.250334][ T43] ret_from_fork_asm+0x1a/0x30 [ 94.252382][ T43] [ 94.253286][ T43] Freed by task 43: [ 94.254792][ T43] kasan_save_track+0x3e/0x80 [ 94.256799][ T43] kasan_save_free_info+0x46/0x50 [ 94.258755][ T43] __kasan_slab_free+0x62/0x70 [ 94.260781][ T43] kfree+0x18e/0x440 [ 94.262436][ T43] krealloc_noprof+0x1cd/0x340 [ 94.264523][ T43] __bch2_trans_kmalloc+0x26c/0xc80 [ 94.266842][ T43] __bch2_trans_subbuf_alloc+0x2da/0x460 [ 94.269263][ T43] bch2_trans_log_str+0xd5/0x3c0 [ 94.271327][ T43] __bch2_fsck_err+0xc11/0xfb0 [ 94.273317][ T43] bch2_check_discard_freespace_key+0x71b/0xce0 [ 94.275797][ T43] bch2_bucket_alloc_trans+0x1333/0x2410 [ 94.278073][ T43] bch2_bucket_alloc_set_trans+0x5a6/0xe70 [ 94.280342][ T43] __open_bucket_add_buckets+0x1437/0x1e40 [ 94.282868][ T43] open_bucket_add_buckets+0x2ee/0x440 [ 94.285566][ T43] bch2_alloc_sectors_start_trans+0xd26/0x1e80 [ 94.288063][ T43] bch2_btree_reserve_get+0x641/0x1810 [ 94.290352][ T43] bch2_btree_update_start+0x147e/0x1dc0 [ 94.293055][ T43] bch2_btree_node_rewrite+0x17e/0x1120 [ 94.295532][ T43] async_btree_node_rewrite_work+0x370/0x840 [ 94.298154][ T43] process_scheduled_works+0xae1/0x17b0 [ 94.301036][ T43] worker_thread+0x8a0/0xda0 [ 94.303280][ T43] kthread+0x70e/0x8a0 [ 94.305095][ T43] ret_from_fork+0x3fc/0x770 [ 94.307223][ T43] ret_from_fork_asm+0x1a/0x30 [ 94.309338][ T43] [ 94.310382][ T43] The buggy address belongs to the object at ffff88803ff7b800 [ 94.310382][ T43] which belongs to the cache kmalloc-512 of size 512 [ 94.316367][ T43] The buggy address is located 288 bytes inside of [ 94.316367][ T43] freed 512-byte region [ffff88803ff7b800, ffff88803ff7ba00) [ 94.322246][ T43] [ 94.323387][ T43] The buggy address belongs to the physical page: [ 94.326153][ T43] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3ff7a [ 94.330243][ T43] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 94.333954][ T43] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 94.337318][ T43] page_type: f5(slab) [ 94.339140][ T43] raw: 04fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122 [ 94.342791][ T43] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 94.346688][ T43] head: 04fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122 [ 94.350388][ T43] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 94.354204][ T43] head: 04fff00000000001 ffffea0000ffde81 00000000ffffffff 00000000ffffffff [ 94.357992][ T43] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 94.361543][ T43] page dumped because: kasan: bad access detected [ 94.364255][ T43] page_owner tracks the page as allocated [ 94.366821][ T43] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 10, tgid 10 (kworker/0:1), ts 78584022836, free_ts 73031612954 [ 94.375229][ T43] post_alloc_hook+0x240/0x2a0 [ 94.377206][ T43] get_page_from_freelist+0x21e4/0x22c0 [ 94.379561][ T43] __alloc_frozen_pages_noprof+0x181/0x370 [ 94.382131][ T43] alloc_pages_mpol+0x232/0x4a0 [ 94.384275][ T43] allocate_slab+0x8a/0x3b0 [ 94.386285][ T43] ___slab_alloc+0xbfc/0x1480 [ 94.388229][ T43] __kmalloc_cache_noprof+0x296/0x3d0 [ 94.390499][ T43] drm_atomic_helper_setup_commit+0x1c9/0x1370 [ 94.393752][ T43] drm_atomic_helper_commit+0x6a/0xb10 [ 94.396887][ T43] drm_atomic_commit+0x262/0x2c0 [ 94.399547][ T43] drm_atomic_helper_dirtyfb+0xd7b/0xee0 [ 94.402246][ T43] drm_fbdev_shmem_helper_fb_dirty+0x15d/0x2f0 [ 94.404974][ T43] drm_fb_helper_damage_work+0x224/0x710 [ 94.407373][ T43] process_scheduled_works+0xae1/0x17b0 [ 94.409639][ T43] worker_thread+0x8a0/0xda0 [ 94.411329][ T43] kthread+0x70e/0x8a0 [ 94.413039][ T43] page last free pid 5251 tgid 5251 stack trace: [ 94.415539][ T43] __free_frozen_pages+0xc71/0xe70 [ 94.417734][ T43] __slab_free+0x326/0x400 [ 94.419600][ T43] qlist_free_all+0x97/0x140 [ 94.421428][ T43] kasan_quarantine_reduce+0x148/0x160 [ 94.423658][ T43] __kasan_slab_alloc+0x22/0x80 [ 94.425760][ T43] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 94.427982][ T43] getname_flags+0xb8/0x540 [ 94.429886][ T43] vfs_fstatat+0x43/0x170 [ 94.431747][ T43] __x64_sys_newfstatat+0x116/0x190 [ 94.433855][ T43] do_syscall_64+0xfa/0x3b0 [ 94.435804][ T43] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.438259][ T43] [ 94.439341][ T43] Memory state around the buggy address: [ 94.441729][ T43] ffff88803ff7b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.445117][ T43] ffff88803ff7b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.448477][ T43] >ffff88803ff7b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.451776][ T43] ^ [ 94.453893][ T43] ffff88803ff7b980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.457547][ T43] ffff88803ff7ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.461028][ T43] ================================================================== [ 94.480974][ T43] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 94.483897][ T43] CPU: 0 UID: 0 PID: 43 Comm: kworker/u4:3 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 94.488785][ T43] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.493198][ T43] Workqueue: btree_node_rewrite async_btree_node_rewrite_work [ 94.496684][ T43] Call Trace: [ 94.498146][ T43] [ 94.499361][ T43] dump_stack_lvl+0x99/0x250 [ 94.501275][ T43] ? __asan_memcpy+0x40/0x70 [ 94.503168][ T43] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.505433][ T43] ? __pfx__printk+0x10/0x10 [ 94.507220][ T43] panic+0x2db/0x790 [ 94.509022][ T43] ? __pfx_panic+0x10/0x10 [ 94.510897][ T43] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 94.513355][ T43] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 94.516145][ T43] ? print_memory_metadata+0x314/0x400 [ 94.518477][ T43] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 94.520966][ T43] check_panic_on_warn+0x89/0xb0 [ 94.523062][ T43] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 94.525397][ T43] end_report+0x78/0x160 [ 94.527043][ T43] kasan_report+0x129/0x150 [ 94.528884][ T43] ? bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 94.531341][ T43] bch2_bucket_alloc_trans+0x1aa0/0x2410 [ 94.533799][ T43] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 94.536236][ T43] ? __pfx_bch2_bucket_alloc_trans+0x10/0x10 [ 94.538706][ T43] ? bch2_bucket_alloc_trans+0xcb4/0x2410 [ 94.541114][ T43] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 94.543434][ T43] bch2_bucket_alloc_set_trans+0x5a6/0xe70 [ 94.545918][ T43] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70 [ 94.548401][ T43] ? __open_bucket_add_buckets+0x783/0x1e40 [ 94.551033][ T43] __open_bucket_add_buckets+0x1437/0x1e40 [ 94.553476][ T43] open_bucket_add_buckets+0x2ee/0x440 [ 94.555913][ T43] bch2_alloc_sectors_start_trans+0xd26/0x1e80 [ 94.558533][ T43] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 94.560880][ T43] bch2_btree_reserve_get+0x641/0x1810 [ 94.563256][ T43] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 94.565789][ T43] ? __pfx_bch2_btree_reserve_get+0x10/0x10 [ 94.568229][ T43] ? __pfx___bch2_disk_reservation_add+0x10/0x10 [ 94.570976][ T43] ? bch2_btree_update_start+0xadb/0x1dc0 [ 94.573410][ T43] bch2_btree_update_start+0x147e/0x1dc0 [ 94.575914][ T43] ? bch2_btree_path_traverse_one+0x91e/0x21d0 [ 94.578551][ T43] ? bch2_btree_node_rewrite+0x17e/0x1120 [ 94.580835][ T43] ? __pfx_bch2_btree_update_start+0x10/0x10 [ 94.583449][ T43] ? bch2_btree_path_traverse_one+0x91e/0x21d0 [ 94.586138][ T43] ? async_btree_node_rewrite_work+0x1e1/0x840 [ 94.588755][ T43] ? bch2_btree_iter_peek_node+0x566/0xbe0 [ 94.591224][ T43] ? bch2_btree_iter_verify+0x1d/0x360 [ 94.593639][ T43] bch2_btree_node_rewrite+0x17e/0x1120 [ 94.596227][ T43] async_btree_node_rewrite_work+0x370/0x840 [ 94.598867][ T43] ? __pfx_async_btree_node_rewrite_work+0x10/0x10 [ 94.601590][ T43] ? async_btree_node_rewrite_work+0x1d2/0x840 [ 94.604231][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 94.606467][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 94.608933][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 94.611371][ T43] process_scheduled_works+0xae1/0x17b0 [ 94.613821][ T43] ? __pfx_process_scheduled_works+0x10/0x10 [ 94.616536][ T43] worker_thread+0x8a0/0xda0 [ 94.618459][ T43] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 94.621115][ T43] ? __kthread_parkme+0x7b/0x200 [ 94.623246][ T43] kthread+0x70e/0x8a0 [ 94.625001][ T43] ? __pfx_worker_thread+0x10/0x10 [ 94.627215][ T43] ? __pfx_kthread+0x10/0x10 [ 94.629148][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 94.631256][ T43] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.633396][ T43] ? __pfx_kthread+0x10/0x10 [ 94.635472][ T43] ret_from_fork+0x3fc/0x770 [ 94.637474][ T43] ? __pfx_ret_from_fork+0x10/0x10 [ 94.639699][ T43] ? __pfx_kthread+0x10/0x10 [ 94.641718][ T43] ret_from_fork_asm+0x1a/0x30 [ 94.643914][ T43] [ 94.645621][ T43] Kernel Offset: disabled [ 94.647494][ T43] Rebooting in 86400 seconds..