program:
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0xa4}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$inet(r0, 0x0, 0x0)
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000480)={[{@inodes_32bit}, {@shared_inode_numbers}, {@errors_continue}, {@inline_data}, {@direct_io}, {@nochanges}, {@prjquota}, {@grpquota}, {@version_upgrade={'version_upgrade', 0x3d, 'incompatible'}}]}, 0x21, 0x5978, &(0x7f000000b5c0)="$eJzs3X2QHGX9IPCnZ2azk928bAL8iCCbJRBFULPhrVAsjZ5vBUjFwlLCRWEhG4wmIZUEIQEleOBBARZaWhr1D7SQOjRaVMEpkRJ5uYRTlOL0qCukTu/Qq/IKOVICOcrz3F/tTj+T2d7p7dnZWUjC51PJ9vQzPd/n208/09PPM7M7AQAAgNeFvTdu2X/+MR/41ReHX77uwz/bcH3oLY+VV+MGfeny6tcqQ15N3ZVFY8tsv3jzNT/488Bl7/vlPT3ff2XPmuPX/v79R1z2wGfO2b3z2w+/NPe+fz5bFDf2p5MPrCfPJyFUf77v61/a8/jRo2VJCKGc9O0IYUGy8OEFSSbE4N9DCGvSlXJl/J33vnza2tHl9bd0jyufnwmiv7++VdN+tn3/VaeEP7x31Q2/WfzjH3Xtem7HgU2SakN/CmHeJY2P70r/z07XY29bFB+cLleGEHoaHndWQV4ntJj/spz1Y9PlrHTZWxAn3r8ks17KbJddj7oyy56C+qYrL492tysyJ7OePRlNV16esXxBuvxpujx5ivHL8X8SSkmo1NNfnxzoI6HhuCUhGTuW1fp6qX5sQ7r/mfUks17KrJe7Mvs1Vm/a0cpJMr48bpcpj6fjSlp+fOO5uokLcsrfkC6r6RP1lbgesjdqeifcqO/XmJjXvklyeTWUGs5Bzcrr/Sw9GL1pWW+ycMJjRpqI9+1ZdevS8upH9vbl5JHck6Txk7E2mmr87b9eMOdTP7z5yrxjm1xSSuOX2or/x3OfeOGim7/3rUV58W+P8cttxT/1wZ7nz330xiV57RP3qzdUxs4tU40/9Oxjty0+8tJdufnfEdu/2tbxXbH7ie65+x98KPf4Dsb2mZ3bPs3qiOXPnP3BP9391P3P/b+8+CHG72kr/9W7N325u3//Sbn5PxTbp7e9/vPirjOf7u//y0Be/Cdj/Llt5X/Xjp3vvHP+LefkHt+VsX362sr/vBMfuGHO/vuPy31+3dGpV06A16cj0musm9L1ycaZ3ZOMM6erYbzwzYFK7bp1Tvp/bicrylx8jtYzr5PxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCEcNQp//lD//Pjfc9X0vXu9MYzpdoyls8KIZkdQtiydWjz1nUbLx/4zBVXbt44tH5gaOvA8Matm7cNnP7Wgc3Dm9YPbRu9d/Btp9UetzAktWVy3IS6u0dGRkp948tiff/mxF1/WHrW//5rCINH/a6/kpv/sp0b7jyyyc+MZMXIezZcef7vzvhuul99aV59TfIaGRkZCWleXZm8/s+F/7jzq/v+fFIIg/8yWV6PPfPuX4xLaKzgQJxUqTvUEupOeprmUc86zSe2V2XtuvXDg5O37+jjyznt+2+vee7va6/+yj9q7VvN3Y8W23f2ipH1pW+sOu//f+PaWkFRXvX9yOQ108e9qL3jXsT8YvtV0/ael+7XvJz9quS0942/eeipnx9z80s7wmDlxcUT6y7ar660A3Qlb2ip3lhDT7JgXHk13T4e8fi4ZVs3bFq2Zdv2t63bMHT58OXDG9+x/PTlZw6eceYZy8b2fFmH9z/W/6YW97/V/pStd2r9af7ndvw0/mytPxXlVdQeo3kVt0djRnnPv54LvvS1d+x89PxaQVE/j1vXn4fpsmf0OC8PDf1tYls126+idgghDDRrhxdeOicc/d/W3VB0Hmo8Mo0/M5IVI48v+dt3z/rOonfVClo9z2fzmtJ5vjGhNs/z9awP5DPWXtX0eIwcpO3bHcrpfvU2zWv544923br3r5+v5zdrVrh6aOvWzctrP+ekmc5Jjm2aV7Y07tfisZ/lkDZLqHfTJv01jL2O1/LLnj/j5tlW7U3v600WNt2vrHjfnlW3Li2vfmRvXksn99RqnB3m1pbJG3O2XJ95YLmecLP6D9bnX1H/6P/Qd+77+H0/OX1C/zi19rNov5Kc/frxU3d97ftf+fc/6dx+fejdT/T97b9/emmt4FA5r9SzTvNJGs8rp4ZQ9PxbHJrvR+7zr9R8f4qef9l6DmzfPN5AZr03lIufr9Uw4fl66oM9z5/76I1Lcp+v+1p9vl47bq1c8Hw9WPpP9vmVVMbnMXPPr3EdJVkx8subjtjx8HUrj6kVFPXr+tbN+vVpLYw/cvbrFxc93X/FwL/7r507b/zgrfde/PuhFV+oFbR/3GMunTnu1bR9qzntW886jjsb2/ftl12xfk2t/OC9/k2XBeOfeCrZsm37Z4fWrx/evKW1/Wr19TTWk23ldl9P49ltYcF+lSbs18zdaKW9Wn2+xfzXtN1e459vvSFp6zpu+68XzPnUD2++sm/Co9KKLiml8Uttxf/juU+8cNHN3/tWbvzbY/xKW/GHnn3stsVHXrorN/4dSRq/2lb8Fbuf6J67/8GHcuMPxvxntxX/mbM/+Ke7n7r/udz4Icbvba/9X9x15tP9/X/Jjf/kgQuPOSGEe18+bW2t3mRsTrDakEfXuLxCdj3JrJcy6+XG9VJtrrVeQTlJxpfH7dLy4xtyaeYTOeXxKqy6qLZ8Ja6H7I3Jyw82pYZzf7PyoutUAIDDXXz/P16Dxvf/h9MLpfyZBjhguuOwRTlx4zjswHzOrHH3L0rjx8fHecD+t4fB0eX1A7UL/am+jxCfD9l5zljPSSeMj9HuPGfR/PuSzHrMqzZfXmkYh6YmjmsqoYX594n1TD7/ntn94vnxgZsmpDXQMG+VPX5d6YxZs887ZPKtjEbI6x/ZebH4eY7+eWHlWH0t9o/s52jicch+jibWc0zmxNnu52im2z9i2pP0j7GUi9/fmHj8wiTte+D4NY+WPX5TON7V0e1n+v3ZDswbNj2lvXrzhi28H9Ykfqvvh9XnJVdM3Gay+K+XecnkIJ83jOVxPyotzid+PKe8lfnExnm5vPnEeLqIee2bJJdXg/lE4HAVx//xNWJ0/D96Af5/M9sVXYdmrxpjvNzPCZWb51M07pj4Ob2etl7HV+/e9OXu/v0n5V7nPNTq5342jVvrKfjcT1E7Ls2sF7ZjzgRN0XgvW09Ru2c/l9Eb5rbV7nft2PnOO+ffck5uu6+svZAWt/vXxq3NLWj3Q2C80Dz+4TZeONg/x7AzE/8Q+RxD0fzZazYeST/4NFPjkY/llE/18w09E27U92vMITce6Ro9hwIATBTH//X3z9Lx//+IG6QXdUXj1pMz6zFe7ri1q3k+eePWj6TLqzPb96a/UTHV6+bzTnzghjn77z8ud9xyR6vj0P8wbq2vcBw6vXFz7jhiZWc+L547jqiPs6Y3TszNvz5OnN44PTd+fZw+vXF0bvvUx9HTmwfIjV+fBzi03xcrnK/LVBZXW52vO2zH0emvz87UOPqCnPKpjqN7J9yo79eYQ3EcDQBwOInj/3gZF8f/j2a2m+777Lnjgg5dt2f/Hkg9/pOv1riyjXHf7BBCy+O+mR63zvS4fqbnJQ71cfFMzwvN7DzZ635cnFZqXAwAwMEsjv/jZwXzx//TG580G791jRufHITj8ym9L2t83jT+YTM+P9Tnv4z/vS9ezPgfAODwFsf/8dce49//+0/pevbv1hun58Q3TjdOn6z/tDxO7/w8W/A5gNd2HqDhF7HNAwAA8FroGhspTfw9+0+my+zv2ef9Xv5FOdu3qpJeHl+6dfPw8MVXbloztHX44o1XrBnecvFVm9dt3Tq8sbbddMeNueOWdNzYFSppezTfLjtum5/+PYT5OX8PIbt9DHvs2I2Jfw8hW+3sgr8jcOD4tZZv3vErNW5fHb99s/6Rd7zz4n8iZ/uofvwv+/SpF6/dcvG6jeu2rhtav2778PjtRketPVP43szYLFP6vtTMjwlKU//+zs7kUZqQR1faHnnfz55k8liQZrIg7/sPcvL+1X/56udOHPnH3SEMHlV+47TaL1kx8h8vHP7I1r2/2zSa/+xs/rMa86lvmeZV9H2l2e3j/lTWX7Fl6ylrr7hyY/YbJdsT5zNK9fUZms9In/7lFucnVueUT/VzCuUJNw5OLc9PAAAwTnz/P17PxvcPv5JeQMXy1sfp03v/OHecPtjaOD37vWRF4/Ts9nF/Wx2nV6c5Ts/WXzROb7Z9s3F63rg7L/7Hcrafqtb7yfQ+55HbTy5prZ9kv8+gqJ9kt59qP0mm2U+y9Rf1k2bbN+snecc9L/5Hc7bP03p/mN7ncnL7w+2t9Ye3ZNaL+kN2+6n2h9I0+0O2/qL+0Gz7Zv0h7/jmxT8/Z/tWje8fox1jrF8MX3zVFZs/27DdTH//xfTzm9nv/2hX6/nP7Oe+Zj7/mf1c2cznP73PleXm/+T0ZsJaz39mv9+lXa/afG06e130+bOiedxVOeVTncedNeHGwck8Lrx24vg/vt0Tx/+3pMtOvw106H9P2iHyPWbZ+IfI95gVXcd4PZ+ksoOA13MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA1nRXFo0t9964Zf/5x3zgV18cfvm6D/9sw/VvvuYHfx647H2/vKfn+6/sWXP82t+//4jLHvjMObt3fvvhl+be989nCwP3jf2snJyuVkNInk9CqP5839e/tOfxo0fLkhBCOenbEcKCZOHDC5JMhMG/hxDW1PMcf+e9L5+2dnR5/S3d48rnZ4Jk9yv0lmM+jXmGcHXhHnEIqqb9bPv+q04Jf3jvqht+s/jHP+ra9dyOA5sk1Yb+FMK8Sxof3xVCmJ3+HxV726L44HS5MoTQ0/C4swryOqHF/JflrB+bLmely95Jo8yq31qS2b6U2TK7HnVllj2T1jd9eXm0u12ROZn17MlouvLyjOUL0uVP0+XJU4xfjv+TUEpCpZ7++qTx6B84bklIxo5ltb5eqh/bkO5/Zj3JrJcy6+WuzH6N1Zt2tHKSjC+P22XK4+m4kpYf33iubuKCnPI3pMtq+kR9Ja6H7I2a3gk36vs1Jua1b5JcXg2lhnNQs/L6gU8PRm9a1pssnPCYkSbifXtW3bq0vPqRvX05eST3JGn8pK3423+9YM6nfnjzlYvy4l9SSuOX2or/x3OfeOGim7/3rdz4t8f45bbin/pgz/PnPnrjktz22Rfbp9JW/KFnH7tt8ZGX7srN/44Yv9pW/BW7n+ieu//Bh3LzH4ztM7ut+M+c/cE/3f3U/c/lxg8xfk9b8Vfv3vTl7v79J+XGfyi2T297/efFXWc+3d//l4G8+E/G+HPbin/Xjp3vvHP+LefkHt+VsX362op/3okP3DBn//3H5Z07kzs69coJ8Pp0RHqNdVO63u44c7oaxgvfHKjUrvnmpP/ndrKijNF65s1gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADk+/vfb0T174no+uqiQhJDnbjDQR7yvPWrFioI16h5597LbFR166q7FsURtxAAAAgGJxHF6ql1TDonBVMjsc23T7OEdwbFxLxpdn5xBinOwcQbtxSh2KU+5QnEqH4nR1KM6sDsXp7lCcakGcamgtzuxJ4lRGe0WL+fRMmk/rcXo7FGdOh+LM7VCceR2KM79DcfomjdN6P1zQoTgLOxTniA7FObJDcY7qUJx/6VCcozsUJzunPNV+ODfd8pi8OGM3yoVxKkm5fkez+fSj03qOm2Y9vQX1zC16PW6xntkt1nNC5nGlKdZTbbGeN02znqTFet4yzXpKBfXEfnt1Nr9YT1xrsf9v61Cc7dOL87/i9dY1Hcrn2g7F+XyH4nyhQ3Gum2YcgFbF8f+B8V5f6K68K/SkZ5zsLEAc7y4e+znx9S7vhBTjvTFTPqsoXnagnom3eKr5ZScQMvGWZMq7xsWr1Mcjk8SrNsZbmrmzcH+zEwqZ/E7OlHcXxUt34NbmYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgo3577emfvPA9H10VkjD6r6mRJuJ95VkrVgy0Ue+eVbcuLa9+ZG9jWXeljUAAAABAoTgO76qXVEN3ZXnoTmaN266azgNU0/VyX23ZPy+sHF0mA6Wx9Z5kwaSPq6SPW7Z1w6ZlW7Ztf9u6DUOXD18+vPEdy09ffubgGWeesWztuvXDg7WfIXQXxAshjE0/bNm2/bND69cPb95SK8zmvyh93KJ0PUkf1//2MDi6vD7Nf2FBfaUJ9W17+uzaXQdKOnSj4NABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAv7JrfyFyXXUcwM+dmZ2Zbpt2pf+modkM+VOiFk3iVlIt3QuChTYJWQoyW11LsAkWN01okxLr2AZsa4IitARCJA9GYrG1+NI/toj9QyBSowE3BmmL9kEflFYracmDpIzs7pzZmclMZh1L08bP5+HeO+f+zvndMw8L3zsLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCBm6qOTFRGx8YHkxCSLjW1DuK9bD5Ny330/crz235QGD61onmskOtjIQAAAKCnmMMHGiPFUMhlQzZcNfNpyfQhX78R5nI/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/2eqOjJRGR0bvzAJIelSU+sg3svm07TcR9833nnys68OD/+teazUxzoAAABAbzGHZxojxVAKS8NAclVLXXw3sLBtfntdXGfRPOva3x10q1s6z7pr5ln38R516+vnnQEAAAA++mL+zzVGhkIht6Br/u+V62Pd4ra6bP3cz/8KAAAAAP+bmP8LjZFSKORKjbw+37y/pK0uzu/1u32cv7zL/F6/56+rn/1ODwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHVPVkYnK6Nh4Ngkh6VJT6yDey+bTtNxH39UvDP7jlsMPLWkeK+T6WAgAAADoKebwuehdDIXcYBgIF87k/uGbDjz9paefHQkhzMb8fD7s3Lh9+92rZ4+xbtXRwwPfP/LWtxvLxLpVs8dzsjkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB9NVUdmaiMjo1fkISQdKmpdRDvZfNpWu6j7+uf/+JfHj/x3JvNY6U+1gEAAAB6izl8LvsXQynkQz5cMfOpOetPy7TN7/bOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADh/3PPN+76xcXJy090uXLhw0bg413+ZAACA99vikITaf+nKDef6qQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA+DqerIRGV0bLyYhJB0qal1EO9l82la7qNv+vyxwoJTL7zUPFbqYx0AAACgt5jD57J/MZTCQBgIl8986vROYCb/D32ADwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8qExVRyYqo2PjC5IQki41tQ7ivWw+Tct99H1s1/7PHbrkezc3jxVyfSwEAAAA9BRzeL4xUgyF3CdCIVxd/zzZOiHJ1s+d3wvMzdvWMm1w3vOqLfOy8563u21nufpuZucV43pDs+fGvPKZ88pN80qh0b7cMi/sbZm1oMdzBgAAADiHYv4vNEaGQiFXaMq5P22pH5JzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAupqojE5XRsfEkCSHpUlPrIN7L5tO03Eff+377sYu++rM9O5rHSn2sAwAAAPQWc/hc9i+GUlgULg6LZnJ/GGqtj3X/rJw+9Oi//roihJVXHB/OtS/7o3jx69dvfLH9EEKmtToTwiX1fkmXfr/5/aP3LqudfjyElZdnrz6jXzh7vzm1WjlJa89UNq3bfuT4tt7fDwAAAJwPYv4faIwMhULurnDxxbM//Lfn/5i8e+T/hpkAfsm9u35xWf1YT+RtMzJD9fyf6dLvC8ue/PPyNX9/azr/n63fp/dvOXRZS8PZkTZJWhvdsmP98esOZuKuZ/tn2/rH7+XL33rz35t3PnJ6tn8xFOvjC3Od+p95bHNBWpvM7Btf+96+amv/XJf9P/S7l078auGed6f7v7N4sNH/mrPs/+z9B299eO/1+w+vn/401z+EUO7U/+13bw5X/vHOB9v3P9i2cPM333xsl9aOLjl5cM2B0g2t+0/a+sfv/+cnHtv7k0e++2zsH/9XZMXS+fZveeeUpLVXdl+66+UHNixs7Z/psv8Xb3t1eGv5O39o3/8dLavmuj5FmyStPXHtU7e/tjG9/4yvBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4LwyVR2ZqIyOjWeSEJIuNbUO4r1sPk3LffR945Zjb9+258c/bB4r9bEOAAAA0FvM4XPZvxhKIR/yYXAm9z9T2bRu+5Hj28LQ7N2kfs5Nbr1n+yc3b91x1x3n6MkBAACA+Yr5P9cYGQqF3LIwUM//o1t2rD9+3cFMzP+ZmP833zm5aWVo1L2y+9JdLz+wYWHjPUEIM/8WUJyu+8xc3U03Hhs6+aevL+9Yt3qu7uiSkwfXHCjdEOtCc92q0Hg/8cS1T93+2sb0/sbzNdd96mtbJ+uvJ+K6g7c+vPf6/YfXN/ZRPw/W1411k5l942vf21eNddn6uVjfNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwpqnqyERldGw8ZENIutTUOoj3svk0LffRd+2yXz540annFjWPFXJ9LAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8B924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsF8/oXGUfRzAn2c3ebPNJm3SvmBUTNOqKPVgURDRi4qKtCIFT5Ui1dYeREEQUerBVFqxVMWLYPVSRAU1SkHBxmJplVT8V7x4UEGhehBKMaBdigeV7D6z3Ux3XJ1UQf18YHjyPDPznd/M8+xsFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH+Ugb6xZnt4x/2NW8654aNH7zrxyE3v3Lvtoodf/W5i03Uf7h186eTM5hVbvrx+2ab9d6+Z3v38oZ+G3/rlaM/gh1rNqtSthRCPxxBq784+89jMx2fNjcUQQjWOTIYwGpceGo25hNU/hxA2t+ucv/PNE5dvmWu37RqYN74kF5K/r1CvZvW0jMyvl3+XWlpnWxsPXhK+vnb99k+Xv/F6/9SxyVOHxFrHegph8cbO8/tDCIvSNidbbWPZyaldF0IY7Djvyh51nf8H67+0oH9uav+X2nqPnGz/yly/kjsu38/059rBHtdbqKI6yh7Xy1Cun38ZLVRRndn4aGrfTu2qP5lfzbYYKjH0tcu/J55aI6Fj3mKIzbmstfuV9tyGdP+5fsz1K7l+tT93X83rpoVWjXH+eHZcbjx7Hfel8RWd7+oubi0YPzu1tfRBPZn1Q/6Plvppf7Tvqymra/Z3avk7VDreQd3G2xOfJqOexupx6Wnn/NpFtm9m/RMXVje8d3ikoI64N6b8WCp/6yejQ7e/tvOBsaL8jZWUXymV/83aIz/ctvOF5wrzn87yq6XyLzsweHzt+ztWFj6f2ez59JXKv+PoB08u//+dU93mupm/J8uvlcq/ZvrIwHDjwMHC+ldnz2dRqfyvrr7x21c+33esMD9k+YOl8jdM3/fUwHjj4sL8g62PQr25Qkusnx+nrvhifPz7iaL8z7LnP9wlP/bMf3ly91UvLtm1pnB9rsuez0ip+m++YP/2oca+84renXHPmfrmBPhvWpb+x3o89cv+zlyojt8Lz070tb6BhtI2fCYvlDN3ncV/YT4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBv7MABCQAAAICg/6/bESgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPBQAA//+wkCK1")
socket$inet_sctp(0x2, 0x5, 0x84)
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x2, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0)
[ 68.350092][ T4673] Bluetooth: hci0: command tx timeout
[ 69.052339][ T5324] loop0: detected capacity change from 0 to 32768
[ 69.249413][ T5324] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,grpquota,prjquota,nochanges,nojournal_transaction_names,read_only,version_upgrade=incompatible
[ 69.249431][ T5324] allowing incompatible features above 0.0: (unknown version)
[ 69.249438][ T5324] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 69.297440][ T5324] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 69.302552][ T5324] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing
[ 69.312321][ T5324] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:c0004000b compress none
[ 69.312346][ T5324] has non ptr field, deleting
[ 69.329032][ T5324] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 69.334158][ T5324] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete
[ 69.334158][ T5324] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive
[ 69.334158][ T5324] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents
[ 69.396378][ T5324] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version)
[ 69.396378][ T5324]
[ 69.488486][ T5324] bcachefs (loop0): btree node read error at btree snapshots level 0/0
[ 69.488521][ T5324] u64s 11 type btree_ptr_v2 POS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 251 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[ 69.488531][ T5324] loop0 node offset 0/251 bset u64s 0: incorrect max key SPOS_MAX
[ 69.488538][ T5324] flagging btree snapshots lost data
[ 69.488545][ T5324] running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[ 69.488552][ T5324] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[ 69.488560][ T5324] running recovery pass reconstruct_snapshots (21), currently at recovery_pass_empty (0)
[ 69.488567][ T5324] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[ 69.488574][ T5324] ret btree_node_read_validate_error
[ 69.597976][ T5324] bcachefs (loop0): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing
[ 69.614012][ T5324] bcachefs (loop0): check_topology...
[ 69.614343][ T5324] bcachefs (loop0): btree root snapshots unreadable, must recover from scan
[ 69.625966][ T5324] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding
[ 69.633161][ T5324] bcachefs (loop0): bch2_check_root(): error restart_recovery
[ 69.636769][ T5324] bcachefs (loop0): scan_for_btree_nodes...
[ 69.661436][ T5324] bcachefs (loop0): btree node scan found 7 nodes after overwrites
[ 69.673163][ T5324] done
[ 69.674530][ T5324] bcachefs (loop0): check_topology...
[ 69.691020][ T5324] bcachefs (loop0): btree root snapshots unreadable, must recover from scan
[ 69.709584][ T5324] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=snapshots level=0 POS_MIN - SPOS_MAX
[ 69.732586][ T5324] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[ 69.761947][ T5324] done
[ 69.763375][ T5324] bcachefs (loop0): accounting_read... done
[ 69.784652][ T5324] bcachefs (loop0): alloc_read... done
[ 69.787748][ T5324] bcachefs (loop0): snapshots_read... done
[ 69.792647][ T5324] bcachefs (loop0): check_allocations...
[ 69.796123][ T5324] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree
[ 69.796157][ T5324] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 8 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 69.848755][ T5324] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[ 69.848775][ T5324] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 69.863658][ T5324] bcachefs (loop0): bucket 0:32 data type btree ptr gen 0 missing in alloc btree
[ 69.863675][ T5324] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[ 69.900624][ T5324] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[ 69.900638][ T5324] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 69.932145][ T5324] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree
[ 69.932161][ T5324] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing
[ 69.964176][ T5324] bcachefs (loop0): bucket 0:0 gen 0 has wrong data_type: got free, should be sb, fixing
[ 69.989445][ T5324] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.008161][ T5324] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.017822][ T5324] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.030756][ T5324] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.041364][ T5324] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.054405][ T5324] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.061716][ T5324] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.083773][ T5324] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.100927][ T5324] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.117476][ T5324] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.123342][ T5324] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.139251][ T5324] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.154779][ T5324] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.162698][ T5324] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.176675][ T5324] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.194542][ T5324] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.208627][ T5324] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing
[ 70.215363][ T5324] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.234582][ T5324] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.249624][ T5324] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing
[ 70.249682][ T5324] Ratelimiting new instances of previous error
[ 70.272918][ T5324] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 70.272933][ T5324] Ratelimiting new instances of previous error
[ 70.317128][ T5324] done
[ 70.324323][ T5324] bcachefs (loop0): going read-write
[ 70.401911][ T4673] Bluetooth: hci0: command tx timeout
[ 70.505710][ T5324] bcachefs (loop0): journal_replay... done
[ 70.591547][ T5324] bcachefs (loop0): check_lrus... done
[ 70.594806][ T5324] bcachefs (loop0): check_backpointers_to_extents... done
[ 70.598800][ T5324] bcachefs (loop0): check_extents_to_backpointers...
[ 70.599490][ T5324] bcachefs (loop0): scanning for missing backpointers in 5/128 buckets
[ 70.608878][ T5324] done
[ 70.612052][ T5324] bcachefs (loop0): reconstruct_snapshots... done
[ 70.616745][ T5324] bcachefs (loop0): check_subvols... done
[ 70.623380][ T5324] bcachefs (loop0): check_inodes... done
[ 70.627283][ T5324] bcachefs (loop0): check_dirents...
[ 70.628298][ T5324] bcachefs (loop0): key in missing inode, found keys:
[ 70.628322][ T5324] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir
[ 70.628330][ T5324] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg
[ 70.628339][ T5324] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg
[ 70.628347][ T5324] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg
[ 70.628355][ T5324] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir
[ 70.628363][ T5324] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg
[ 70.628371][ T5324] , fixing
[ 70.721549][ T5324] bcachefs (loop0): hash table key at wrong offset: should be at 4264533087203530580
[ 70.721568][ T5324] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 70.739023][ T5324] bcachefs (loop0): hash table key at wrong offset: should be at 7889335508802022023
[ 70.739053][ T5324] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 70.756042][ T5324] bcachefs (loop0): hash table key at wrong offset: should be at 5107702692528724838
[ 70.756058][ T5324] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 70.770615][ T5324] bcachefs (loop0): dirent points to missing inode:
[ 70.770641][ T5324] u64s 7 type dirent 4096:4264533087203530580:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 70.781770][ T5324] bcachefs (loop0): hash table key at wrong offset: should be at 614615552925147456
[ 70.781784][ T5324] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 70.795413][ T5324] bcachefs (loop0): dirent points to missing inode:
[ 70.795424][ T5324] u64s 7 type dirent 4096:5107702692528724838:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 70.806274][ T5324] bcachefs (loop0): dirent points to missing inode:
[ 70.806288][ T5324] u64s 7 type dirent 4096:7889335508802022023:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 70.817861][ T5324] bcachefs (loop0): hash table key at wrong offset: should be at 5025570856152900315
[ 70.817874][ T5324] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing
[ 70.830359][ T5324] bcachefs (loop0): hash table key at wrong offset: should be at 1088119887546400742
[ 70.830373][ T5324] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing
[ 70.843210][ T5324] bcachefs (loop0): key in missing inode, found keys:
[ 70.843223][ T5324] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk
[ 70.843230][ T5324] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg
[ 70.843235][ T5324] , fixing
[ 70.885128][ T5324] bcachefs (loop0): key in missing inode, found keys:
[ 70.885142][ T5324] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg
[ 70.885149][ T5324] , fixing
[ 70.913253][ T5324] bcachefs (loop0): check_dirents requires second pass
[ 70.917149][ T5324] bcachefs (loop0): dirent points to missing inode:
[ 70.917186][ T5324] u64s 7 type dirent 4096:614615552925147456:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 70.926051][ T5324] bcachefs (loop0): dirent points to missing inode:
[ 70.926064][ T5324] u64s 8 type dirent 4096:1088119887546400742:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing
[ 70.942880][ T5324] ==================================================================
[ 70.947760][ T5324] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0
[ 70.950996][ T5324] Read of size 1 at addr ffff888054943048 by task syz.0.0/5324
[ 70.954855][ T5324]
[ 70.956418][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)
[ 70.956435][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 70.956442][ T5324] Call Trace:
[ 70.956450][ T5324]
[ 70.956457][ T5324] dump_stack_lvl+0x189/0x250
[ 70.956479][ T5324] ? __virt_addr_valid+0x1c8/0x5c0
[ 70.956492][ T5324] ? rcu_is_watching+0x15/0xb0
[ 70.956509][ T5324] ? __kasan_check_byte+0x12/0x40
[ 70.956521][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10
[ 70.956535][ T5324] ? rcu_is_watching+0x15/0xb0
[ 70.956550][ T5324] ? lock_release+0x4b/0x3e0
[ 70.956564][ T5324] ? __virt_addr_valid+0x1c8/0x5c0
[ 70.956575][ T5324] ? __virt_addr_valid+0x4a5/0x5c0
[ 70.956584][ T5324] print_report+0xd2/0x2b0
[ 70.956598][ T5324] ? bch2_check_dirents+0x1fac/0x33f0
[ 70.956622][ T5324] kasan_report+0x118/0x150
[ 70.956634][ T5324] ? bch2_check_dirents+0x1fac/0x33f0
[ 70.956650][ T5324] bch2_check_dirents+0x1fac/0x33f0
[ 70.956669][ T5324] ? bch2_check_dirents+0x2f1/0x33f0
[ 70.956686][ T5324] ? desc_read+0x1b8/0x3f0
[ 70.956706][ T5324] ? prb_first_seq+0xfd/0x1a0
[ 70.956721][ T5324] ? __pfx_bch2_check_dirents+0x10/0x10
[ 70.956738][ T5324] ? __pfx_prb_first_seq+0x10/0x10
[ 70.956752][ T5324] ? desc_read+0x1b8/0x3f0
[ 70.956766][ T5324] ? this_cpu_in_panic+0x4f/0x80
[ 70.956779][ T5324] ? _prb_read_valid+0xa07/0xa90
[ 70.956794][ T5324] ? console_flush_all+0x13a/0xc40
[ 70.956808][ T5324] ? up+0xde/0x150
[ 70.956864][ T5324] ? __console_unlock+0x14c/0x1a0
[ 70.956875][ T5324] ? __pfx___console_unlock+0x10/0x10
[ 70.956889][ T5324] ? prb_read_valid+0x3c/0x60
[ 70.956906][ T5324] ? console_unlock+0x21b/0x270
[ 70.956917][ T5324] ? __pfx_console_unlock+0x10/0x10
[ 70.956928][ T5324] ? vprintk_emit+0x63e/0x7a0
[ 70.956945][ T5324] ? __bch2_print+0x176/0x220
[ 70.956964][ T5324] ? bch2_check_dirents+0x2f1/0x33f0
[ 70.956982][ T5324] ? _raw_spin_unlock_irq+0x23/0x50
[ 70.956997][ T5324] ? lockdep_hardirqs_on+0x9c/0x150
[ 70.957014][ T5324] __bch2_run_recovery_passes+0x392/0x1010
[ 70.957034][ T5324] bch2_run_recovery_passes+0x184/0x210
[ 70.957046][ T5324] bch2_fs_recovery+0x2690/0x3a50
[ 70.957062][ T5324] ? check_noncircular+0xe0/0x160
[ 70.957078][ T5324] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 70.957099][ T5324] ? __lock_acquire+0xab9/0xd20
[ 70.957118][ T5324] ? __lock_acquire+0xab9/0xd20
[ 70.957135][ T5324] ? __lock_acquire+0xab9/0xd20
[ 70.957156][ T5324] ? bch2_fs_start+0x9fe/0xd90
[ 70.957198][ T5324] ? up_write+0x1c4/0x420
[ 70.957209][ T5324] ? bch2_fs_start+0x5c4/0xd90
[ 70.957220][ T5324] bch2_fs_start+0xa99/0xd90
[ 70.957231][ T5324] ? bch2_fs_start+0x5c4/0xd90
[ 70.957243][ T5324] ? __pfx_bch2_fs_start+0x10/0x10
[ 70.957260][ T5324] ? sget+0x267/0x620
[ 70.957277][ T5324] bch2_fs_get_tree+0xafc/0x14f0
[ 70.957303][ T5324] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 70.957325][ T5324] ? aa_get_newest_label+0xf7/0x5d0
[ 70.957338][ T5324] ? vfs_parse_monolithic_sep+0x2df/0x310
[ 70.957353][ T5324] ? apparmor_capable+0x137/0x1b0
[ 70.957369][ T5324] vfs_get_tree+0x92/0x2b0
[ 70.957381][ T5324] do_new_mount+0x24a/0xa40
[ 70.957394][ T5324] __se_sys_mount+0x317/0x410
[ 70.957407][ T5324] ? __pfx___se_sys_mount+0x10/0x10
[ 70.957420][ T5324] ? do_syscall_64+0xbe/0x3b0
[ 70.957435][ T5324] ? __x64_sys_mount+0x20/0xc0
[ 70.957445][ T5324] do_syscall_64+0xfa/0x3b0
[ 70.957458][ T5324] ? lockdep_hardirqs_on+0x9c/0x150
[ 70.957472][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.957481][ T5324] ? clear_bhb_loop+0x60/0xb0
[ 70.957492][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.957501][ T5324] RIP: 0033:0x7f448ab900ca
[ 70.957513][ T5324] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 70.957523][ T5324] RSP: 002b:00007f448b9a0e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 70.957536][ T5324] RAX: ffffffffffffffda RBX: 00007f448b9a0ef0 RCX: 00007f448ab900ca
[ 70.957543][ T5324] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f448b9a0eb0
[ 70.957549][ T5324] RBP: 00002000000000c0 R08: 00007f448b9a0ef0 R09: 0000000000818001
[ 70.957555][ T5324] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 70.957561][ T5324] R13: 00007f448b9a0eb0 R14: 0000000000005978 R15: 0000200000000480
[ 70.957571][ T5324]
[ 70.957575][ T5324]
[ 71.282225][ T5324] The buggy address belongs to the physical page:
[ 71.285538][ T5324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54943
[ 71.289686][ T5324] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 71.292992][ T5324] raw: 04fff00000000000 0000000000000000 ffffea00015250c8 0000000000000000
[ 71.297034][ T5324] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 71.300901][ T5324] page dumped because: kasan: bad access detected
[ 71.303985][ T5324] page_owner tracks the page as freed
[ 71.306631][ T5324] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5324, tgid 5323 (syz.0.0), ts 69484732006, free_ts 70942783053
[ 71.314521][ T5324] post_alloc_hook+0x240/0x2a0
[ 71.316990][ T5324] get_page_from_freelist+0x21e4/0x22c0
[ 71.319535][ T5324] __alloc_frozen_pages_noprof+0x181/0x370
[ 71.322499][ T5324] __alloc_pages_noprof+0xa/0x30
[ 71.324850][ T5324] ___kmalloc_large_node+0x85/0x210
[ 71.327573][ T5324] __kmalloc_large_node_noprof+0x18/0x90
[ 71.330458][ T5324] __kvmalloc_node_noprof+0x6d/0x5f0
[ 71.332974][ T5324] bch2_btree_node_read_done+0x33c4/0x5700
[ 71.335808][ T5324] btree_node_read_work+0x426/0xe30
[ 71.338684][ T5324] bch2_btree_node_read+0x887/0x2a00
[ 71.341453][ T5324] bch2_btree_root_read+0x5f0/0x760
[ 71.343779][ T5324] read_btree_roots+0x2c6/0x840
[ 71.346068][ T5324] bch2_fs_recovery+0x261f/0x3a50
[ 71.348355][ T5324] bch2_fs_start+0xa99/0xd90
[ 71.350540][ T5324] bch2_fs_get_tree+0xafc/0x14f0
[ 71.353018][ T5324] vfs_get_tree+0x92/0x2b0
[ 71.355186][ T5324] page last free pid 5324 tgid 5323 stack trace:
[ 71.358148][ T5324] __free_pages_ok+0xa44/0xc20
[ 71.360499][ T5324] __folio_put+0x21b/0x2c0
[ 71.362688][ T5324] free_large_kmalloc+0x145/0x200
[ 71.365483][ T5324] btree_node_sort+0x117f/0x1760
[ 71.369002][ T5324] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 71.372150][ T5324] bch2_btree_node_prep_for_write+0x337/0x650
[ 71.375077][ T5324] bch2_trans_lock_write+0x669/0xba0
[ 71.377561][ T5324] __bch2_trans_commit+0x2773/0x8870
[ 71.380692][ T5324] bch2_check_dirents+0x1c5c/0x33f0
[ 71.384650][ T5324] __bch2_run_recovery_passes+0x392/0x1010
[ 71.388340][ T5324] bch2_run_recovery_passes+0x184/0x210
[ 71.392642][ T5324] bch2_fs_recovery+0x2690/0x3a50
[ 71.396134][ T5324] bch2_fs_start+0xa99/0xd90
[ 71.398441][ T5324] bch2_fs_get_tree+0xafc/0x14f0
[ 71.400777][ T5324] vfs_get_tree+0x92/0x2b0
[ 71.403209][ T5324] do_new_mount+0x24a/0xa40
[ 71.405472][ T5324]
[ 71.407379][ T5324] Memory state around the buggy address:
[ 71.410910][ T5324] ffff888054942f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 71.414733][ T5324] ffff888054942f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 71.418648][ T5324] >ffff888054943000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 71.422625][ T5324] ^
[ 71.426083][ T5324] ffff888054943080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 71.429972][ T5324] ffff888054943100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 71.436902][ T5324] ==================================================================
[ 71.461542][ T5324] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 71.468901][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)
[ 71.473621][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 71.492436][ T5324] Call Trace:
[ 71.494066][ T5324]
[ 71.495535][ T5324] dump_stack_lvl+0x99/0x250
[ 71.499416][ T5324] ? __asan_memcpy+0x40/0x70
[ 71.501874][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.504313][ T5324] ? __pfx__printk+0x10/0x10
[ 71.516147][ T5324] panic+0x2db/0x790
[ 71.518241][ T5324] ? __pfx_panic+0x10/0x10
[ 71.520349][ T5324] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 71.522998][ T5324] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 71.525652][ T5324] ? print_memory_metadata+0x314/0x400
[ 71.538469][ T5324] ? bch2_check_dirents+0x1fac/0x33f0
[ 71.541207][ T5324] check_panic_on_warn+0x89/0xb0
[ 71.543641][ T5324] ? bch2_check_dirents+0x1fac/0x33f0
[ 71.556832][ T5324] end_report+0x78/0x160
[ 71.559127][ T5324] kasan_report+0x129/0x150
[ 71.561155][ T5324] ? bch2_check_dirents+0x1fac/0x33f0
[ 71.563492][ T5324] bch2_check_dirents+0x1fac/0x33f0
[ 71.567072][ T5324] ? bch2_check_dirents+0x2f1/0x33f0
[ 71.578395][ T5324] ? desc_read+0x1b8/0x3f0
[ 71.581023][ T5324] ? prb_first_seq+0xfd/0x1a0
[ 71.584199][ T5324] ? __pfx_bch2_check_dirents+0x10/0x10
[ 71.598874][ T5324] ? __pfx_prb_first_seq+0x10/0x10
[ 71.604239][ T5324] ? desc_read+0x1b8/0x3f0
[ 71.607457][ T5324] ? this_cpu_in_panic+0x4f/0x80
[ 71.610628][ T5324] ? _prb_read_valid+0xa07/0xa90
[ 71.618837][ T5324] ? console_flush_all+0x13a/0xc40
[ 71.621600][ T5324] ? up+0xde/0x150
[ 71.623259][ T5324] ? __console_unlock+0x14c/0x1a0
[ 71.625491][ T5324] ? __pfx___console_unlock+0x10/0x10
[ 71.639102][ T5324] ? prb_read_valid+0x3c/0x60
[ 71.641919][ T5324] ? console_unlock+0x21b/0x270
[ 71.648633][ T5324] ? __pfx_console_unlock+0x10/0x10
[ 71.666730][ T5324] ? vprintk_emit+0x63e/0x7a0
[ 71.669126][ T5324] ? __bch2_print+0x176/0x220
[ 71.671792][ T5324] ? bch2_check_dirents+0x2f1/0x33f0
[ 71.675016][ T5324] ? _raw_spin_unlock_irq+0x23/0x50
[ 71.677812][ T5324] ? lockdep_hardirqs_on+0x9c/0x150
[ 71.688527][ T5324] __bch2_run_recovery_passes+0x392/0x1010
[ 71.693460][ T5324] bch2_run_recovery_passes+0x184/0x210
[ 71.707098][ T5324] bch2_fs_recovery+0x2690/0x3a50
[ 71.709216][ T5324] ? check_noncircular+0xe0/0x160
[ 71.711443][ T5324] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 71.714553][ T5324] ? __lock_acquire+0xab9/0xd20
[ 71.726109][ T5324] ? __lock_acquire+0xab9/0xd20
[ 71.728230][ T5324] ? __lock_acquire+0xab9/0xd20
[ 71.730397][ T5324] ? bch2_fs_start+0x9fe/0xd90
[ 71.732490][ T5324] ? up_write+0x1c4/0x420
[ 71.734342][ T5324] ? bch2_fs_start+0x5c4/0xd90
[ 71.746550][ T5324] bch2_fs_start+0xa99/0xd90
[ 71.748811][ T5324] ? bch2_fs_start+0x5c4/0xd90
[ 71.751060][ T5324] ? __pfx_bch2_fs_start+0x10/0x10
[ 71.753535][ T5324] ? sget+0x267/0x620
[ 71.755387][ T5324] bch2_fs_get_tree+0xafc/0x14f0
[ 71.771078][ T5324] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 71.773361][ T5324] ? aa_get_newest_label+0xf7/0x5d0
[ 71.775854][ T5324] ? vfs_parse_monolithic_sep+0x2df/0x310
[ 71.778896][ T5324] ? apparmor_capable+0x137/0x1b0
[ 71.781941][ T5324] vfs_get_tree+0x92/0x2b0
[ 71.787785][ T5324] do_new_mount+0x24a/0xa40
[ 71.796491][ T5324] __se_sys_mount+0x317/0x410
[ 71.800300][ T5324] ? __pfx___se_sys_mount+0x10/0x10
[ 71.802758][ T5324] ? do_syscall_64+0xbe/0x3b0
[ 71.816165][ T5324] ? __x64_sys_mount+0x20/0xc0
[ 71.818227][ T5324] do_syscall_64+0xfa/0x3b0
[ 71.820885][ T5324] ? lockdep_hardirqs_on+0x9c/0x150
[ 71.823815][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.836503][ T5324] ? clear_bhb_loop+0x60/0xb0
[ 71.841543][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.846414][ T5324] RIP: 0033:0x7f448ab900ca
[ 71.853229][ T5324] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 71.870072][ T5324] RSP: 002b:00007f448b9a0e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 71.887601][ T5324] RAX: ffffffffffffffda RBX: 00007f448b9a0ef0 RCX: 00007f448ab900ca
[ 71.891219][ T5324] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f448b9a0eb0
[ 71.911439][ T5324] RBP: 00002000000000c0 R08: 00007f448b9a0ef0 R09: 0000000000818001
[ 71.918009][ T5324] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 71.921383][ T5324] R13: 00007f448b9a0eb0 R14: 0000000000005978 R15: 0000200000000480
[ 71.941016][ T5324]
[ 71.942914][ T5324] Kernel Offset: disabled
[ 71.944965][ T5324] Rebooting in 86400 seconds..