program:
syz_emit_ethernet(0x6e, &(0x7f0000000140)={@local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x38, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x5fb, {0x0, 0x6, "974367", 0x0, 0x2f, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [@fragment]}}}}}}}, 0x0)
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
capset(&(0x7f0000000100)={0x19980330}, &(0x7f0000000140)={0x1, 0x8, 0x8, 0x0, 0xa5, 0x4})
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r1, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000100)=ANY=[@ANYBLOB='sb=0008,shard_inode_numbers,errors=continue,inline_data,direct_io,nochanges,prjquota,compression=none,version_upgrade=incompatible,\x00'], 0x1, 0x598b, &(0x7f00000001c0)="$eJzs3X+QHNV9IPDXM7Pa0a5+rAQOMpjVIqOEQGyt+FXYpGIll9gpIJRcpBzEyYYFrYhsSagkEZAgQeTABwW4cMqpBCd/EBemDltxUQUXo1AQfpzE2dgUFx91hamz77CvyleEQxVAR/l82dTu9Jud6Z3enp2ZFRJ8PiVtT7/p+b7Xr9/M9PdN704AAADgfeHQ7buOXHry73z3T8ffvuV3/37brWGwPFVejRsMpcsb360WcjT1V1ZMLbPj4ldu+sZPR675re88PPD1dw5uOm3zD3/7hGse//xFB+77q6ffWvzov7xaFDeOpzOn15PXkxCqTxz+8y8efP6kybIkhFBOhvaFsCxZ/vSyJBNi9OchhE3pSrnSfOcjb5+zeXJ56139TeVLM0GM9/e3ajrO9h654azwo9/ccNv3V37rb/v2v7ZvepOk2jCeQlhyVePj+9L/C9P1ONpWxAeny/UhhIGGx11Q0K4Pt9n+NTnrp6TLBelysCBOvH9VZr2U2S67HvVllgMF9XUrrx2dbldkUWY9+2LUrbx2xvJl6fLb6fLMOcYvx/9JKCWhUm/+1mR6jISG45aEZOpYVuvrpfqxDen+Z9aTzHops17uy+zXVL3pQCsnSXN53C5THl+OK2n5aY2v1S1cllP+wXRZTZ+o78T1kL1RMzjjRn2/psR2HZ6lLUdDqeE1qFV5fZylB2MwLRtMls94zEQL8b6DG+5eXd74zKGhnHYkDydp/GSqj+Yaf+/3li363DfvvD7v2CZXldL4pY7i//jiF9644s6vfXVFXvx7Y/xyR/HPfnLg9YufvX1VXv/E/RoMlY7ij7363D0rT7x6f27774/9X+3o+K478EL/4iNPPpV7fEdj/yzsqP2vXPjJnzz00mOv5cYPMf5AR/E3Htjxpf7hI2fkxn8q9s9gZ+Pnzf3nvzw8/LORvPgvxviLO4r/4L77Pv7A0rsuyj2+62P/DHUU/5LTH79t0ZHHTs19ft3fq3dOgPenE9JzrDvS9dnyzP5Z8sxuNeQLfzlSqZ23Lkr/L+5lRZmTz8l6lvQyPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEED5w1n/+1P/8zNDrlXS9P73xSqm2jOULQkgWhhB27R7buXvL9mtHPn/d9Tu3j20dGds9Mr599849I+f+2sjO8R1bx/ZM3jv6kXNqj1sektoyOXVG3f0TExOloeayWN+/OX3/j1Zf8L//KYTRD/xguJLb/jX3bXvgxBY/M5J1E5/Ydv2lPzjvb9L9GkrbNdSiXRMTExMhp13/5/JfPPBnh396RgijvzRbu5575Tf+oalBUwXTcVKl/lBrUH8y0LId9Van7Yn9Vdm8Zev46Oz9O/n4cs5+/NubXvv55hu//Ita/1Zz96PN/l24bmJr6S82XPL//+LmWkFRu+r7kWnXfB/3ov6OexHbF/uvmvb3knS/luTsVyWnv2///lMvPXHynW/tC6OVN1dO193f5n71pQOgL/lgW/XGGgaSZU3l1XT7eMTj49bs3rZjza49ez+yZdvYtePXjm//2Npz154/et75562Z2vM1Pd7/WP8vt7n/7Y6nbL1xPD3R1nha+kf7vh1/tjeeitpV1B+T47y4PxpblGnX4qmfC9dNDFz2xa987L5nL60VF43zuHX9eZguByaP89rQMN5m9lWr/SrqhxDCSKt+eOOti8JJ/23LbUWvQ41HpvFnRrJu4vlV//w3F/z1il+vFRyV1/nGBnX4Ol9v9XR7pvqrmh6PiWO0f/tDOd2vwZbtWvv8s313H/qnP663b8GCcOPY7t0719Z+Lkpbuig5pWW7sqVxv1ZO/SyHtFtCfZi2GK+T+kKtfdnXz7h5tlcH0/sGk+Ut9ysr3ndww92ryxufOZTX08nDtRoXxidu8qGcLbdmHliuN7hV/cfq869ofAx/6q8f/cyjf3fujPFxdu1n0X4lOfv1rZce/MrXv/zv/653+/Wp33hh6J//+x+urhUcL68r9Van7fl/Ew2vK2eHUPT8Wxla70fu86/Uen+Knn/Zeqa3bx1vJLM+GMrFz9dqmPF8PfvJgdcvfvb2VbnP18PtPl9vblorFzxfj5Xxk31+JZXmdszf86tpoCTrJr5zxwn7nr5l/cm1gqJxXd867aek8f3ynDbyj5z9+ocrXh6+buTf/dfevW5849ceufKHY+v+pFbQ+XGPbenNca+m/VvN6d96q2Pe2di/H73muq2bauXv+vlvTYvz33RZkP/El5Jde/Z+YWzr1vGdu9rbr3bfT2M92V7u9P00vrotL9iv0oz9mr8b7fRXu8+32P5NHfdX8/NtMCQdncft/d6yRZ/75p3XD814VFrRVaU0fqmj+D+++IU3rrjza1/NjX9vjF/pKP7Yq8/ds/LEq/fnxr8/SeNXO4q/7sAL/YuPPPlUbvzR2P6FHcV/5cJP/uShlx57LTd+iPEHO+v/N/ef//Lw8M9y47+YpPVMniOF8Mjb52yurSehL32+xXb0NbUrZNeTzHops15uXC/V5lrrFZSTpLk8bpeWn9bQllb+IKc8noVVV9SW78T1kL0xe/mxptRiTq2xvOg8FQDgvS5+/h/PQePn/+PpiVL+TANM6zYPW5ETN+Zh0/M5C5ruX5HGj4+P84DDHw2jk8tbR2on+nP9HCE+H7LznLGeMz7cHGMu85ylMD3PWTT/viqzHttVmy+vNOShqZl5TSW0Mf8+s57Z598zu188Pz5yx4xmjTTMW2WPX186Y9bqeodMeyuTEfLGR3ZeLF7PMbwkrJ+qr83xkb2OJh6H7HU0sZ6TMy+cnV5H0+34iM2eZXxMNbn4842Zxy/M0r/Tx691tOzxm8Pxrk5uP9+fz/Zg3rDlS9rRmzds4/OwFvHb/TysPi+5buY2s8V/v8xLHuvzhrE87kelzfnEz+SUtzOf2DgvlzefGF8uYrsOz9KWo8F8IvBeFfP/+B4xmf9PnoD/38x2Reeh2bPGGC/3OqFy6/YU5R0zr9Mb6Oh9fOOBHV/qHz5yRu55zlPtXvezo2ltoOC6n6J+XJ1ZL+zHnAmaonwvW09Rv2evyxgMizvq9wf33ffxB5bedVFuv6+vvZEW9/tXmtYWF/T7cZAvtI7/XssXXMfQHL9H1zEUzZ+9a/lIeuHTfOUjv59TPtfrGwZm3Kjv15TjLh/pO7rtAgCOHzH/r39+lub//yNukJ5HFOWtZ2bWY7zcvDXn/CQvb/29dHljZvvB9Dcq5nrefMnpj9+26Mhjp+bmLfe3m4f+h6a1ocI8tLu8OTePWN+b68Vz84h6ntVdnpjb/nqe2F2enhu/nqd3l0fn9k89j+5uHiA3fn0e4HjPcwvm6zKVxdV25+ves3l0+uuz85VHX5ZTPtc8erDhxr7m/ZoijwYAeHfF/D+exsX8/9nMdt1+zp6bF/TovD3790Dq8V88WnnlfOd98523zndeP9/zEsd7Xjzf80LzO0/2vs+L00rbyYtD835NOX7z4oVHrW0AAHQv5v/xLC4//+8uP2mVv/U15Sfy85bx5efHSH5+vM9/yf+Plc/FQ/N+TTl+838AAI4nMf+Pv/YY//7ff0rXs3+3Xp6eE/94yNMrQZ6eE/9o5OkPDbWTp/d+ni24DuDdnQdo+IjcPAAAAO+GvqlMaebv2X82XWZ/zz7v9/KvyNm+XZX09Pjq3TvHx6+8fsemsd3jV26/btP4ritv2Lll9+7x7bXtus0bc/OWNG/sC5W0P1pvl83blqZ/D2Fpzt9DyG4fw54ydWPm30PIVruw4O8ITB+/9tqbd/xKs2zfanzkHe+8+H+Qs31UP/7X/OHZV27edeWW7Vt2bxnbumXvePN2k1nrwBy+NzN2y5y+LzXzY4bS3L+/szftKM1oR1/aH3nfz55k2rEsbcmyvO8/yGn3d//Ln/3R6RO/eCiE0Q+UP9RV/yXrJv7j5eO/t/vQD3ZMtn/hrO2vb5m2q+j7SrPbx/2pbL1u1+6zNl93/fbsN0p2Js5nlOrr8zSfkT79y23OT2zMKZ/rdQrlGTeOTW3PTwAA0CR+/h/PZ+Pnh19OT6Bieft5enefH+fm6aPNeXreb51mv5esKE/Pbh/3t908vdplnp6tvyhPb7V9qzw9L+/Oi//7OdvPVfvjpLvrPHLHyVXtzedkv8+gaJxkt5/rOEm6HCfZ+ovGSavtW42TvOOeF//TOdvnaX88dHddTu54uLe98fCrmfWi8ZDdfq7jodTleMjWXzQeWm3fajzkHd+8+JfmbN+u5vExOTCmxsX4lTdct/MLDdvN9/dfdN+++f3+j0613/75ve5r/ts/v9eVzX/7u/v9r9z2v9jdTFj77Z/f73fp1FGbr00vNiu6/qxoHndDTvlc53EXzLhxbDKPC++emP/Hj3ti/n9Xuuz1x0DH//ek+R6zlvF79D1mRecx3s9nqewY4P0cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoD39lRVTy0O37zpy6cm/890/HX/7lt/9+223/spN3/jpyDW/9Z2HB77+zsFNp23+4W+fcM3jn7/owH1/9fRbix/9l1cLAw9N/aycma5WQ0heT0KoPnH4z7948PmTJsuSEEI5GdoXwrJk+dPLkkyE0Z+HEDbV29l85yNvn7N5cnnrXf1N5UszQbL7FQbLsT2N7QzhxsI94jhUTcfZ3iM3nBV+9Jsbbvv+ym/9bd/+1/ZNb5JUG8ZTCEuuanx8XwhhYfp/UhxtK+KD0+X6EMJAw+MuKGjXh9ts/5qc9VPS5YJ0OVgQJ96/KrNeatqqP/fxfZnlQEF93Sr1eLsiizLr2RejbuW1M5YvS5ffTpdnzjF+Of5PQikJlXrztybTYyQ0HLckJFPHslpfL9WPbUj3P7OeZNZLmfVyX2a/pupNB1o5SZrL43aZ8vhyXEnLT2t8rW7hspzyD6bLavpEfSeuh+yNmsEZN+r7NSW26/AsbTkaSjnP0lheP/DpwRhMywaT5TMeM9FCvO/ghrtXlzc+c2gopx3Jw0kaP+ko/t7vLVv0uW/eef2KvPhXldL4pY7i//jiF9644s6vfTU3/r0xfrmj+Gc/OfD6xc/eviq3fw7H/ql0FH/s1efuWXni1ftz239/jF/tKP66Ay/0Lz7y5FO57R+N/bOwo/ivXPjJnzz00mOv5cYPMf5AR/E3Htjxpf7hI2fkxn8q9s9gZ+Pnzf3nvzw8/LORvPgvxviLO4r/4L77Pv7A0rsuyj2+62P/DHUU/5LTH79t0ZHHTs177Uzu79U7J8D70wnpOdYd6XqneWa3GvKFvxyp1M75FqX/F/eyoozJepbMY3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6b/vHmcz97+Sc+vaGShJDkbDPRQryvvGDdupEO6h179bl7Vp549f7GshUdxAEAAACKxTy8VC+phhXhhmRhOKXl9nGO4JS4ljSXZ+cQYpzsHEGncUo9ilPuUZxKj+L09SjOgh7F6e9RnGpBnGpoL87CWeJUJkdFm+0ZmLU97ccZ7FGcRT2Ks7hHcZb0KM7SHsUZmjVO++NwWY/iLO9RnBN6FOfEHsX5QI/i/FKP4pzUozjZOeW5jsPF6ZYn58WZulEujFNJyvU7Ws2nn5TWc2qX9QwW1LO46P24zXoWtlnPhzOPK82xnmqb9fxyl/Ukbdbzq13WUyqoJ47bG7Pti/XEtTbH/54exdnbXZz/Fc+3bupRe27uUZw/7lGcP+lRnFu6jJNdB8gT8//pfG8o9Fd+PQykrzjZWYCY766c+jnz/S7vBSjG+1CmfEFRvGyinom3cq7ty04gZOKtypT3NcWr1PORWeJVG+OtztxZuL/ZCYVM+87MlPcXxctOLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPPrHm8/97OWf+PSGkITJfy1NtBDvKy9Yt26kg3oPbrh7dXnjM4cay/orHQQCAAAACsU8vK9eUg39lbWhP1nQtF01nQeopuvlodpyeElYP7lMRkpT6wPJslkfV0kft2b3th1rdu3Z+5Et28auHb92fPvH1p679vzR884/b83mLVvHR2s/Q+gviBdCmJp+2LVn7xfGtm4d37mrVpht/4r0cSvS9SR93PBHw+jk8ta0/csL6ivNqG/PyxfW7pou6dGNgkMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL+ya3chclb3H8DPMzM7M67m7/7xbQxmHWKUtJU2SdcSW3EfKFTQJGQRyoztVkJNqHRjgiaS2qkGqjahpaAEQkoumpJKtdIbX6qU+kIgxaYNdNNQVFov2osWbS1RclEiU3Z3zuzMZCaznYrR9PO5eJ6Zc37n/ObMxcL32QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAzddG5usjE9Uh5MQkh419S7iXDafpuUB+n75+a3fL4yeXN46VsgNsBEAAADQV8zhQ82RYijksiEbLp99t3Tmkm9MhPncDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/O+Zro1NVsYnqucnISQ9aupdxLlsPk3LA/R9450nP/Pq6OhfW8dKA+wDAAAA9BdzeKY5UgylcFUYSi5vq4vPBhZ3rO+si/ssWWBd57ODXnVXLbDumgXWfaxP3brGfUcAAACAj76Y/3PNkZFQyC3qmf/75fpYd2VHXbZxH+S3AgAAAMB/J+b/QnOkFAq5UjOvLzTvL+2oi+v7/d8+rr+6x/p+/89f27j7Pz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHRM18YmK+MT1WwSQtKjpt5FnMvm07Q8QN9VLwz//ZZDDy1tHSvkBtgIAAAA6Cvm8PnoXQyF3HAYCufP5v7Rm/Y//cWnnx0LIczF/Hw+7Niwbdvdq+ausW7lkUND3zv81rea28S6lXPXs3I4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfTVdG5usjE9Uz0tCSHrU1LuIc9l8mpYH6Pv6577w58ePP/dm61hpgH0AAACA/mIOn8/+xVAK+ZAPl86+a836MzId63s9MwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOHfd8476vb5ia2ni3F1544UXzxdn+ywQAALzfrgxJqP+HLlt/tj81AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwYTBdG5usjE9Ui0kISY+aehdxLptP0/IAfdPnjxYWnXzhpdax0gD7AAAAAP3FHD6f/YuhFIbCULhk9l23ZwKz+X/kA/yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIfKdG1ssjI+UV2UhJD0qKl3Eeey+TQtD9D3sZ37Pnvwwu/e3DpWyA2wEQAAANBXzOH55kgxFHIfD4VwReP9VPuCJNu4d38uML9ua9uy4QWvq7Wtyy543a6Ok+Uap5lbV4z7jczdm+vKp68rt6wrhWb7ctu6sKdt1aI+nzMAAADAWRTzf6E5MhIKuUJLzv1JW/2InAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9DBdG5usjE9UkySEpEdNvYs4l82naXmAvvf95v8v+MpPd29vHSsNsA8AAADQX8zh89m/GEphSfi/sGQ294eR9vpY94/KqYOP/vMvy0NYcemx0Vzntj+ML371+o0vdl5CyLRXZ0K4sNEv6dHv17979N5l9VOPh7DikuwVp/ULZ+43r14vJ2n9mcrGtdsOH9va//sBAACAc0HM/0PNkZFQyN3VM//H5N0n/zfNBvAL793584sb10Yi71iRKTR+Z5Dp0e/zy57809Wr//bWTP4/U79P7dt88OK2hnMjHZK0Pr55+7pj1x3IxFPPnTfb0T9+L1/65pv/2rTjkVNz/Yuh2BhfnOvW//Rrh/PS+lRmb3XNe3tr7f1zPc7/0G9fOv7Lxbvfnen/zpXDzf7XnOH8Z+4/fOvDe67fd2hde/8QQrlb/7ffvTlc9oc7H+w8/3DHxq3ffOu1Q5LWjyw9cWD1/tIN7f2Tjv7x+//Z8cf2/PiR7zwb+8ffiiy/aqH9Mx39X9l10c6XH1i/uL1/psf5X7zt1dEt5W//vvP8d7Ttmuv5KU4//xPXPnX7axvS+zunAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzi3TtbHJyvhENZOEkPSoqXcR57L5NC0P0PeNW46+fdvuH/2gdaw0wD4AAABAfzGHz2f/YiiFfMiH4dnc/0xl49pth49tDSNzs0njnpvacs+2T2zasv2uO87SJwcAAAAWKub/XHNkJBRyy8JQI/+Pb96+7th1BzIx/2di/t9059TGFaFZ98qui3a+/MD6xc3nBCHM/iygOFP36Zm66mzdTTceHTnxx69d3bVu1fx+R5aeOLB6f+mGWBda61aG5vOJJ6596vbXNqT3Nz9fa90nv7plqvF4Iu47fOvDe67fd2hd8xyN+3Bj31g3ldlbXfPe3lqsyzbuxca5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDTTdfGJivjE9WQDSHpUVPvIs5l82laHqDvmmW/ePCCk88taR0r5AbYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+zQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX26y9EqiqOA/g5M7PtuLOruxpkRetqRWEPSUFEvVRUhEYIPRkSluZDFAQRhT20hkZiRS9B1otEBdUWQkFukmixRv+klx4qKLAeApEWykV6qNjZc8bZ697GZi2oPh+4nD3n3vu9v3vPmTs7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL9Kb21psz20/cGp28676ZPH7zn+2C3v3b/1kkdf/2Fk4w0f7+l75cTEpuWbv75xycZ9964e3/XiwV8G3vntSD5/a1nwIzPNytSthxCPxRDq708+98TEp+dMj8UQQjUOjoYwFBcfHIqFhFW/hhA2teqcvfPt41dubl5/Z++s8UWFkOJ9hUY11zNjcHa9/LfU0zrbMvXwZeHb69dt+3zZW2/2jB0dPXlIrLetpxAWbmg/vyeEsCBt0/JqW5pPTu3aEEJf23lXd6jrwtOs//KS/vmpPSu1jQ45ef+KQr9SOK7Yz3oKbV+H681XWR3dHtdJf6FffBnNV1mdeXwote+mduVfzK/mLYZKDLVW+ffFk2sktM1bDLE5l/VWv9Ka25Duv9CPhX6l0K/2FO6red200Koxzh7PxxXG8+u4lsaXt7+r53B7yfi5qa2nD+qJ3A/FP2Y0TvmjdV9Nua7JP6nln1BpewfNNd6a+DQZjTTWiItPOef3OeR9E+ueuri6/oNDgyV1xD0x5cdCfu208rd8NtR/5xs7Hlpalr+hkvIrXdX/3ZrDP92x46UXSvOfzfnVrvKv2N93bM2H21eUPp/J/HxqXeXfdeSjp5edfffYXHPdzN+d8+td5V83frh3YGr/gdL6V+Xns6Cr/G+uvfn7177ce7Q0P+T8vq7y148/8Ezv8NSlpfkHZj4KjeYK7WL9/Dx21VfDwz+OlOV/kZ//wBz5sWP+q6O7rnl50c7VpetzbX4+g13Vf+tF+7b1T+29oOzdGXefqW9OgP+nJel/rCdTv9vfmfPV9nvh+ZHazDdQf9oGzuSFCqavs/BvzAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mAHDkgAAAAABP1/3Y5AAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCpAAAA//+6Nyi+")
setsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000000380), 0x4)
recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
connect$can_bcm(r0, &(0x7f0000000080), 0x10)
[ 84.560071][ T5339] Bluetooth: hci0: command tx timeout
[ 84.692048][ T5365] capability: warning: `syz.0.0' uses 32-bit capabilities (legacy support in use)
[ 85.486493][ T5365] loop0: detected capacity change from 0 to 32768
[ 85.861509][ T5365] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,prjquota,nochanges,nojournal_transaction_names,read_only,version_upgrade=incompatible
[ 85.861527][ T5365] allowing incompatible features above 0.0: (unknown version)
[ 85.861534][ T5365] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 85.895959][ T5365] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 85.901981][ T5365] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing
[ 85.913083][ T5365] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none
[ 85.913102][ T5365] has non ptr field, deleting
[ 85.930044][ T5365] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 85.934019][ T5365] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete
[ 85.934019][ T5365] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive
[ 85.934019][ T5365] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents
[ 85.951560][ T5365] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version)
[ 85.951560][ T5365]
[ 86.037640][ T5365] bcachefs (loop0): accounting_read... done
[ 86.042640][ T5365] bcachefs (loop0): alloc_read... done
[ 86.046332][ T5365] bcachefs (loop0): snapshots_read... done
[ 86.049457][ T5365] bcachefs (loop0): check_allocations...
[ 86.054313][ T5365] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree
[ 86.054339][ T5365] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing
[ 86.092478][ T5365] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree
[ 86.092495][ T5365] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 8 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 86.122539][ T5365] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[ 86.122555][ T5365] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 86.150203][ T5365] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[ 86.150220][ T5365] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 86.189313][ T5365] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.204139][ T5365] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 86.244170][ T5365] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.261173][ T5365] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 86.266321][ T5365] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.278760][ T5365] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 86.288146][ T5365] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.294968][ T5365] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 86.299887][ T5365] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.305726][ T5365] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 86.319560][ T5365] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.325668][ T5365] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 86.338110][ T5365] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.351906][ T5365] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 86.368689][ T5365] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.391392][ T5365] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing
[ 86.424872][ T5365] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.429695][ T5365] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 86.438114][ T5365] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.446166][ T5365] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 86.453609][ T5365] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing
[ 86.453626][ T5365] Ratelimiting new instances of previous error
[ 86.468273][ T5365] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 86.468290][ T5365] Ratelimiting new instances of previous error
[ 86.493222][ T5365] done
[ 86.498914][ T5365] bcachefs (loop0): going read-write
[ 86.570026][ T10] cfg80211: failed to load regulatory.db
[ 86.647865][ T5339] Bluetooth: hci0: command tx timeout
[ 86.774673][ T5365] bcachefs (loop0): journal_replay... done
[ 86.856187][ T5365] bcachefs (loop0): check_extents_to_backpointers...
[ 86.858601][ T5365] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets
[ 86.866891][ T5365] done
[ 86.880990][ T5365] bcachefs (loop0): check_subvols... done
[ 86.883863][ T5365] bcachefs (loop0): check_inodes... done
[ 86.898987][ T5365] bcachefs (loop0): check_dirents...
[ 86.900237][ T5365] bcachefs (loop0): key in missing inode, found keys:
[ 86.900262][ T5365] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir
[ 86.900270][ T5365] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg
[ 86.900278][ T5365] u64s 7 type 89 4096:2695648408715017799:U32_MAX len 0 ver 0:
[ 86.900284][ T5365] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg
[ 86.900292][ T5365] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir
[ 86.900298][ T5365] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg
[ 86.900306][ T5365] , fixing
[ 87.012269][ T5365] bcachefs (loop0): hash table key at wrong offset: should be at 6232053912992244107
[ 87.012286][ T5365] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 87.071780][ T5365] bcachefs (loop0): hash table key at wrong offset: should be at 604881307936517036
[ 87.071813][ T5365] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 87.094769][ T5365] bcachefs (loop0): hash table key at wrong offset: should be at 6646292587362328963
[ 87.094784][ T5365] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 87.153077][ T5365] bcachefs (loop0): dirent points to missing inode:
[ 87.153091][ T5365] u64s 7 type dirent 4096:6232053912992244107:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 87.171941][ T5365] bcachefs (loop0): dirent points to missing inode:
[ 87.171956][ T5365] u64s 7 type dirent 4096:6646292587362328963:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 87.207614][ T5365] bcachefs (loop0): hash table key at wrong offset: should be at 5224985822612012807
[ 87.207630][ T5365] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing
[ 87.219973][ T5365] bcachefs (loop0): hash table key at wrong offset: should be at 8509604672055469234
[ 87.219987][ T5365] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing
[ 87.298249][ T5365] bcachefs (loop0): key in missing inode, found keys:
[ 87.298265][ T5365] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk
[ 87.298273][ T5365] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg
[ 87.298283][ T5365] , fixing
[ 87.319774][ T5365] bcachefs (loop0): key in missing inode, found keys:
[ 87.319797][ T5365] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg
[ 87.319804][ T5365] , fixing
[ 87.345289][ T5365] bcachefs (loop0): check_dirents requires second pass
[ 87.355685][ T5365] bcachefs (loop0): dirent points to missing inode:
[ 87.355700][ T5365] u64s 7 type dirent 4096:604881307936517036:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 87.378070][ T5365] ==================================================================
[ 87.381324][ T5365] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0
[ 87.384367][ T5365] Read of size 1 at addr ffff888054c03048 by task syz.0.0/5365
[ 87.401713][ T5365]
[ 87.402702][ T5365] CPU: 0 UID: 0 PID: 5365 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 87.402720][ T5365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.402727][ T5365] Call Trace:
[ 87.402736][ T5365]
[ 87.402743][ T5365] dump_stack_lvl+0x189/0x250
[ 87.402761][ T5365] ? __kasan_check_byte+0x12/0x40
[ 87.402776][ T5365] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.402789][ T5365] ? lock_release+0x4b/0x3e0
[ 87.402815][ T5365] ? __virt_addr_valid+0x4a5/0x5c0
[ 87.402830][ T5365] print_report+0xca/0x240
[ 87.402841][ T5365] ? bch2_check_dirents+0x1fac/0x33f0
[ 87.402850][ T5365] kasan_report+0x118/0x150
[ 87.402865][ T5365] ? bch2_check_dirents+0x1fac/0x33f0
[ 87.402877][ T5365] bch2_check_dirents+0x1fac/0x33f0
[ 87.402891][ T5365] ? bch2_check_dirents+0x2f1/0x33f0
[ 87.402901][ T5365] ? desc_read+0x1b8/0x3f0
[ 87.402913][ T5365] ? prb_first_seq+0xfd/0x1a0
[ 87.402922][ T5365] ? __pfx_bch2_check_dirents+0x10/0x10
[ 87.402932][ T5365] ? __pfx_prb_first_seq+0x10/0x10
[ 87.402943][ T5365] ? desc_read+0x1b8/0x3f0
[ 87.402954][ T5365] ? this_cpu_in_panic+0x4f/0x80
[ 87.402964][ T5365] ? _prb_read_valid+0xa07/0xa90
[ 87.402974][ T5365] ? console_flush_all+0x13a/0xc40
[ 87.402987][ T5365] ? up+0xde/0x150
[ 87.403058][ T5365] ? __console_unlock+0x14c/0x1a0
[ 87.403071][ T5365] ? __pfx___console_unlock+0x10/0x10
[ 87.403086][ T5365] ? prb_read_valid+0x3c/0x60
[ 87.403097][ T5365] ? console_unlock+0x21b/0x270
[ 87.403109][ T5365] ? __pfx_console_unlock+0x10/0x10
[ 87.403120][ T5365] ? vprintk_emit+0x63e/0x7a0
[ 87.403135][ T5365] ? __bch2_print+0x176/0x220
[ 87.403148][ T5365] ? bch2_check_dirents+0x2f1/0x33f0
[ 87.403160][ T5365] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.403178][ T5365] __bch2_run_recovery_passes+0x3ba/0x1060
[ 87.403198][ T5365] bch2_run_recovery_passes+0x184/0x210
[ 87.403209][ T5365] bch2_fs_recovery+0x2690/0x3a50
[ 87.403225][ T5365] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 87.403236][ T5365] ? __lock_acquire+0xab9/0xd20
[ 87.403251][ T5365] ? __mutex_trylock_common+0x153/0x260
[ 87.403263][ T5365] ? __lock_acquire+0xab9/0xd20
[ 87.403280][ T5365] ? __lock_acquire+0xab9/0xd20
[ 87.403299][ T5365] ? bch2_fs_start+0xa0f/0xda0
[ 87.403310][ T5365] ? up_write+0x1c4/0x420
[ 87.403320][ T5365] ? bch2_fs_start+0x5e7/0xda0
[ 87.403332][ T5365] bch2_fs_start+0xaaf/0xda0
[ 87.403343][ T5365] ? bch2_fs_start+0x5e7/0xda0
[ 87.403355][ T5365] ? __pfx_bch2_fs_start+0x10/0x10
[ 87.403371][ T5365] ? sget+0x267/0x620
[ 87.403385][ T5365] bch2_fs_get_tree+0xb39/0x1520
[ 87.403401][ T5365] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 87.403456][ T5365] ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 87.403473][ T5365] vfs_get_tree+0x92/0x2b0
[ 87.403485][ T5365] do_new_mount+0x2a2/0x9e0
[ 87.403499][ T5365] ? ns_capable+0x8a/0xf0
[ 87.403509][ T5365] ? __pfx_do_new_mount+0x10/0x10
[ 87.403520][ T5365] ? path_mount+0x61c/0xfe0
[ 87.403530][ T5365] ? user_path_at+0x44/0x60
[ 87.403542][ T5365] __se_sys_mount+0x317/0x410
[ 87.403555][ T5365] ? __pfx___se_sys_mount+0x10/0x10
[ 87.403567][ T5365] ? do_syscall_64+0xbe/0x3b0
[ 87.403577][ T5365] ? __x64_sys_mount+0x20/0xc0
[ 87.403589][ T5365] do_syscall_64+0xfa/0x3b0
[ 87.403599][ T5365] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.403612][ T5365] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.403622][ T5365] ? clear_bhb_loop+0x60/0xb0
[ 87.403633][ T5365] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.403643][ T5365] RIP: 0033:0x7fa3c799034a
[ 87.403655][ T5365] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 87.403664][ T5365] RSP: 002b:00007fa3c873fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 87.403676][ T5365] RAX: ffffffffffffffda RBX: 00007fa3c873fef0 RCX: 00007fa3c799034a
[ 87.403683][ T5365] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fa3c873feb0
[ 87.403689][ T5365] RBP: 00002000000000c0 R08: 00007fa3c873fef0 R09: 0000000000818001
[ 87.403696][ T5365] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 87.403703][ T5365] R13: 00007fa3c873feb0 R14: 000000000000598b R15: 0000200000000100
[ 87.403713][ T5365]
[ 87.403717][ T5365]
[ 87.820126][ T5365] The buggy address belongs to the physical page:
[ 87.822894][ T5365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54c03
[ 87.826535][ T5365] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 87.850313][ T5365] raw: 04fff00000000000 0000000000000000 ffffea00015300c8 0000000000000000
[ 87.877781][ T5365] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 87.883606][ T5365] page dumped because: kasan: bad access detected
[ 87.886187][ T5365] page_owner tracks the page as freed
[ 87.890724][ T5365] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5365, tgid 5363 (syz.0.0), ts 86025143629, free_ts 87377428336
[ 87.904793][ T5365] post_alloc_hook+0x240/0x2a0
[ 87.907848][ T5365] get_page_from_freelist+0x21e4/0x22c0
[ 87.912972][ T5365] __alloc_frozen_pages_noprof+0x181/0x370
[ 87.915325][ T5365] alloc_pages_mpol+0x232/0x4a0
[ 87.917372][ T5365] ___kmalloc_large_node+0x5f/0x1b0
[ 87.919609][ T5365] __kmalloc_large_node_noprof+0x18/0x90
[ 87.924806][ T5365] __kvmalloc_node_noprof+0x6d/0x5f0
[ 87.928722][ T5365] bch2_btree_node_read_done+0x32f6/0x5550
[ 87.932673][ T5365] btree_node_read_work+0x40e/0xe60
[ 87.937445][ T5365] bch2_btree_node_read+0x887/0x2a00
[ 87.957317][ T5365] bch2_btree_root_read+0x5f0/0x760
[ 87.959468][ T5365] read_btree_roots+0x2c6/0x840
[ 87.961489][ T5365] bch2_fs_recovery+0x261f/0x3a50
[ 87.963557][ T5365] bch2_fs_start+0xaaf/0xda0
[ 87.965454][ T5365] bch2_fs_get_tree+0xb39/0x1520
[ 87.969094][ T5365] vfs_get_tree+0x92/0x2b0
[ 87.971486][ T5365] page last free pid 5365 tgid 5363 stack trace:
[ 87.973922][ T5365] __free_pages_ok+0xa83/0xbe0
[ 87.975826][ T5365] free_large_kmalloc+0x13a/0x1f0
[ 87.978682][ T5365] btree_node_sort+0x117f/0x1760
[ 87.983438][ T5365] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 87.991052][ T5365] bch2_btree_node_prep_for_write+0x337/0x650
[ 87.994317][ T5365] bch2_trans_lock_write+0x669/0xba0
[ 87.997632][ T5365] __bch2_trans_commit+0x2773/0x8870
[ 88.003713][ T5365] bch2_check_dirents+0x1c5c/0x33f0
[ 88.008036][ T5365] __bch2_run_recovery_passes+0x3ba/0x1060
[ 88.012105][ T5365] bch2_run_recovery_passes+0x184/0x210
[ 88.035342][ T5365] bch2_fs_recovery+0x2690/0x3a50
[ 88.038326][ T5365] bch2_fs_start+0xaaf/0xda0
[ 88.041184][ T5365] bch2_fs_get_tree+0xb39/0x1520
[ 88.048148][ T5365] vfs_get_tree+0x92/0x2b0
[ 88.050925][ T5365] do_new_mount+0x2a2/0x9e0
[ 88.058888][ T5365] __se_sys_mount+0x317/0x410
[ 88.061916][ T5365]
[ 88.066753][ T5365] Memory state around the buggy address:
[ 88.070359][ T5365] ffff888054c02f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 88.080213][ T5365] ffff888054c02f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 88.087615][ T5365] >ffff888054c03000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 88.090871][ T5365] ^
[ 88.111763][ T5365] ffff888054c03080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 88.115236][ T5365] ffff888054c03100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 88.119086][ T5365] ==================================================================
[ 88.154590][ T5365] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 88.158758][ T5365] CPU: 0 UID: 0 PID: 5365 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 88.164199][ T5365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 88.172258][ T5365] Call Trace:
[ 88.174676][ T5365]
[ 88.177114][ T5365] dump_stack_lvl+0x99/0x250
[ 88.179803][ T5365] ? __asan_memcpy+0x40/0x70
[ 88.182391][ T5365] ? __pfx_dump_stack_lvl+0x10/0x10
[ 88.185291][ T5365] ? __pfx__printk+0x10/0x10
[ 88.190372][ T5365] vpanic+0x281/0x750
[ 88.193998][ T5365] ? preempt_schedule+0xae/0xc0
[ 88.219140][ T5365] ? __pfx_vpanic+0x10/0x10
[ 88.221189][ T5365] ? preempt_schedule_common+0x83/0xd0
[ 88.223625][ T5365] ? preempt_schedule+0xae/0xc0
[ 88.225745][ T5365] ? __pfx_preempt_schedule+0x10/0x10
[ 88.228326][ T5365] panic+0xb9/0xc0
[ 88.229891][ T5365] ? __pfx_panic+0x10/0x10
[ 88.231764][ T5365] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 88.234160][ T5365] ? bch2_check_dirents+0x1fac/0x33f0
[ 88.236305][ T5365] check_panic_on_warn+0x89/0xb0
[ 88.239178][ T5365] ? bch2_check_dirents+0x1fac/0x33f0
[ 88.243578][ T5365] end_report+0x78/0x160
[ 88.249052][ T5365] kasan_report+0x129/0x150
[ 88.251774][ T5365] ? bch2_check_dirents+0x1fac/0x33f0
[ 88.256311][ T5365] bch2_check_dirents+0x1fac/0x33f0
[ 88.261321][ T5365] ? bch2_check_dirents+0x2f1/0x33f0
[ 88.266973][ T5365] ? desc_read+0x1b8/0x3f0
[ 88.269706][ T5365] ? prb_first_seq+0xfd/0x1a0
[ 88.271918][ T5365] ? __pfx_bch2_check_dirents+0x10/0x10
[ 88.274040][ T5365] ? __pfx_prb_first_seq+0x10/0x10
[ 88.276233][ T5365] ? desc_read+0x1b8/0x3f0
[ 88.278110][ T5365] ? this_cpu_in_panic+0x4f/0x80
[ 88.280052][ T5365] ? _prb_read_valid+0xa07/0xa90
[ 88.282011][ T5365] ? console_flush_all+0x13a/0xc40
[ 88.284467][ T5365] ? up+0xde/0x150
[ 88.286561][ T5365] ? __console_unlock+0x14c/0x1a0
[ 88.290388][ T5365] ? __pfx___console_unlock+0x10/0x10
[ 88.293430][ T5365] ? prb_read_valid+0x3c/0x60
[ 88.297195][ T5365] ? console_unlock+0x21b/0x270
[ 88.301091][ T5365] ? __pfx_console_unlock+0x10/0x10
[ 88.304142][ T5365] ? vprintk_emit+0x63e/0x7a0
[ 88.307812][ T5365] ? __bch2_print+0x176/0x220
[ 88.312570][ T5365] ? bch2_check_dirents+0x2f1/0x33f0
[ 88.315540][ T5365] ? lockdep_hardirqs_on+0x9c/0x150
[ 88.319488][ T5365] __bch2_run_recovery_passes+0x3ba/0x1060
[ 88.324486][ T5365] bch2_run_recovery_passes+0x184/0x210
[ 88.328241][ T5365] bch2_fs_recovery+0x2690/0x3a50
[ 88.331180][ T5365] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 88.334226][ T5365] ? __lock_acquire+0xab9/0xd20
[ 88.337080][ T5365] ? __mutex_trylock_common+0x153/0x260
[ 88.340181][ T5365] ? __lock_acquire+0xab9/0xd20
[ 88.342521][ T5365] ? __lock_acquire+0xab9/0xd20
[ 88.344550][ T5365] ? bch2_fs_start+0xa0f/0xda0
[ 88.347429][ T5365] ? up_write+0x1c4/0x420
[ 88.368356][ T5365] ? bch2_fs_start+0x5e7/0xda0
[ 88.371198][ T5365] bch2_fs_start+0xaaf/0xda0
[ 88.374574][ T5365] ? bch2_fs_start+0x5e7/0xda0
[ 88.426379][ T5365] ? __pfx_bch2_fs_start+0x10/0x10
[ 88.429415][ T5365] ? sget+0x267/0x620
[ 88.433335][ T5365] bch2_fs_get_tree+0xb39/0x1520
[ 88.435748][ T5365] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 88.440009][ T5365] ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 88.443914][ T5365] vfs_get_tree+0x92/0x2b0
[ 88.447200][ T5365] do_new_mount+0x2a2/0x9e0
[ 88.450182][ T5365] ? ns_capable+0x8a/0xf0
[ 88.453061][ T5365] ? __pfx_do_new_mount+0x10/0x10
[ 88.456071][ T5365] ? path_mount+0x61c/0xfe0
[ 88.458021][ T5365] ? user_path_at+0x44/0x60
[ 88.460578][ T5365] __se_sys_mount+0x317/0x410
[ 88.465524][ T5365] ? __pfx___se_sys_mount+0x10/0x10
[ 88.470589][ T5365] ? do_syscall_64+0xbe/0x3b0
[ 88.476487][ T5365] ? __x64_sys_mount+0x20/0xc0
[ 88.479198][ T5365] do_syscall_64+0xfa/0x3b0
[ 88.482793][ T5365] ? lockdep_hardirqs_on+0x9c/0x150
[ 88.486457][ T5365] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.491058][ T5365] ? clear_bhb_loop+0x60/0xb0
[ 88.493370][ T5365] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.496199][ T5365] RIP: 0033:0x7fa3c799034a
[ 88.498529][ T5365] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 88.538429][ T5365] RSP: 002b:00007fa3c873fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 88.545056][ T5365] RAX: ffffffffffffffda RBX: 00007fa3c873fef0 RCX: 00007fa3c799034a
[ 88.550586][ T5365] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fa3c873feb0
[ 88.556109][ T5365] RBP: 00002000000000c0 R08: 00007fa3c873fef0 R09: 0000000000818001
[ 88.559877][ T5365] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 88.563465][ T5365] R13: 00007fa3c873feb0 R14: 000000000000598b R15: 0000200000000100
[ 88.568137][ T5365]
[ 88.570247][ T5365] Kernel Offset: disabled
[ 88.574498][ T5365] Rebooting in 86400 seconds..