program:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000007112340000000000950000000000000012e18d6eb7f2c87406cbefc5e8bf902ae65e496dc7e46c3865add114a4c621efd97135aeee720022e2897d90e3c198d38f3b3995cf2f3e2466bf0bcd07379103000000b3a230005f6eae13f001dc296f96e86f1e"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000280)={0x18, 0x0, {0x0, @remote, 'wg0\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x2, @multicast, 'macsec0\x00'}}, 0x1e)
dup3(r0, r1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x3c, r4, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4)
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f00000002c0)=ANY=[@ANYBLOB="696e6f6465735f33326269742c73686172645f696e6f64655f6e756d626572732c6572726f72733d636f6e74696e75652c696e6c696e655f646174612c6469726563745f696f2c6e6f6368616e6765732c70726a71756f74612c7265636f766572795f706173735f6c6173743d64656c6574655f646561645f696e6f6465732c76657273696f6e5f757067726164653d696e636f6d70617469626c652c008b3eef0738a8acf2e88bb6193350832b338461ee71a40583ee071f136d6ac7a60a5f0a4ff7f33c29b55b107ec2e5a242f826204f3cd8ad6130231f1938e335f4595f927248e923b35e5a3e5c9a1a9d8ac78da04bb1c38571b3ebbdbee15434dc0d6fb12c631642e44fd535fe"], 0x21, 0x5974, &(0x7f000000b5c0)="$eJzs3X+QHFUdIPDXM7PZyW5+bAJIBNksgSiCmg2/CsXS6PmrAKlYWEq4KCxkg9EkpJIgJKAEDzwowEJLS6P+gRZSh0aLKjglUiI/LuEUpTg96gqp0zv0qrxCjpRAjrI892p3+k1me6e3Z2dnIQmfTyXb0296vu/br9/09HszuxMAAAB4Xdh745b95x/zwV9/afjl6z7y8w3Xh97yWHk1btCXLq9+rTLk1dRdWTS2zPaLt1zzw78MXPb+X93T84NX9qw5fu0fPnDEZQ989pzdO7/z8Etz7/vXs0VxY386+cB68nwSQvUX+77x5T2PHz1aloQQyknfjhAWJAsfXpBkQgz+I4SwJl0pV8bfee/Lp60dXV5/S/e48vmZIPr761s17Wfb9191Svjj+1bd8NvFP/lx167ndhzYJKk29KcQ5l3S+Piu9P/sdD32tkXxwelyZQihp+FxZxXkdUKL+S/LWT82Xc5Kl70FceL9SzLrpcx22fWoK7PsKahvuvLyaHe7InMy69mT0XTl5RnLF6TLn6XLk6cYvxz/J6GUhEo9/fXJgT4SGo5bEpKxY1mtr5fqxzak+59ZTzLrpcx6uSuzX2P1ph2tnCTjy+N2mfJ4Oq6k5cc3nqubuCCn/I3pspo+UV+J6yF7o6Z3wo36fo2Jee2bJJdXQ6nhHNSsvN7P0oPRm5b1JgsnPGakiXjfnlW3Li2vfmRvX04eyT1JGj8Za6Opxt/+mwVzPv2jm69clBf/klIav9RW/D+d+8QLF938/W/nxr89xi+3Ff/UB3ueP/fRG5fktU/sXr2hMnZumWr8oWcfu23xkZfuys3/jtj+1baO74rdT3TP3f/gQ7nHdzC2z+y22ueZsz/057ufuv+5vNelJMT4PW3lv3r3pq909+8/KTf/h2L79LbXf17cdebT/f1/HciL/2SMP7et/O/asfNdd86/5Zzc47sytk9fW/mfd+IDN8zZf/9xeefO5I5OvXICvD4dkV5j3ZSuTzbO7J5knDldDeOFbw1Uatetc9L/cztZUebic7SeeZ2MDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhKNO+c8f/p+f6Hu+kq53pzeeKdWWsXxWCMnsEMKWrUObt67bePnAZ6+4cvPGofUDQ1sHhjdu3bxt4PS3DWwe3rR+aNvovYNvP632uIUhqS2T4ybU3T0yMlLqG18W6/s3J+7649Kz/vffQhg86vf9ldz8l+3ccOeRTX5mJCtG3rvhyvN/f8b30v3qS/Pqa5LXyMjISEjz6srk9X8u/OedX9v3l5NCGHzDZHk99sx7fjkuobGCA3FSpe5QS6g76WmaRz3rNJ/YXpW169YPD07evqOPL+e077+95rl/rL36q/+stW81dz9abN/ZK0bWl7656rz/981rawVFedX3I5PXTB/3ovaOexHzi+1XTdt7Xrpf83L2q5LT3jf+9qGnfnHMzS/tCIOVFxdPrLtov7rSDtCVvLGlemMNPcmCceXVdPt4xOPjlm3dsGnZlm3b375uw9Dlw5cPb3zn8tOXnzl4xplnLBvb82Ud3v9Y/5tb3P9W+1O23qn1p/mf3/Gz+LO1/lSUV1F7jOZV3B6NGeU9/3ou+PLX37nz0fNrBUX9PG5dfx6my57R47w8NPS3iW3VbL+K2iGEMNCsHV546Zxw9H9bd0PReajxyDT+zEhWjDy+5O/fO+u7i95dK2j1PJ/Na0rn+caE2jzP17M+kM9Ye1XT4zFykLZvdyin+9XbNK/ljz/adevev32hnt+sWeHqoa1bNy+v/ZyTZjonObZpXtnSuF+Lx36WQ9osod5Nm/TXMPY6Xssve/6Mm2dbtTe9rzdZ2HS/suJ9e1bdurS8+pG9eS2d3FOrcXaYW1smb8rZcn3mgeV6ws3qP1iff0X9o//D373vE/f99PQJ/ePU2s+i/Upy9usnT9319R989d//tHP79eH3PNH39//+maW1gkPlvFLPOs0naTyvnBpC0fNvcWi+H7nPv1Lz/Sl6/mXrObB983gDmfXeUC5+vlbDhOfrqQ/2PH/uozcuyX2+7mv1+XrtuLVywfP1YOk/2edXUhmfx8w9v8Z1lGTFyK9uOmLHw9etPKZWUNSv61s369entTD+yNmvX170dP8VA//uv3buvPHDt9178R+GVnyxVtD+cY+5dOa4V9P2rea0bz3rOO5sbN93XHbF+jW18oP3+jddFox/4qlky7btnxtav35485bW9qvV19NYT7aV2309jWe3hQX7VZqwXzN3o5X2avX5FvNf03Z7jX++9Yakreu47b9ZMOfTP7r5yr4Jj0oruqSUxi+1Ff9P5z7xwkU3f//bufFvj/ErbcUfevax2xYfeemu3Ph3JGn8alvxV+x+onvu/gcfyo0/GPOf3Vb8Z87+0J/vfur+53Ljhxi/t732f3HXmU/39/81N/6TSVrP6DVSCPe+fNra2noyNidYbcija1xeIbueZNZLmfVy43qpNtdar6CcJOPL43Zp+fENuTTzyZzyeBVWXVRbvhLXQ/bG5OUHm1LDub9ZedF1KgDA4S6+/x+vQeP7/8PphVL+TAMcMN1x2KKcuHEcdmA+Z9a4+xel8ePj4zxg/zvC4Ojy+oHahf5U30eIz4fsPGes56QTxsdod56zaP59SWY95lWbL680jENTE8c1ldDC/PvEeiaff8/sfvH8+MBNE9IaaJi3yh6/rnTGrNnnHTL5VkYj5PWP7LxY/DxH/7ywcqy+FvtH9nM08ThkP0cT6zkmc+Js93M00+0fMe1J+sdYysXvb0w8fmGS9j1w/JpHyx6/KRzv6uj2M/3+bAfmDZue0l69ecMW3g9rEr/V98Pq85IrJm4zWfzXy7zkwT5vGMvjflRanE/8RE55K/OJjfNyefOJ8XQR89o3SS6vBvOJwOEqjv/ja8To+H/0Avz/ZrYrug7NXjXGeLmfEyo3z6do3DHxc3o9bb2Or9696Svd/ftPyr3OeajVz/1sGrfWU/C5n6J2XJpZL2zHnAmaovFetp6ids9+LqM3zG2r3e/asfNdd86/5Zzcdl9ZeyEtbvevj1ubW9Duh8B4oXn8w228cLB/jmFnJv4h8jmGovmz12w8kn7waabGIx/PKZ/q5xt6Jtyo79eYQ2480jV6DgUAmCiO/+vvn6Xj//8RN0gv6orGrSdn1mO83HFrV/N88satH02XV2e2701/o2Kq183nnfjADXP2339c7rjljlbHof9h3Fpf4Th0euPm3HHEys58Xjx3HFEfZ01vnJibf32cOL1xem78+jh9euPo3Papj6OnNw+QG78+D3Bovy9WOF+XqSyutjpfd9iOo9Nfn52pcfQFOeVTHUf3TrhR368xh+I4GgDgcBLH//EyLo7/H81sN9332XPHBR26bs/+PZB6/CdfrXFlG+O+2SGElsd9Mz1unelx/UzPSxzq4+KZnhea2Xmy1/24OK3UuBgAgINZHP/Hzwrmj/+nNz5pNn7rGjc+OQjH51N6X9b4vGn8w2Z8fqjPfxn/e1+8mPE/AMDhLY7/4689xr//95/S9ezfrTdOz4lvnG6cPln/aXmc3vl5tuBzAK/tPEDDL2KbBwAA4LXQNTZSmvh79p9Kl9nfs8/7vfyLcrZvVSW9PL506+bh4Yuv3LRmaOvwxRuvWDO85eKrNq/bunV4Y2276Y4bc8ct6bixK1TS9mi+XXbcNj/9ewjzc/4eQnb7GPbYsRsT/x5CttrZBX9H4MDxay3fvONXaty+On77Zv0j73jnxf9kzvZR/fhf9plTL1675eJ1G9dtXTe0ft324fHbjY5ae6bwvZmxWab0famZHxOUpv79nZ3JozQhj660PfK+nz3J5LEgzWRB3vcf5OT96//ytc+fOPLPu0MYPKr8pmm1X7Ji5D9eOPzRrXt/v2k0/9nZ/Gc15lPfMs2r6PtKs9vH/amsv2LL1lPWXnHlxuw3SrYnzmeU6uszNJ+RPv3LLc5PrM4pn+rnFMoTbhycWp6fAABgnPj+f7yeje8ffjW9gIrlrY/Tp/f+ce44fbC1cXr2e8mKxunZ7eP+tjpOr05znJ6tv2ic3mz7ZuP0vHF3XvyP52w/Va33k+l9ziO3n1zSWj/Jfp9BUT/Jbj/VfpJMs59k6y/qJ822b9ZP8o57XvyP5Wyfp/X+ML3P5eT2h9tb6w9vzawX9Yfs9lPtD6Vp9ods/UX9odn2zfpD3vHNi39+zvatGt8/RjvGWL8YvviqKzZ/rmG7mf7+i+nnN7Pf/9Gu1vOf2c99zXz+M/u5spnPf3qfK8vN/8npzYS1nv/Mfr9Lu161+dp09rro82dF87ircsqnOo87a8KNg5N5XHjtxPF/fLsnjv9vSZedfhvo0P+etEPke8yy8Q+R7zEruo7xej5JZQcBr+cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAremuLBpb7r1xy/7zj/ngr780/PJ1H/n5huvfcs0P/zJw2ft/dU/PD17Zs+b4tX/4wBGXPfDZc3bv/M7DL82971/PFgbuG/tZOTldrYaQPJ+EUP3Fvm98ec/jR4+WJSGEctK3I4QFycKHFySZCIP/CCGsqec5/s57Xz5t7ejy+lu6x5XPzwTJ7lfoLcd8GvMM4erCPeIQVE372fb9V50S/vi+VTf8dvFPfty167kdBzZJqg39KYR5lzQ+viuEMDv9Pyr2tkXxwelyZQihp+FxZxXkdUKL+S/LWT82Xc5Kl72TRplVv7Uks30ps2V2PerKLHsmrW/68vJod7siczLr2ZPRdOXlGcsXpMufpcuTpxi/HP8noZSESj399Unj0T9w3JKQjB3Lan29VD+2Id3/zHqSWS9l1stdmf0aqzftaOUkGV8et8uUx9NxJS0/vvFc3cQFOeVvTJfV9In6SlwP2Rs1vRNu1PdrTMxr3yS5vBpKDeegZuX1A58ejN60rDdZOOExI03E+/asunVpefUje/ty8kjuSdL4SVvxt/9mwZxP/+jmKxflxb+klMYvtRX/T+c+8cJFN3//27nxb4/xy23FP/XBnufPffTGJbntsy+2T6Wt+EPPPnbb4iMv3ZWb/x0xfrWt+Ct2P9E9d/+DD+XmPxjbZ3Zb8Z85+0N/vvup+5/LjR9i/J624q/evekr3f37T8qN/1Bsn972+s+Lu858ur//rwN58Z+M8ee2Ff+uHTvfdef8W87JPb4rY/v0tRX/vBMfuGHO/vuPyzt3Jnd06pUT4PXpiPQa66Z0vd1x5nQ1jBe+NVCpXfPNSf/P7WRFGaP1zJvB+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHJ5+d+3pn7rwvR9bVUlCSHK2GWki3leetWLFQBv1Dj372G2Lj7x0V2PZojbiAAAAAMXiOLxUL6mGReGqZHY4tun2cY7g2LiWjC/PziHEONk5gnbjlDoUp9yhOJUOxenqUJxZHYrT3aE41YI41dBanNmTxKmM9ooW8+mZNJ/W4/R2KM6cDsWZ26E48zoUZ36H4vRNGqf1frigQ3EWdijOER2Kc2SH4hzVoThv6FCcozsUJzunPNV+ODfd8pi8OGM3yoVxKkm5fkez+fSj03qOm2Y9vQX1zC16PW6xntkt1nNC5nGlKdZTbbGeN0+znqTFet46zXpKBfXEfnt1Nr9YT1xrsf9v61Cc7dOL87/i9dY1Hcrn2g7F+UKH4nyxQ3Gum2YcgFbF8f+B8V5f6K68O/SkZ5zsLEAc7y4e+znx9S7vhBTjvSlTPqsoXnagnom3eKr5ZScQMvGWZMq7xsWr1Mcjk8SrNsZbmrmzcH+zEwqZ/E7OlHcXxUt34NbmYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgo3537emfuvC9H1sVkjD6r6mRJuJ95VkrVgy0Ue+eVbcuLa9+ZG9jWXeljUAAAABAoTgO76qXVEN3ZXnoTmaN266azgNU0/VyX23ZPy+sHF0mA6Wx9Z5kwaSPq6SPW7Z1w6ZlW7Ztf/u6DUOXD18+vPGdy09ffubgGWeesWztuvXDg7WfIXQXxAshjE0/bNm2/XND69cPb95SK8zmvyh93KJ0PUkf1/+OMDi6vD7Nf2FBfaUJ9W17+uzaXQdKOnSj4NABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8P/Ztb8Qua46DuDnzszOTLdNu9J/09BshvwpUYsmcSuplu4FwUKbhCwFma2uJdgEi5smtEmJdWwDtjVBEVoCIZIHI7HYWnzpH1vE/iEQqdGAG4O0RfugD0qrlbTkQVJGdnfO7MxkJrOOpWnj5/Nw751zf+f87pmHhe+dBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOADN1UdmaiMjo0PJiEkXWpqHcR72Xyalvvo+5Xnt/2gMHxqRfNYIdfHQgAAAEBPMYcPNEaKoZDLhmy4aubTkulDvn4jzOV+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/89UdWSiMjo2fmESQtKlptZBvJfNp2m5j75vvPPkZ18dHv5b81ipj3UAAACA3mIOzzRGiqEUloaB5KqWuvhuYGHb/Pa6uM6ieda1vzvoVrd0nnXXzLPu4z3q1tfPOwMAAAB89MX8n2uMDIVCbkHX/N8r18e6xW112fq5n/8VAAAAAP43Mf8XGiOlUMiVGnl9vnl/SVtdnN/rd/s4f3mX+b1+z19XP/udHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+OqaqIxOV0bHxbBJC0qWm1kG8l82nabmPvqtfGPzHLYcfWtI8Vsj1sRAAAADQU8zhc9G7GAq5wTAQLpzJ/cM3HXj6S08/OxJCmI35+XzYuXH79rtXzx5j3aqjhwe+f+StbzeWiXWrZo/nZHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD7aqo6MlEZHRu/IAkh6VJT6yDey+bTtNxH39c//8W/PH7iuTebx0p9rAMAAAD0FnP4XPYvhlLIh3y4YuZTc9aflmmb3+2dAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD+uOeb931j4+TkprtduHDhonFxrv8yAQAA77fFIQm1/9KVG871UwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8GU9WRicro2HgxCSHpUlPrIN7L5tO03Eff9PljhQWnXnipeazUxzoAAABAbzGHz2X/YiiFgTAQLp/51OmdwEz+H/oAHxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4UJmqjkxURsfGFyQhJF1qah3Ee9l8mpb76PvYrv2fO3TJ925uHivk+lgIAAAA6Cnm8HxjpBgKuU+EQri6/nmydUKSrZ87vxeYm7etZdrgvOdVW+Zl5z1vd9vOcvXdzM4rxvWGZs+NeeUz55Wb5pVCo325ZV7Y2zJrQY/nDAAAAHAOxfxfaIwMhUKu0JRzf9pSPyTnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABdTFVHJiqjY+NJEkLSpabWQbyXzadpuY++9/32Yxd99Wd7djSPlfpYBwAAAOgt5vC57F8MpbAoXBwWzeT+MNRaH+v+WTl96NF//XVFCCuvOD6ca1/2R/Hi16/f+GL7IYRMa3UmhEvq/ZIu/X7z+0fvXVY7/XgIKy/PXn1Gv3D2fnNqtXKS1p6pbFq3/cjxbb2/HwAAADgfxPw/0BgZCoXcXeHii2d/+G/P/zF598j/DTMB/JJ7d/3isvqxnsjbZmSG6vk/06XfF5Y9+efla/7+1nT+P1u/T+/fcuiyloazI22StDa6Zcf649cdzMRdz/bPtvWP38uXv/XmvzfvfOT0bP9iKNbHF+Y69T/z2OaCtDaZ2Te+9r191db+uS77f+h3L5341cI97073f2fxYKP/NWfZ/9n7D9768N7r9x9eP/1prn8Iodyp/9vv3hyu/OOdD7bvf7Bt4eZvvvnYLq0dXXLy4JoDpRta95+09Y/f/89PPLb3J49899nYP/6vyIql8+3f8s4pSWuv7L5018sPbFjY2j/TZf8v3vbq8Nbyd/7Qvv87WlbNdX2KNklae+Lap25/bWN6/xlfDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHllqjoyURkdG88kISRdamodxHvZfJqW++j7xi3H3r5tz49/2DxW6mMdAAAAoLeYw+eyfzGUQj7kw+BM7n+msmnd9iPHt4Wh2btJ/Zyb3HrP9k9u3rrjrjvO0ZMDAAAA8xXzf64xMhQKuWVhoJ7/R7fsWH/8uoOZmP8zMf9vvnNy08rQqHtl96W7Xn5gw8LGe4IQZv4toDhd95m5uptuPDZ08k9fX96xbvVc3dElJw+uOVC6IdaF5rpVofF+4olrn7r9tY3p/Y3na6771Ne2TtZfT8R1B299eO/1+w+vb+yjfh6srxvrJjP7xte+t68a67L1c7G+bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgTFPVkYnK6Nh4yIaQdKmpdRDvZfNpWu6j79plv3zwolPPLWoeK+T6WAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgPO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdivn9A4yj4O4M+zm7zZZpM2aV8wKqZpVZR6sCiI6EVFRVqRgqdKkWprD6IgiCj1YCqtWKriRbB6KaKCGqWgYGOxtEoq/itePKigUD0IpRjQLsWDSnaf2W6mO65OqqB+PjA8eZ6Z+c5v5nl2NgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8oA31jzfbwjvsbt5xzw0eP3nXikZveuXfbRQ+/+t3Epus+3Dv40smZzSu2fHn9sk37714zvfv5Qz8Nv/XL0Z7BD7WaValbCyEejyHU3p195rGZj8+aG4shhGocmQxhNC49NBpzCat/DiFsbtc5f+ebJy7fMtdu2zUwb3xJLiR/X6FezeppGZlfL/8utbTOtjYevCR8fe367Z8uf+P1/qljk6cOibWO9RTC4o2d5/eHEBalbU622sayk1O7LoQw2HHelT3qOv8P1n9pQf/c1P4vtfUeOdn+lbl+JXdcvp/pz7WDPa63UEV1lD2ul6FcP/8yWqiiOrPx0dS+ndpVfzK/mm0xVGLoa5d/Tzy1RkLHvMUQm3NZa/cr7bkN6f5z/ZjrV3L9an/uvprXTQutGuP88ey43Hj2Ou5L4ys639Vd3FowfnZqa+mDejLrh/wfLfXT/mjfV1NW1+zv1PJ3qHS8g7qNtyc+TUY9jdXj0tPO+bWLbN/M+icurG547/BIQR1xb0z5sVT+1k9Gh25/becDY0X5Gyspv1Iq/5u1R364becLzxXmP53lV0vlX3Zg8Pja93esLHw+s9nz6SuVf8fRD55c/v87p7rNdTN/T5ZfK5V/zfSRgeHGgYOF9a/Ons+iUvlfXX3jt698vu9YYX7I8gdL5W+Yvu+pgfHGxYX5B1sfhXpzhZZYPz9OXfHF+Pj3E0X5n2XPf7hLfuyZ//Lk7qteXLJrTeH6XJc9n5FS9d98wf7tQ4195xW9O+OeM/XNCfDftCz9j/V46pf9nblQHb8Xnp3oa30DDaVt+ExeKGfuOov/wnwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgN3bggAQAAABA0P/X7QgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeCgAA//++XSXS")
[ 85.955240][ T5308] Bluetooth: hci0: command tx timeout
[ 86.863925][ T5327] loop0: detected capacity change from 0 to 32768
[ 87.612186][ T5327] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,prjquota,nochanges,recovery_pass_last=delete_dead_inodes,nojournal_transaction_names,read_only,version_upgrade=incompatible
[ 87.612186][ T5327] allowing incompatible features above 0.0: (unknown version)
[ 87.612186][ T5327] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 87.689422][ T5327] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 87.704715][ T5327] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing
[ 87.712318][ T5327] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:c0004000b compress none
[ 87.712339][ T5327] has non ptr field, deleting
[ 87.755889][ T5327] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 87.769801][ T5327] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete
[ 87.769801][ T5327] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive
[ 87.769801][ T5327] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents
[ 87.810554][ T5327] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version)
[ 87.810554][ T5327]
[ 87.974435][ T4675] Bluetooth: hci0: command tx timeout
[ 87.982964][ T5327] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing
[ 88.013237][ T5327] bcachefs (loop0): btree node read error at btree snapshots level 0/0
[ 88.013258][ T5327] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 11 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[ 88.013268][ T5327] loop0 node offset 8/11 bset u64s 6: bset past end of btree node (offset 8 len 8 but written 11)
[ 88.013277][ T5327] flagging btree snapshots lost data
[ 88.013284][ T5327] running recovery pass reconstruct_snapshots (21), currently at recovery_pass_empty (0)
[ 88.013291][ T5327] ret fsck_errors_not_fixed
[ 88.107151][ T5327] bcachefs (loop0): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing
[ 88.130079][ T5327] bcachefs (loop0): scan_for_btree_nodes...
[ 88.169727][ T5335] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0: (unpack error)
[ 88.169755][ T5335] invalid variable length fields, deleting
[ 88.234608][ T5327] bcachefs (loop0): btree node scan found 6 nodes after overwrites
[ 88.240481][ T5327] done
[ 88.247905][ T5327] bcachefs (loop0): check_topology...
[ 88.248685][ T5327] bcachefs (loop0): btree root inodes unreadable, must recover from scan
[ 88.268182][ T5327] bcachefs (loop0): no nodes found for btree inodes, continuing
[ 88.278499][ T5327] bcachefs (loop0): btree root snapshots unreadable, must recover from scan
[ 88.288593][ T5327] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=snapshots level=0 POS_MIN - SPOS_MAX
[ 88.297479][ T5327] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[ 88.314436][ T5327] done
[ 88.316106][ T5327] bcachefs (loop0): accounting_read... done
[ 88.320791][ T5327] bcachefs (loop0): alloc_read... done
[ 88.327865][ T5327] bcachefs (loop0): snapshots_read... done
[ 88.331742][ T5327] bcachefs (loop0): check_allocations...
[ 88.336984][ T5327] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[ 88.337009][ T5327] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 88.387707][ T5327] bcachefs (loop0): bucket 0:32 data type btree ptr gen 0 missing in alloc btree
[ 88.387726][ T5327] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[ 88.411772][ T5327] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[ 88.411793][ T5327] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 88.432326][ T5327] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree
[ 88.432345][ T5327] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing
[ 88.490082][ T5327] bcachefs (loop0): bucket 0:0 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.515242][ T5327] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.522485][ T5327] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.526838][ T5327] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.549417][ T5327] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.569316][ T5327] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.574915][ T5327] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.579538][ T5327] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.602975][ T5327] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.650526][ T5327] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.672688][ T5327] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.677640][ T5327] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.695116][ T5327] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.700323][ T5327] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.722029][ T5327] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.729130][ T5327] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.737964][ T5327] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.754815][ T5327] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing
[ 88.768005][ T5327] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.773047][ T5327] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.790525][ T5327] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.790544][ T5327] Ratelimiting new instances of previous error
[ 88.803298][ T5327] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.803317][ T5327] Ratelimiting new instances of previous error
[ 88.824445][ T5327] done
[ 88.834090][ T5327] bcachefs (loop0): going read-write
[ 88.968568][ T5327] bcachefs (loop0): journal_replay... done
[ 89.047516][ T5327] bcachefs (loop0): check_lrus... done
[ 89.052867][ T5327] bcachefs (loop0): check_backpointers_to_extents... done
[ 89.057960][ T5327] bcachefs (loop0): check_extents_to_backpointers...
[ 89.058757][ T5327] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets
[ 89.068483][ T5327] done
[ 89.070368][ T5327] bcachefs (loop0): reconstruct_snapshots... done
[ 89.078806][ T5327] bcachefs (loop0): check_subvols... done
[ 89.083326][ T5327] bcachefs (loop0): check_inodes... done
[ 89.086784][ T5327] bcachefs (loop0): check_dirents...
[ 89.096841][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 7232984978149555126
[ 89.096862][ T5327] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 89.123545][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 2613473640869386583
[ 89.123568][ T5327] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 89.145214][ T5327] bcachefs (loop0): dirent points to missing inode:
[ 89.145229][ T5327] u64s 7 type dirent 4096:2613473640869386583:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 89.163765][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 79937444562615973
[ 89.163781][ T5327] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 89.212842][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 6664382925001862040
[ 89.212859][ T5327] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 89.234394][ T5327] bcachefs (loop0): dirent points to missing inode:
[ 89.234410][ T5327] u64s 7 type dirent 4096:6664382925001862040:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 89.261558][ T5327] bcachefs (loop0): dirent points to missing inode:
[ 89.261576][ T5327] u64s 7 type dirent 4096:7232984978149555126:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 89.287685][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 5577390430287797843
[ 89.287703][ T5327] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing
[ 89.327570][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 1110730981871806960
[ 89.327588][ T5327] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing
[ 89.364064][ T5327] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 3 should be 1
[ 89.371283][ T5327] bcachefs (loop0): directory 4096:4294967295 with wrong i_nlink: got 0, should be 1, fixing
[ 89.379011][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 5045205498864037074
[ 89.379031][ T5327] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing
[ 89.437632][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 1570220359764164334
[ 89.437649][ T5327] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing
[ 89.470175][ T5327] bcachefs (loop0): check_dirents requires second pass
[ 89.487540][ T5327] bcachefs (loop0): dirent points to missing inode:
[ 89.487557][ T5327] u64s 7 type dirent 4096:79937444562615973:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 89.510765][ T5327] ==================================================================
[ 89.541493][ T5327] BUG: KASAN: use-after-free in bch2_check_dirents+0x1efd/0x3390
[ 89.545590][ T5327] Read of size 1 at addr ffff8880552a00c0 by task syz.0.0/5327
[ 89.548869][ T5327]
[ 89.549889][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full)
[ 89.549907][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 89.549915][ T5327] Call Trace:
[ 89.549923][ T5327]
[ 89.549931][ T5327] dump_stack_lvl+0x189/0x250
[ 89.549954][ T5327] ? __virt_addr_valid+0x1c8/0x5c0
[ 89.549966][ T5327] ? rcu_is_watching+0x15/0xb0
[ 89.549984][ T5327] ? __kasan_check_byte+0x12/0x40
[ 89.549995][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.550009][ T5327] ? rcu_is_watching+0x15/0xb0
[ 89.550024][ T5327] ? lock_release+0x4b/0x3e0
[ 89.550039][ T5327] ? __virt_addr_valid+0x1c8/0x5c0
[ 89.550049][ T5327] ? __virt_addr_valid+0x4a5/0x5c0
[ 89.550059][ T5327] print_report+0xd2/0x2b0
[ 89.550074][ T5327] ? bch2_check_dirents+0x1efd/0x3390
[ 89.550092][ T5327] kasan_report+0x118/0x150
[ 89.550102][ T5327] ? bch2_check_dirents+0x1efd/0x3390
[ 89.550120][ T5327] bch2_check_dirents+0x1efd/0x3390
[ 89.550164][ T5327] ? bch2_check_dirents+0x2ea/0x3390
[ 89.550180][ T5327] ? desc_read+0x1b8/0x3f0
[ 89.550196][ T5327] ? prb_first_seq+0xfd/0x1a0
[ 89.550210][ T5327] ? __pfx_bch2_check_dirents+0x10/0x10
[ 89.550224][ T5327] ? __pfx_prb_first_seq+0x10/0x10
[ 89.550239][ T5327] ? desc_read+0x1b8/0x3f0
[ 89.550253][ T5327] ? this_cpu_in_panic+0x4f/0x80
[ 89.550268][ T5327] ? _prb_read_valid+0xa07/0xa90
[ 89.550283][ T5327] ? console_flush_all+0x13a/0xc40
[ 89.550295][ T5327] ? up+0xde/0x150
[ 89.550357][ T5327] ? __console_unlock+0x14c/0x1a0
[ 89.550367][ T5327] ? __pfx___console_unlock+0x10/0x10
[ 89.550380][ T5327] ? prb_read_valid+0x3c/0x60
[ 89.550394][ T5327] ? console_unlock+0x21b/0x270
[ 89.550404][ T5327] ? __pfx_console_unlock+0x10/0x10
[ 89.550415][ T5327] ? vprintk_emit+0x63e/0x7a0
[ 89.550428][ T5327] ? __bch2_print+0x176/0x220
[ 89.550449][ T5327] ? bch2_check_dirents+0x2ea/0x3390
[ 89.550471][ T5327] ? _raw_spin_unlock_irq+0x23/0x50
[ 89.550485][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 89.550505][ T5327] __bch2_run_recovery_passes+0x392/0x1010
[ 89.550520][ T5327] bch2_run_recovery_passes+0x184/0x210
[ 89.550531][ T5327] bch2_fs_recovery+0x2677/0x39a0
[ 89.550551][ T5327] ? check_noncircular+0xe0/0x160
[ 89.550563][ T5327] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 89.550582][ T5327] ? __lock_acquire+0xab9/0xd20
[ 89.550598][ T5327] ? __lock_acquire+0xab9/0xd20
[ 89.550613][ T5327] ? __lock_acquire+0xab9/0xd20
[ 89.550633][ T5327] ? bch2_fs_start+0x9fe/0xd90
[ 89.550644][ T5327] ? up_write+0x1c4/0x420
[ 89.550654][ T5327] ? bch2_fs_start+0x5c4/0xd90
[ 89.550663][ T5327] bch2_fs_start+0xa99/0xd90
[ 89.550673][ T5327] ? bch2_fs_start+0x5c4/0xd90
[ 89.550684][ T5327] ? __pfx_bch2_fs_start+0x10/0x10
[ 89.550697][ T5327] ? sget+0x267/0x620
[ 89.550714][ T5327] bch2_fs_get_tree+0xb6c/0x1460
[ 89.550737][ T5327] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 89.550760][ T5327] ? aa_get_newest_label+0xf7/0x5d0
[ 89.550775][ T5327] ? vfs_parse_monolithic_sep+0x2df/0x310
[ 89.550790][ T5327] ? apparmor_capable+0x137/0x1b0
[ 89.550807][ T5327] vfs_get_tree+0x92/0x2b0
[ 89.550818][ T5327] do_new_mount+0x24a/0xa40
[ 89.550831][ T5327] __se_sys_mount+0x317/0x410
[ 89.550846][ T5327] ? __pfx___se_sys_mount+0x10/0x10
[ 89.550859][ T5327] ? do_syscall_64+0xbe/0x3b0
[ 89.550867][ T5327] ? __x64_sys_mount+0x20/0xc0
[ 89.550877][ T5327] do_syscall_64+0xfa/0x3b0
[ 89.550887][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 89.550900][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.550911][ T5327] ? clear_bhb_loop+0x60/0xb0
[ 89.550921][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.550932][ T5327] RIP: 0033:0x7fb6007900ca
[ 89.550946][ T5327] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 89.550955][ T5327] RSP: 002b:00007fb5fcbf4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 89.550968][ T5327] RAX: ffffffffffffffda RBX: 00007fb5fcbf4ef0 RCX: 00007fb6007900ca
[ 89.550976][ T5327] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fb5fcbf4eb0
[ 89.550982][ T5327] RBP: 00002000000000c0 R08: 00007fb5fcbf4ef0 R09: 0000000000818001
[ 89.550989][ T5327] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 89.550996][ T5327] R13: 00007fb5fcbf4eb0 R14: 0000000000005974 R15: 00002000000002c0
[ 89.551007][ T5327]
[ 89.551011][ T5327]
[ 89.900050][ T5327] The buggy address belongs to the physical page:
[ 89.903223][ T5327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x552a0
[ 89.907594][ T5327] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 89.911086][ T5327] page_type: f0(buddy)
[ 89.913104][ T5327] raw: 04fff00000000000 ffffea000154c808 ffff88805ffd6f08 0000000000000000
[ 89.917441][ T5327] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000
[ 89.921593][ T5327] page dumped because: kasan: bad access detected
[ 89.924614][ T5327] page_owner tracks the page as freed
[ 89.927948][ T5327] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5327, tgid 5326 (syz.0.0), ts 89437222274, free_ts 89510638551
[ 89.938926][ T5327] post_alloc_hook+0x240/0x2a0
[ 89.941332][ T5327] get_page_from_freelist+0x21e4/0x22c0
[ 89.944405][ T5327] __alloc_frozen_pages_noprof+0x181/0x370
[ 89.947727][ T5327] __alloc_pages_noprof+0xa/0x30
[ 89.950535][ T5327] ___kmalloc_large_node+0x85/0x210
[ 89.954320][ T5327] __kmalloc_large_node_noprof+0x18/0x90
[ 89.957998][ T5327] __kvmalloc_node_noprof+0x6d/0x5f0
[ 89.961082][ T5327] btree_node_sort+0x666/0x1760
[ 89.963514][ T5327] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 89.966488][ T5327] bch2_btree_node_prep_for_write+0x337/0x650
[ 89.969465][ T5327] bch2_trans_lock_write+0x669/0xba0
[ 89.972029][ T5327] __bch2_trans_commit+0x2829/0x8880
[ 89.975095][ T5327] bch2_str_hash_repair_key+0x2a2d/0x3fa0
[ 89.979431][ T5327] __bch2_str_hash_check_key+0xa65/0xd40
[ 89.983507][ T5327] bch2_check_dirents+0x209b/0x3390
[ 89.986687][ T5327] __bch2_run_recovery_passes+0x392/0x1010
[ 89.989227][ T5327] page last free pid 5327 tgid 5326 stack trace:
[ 89.991867][ T5327] __free_pages_ok+0xa44/0xc20
[ 89.994107][ T5327] __folio_put+0x21b/0x2c0
[ 89.996231][ T5327] free_large_kmalloc+0x145/0x200
[ 89.999824][ T5327] btree_node_sort+0x117f/0x1760
[ 90.002047][ T5327] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 90.004419][ T5327] bch2_btree_node_prep_for_write+0x337/0x650
[ 90.006922][ T5327] bch2_trans_lock_write+0x669/0xba0
[ 90.009036][ T5327] __bch2_trans_commit+0x2829/0x8880
[ 90.011227][ T5327] bch2_check_dirents+0x1cdf/0x3390
[ 90.013416][ T5327] __bch2_run_recovery_passes+0x392/0x1010
[ 90.016302][ T5327] bch2_run_recovery_passes+0x184/0x210
[ 90.019417][ T5327] bch2_fs_recovery+0x2677/0x39a0
[ 90.022338][ T5327] bch2_fs_start+0xa99/0xd90
[ 90.025041][ T5327] bch2_fs_get_tree+0xb6c/0x1460
[ 90.029496][ T5327] vfs_get_tree+0x92/0x2b0
[ 90.032070][ T5327] do_new_mount+0x24a/0xa40
[ 90.034833][ T5327]
[ 90.036830][ T5327] Memory state around the buggy address:
[ 90.039503][ T5327] ffff88805529ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 90.044907][ T5327] ffff8880552a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.048574][ T5327] >ffff8880552a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.051849][ T5327] ^
[ 90.054453][ T5327] ffff8880552a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.058187][ T5327] ffff8880552a0180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.062413][ T5327] ==================================================================
[ 90.070468][ T4675] Bluetooth: hci0: command tx timeout
[ 90.088232][ T5327] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.092868][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full)
[ 90.100640][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 90.108461][ T5327] Call Trace:
[ 90.110749][ T5327]
[ 90.112863][ T5327] dump_stack_lvl+0x99/0x250
[ 90.116375][ T5327] ? __asan_memcpy+0x40/0x70
[ 90.120728][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 90.125275][ T5327] ? __pfx__printk+0x10/0x10
[ 90.128458][ T5327] panic+0x2db/0x790
[ 90.131638][ T5327] ? __pfx_panic+0x10/0x10
[ 90.135047][ T5327] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 90.139211][ T5327] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 90.144348][ T5327] ? print_memory_metadata+0x314/0x400
[ 90.149275][ T5327] ? bch2_check_dirents+0x1efd/0x3390
[ 90.154093][ T5327] check_panic_on_warn+0x89/0xb0
[ 90.157920][ T5327] ? bch2_check_dirents+0x1efd/0x3390
[ 90.162358][ T5327] end_report+0x78/0x160
[ 90.165311][ T5327] kasan_report+0x129/0x150
[ 90.169257][ T5327] ? bch2_check_dirents+0x1efd/0x3390
[ 90.174212][ T5327] bch2_check_dirents+0x1efd/0x3390
[ 90.177121][ T5327] ? bch2_check_dirents+0x2ea/0x3390
[ 90.179526][ T5327] ? desc_read+0x1b8/0x3f0
[ 90.181699][ T5327] ? prb_first_seq+0xfd/0x1a0
[ 90.184105][ T5327] ? __pfx_bch2_check_dirents+0x10/0x10
[ 90.188382][ T5327] ? __pfx_prb_first_seq+0x10/0x10
[ 90.191019][ T5327] ? desc_read+0x1b8/0x3f0
[ 90.193206][ T5327] ? this_cpu_in_panic+0x4f/0x80
[ 90.196358][ T5327] ? _prb_read_valid+0xa07/0xa90
[ 90.199043][ T5327] ? console_flush_all+0x13a/0xc40
[ 90.202039][ T5327] ? up+0xde/0x150
[ 90.204489][ T5327] ? __console_unlock+0x14c/0x1a0
[ 90.207149][ T5327] ? __pfx___console_unlock+0x10/0x10
[ 90.210266][ T5327] ? prb_read_valid+0x3c/0x60
[ 90.213542][ T5327] ? console_unlock+0x21b/0x270
[ 90.216429][ T5327] ? __pfx_console_unlock+0x10/0x10
[ 90.219903][ T5327] ? vprintk_emit+0x63e/0x7a0
[ 90.222968][ T5327] ? __bch2_print+0x176/0x220
[ 90.225626][ T5327] ? bch2_check_dirents+0x2ea/0x3390
[ 90.228043][ T5327] ? _raw_spin_unlock_irq+0x23/0x50
[ 90.230401][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 90.233049][ T5327] __bch2_run_recovery_passes+0x392/0x1010
[ 90.237477][ T5327] bch2_run_recovery_passes+0x184/0x210
[ 90.242639][ T5327] bch2_fs_recovery+0x2677/0x39a0
[ 90.245517][ T5327] ? check_noncircular+0xe0/0x160
[ 90.249840][ T5327] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 90.253277][ T5327] ? __lock_acquire+0xab9/0xd20
[ 90.256567][ T5327] ? __lock_acquire+0xab9/0xd20
[ 90.260057][ T5327] ? __lock_acquire+0xab9/0xd20
[ 90.263199][ T5327] ? bch2_fs_start+0x9fe/0xd90
[ 90.265885][ T5327] ? up_write+0x1c4/0x420
[ 90.268676][ T5327] ? bch2_fs_start+0x5c4/0xd90
[ 90.272068][ T5327] bch2_fs_start+0xa99/0xd90
[ 90.274701][ T5327] ? bch2_fs_start+0x5c4/0xd90
[ 90.277697][ T5327] ? __pfx_bch2_fs_start+0x10/0x10
[ 90.281285][ T5327] ? sget+0x267/0x620
[ 90.283882][ T5327] bch2_fs_get_tree+0xb6c/0x1460
[ 90.292398][ T5327] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 90.296878][ T5327] ? aa_get_newest_label+0xf7/0x5d0
[ 90.300357][ T5327] ? vfs_parse_monolithic_sep+0x2df/0x310
[ 90.306880][ T5327] ? apparmor_capable+0x137/0x1b0
[ 90.309879][ T5327] vfs_get_tree+0x92/0x2b0
[ 90.312024][ T5327] do_new_mount+0x24a/0xa40
[ 90.316340][ T5327] __se_sys_mount+0x317/0x410
[ 90.319477][ T5327] ? __pfx___se_sys_mount+0x10/0x10
[ 90.322017][ T5327] ? do_syscall_64+0xbe/0x3b0
[ 90.324378][ T5327] ? __x64_sys_mount+0x20/0xc0
[ 90.327991][ T5327] do_syscall_64+0xfa/0x3b0
[ 90.332363][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 90.336731][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.343947][ T5327] ? clear_bhb_loop+0x60/0xb0
[ 90.346355][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.349335][ T5327] RIP: 0033:0x7fb6007900ca
[ 90.352230][ T5327] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 90.369562][ T5327] RSP: 002b:00007fb5fcbf4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 90.376252][ T5327] RAX: ffffffffffffffda RBX: 00007fb5fcbf4ef0 RCX: 00007fb6007900ca
[ 90.380518][ T5327] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fb5fcbf4eb0
[ 90.384311][ T5327] RBP: 00002000000000c0 R08: 00007fb5fcbf4ef0 R09: 0000000000818001
[ 90.389137][ T5327] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 90.397061][ T5327] R13: 00007fb5fcbf4eb0 R14: 0000000000005974 R15: 00002000000002c0
[ 90.417179][ T5327]
[ 90.419216][ T5327] Kernel Offset: disabled
[ 90.421306][ T5327] Rebooting in 86400 seconds..