program:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x2, 0x400000000000003, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfbffffff}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x50}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0xfea7)
syz_mount_image$bcachefs(&(0x7f0000000c00), &(0x7f00000003c0)='./bus\x00', 0x810, &(0x7f000000ee40)=ANY=[@ANYBLOB="13fee98fe351db8bd1000ecbc397e48b9a51d399660a1c48a74dbe9ee6ab6ceb0350c836243dc2043ec33eca49d755f4c285cc05e9f3c7cff5140e66ec46da9dfd0ac9b9cde36658c48ac0fd7b8ac637952ca84e305a4be951e31207beb80da3bca0b3618b8069a5e8c8480d8849bfbab5cb333e41243995db99cba1f1779bf253f2ac4af75255d84018b58acaddf3dce5a85c40eb327e6294b9b2584c29e895d74fe60737634d23ae22828187c8c06c0e72d57ae800fd2381964a1b2f22bb7886d032c28959bb5b6d8054eb8be415022133d8"], 0xfe, 0x5a85, &(0x7f0000001080)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkcZDCrRUYJwbG14lf5RyqWc4mdAoeSyynH4mTDglZE9kqo9COATGKRA591YJedci7ByR/EhX1nW3FxZV+MQpmAOYnzLxUXH3VlU2ffYf/hK8KhMqCjXD42tTP9Zmd6p7dnZ2elBT6fkran37z59rdfv+np92Z2JwAAAPCqcPzOfaeuPvd3v/1nEy989Pf+YdftYahcK6/GCsPp8pYzlSGnU39lbW2Z7Re/9pEv/XT0ht/+1v2Dn3/x2PYLdvzwd8664cEPXXn0nr9+5PkVX3vpqaK4sT9dPLOePJOEUP3Gyb/42LHvnDNdlqyc/lk6FMLqZM0jq5NMiLFfhBC2T+cYQlibufOrL1y6Y3p5+139LeWrMvXy+nuD/v6KNt0PpzvWwVM3vyH86B1b7/jeuq/8Xd+Rpw/NVEmqTf0phJXXNT++L4QwkP4PaV8MTf0xdtotIYTBpse9uSCv13eY/8ac9fPS5bJ0OVQQJ96/PrNeytTLrkd9meVgwfYWKi+PbuqVO6izPLOePRktVF6esXx1uvx6urx4nvHL6T6Uk1BKQqWR/mQy00dC03FLQlI7ltXGeqlxbEO6/5n1JLNeyqyX+zL7Vdtu2tHKSdJaHutlyuPpuJKWX9B8bdLGe3PKX5suq+kT9cW4HrI36oZm3WjsV03M6+QcuZwOpaZzULvyxoFPD8ZQWjaUrJn1mKk24n3Htt69obztm8eHc/JI7k/S+ElX8Q9+d/XyD3758IHs63oj/nWlNH6pq/g/vurEs9cc/txnc+N/KsYvdxX/kocGn7nq0TvX57bPydg+la7ijz/12CfWnX39kdz8743xq13F33z0RP+KUw89nJv/WGyfga7iP/m2d/7ki0888HRu/BDjD3YVf9vRPZ/sHzl1UW78h2P7DHXXf547csUPRkZ+NpoX//EYf0VX8b9w6J633rfqritzj++W2D7DXcV/94UP3rH81APn5507k3s7fYUFoJ2z0musj6frXY0zp7KzFvPXNF74q9FK/Zpvefp/xYKjN8lcfE5vZ2Uv4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABACOE1b/iv7/rf7xt+ppKu96c3nizVl7F8WQjJQAhh3/7xvft37r5x9EM3Hdi7e3xydHz/6MTu/XtvHb3sN0b3TuyZHL91+t6xN15af9yakNSXyfmztj0QpqZKw61lcXv/6sIjP9rw5v/zzyGMveb7I5Xc/Dfes+u+s9v8zEg2T71914Grv3/536b7NZzmNdwmr6mpqamQk9f/ff8v7/vzkz+9KISxX5krr8ee/K1/bEmoVjATJ1XqD/WE+pPBtnk0sk7zie1V2bFzcmJs7vadfnw5Zz/+9Uee/sWOWz79y3r7VnP3o8P2Hdg8NVn6y63v/v9/eVu9oCivM3Xci9o77kXML7ZfNW3vlel+rczZr0rOft35vYef+Ma5h/MbumC/+tIO0Je8tqPtxr0bTFa3lFfT+jGR+LiN+3ft2bjv1oNv3Llr/MaJGyd2v2XTZZuuGLv8iss31vZ8Y2/2//lDYazy3LrBELf/qx3ufy/600D22Tdru6v++NDX48/O+lNrXsvm3R7TeRW3R3NGec+/wfd+7DNvuefRq+sFRf081m6cT9Ll4PRx3hSa+tvstmq3X0XHJ4Qw2q4dnn3+ynDO/9h5R9F5qPnINP/MSDZPfWf9z//2zX+z9jfrBaflPN+cUJfn+UbWM/nU2qu6Y+ftzXWXWvv2h3K6X0Nt89r0nUf77j7+z3/SyG/ZsnDL+P79ezfVfy5PM12enNc2r2xp3K91tZ/lkB7e0OimbfrrtL5Qzy97/ozVs606lN43lKxpu19Z8b5jW+/eUN72zeN5LZ3cX9/iQFhRXyavy6k5mXlguZFwu+0v1edfUf8YedfffO19X/v7y2b1j0vqP4v2K8nZr6888YXPfP7T//bve7df7/qtE8M//59/tKFesOTPK+V6Io2s03ySmfPK5MQlIRQ9/9aF9vvReP79+3KMm2bUfn+Knn/Z7czUbx9vNLM+FMpdPV8veWjwmasevXN97vP15FzP1+adva3lceWC5+tS6T/Z51dSac1j8Z5fLR0l2Tz1rY+fdeiRj245t15Q9HrZqN2uX1/awfgjZ7/+8ZofjNw0+m/+e+/OG1/6ja9e+8PxzX9aL+j+uMdcenPcq2n7VnPat5F1HHc2t++bbrhpcnu9vKidz9z1b7osGP/EU8m+Ww9+eHxycmLvvs72q9PX07idbCt3+3oaz25rCvarNGu/Fu9GJ+3V6fMt5r+96/Zqfb4NhaSr14WD3129/INfPnxgeNaj0g1dV0rjl7qK/+OrTjx7zeHPfTY3/qdi/EpX8cefeuwT686+/khu/HuTNH61q/ibj57oX3HqoYdz44/F/Ae6iv/k2975ky8+8cDTufFDjD/UVfzUz3LjP56k25m+Rgrhqy9cuqO+noS+9PkW8+hryStk15PMeimzXm5eL8VZhHQD5SRpLY/10vILmnJp5w9zyuNVWHVtffliXA/ZG3OXLzWlpnN/u/Ki61QAgFe6+P5/vAaN7/9PpBdK+TMNMKPbcdiPnztyxQ9GRn62NiduHIfNzOe0vse6No0fHx/nAUfeFMaml7eP1i/05/s+Qnw+ZOc543Yuen1rjMJ5zqna9mfNcxbNv6/PrMe86vPllaZxaGr2uKYSOph/X58JUzT/ntn94vezRj8+K63Rpnmr7PHrS2fM2n3eIbS2S2U6Ql7/yM6Lxc9zjKwMW2rb67B/ZD9HE49D9nM0cTvnZk6c3X6OJq9/DM9uh5a8Yv+I9eboH7WUi9+PnH38whztO3P82kfLHr95HO9qCP/pc3Flsd6f7cG8YdtTWifzhv1tthDv63zecHHfDzMvmRM/fYJ1MG/40qqWx53eecNYHvej0uF84vtyyns1nxhPFzGvk3PkcjqYTwReqeL4P75GTI//py/A/1+mXtE4JXvVGOPlfk6v3D6fonHH7M/pDXb1Or7t6J5P9o+cuij3OufhTj+nt6dlbbDgcz9F7bghs17YjjkTNEXjvex2ito9+7mMobCiq3b/wqF73nrfqruuzG33LfUX0uJ2/0zL2oqCdl/sz3O+/D9nYLzQNv4S/xxDp/NnZ+xzDOkHnxZrPPIHOeXzHY8MzrrR2K+apTsemXkh7W+dwAMAaCuO/xvvn6Xj//8VK6TXEUXj1osz6zFe7rg15/okb9z6++nylkz9ofQ3KuZ73fzuCx+8Y/mpB87PHbfc2+k49D+2rA0XjkMXNm7OHUds6c3nxXPHEY1x1sLGibn5N8aJCxun57xN2zROX9g4Ord9GuPo1nmAz5zoLH6cB8iN35gH6OE496WZSqdvnFswX5fZWFztdL7ujIyjV7bu56KMo9Nfn12scfR7c8rnO44emnWjsV81S3cc3VpuHA0AvFLF8X+8jIvj/0cz9Rb6PnvuuKBH1+3ZvwfSiP/4oowrZ+L36P3f4nHfYo9b88b1yaF2W4n3dj6uX+x5iZf7+7+LPS80XPsDnmn8TSs7jN/pPNkZe395qYyL040aFwMAsJTF8f9Aup4//l/Y+GTW+K2vfgk5Mz55+Y3Pm+udufF5r953Nz5vG7/T961z4i+d+a/F/ZzMq378H9fT1SnjfwAAlqA4/o+/9hj//t9/Sdezf7d+6Y3Tp9JL0kV6Hz1tD+N04/Qwxzj97Tm/7xHv73yc3uN5thi/+XMA5gFO7+fjB2bqmwcAAOBM6KuNlGb/nv0H0mX29+zzfi//mpz6NR38TdRKenl8/f69ExPXHtizfXz/xLW7b9o+se/am/fu3L9/Yne93kLHjbnjljTJvlBJ26N9vey4bVU6MbAq5+8hZOvHsOfVbsz+ewjZzQ4U/B2BmePXWb55x680R/12/SPveOfF/8Oc+lHj+N/wR5dcu2PftTt379y/c3xy58GJ1ujTDTE4j+/NTNL/8/q+1Mee/HfHQ6jfqn1rZkZp/t/fGQ/PPPNo+THriVSabpEk9/hP55Fk8lidZrI67/sPcvL+9n/78z++cOqXXwxh7DXl180379aQm6f+8/snfn//8e/vmc6/NGf+jZppXkXfV5qtH/enMnnTvv1v2HHTgd3Zb5TsTpzPKDXWF2k+I336lzucn9iWUz7f398vz7qxNHU8PzHtHdefvsQAAJa4+P5/vJ6N7x9+Or2AiuWdj9PrF47dvn+cO04f62ycnv1esqJxerZ+3N9Ox+nVBY7Ts9vPH6cP5NZvN07PG3fnxf+DnPrz1Xk/6eL3MeLw88uHD+T2k+uy/WSgbb3s9xkU9ZNs/fn2k2SB/SS7/aL5nHb12/WTvOOeF/89OfXzFPWHSqM/LOz3Z3L7w6c6O2/8ema9qD9k68+3P5QW2B+y2y/qD+3qt+sPecc3L/7VOfU71do/pjtGrV9MXHvzTXs/3FRvsb//Isz+SEYn+S2beezifv9Htzpv38X93NfC8w9hc60kL//F/VzZwvMvav95/P7XyjDrc2W5+T+ecwLpef6L+/0uGXnVZz/+dM3XpmeCos+fFc3jbs0pn+887rJZN5amec3jAj0Vx//x7Z44/r8rXfb6baCX//ek+R6ztvF79D1mRdcxr7rX8+xb7l7PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF7++kPor6yt3Tx+575TV5/7u9/+s4kXPvp7/7Dr9l/7yJd+OnrDb3/r/sHPv3hs+wU7fvg7Z93w4IeuPHrPXz/y/IqvvfRUYezh2s/KxelqNYTkmSSE6jdO/sXHjn3nnOmyJIRQToYPhbA6WfPI6iQTYewXIYTtMdVK651ffeHSHdPL2+/qbylflQmS3a8wVI75NOcZwi2Fe8TLUDXtZwdP3fyG8KN3bL3je+u+8nd9R54+NFMlqTb1pxBWXtf8+L4QwkD6P9SfMjVr44PT5ZYQwmDT495ckNfrO8x/Y876eelyWbocKogT71+fWS9l6mXXo77McrBgewuVl0e39Yosz6xnT0YLlZdnLF+dLr+eLi+eZ/xy/J+EUhIqjfQnk5k+EpqOWxKS2rGsNtZLjWMb0v3PrCeZ9VJmvdyX2a/adtOOVk6S1vJYL1MeT8eVtPyC5nN1G+/NKX9tuqymT9QX43rI3qgbmnWjsV81Ma+Tc+SS+g/FVbpXajoHtStvHPj0YAylZUPJmlmPmWoj3nds690bytu+eXw4J4/k/iSNn3QV/+B3Vy//4JcPH1ibF/+6Uhq/1FX8H1914tlrDn/us7nxPxXjl7uKf8lDg89c9eid63Pb52Rsn0pX8cefeuwT686+/khu/vfG+NWu4m8+eqJ/xamHHs7Nfyy2z0BX8Z982zt/8sUnHng6N36I8Qe7ir/t6J5P9o+cuig3/sOxfYa66z/PHbniByMjPxvNi/94jL+iq/hfOHTPW+9bddeVucd3S2yf4a7iv/vCB+9YfuqB8/POncm9vXrlBHh1Oiu9xvp4ut7tOHOhmsYLfzVaqV/zLU//r+jlhjKmt7NyEeMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDK9E+3XfaB97/9PVsrSQhJTp2pNuJ95WWbN492sd3xpx77xLqzrz/SXLa2izgAAABAsTgOLzVKqmFtuDkZCOe1rR/nCM6La0lreXYZ42TnCDqNEzJxSm3ilLqIU+5RPpUexenrUZxlPYrT36M41YI41dBZnIE54lSme0CH+QzOmU/ncYZ6FGd5j+Ks6FGclT2Ks6pHcYbnjNN5P1zdozhrehTnrB7FObtHcV7Tozi/0qM45/QoTnZOeb79cEVa89y8OLUb5cI4laTcuKPdfPo56XbOX+B2hubcTnVqRdHrcYfbGSjYn7id12ceVyrezqHm+tUOt/Or899O6/53uJ1fX+B2SgXbif32lmx+cTtxrcP+f2uP4hzsUZyP9CjObT2K8yfzidPmPbIY5097lM9HFxgHoFNx/D8z3hsO/ZXfDIPpGSc7CxDHu+tqP2e/3uWdkGK812XKlxXFyw7UM/HWzTe/7ARCJt76TLS+lniVxnhkjnjV5ngbMnfOtb9v29w+t+Z4F2fK++eIV5OdWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACARfRPt132gfe//T1bQxKm/7U11Ua8r7xs8+bRLrZ7bOvdG8rbvnm8uay/0kUgAAAAoFAch/c1Sqqhv7Ip9CfLWupV03mAarpeHq4vR1aGLdPLZLRUWx9MVs/5uEr6uI37d+3ZuO/Wg2/cuWv8xokbJ3a/ZdNlm64Yu/yKyzfu2Dk5MVb/GUJ/QbwQQm36Yd+tBz88Pjk5sXdfvTCb/9r0cWtrydb+1R438qYwNr28Pc1/TcH2SrO2t3g3OjqAAAAAAAAAAAAA/8Ku3YZKWpYPAL+emTkz49H9O398Gxf3OKyrWFmpHUNLPA8ECb4sHoSYY51kyZWko7vorphNupCaUgTKwrLhhzZM0qQvvqREvrBgmCV0NgmV8kN9KLQMFT+EMnHOzDNnZs6McxrEXbff78Pzct3XfV/P/Xw4cD1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgQ7TYmJ6vz8zOTSYRyZCc5gDZWL6YprUx6n7lie0/KE29c3p3rFQYYyEAAABgpKwPn+hEylEq5CMfJy7fbYyugVjp+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP89i43p+frM7NyRSUQyJKc5QDaWL6ZpbYy6r7710Gdfmpr6W3esOsY6AAAAwGhZH57rRMpRjVNiIjlxqfPvRLNvA+v75rfyVmTrbFhjXv+3g2F5p6wx77Q15n1sRN7m9vmmAAAAgI++rP8vdCKVKBXWreqHs/5/VF+f5Z3cl5dvn9f+W4HimjMBAACA95f1/6VOpBqlQrXTr6+139/Yl5fNH/V/+2z+qUPmj/p//qXts//TAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBHx2Jjer4+MzuXTyKSITnNAbKxfDFNa2PUPfvJyX9cvP/2jd2xUmGMhQAAAICRsj58pfUuR6kwGRNx5HLfP3XhvY986ZHHpiOi1eYXi3HTlh07rj+7dczyznp+/8T3n33926vyzmodD9oGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD8xiY3q+PjM7d0QSkQzJaQ6QjeWLaVobo+4rn//iXx548fHXumPVMdYBAAAARsv68JXevxzVKEYxjl++6+71l+T65g/7ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPm745s3f2LKwsPV6FwfnopmPOAQew4WL3ouD/ZcJAAD4oJ0cSTT/SydcdrCfGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQsNqbn6zOzc+UkIhmS02w2dy0dumVj+WKa1saomz7xQmndO08+3R2rjrEOAAAAMFrWh6/0/uWoxkRMxHHLd4O+CSz3/5UP8SEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQ8piY3q+PjM7ty6JSIbkNAfIxvLFNK2NUff+XXs/d9/R37uoO1YqjLEQAAAAMFLWhxc7kXKUCh+PUpzUvl/onZDk2+fB3wVW5m3vmTa55nmNrlnFyK953p19Oyu0d9OaV25H85XWuTOvtjIv155X65pXjU75Wmfe8sva3VNt3YjnHPTuAQAA4MOS9f+lTqQSpUKpq///aU9+RZ8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyx2Jier8/MziVJRDIkpzlANpYvpmltjLo3//b/j/rqz+7a2R2rjrEOAAAAMFrWh6/0/uWoxob4v9iw3PdHpTc/y/tn/d377vnXX0+POPP4A1OF/mV/lF38+pULnuo/ROR6s3MRR7frJUPq/eb399y4qfnuAxFnHpc/aVW9eP96vUumzUfrWy/d8eyB7SNeDgAAABwmsv5/ohOpRKlw3dD+P+u8R/T/HcsN+NE37vrFse1juyPvm5GrtOvlhtT7wqaH/nzquX9/fan/X13vk52rT++99r5jewq2In2StDlz7c7NB87Zl8t23aqf76ufvZcvf+u1f199093vtuqXo9yOr+97lFa11ce+8pE2F3J75i55b0+jt35hyP5v/93TL/5q/V1vL9V/6+TJTv3TYlD91s4LQ+vHEWlz8vI7dp+3d//m3voRUYv86vpvvH1RnPDHa27r3/9k38Ldb7772P8C0ubzG9/cd+691fN76ydL9btk7//nL96/+yd3f/exrH72W5HTT1lr/Vxf/efuPGbXM7detr63fq6vfrb/p654aWpb7Tt/6N//VT2rFoY+xer9P3jGw1e+vCW9pX8IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8LLYmJ6vz8zO5ZKIZEhOc4BsLF9M09oYdV+9+IU3rrjrxz/sjlXHWAcAAAAYLevDV3r/clSjGMWYXO77H61vvXTHswe2R6U1mrTPhYVtN+z4xNXbdl531UF6cgAAAGCtXr04We7/C51IJUqFTTHR7v9nrt25+cA5+3JZ/59bOicRcfU1C1vPjE7ec3ces+uZWy9b3/lOELH8s4DyUt5nVvIuvOCFypt/+vqpA/POXsl7fuOb+869t3p+lhfdeWdF5/vEg2c8fOXLW9JbOs/Xnfepr21baH+eyNadvPyO3eft3b85l33HaJ8n2+tmeQu5PXOXvLenkatEaWk8384rt/cNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKy22Jier8/MzkU+IhmS0+zWDmRj+WKa1saoe8mmX9521DuPb+iOlQpjLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsJ+/YVIVfZxAH+emdl3Z3d2dVdfaCtaVysKu1AKIuqmoiI0QujKkLA0L6IgiCjsojU0Eiu6CbJuJCqothAMcpNEizX6J910UUGBdRGItFC7SBcZO/OccfY4p9HZCqTPB4Znn+ec8z2/c55nzuwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiv9FZG6u2RHY/M3nnRrZ89df/Mk7d/8NC2K55466exTTd/urf/9ZNTm5dv+faWpZsOPLBmcvcrh38bfO+PYx2DH280K1O3GkI8EUOofjj94tNTn18wNxZDCOU4NB7CcFxyeDjmElb/HkLY3Kxz/sZ9M9dsmWu37eqdN744F5K/rlArZ/U0DM2vt9WpfBjnnWpaZ1tnH7sqfH/T+u1fLnv3nZ6J4+Ond4lz+5TTegph0cbW43tCCH3pMydbbSPZwaldF0Lobznuug51XXqW9a8q6F+c2v+lttYhJ9u+Itcv5fbL9zM9uba/w/kWqqiObvfrZCDXzz+MFqpZ56r248OpfT+1K88xv5x9YijFUGmW/2A8vUZCy7zFEOtzWW32S9ncVkK6/p6W42IIMdcv5frlntx11c+bFlo5xvnj2X658exxXEnjy1uf1W3cVTB+YWqr6Yt6MuuH/B8NtTP+aF5XXVbX9F/U8m8otTyD2o03Jz5NRi2N1eKSM4451Ua2bWr9s5eXN3x0ZKigjrg3pvzYVf7WL4YH7nl756MjRfkbSym/1FX+D2uP/nL3zldfLsx/Icsvd5V/9cH+E2s/3rGi8P5MZ/enclb5MfWzbfce++S5Zf+/b6LdXNfz92T51a7qv3HyaO/g7MFDhfWvzu5PX1f5391w249vfr3/eGF+yPL7u8rfMPnw872js1cW5h9qfBVq9RXaxfr5deLab0ZHfx4ryv8qu/+DbfJjx/w3xndf/9riXWsK1+e67P4Mpfy+c6r/jssObB+Y3X9J0bMz7vm7fjkB/puWpv+xnkn9Tu+Z+2ZKbd8zF6rlfeGlsUrjF2ggfTq9Gy7E3HkW/YP5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAAQkAAACAoP+v2xEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//2/0YpQ==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
r3 = creat(&(0x7f0000000240)='./file1\x00', 0xd)
write$P9_RUNLINKAT(r3, &(0x7f00000000c0)={0x7, 0x4d, 0x1}, 0xfff2)
fallocate(r2, 0x10, 0x2, 0x7fff)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105002, 0xdf)
r5 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x8000)
writev(r4, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x100000}], 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xbcb07b29f486204c, 0x10012, r1, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r6 = socket$inet6(0xa, 0x3, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000001b80)={'bridge0\x00', &(0x7f0000000240)=@ethtool_cmd={0x17, 0x4, 0x1, 0x4, 0x9, 0x3, 0x0, 0x5, 0x0, 0x6c, 0x4, 0x2, 0x7375, 0x10, 0x8, 0x1, [0x7, 0x3]}})
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r1)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r8, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x5}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x7}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x880}, 0x10)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
r10 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e00000001090224"], 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
ioctl$MON_IOCX_MFETCH(r10, 0xc0109207, &(0x7f0000000040)={0x0})
ioctl$VHOST_VDPA_GET_GROUP_NUM(r1, 0x8004af81, &(0x7f0000000080))
bind$netlink(r9, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000180)={{{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x1000000, 0x2}, 0x0, 0x4, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000002040), 0x0)

[   76.118222][ T4672] Bluetooth: hci0: command tx timeout
[   76.333006][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.336127][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.394101][ T5324] loop0: detected capacity change from 0 to 32768
[   76.520150][ T5324] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[   76.520166][ T5324]   allowing incompatible features above 0.0: (unknown version)
[   76.520174][ T5324]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   76.539922][ T5324] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[   76.543776][ T5324] bcachefs (loop0): initializing new filesystem
[   76.556840][ T5324] bcachefs (loop0): going read-write
[   76.565952][ T5324] bcachefs (loop0): marking superblocks
[   76.582535][ T5324] bcachefs (loop0): initializing freespace
[   76.590695][ T5324] bcachefs (loop0): done initializing freespace
[   76.600838][ T5324] bcachefs (loop0): reading snapshots table
[   76.604135][ T5324] bcachefs (loop0): reading snapshots done
[   76.622817][ T5324] bcachefs (loop0):  loop0: Superblock write was silently dropped! (seq 0 expected 42)
[   76.629241][ T5324] bcachefs (loop0): done starting filesystem
[   76.670608][   T25] audit: type=1800 audit(1751266354.437:2): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=4098 res=0 errno=0
[   76.743550][   T25] audit: type=1800 audit(1751266354.517:3): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=4098 res=0 errno=0
[   76.782635][ T5324] bcachefs (loop0 inum 4098 offset 0): data write error: I/O
[   76.789581][ T4737] bcachefs (loop0): btree write error: I/O
[   76.789581][ T4737]   dirents level 0/0
[   76.789581][ T4737] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ad48e3ec84c05579 written 8 min_key POS_MIN durability: 1 ptr: 0:42:128 gen 0
[   76.800560][ T4737] bcachefs (loop0): btree_node_write_work(): fatal error writing btree node: btree_node_write_all_failed
[   76.800560][ T4737]   dirents level 0/0
[   76.800560][ T4737] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ad48e3ec84c05579 written 8 min_key POS_MIN durability: 1 ptr: 0:42:128 gen 0
[   76.815253][ T4672] bcachefs (loop0): error writing journal entry 3: I/O
[   76.819676][  T793] bcachefs (loop0): going read-only
[   76.823151][ T4737] bcachefs (loop0): fatal error - emergency read only
[   76.829404][  T793] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3
[   76.833409][  T793] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3
[   76.840581][ T5324] ==================================================================
[   76.844196][ T5324] BUG: KASAN: slab-use-after-free in __bch2_write+0x38f8/0x3900
[   76.847428][ T5324] Read of size 2 at addr ffff88805312583c by task syz.0.0/5324
[   76.850624][ T5324] 
[   76.851754][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[   76.851770][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.851778][ T5324] Call Trace:
[   76.851785][ T5324]  <TASK>
[   76.851791][ T5324]  dump_stack_lvl+0x189/0x250
[   76.851820][ T5324]  ? __virt_addr_valid+0x1c8/0x5c0
[   76.851833][ T5324]  ? rcu_is_watching+0x15/0xb0
[   76.851850][ T5324]  ? __kasan_check_byte+0x12/0x40
[   76.851858][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.851867][ T5324]  ? rcu_is_watching+0x15/0xb0
[   76.851876][ T5324]  ? lock_release+0x4b/0x3e0
[   76.851885][ T5324]  ? __virt_addr_valid+0x1c8/0x5c0
[   76.851891][ T5324]  ? __virt_addr_valid+0x4a5/0x5c0
[   76.851897][ T5324]  print_report+0xd2/0x2b0
[   76.851906][ T5324]  ? __bch2_write+0x38f8/0x3900
[   76.851913][ T5324]  kasan_report+0x118/0x150
[   76.851923][ T5324]  ? __bch2_write+0x38f8/0x3900
[   76.851934][ T5324]  __bch2_write+0x38f8/0x3900
[   76.851945][ T5324]  ? __lock_acquire+0xab9/0xd20
[   76.851961][ T5324]  ? css_rstat_updated+0x1a5/0xca0
[   76.851980][ T5324]  ? __pfx_css_rstat_updated+0x10/0x10
[   76.851998][ T5324]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[   76.852012][ T5324]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[   76.852023][ T5324]  ? __folio_start_writeback+0x899/0xbf0
[   76.852035][ T5324]  ? __pfx___bch2_write+0x10/0x10
[   76.852050][ T5324]  ? __folio_start_writeback+0x99a/0xbf0
[   76.852065][ T5324]  ? enumerated_ref_tryget+0x105/0x170
[   76.852078][ T5324]  ? bch2_write+0x719/0x10f0
[   76.852091][ T5324]  __bch2_writepage+0x1536/0x2790
[   76.852117][ T5324]  ? __pfx___bch2_writepage+0x10/0x10
[   76.852128][ T5324]  write_cache_pages+0x64/0x100
[   76.852144][ T5324]  bch2_writepages+0xf9/0x2d0
[   76.852156][ T5324]  ? __pfx_bch2_writepages+0x10/0x10
[   76.852166][ T5324]  do_writepages+0x32e/0x550
[   76.852182][ T5324]  ? do_raw_spin_unlock+0x4d/0x240
[   76.852195][ T5324]  filemap_write_and_wait_range+0x217/0x310
[   76.852207][ T5324]  ? __pfx_filemap_write_and_wait_range+0x10/0x10
[   76.852217][ T5324]  ? rcu_is_watching+0x15/0xb0
[   76.852240][ T5324]  bch2_write_invalidate_inode_pages_range+0x7c/0x110
[   76.852254][ T5324]  bch2_direct_write+0x2a62/0x2ce0
[   76.852271][ T5324]  ? save_fpregs_to_fpstate+0xa3/0x210
[   76.852284][ T5324]  ? __switch_to+0xd74/0x1600
[   76.852296][ T5324]  ? __lock_acquire+0xab9/0xd20
[   76.852310][ T5324]  ? finish_task_switch+0x18b/0x950
[   76.852325][ T5324]  ? finish_task_switch+0x266/0x950
[   76.852337][ T5324]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.852406][ T5324]  ? __pfx_bch2_direct_write+0x10/0x10
[   76.852418][ T5324]  ? rcu_is_watching+0x15/0xb0
[   76.852434][ T5324]  ? trace_sched_exit_tp+0x38/0x120
[   76.852445][ T5324]  ? __schedule+0x1713/0x4d00
[   76.852458][ T5324]  ? kvm_sched_clock_read+0x11/0x20
[   76.852473][ T5324]  ? sched_clock+0x3f/0x60
[   76.852486][ T5324]  bch2_write_iter+0x18f/0x2b90
[   76.852499][ T5324]  ? __lock_acquire+0xab9/0xd20
[   76.852516][ T5324]  ? aa_file_perm+0x11f/0xed0
[   76.852529][ T5324]  ? aa_file_perm+0x11f/0xed0
[   76.852541][ T5324]  ? aa_file_perm+0x3e7/0xed0
[   76.852552][ T5324]  ? __pfx_bch2_write_iter+0x10/0x10
[   76.852563][ T5324]  ? preempt_schedule_common+0x83/0xd0
[   76.852581][ T5324]  do_iter_readv_writev+0x56b/0x7f0
[   76.852592][ T5324]  ? __pfx_do_iter_readv_writev+0x10/0x10
[   76.852602][ T5324]  ? rcu_read_lock_any_held+0xb3/0x120
[   76.852615][ T5324]  vfs_writev+0x31a/0x960
[   76.852627][ T5324]  ? __lock_acquire+0xab9/0xd20
[   76.852639][ T5324]  ? __pfx_vfs_writev+0x10/0x10
[   76.852653][ T5324]  ? __fget_files+0x2a/0x420
[   76.852665][ T5324]  ? __fget_files+0x3a0/0x420
[   76.852674][ T5324]  ? __fget_files+0x2a/0x420
[   76.852685][ T5324]  do_writev+0x14d/0x2d0
[   76.852696][ T5324]  ? __pfx_do_writev+0x10/0x10
[   76.852706][ T5324]  ? rcu_is_watching+0x15/0xb0
[   76.852721][ T5324]  ? do_syscall_64+0xbe/0x3b0
[   76.852736][ T5324]  do_syscall_64+0xfa/0x3b0
[   76.852748][ T5324]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.852761][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.852772][ T5324]  ? clear_bhb_loop+0x60/0xb0
[   76.852783][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.852793][ T5324] RIP: 0033:0x7f892918e929
[   76.852813][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.852822][ T5324] RSP: 002b:00007f892a092038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   76.852836][ T5324] RAX: ffffffffffffffda RBX: 00007f89293b5fa0 RCX: 00007f892918e929
[   76.852844][ T5324] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000008
[   76.852852][ T5324] RBP: 00007f8929210b39 R08: 0000000000000000 R09: 0000000000000000
[   76.852858][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.852865][ T5324] R13: 0000000000000000 R14: 00007f89293b5fa0 R15: 00007ffd345de858
[   76.852875][ T5324]  </TASK>
[   76.852879][ T5324] 
[   77.071962][ T5324] Allocated by task 5324:
[   77.074191][ T5324]  kasan_save_track+0x3e/0x80
[   77.076435][ T5324]  __kasan_slab_alloc+0x6c/0x80
[   77.078683][ T5324]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[   77.081144][ T5324]  mempool_alloc_noprof+0x1a7/0x510
[   77.083485][ T5324]  bio_alloc_bioset+0x241/0x1110
[   77.085732][ T5324]  __bch2_writepage+0x1581/0x2790
[   77.087980][ T5324]  write_cache_pages+0x64/0x100
[   77.090468][ T5324]  bch2_writepages+0xf9/0x2d0
[   77.092641][ T5324]  do_writepages+0x32e/0x550
[   77.095097][ T5324]  filemap_write_and_wait_range+0x217/0x310
[   77.097842][ T5324]  bch2_write_invalidate_inode_pages_range+0x7c/0x110
[   77.100772][ T5324]  bch2_direct_write+0x2a62/0x2ce0
[   77.102992][ T5324]  bch2_write_iter+0x18f/0x2b90
[   77.105262][ T5324]  do_iter_readv_writev+0x56b/0x7f0
[   77.107801][ T5324]  vfs_writev+0x31a/0x960
[   77.109948][ T5324]  do_writev+0x14d/0x2d0
[   77.112353][ T5324]  do_syscall_64+0xfa/0x3b0
[   77.114683][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.117505][ T5324] 
[   77.118587][ T5324] Freed by task 4672:
[   77.120306][ T5324]  kasan_save_track+0x3e/0x80
[   77.122194][ T5324]  kasan_save_free_info+0x46/0x50
[   77.124172][ T5324]  __kasan_slab_free+0x62/0x70
[   77.126261][ T5324]  slab_free_after_rcu_debug+0x129/0x2a0
[   77.128472][ T5324]  rcu_core+0xca5/0x1710
[   77.130347][ T5324]  handle_softirqs+0x286/0x870
[   77.132592][ T5324]  __irq_exit_rcu+0xca/0x1f0
[   77.134727][ T5324]  irq_exit_rcu+0x9/0x30
[   77.136677][ T5324]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   77.139267][ T5324]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   77.142315][ T5324] 
[   77.143580][ T5324] Last potentially related work creation:
[   77.146528][ T5324]  kasan_save_stack+0x3e/0x60
[   77.148989][ T5324]  kasan_record_aux_stack+0xbd/0xd0
[   77.151369][ T5324]  kmem_cache_free+0x2f6/0x400
[   77.153590][ T5324]  process_scheduled_works+0xade/0x17b0
[   77.156238][ T5324]  worker_thread+0x8a0/0xda0
[   77.158298][ T5324]  kthread+0x70e/0x8a0
[   77.160224][ T5324]  ret_from_fork+0x3fc/0x770
[   77.162383][ T5324]  ret_from_fork_asm+0x1a/0x30
[   77.164638][ T5324] 
[   77.165758][ T5324] Second to last potentially related work creation:
[   77.169458][ T5324]  kasan_save_stack+0x3e/0x60
[   77.171781][ T5324]  kasan_record_aux_stack+0xbd/0xd0
[   77.174390][ T5324]  insert_work+0x3d/0x330
[   77.176462][ T5324]  __queue_work+0xcfc/0xfe0
[   77.178769][ T5324]  queue_work_on+0x181/0x270
[   77.181253][ T5324]  closure_put_after_sub+0x2ac/0x320
[   77.183896][ T5324]  bch2_nocow_write+0x3ab2/0x3e90
[   77.186164][ T5324]  __bch2_write+0x371c/0x3900
[   77.188342][ T5324]  __bch2_writepage+0x1536/0x2790
[   77.190671][ T5324]  write_cache_pages+0x64/0x100
[   77.192965][ T5324]  bch2_writepages+0xf9/0x2d0
[   77.195151][ T5324]  do_writepages+0x32e/0x550
[   77.197496][ T5324]  filemap_write_and_wait_range+0x217/0x310
[   77.200456][ T5324]  bch2_write_invalidate_inode_pages_range+0x7c/0x110
[   77.203667][ T5324]  bch2_direct_write+0x2a62/0x2ce0
[   77.206054][ T5324]  bch2_write_iter+0x18f/0x2b90
[   77.208290][ T5324]  do_iter_readv_writev+0x56b/0x7f0
[   77.210686][ T5324]  vfs_writev+0x31a/0x960
[   77.212667][ T5324]  do_writev+0x14d/0x2d0
[   77.214781][ T5324]  do_syscall_64+0xfa/0x3b0
[   77.217100][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.220145][ T5324] 
[   77.221360][ T5324] The buggy address belongs to the object at ffff8880531257c0
[   77.221360][ T5324]  which belongs to the cache bio-1072 of size 1072
[   77.227726][ T5324] The buggy address is located 124 bytes inside of
[   77.227726][ T5324]  freed 1072-byte region [ffff8880531257c0, ffff888053125bf0)
[   77.234710][ T5324] 
[   77.236050][ T5324] The buggy address belongs to the physical page:
[   77.239307][ T5324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x53124
[   77.243812][ T5324] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   77.248632][ T5324] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   77.252680][ T5324] page_type: f5(slab)
[   77.254916][ T5324] raw: 04fff00000000040 ffff88805300b500 dead000000000122 0000000000000000
[   77.259103][ T5324] raw: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000
[   77.262649][ T5324] head: 04fff00000000040 ffff88805300b500 dead000000000122 0000000000000000
[   77.266401][ T5324] head: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000
[   77.270270][ T5324] head: 04fff00000000002 ffffea00014c4901 00000000ffffffff 00000000ffffffff
[   77.274439][ T5324] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   77.278554][ T5324] page dumped because: kasan: bad access detected
[   77.281389][ T5324] page_owner tracks the page as allocated
[   77.283999][ T5324] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5324, tgid 5323 (syz.0.0), ts 76472236277, free_ts 76452894646
[   77.293237][ T5324]  post_alloc_hook+0x240/0x2a0
[   77.295642][ T5324]  get_page_from_freelist+0x21e4/0x22c0
[   77.298244][ T5324]  __alloc_frozen_pages_noprof+0x181/0x370
[   77.300773][ T5324]  alloc_pages_mpol+0x232/0x4a0
[   77.303004][ T5324]  allocate_slab+0x8a/0x3b0
[   77.305162][ T5324]  ___slab_alloc+0xbfc/0x1480
[   77.307464][ T5324]  kmem_cache_alloc_noprof+0x283/0x3c0
[   77.309858][ T5324]  mempool_init_node+0x1e2/0x4d0
[   77.312552][ T5324]  mempool_init_noprof+0x3a/0x50
[   77.315646][ T5324]  bioset_init+0x2eb/0x790
[   77.318223][ T5324]  bch2_fs_fs_io_buffered_init+0x2b/0x50
[   77.320838][ T5324]  bch2_fs_init_rw+0x246/0x2d0
[   77.322837][ T5324]  bch2_fs_open+0x2338/0x25a0
[   77.325343][ T5324]  bch2_fs_get_tree+0x431/0x14f0
[   77.327479][ T5324]  vfs_get_tree+0x92/0x2b0
[   77.329509][ T5324]  do_new_mount+0x24a/0xa40
[   77.331683][ T5324] page last free pid 5324 tgid 5323 stack trace:
[   77.334434][ T5324]  __free_frozen_pages+0xc71/0xe70
[   77.336685][ T5324]  stack_depot_save_flags+0x445/0x900
[   77.338975][ T5324]  kasan_save_track+0x4f/0x80
[   77.341285][ T5324]  __kasan_kmalloc+0x93/0xb0
[   77.343549][ T5324]  __kmalloc_node_noprof+0x276/0x4e0
[   77.346100][ T5324]  __vmalloc_node_range_noprof+0x5a9/0x12f0
[   77.348607][ T5324]  __vmalloc_node_range_noprof+0x56a/0x12f0
[   77.351120][ T5324]  __kvmalloc_node_noprof+0x3b8/0x5f0
[   77.353498][ T5324]  __bch2_darray_resize_noprof+0xd7/0x290
[   77.356001][ T5324]  bch2_fs_btree_write_buffer_init+0x16e/0x1f0
[   77.358770][ T5324]  bch2_fs_init_rw+0x226/0x2d0
[   77.361135][ T5324]  bch2_fs_open+0x2338/0x25a0
[   77.363428][ T5324]  bch2_fs_get_tree+0x431/0x14f0
[   77.365979][ T5324]  vfs_get_tree+0x92/0x2b0
[   77.368357][ T5324]  do_new_mount+0x24a/0xa40
[   77.370597][ T5324]  __se_sys_mount+0x317/0x410
[   77.372845][ T5324] 
[   77.373978][ T5324] Memory state around the buggy address:
[   77.376501][ T5324]  ffff888053125700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[   77.380392][ T5324]  ffff888053125780: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   77.384217][ T5324] >ffff888053125800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.387679][ T5324]                                         ^
[   77.390302][ T5324]  ffff888053125880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.393863][ T5324]  ffff888053125900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.397562][ T5324] ==================================================================
[   77.405574][  T793] bcachefs (loop0): unclean shutdown complete, journal seq 3
[   77.528581][ T5324] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   77.531745][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[   77.535856][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.540568][ T5324] Call Trace:
[   77.542186][ T5324]  <TASK>
[   77.543673][ T5324]  dump_stack_lvl+0x99/0x250
[   77.545946][ T5324]  ? __asan_memcpy+0x40/0x70
[   77.548106][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.550304][ T5324]  ? __pfx__printk+0x10/0x10
[   77.552288][ T5324]  panic+0x2db/0x790
[   77.553964][ T5324]  ? __pfx_panic+0x10/0x10
[   77.556030][ T5324]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   77.558858][ T5324]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   77.561969][ T5324]  ? print_memory_metadata+0x314/0x400
[   77.564411][ T5324]  ? __bch2_write+0x38f8/0x3900
[   77.566637][ T5324]  check_panic_on_warn+0x89/0xb0
[   77.568918][ T5324]  ? __bch2_write+0x38f8/0x3900
[   77.571112][ T5324]  end_report+0x78/0x160
[   77.573164][ T5324]  kasan_report+0x129/0x150
[   77.575277][ T5324]  ? __bch2_write+0x38f8/0x3900
[   77.577703][ T5324]  __bch2_write+0x38f8/0x3900
[   77.580036][ T5324]  ? __lock_acquire+0xab9/0xd20
[   77.582272][ T5324]  ? css_rstat_updated+0x1a5/0xca0
[   77.584574][ T5324]  ? __pfx_css_rstat_updated+0x10/0x10
[   77.587010][ T5324]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[   77.590479][ T5324]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[   77.592978][ T5324]  ? __folio_start_writeback+0x899/0xbf0
[   77.595457][ T5324]  ? __pfx___bch2_write+0x10/0x10
[   77.597819][ T5324]  ? __folio_start_writeback+0x99a/0xbf0
[   77.600533][ T5324]  ? enumerated_ref_tryget+0x105/0x170
[   77.603061][ T5324]  ? bch2_write+0x719/0x10f0
[   77.605134][ T5324]  __bch2_writepage+0x1536/0x2790
[   77.607433][ T5324]  ? __pfx___bch2_writepage+0x10/0x10
[   77.609915][ T5324]  write_cache_pages+0x64/0x100
[   77.612324][ T5324]  bch2_writepages+0xf9/0x2d0
[   77.614570][ T5324]  ? __pfx_bch2_writepages+0x10/0x10
[   77.616950][ T5324]  do_writepages+0x32e/0x550
[   77.618959][ T5324]  ? do_raw_spin_unlock+0x4d/0x240
[   77.621339][ T5324]  filemap_write_and_wait_range+0x217/0x310
[   77.623892][ T5324]  ? __pfx_filemap_write_and_wait_range+0x10/0x10
[   77.626899][ T5324]  ? rcu_is_watching+0x15/0xb0
[   77.629070][ T5324]  bch2_write_invalidate_inode_pages_range+0x7c/0x110
[   77.631971][ T5324]  bch2_direct_write+0x2a62/0x2ce0
[   77.634332][ T5324]  ? save_fpregs_to_fpstate+0xa3/0x210
[   77.636782][ T5324]  ? __switch_to+0xd74/0x1600
[   77.638878][ T5324]  ? __lock_acquire+0xab9/0xd20
[   77.641048][ T5324]  ? finish_task_switch+0x18b/0x950
[   77.643324][ T5324]  ? finish_task_switch+0x266/0x950
[   77.645631][ T5324]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.647924][ T5324]  ? __pfx_bch2_direct_write+0x10/0x10
[   77.650335][ T5324]  ? rcu_is_watching+0x15/0xb0
[   77.652632][ T5324]  ? trace_sched_exit_tp+0x38/0x120
[   77.655191][ T5324]  ? __schedule+0x1713/0x4d00
[   77.657433][ T5324]  ? kvm_sched_clock_read+0x11/0x20
[   77.659754][ T5324]  ? sched_clock+0x3f/0x60
[   77.661753][ T5324]  bch2_write_iter+0x18f/0x2b90
[   77.663951][ T5324]  ? __lock_acquire+0xab9/0xd20
[   77.666095][ T5324]  ? aa_file_perm+0x11f/0xed0
[   77.668393][ T5324]  ? aa_file_perm+0x11f/0xed0
[   77.670697][ T5324]  ? aa_file_perm+0x3e7/0xed0
[   77.673007][ T5324]  ? __pfx_bch2_write_iter+0x10/0x10
[   77.675337][ T5324]  ? preempt_schedule_common+0x83/0xd0
[   77.677668][ T5324]  do_iter_readv_writev+0x56b/0x7f0
[   77.679873][ T5324]  ? __pfx_do_iter_readv_writev+0x10/0x10
[   77.682346][ T5324]  ? rcu_read_lock_any_held+0xb3/0x120
[   77.684707][ T5324]  vfs_writev+0x31a/0x960
[   77.686640][ T5324]  ? __lock_acquire+0xab9/0xd20
[   77.688868][ T5324]  ? __pfx_vfs_writev+0x10/0x10
[   77.691126][ T5324]  ? __fget_files+0x2a/0x420
[   77.693231][ T5324]  ? __fget_files+0x3a0/0x420
[   77.695539][ T5324]  ? __fget_files+0x2a/0x420
[   77.697778][ T5324]  do_writev+0x14d/0x2d0
[   77.699841][ T5324]  ? __pfx_do_writev+0x10/0x10
[   77.701769][ T5324]  ? rcu_is_watching+0x15/0xb0
[   77.703903][ T5324]  ? do_syscall_64+0xbe/0x3b0
[   77.706145][ T5324]  do_syscall_64+0xfa/0x3b0
[   77.708474][ T5324]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.711118][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.713961][ T5324]  ? clear_bhb_loop+0x60/0xb0
[   77.716139][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.718739][ T5324] RIP: 0033:0x7f892918e929
[   77.720948][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.729669][ T5324] RSP: 002b:00007f892a092038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   77.733605][ T5324] RAX: ffffffffffffffda RBX: 00007f89293b5fa0 RCX: 00007f892918e929
[   77.737248][ T5324] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000008
[   77.740791][ T5324] RBP: 00007f8929210b39 R08: 0000000000000000 R09: 0000000000000000
[   77.744496][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.748134][ T5324] R13: 0000000000000000 R14: 00007f89293b5fa0 R15: 00007ffd345de858
[   77.751741][ T5324]  </TASK>
[   77.753558][ T5324] Kernel Offset: disabled
[   77.755661][ T5324] Rebooting in 86400 seconds..