program:
r0 = syz_open_procfs(0x0, &(0x7f0000002400)='net/vlan/vlan0\x00')
read$FUSE(r0, &(0x7f0000000340)={0x2020}, 0xcb0a)
r1 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r1, 0x84, 0x9, &(0x7f0000000380), 0x98)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x84010, &(0x7f0000000340)={[{@default_permissions}, {@default_permissions}, {@nfs_export_on}, {@redirect_dir_on}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_auto}, {@redirect_dir_nofollow}]})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r2)
syz_usb_connect$cdc_ncm(0x2, 0x74, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000020000082505a1a44000010203010902"], 0x0)
ioctl$EVIOCRMFF(r2, 0x83c0550b, &(0x7f0000000500))
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r6, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000000)={0xe, 0x1, 0x1, 0x0, 0x3})
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))
syz_open_dev$vim2m(&(0x7f00000000c0), 0xa, 0x2)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r9, &(0x7f0000000180)=ANY=[], 0xff2e)
r10 = syz_open_pts(r9, 0x0)
r11 = dup3(r10, r9, 0x0)
ioctl$TIOCSTI(r11, 0x5412, &(0x7f0000000000)=0x11)
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x818001, &(0x7f0000000200)=ANY=[@ANYBLOB="e94273f3b11edf652f74c5b973686172645f696e6f64655fedaa6d626572712c6e6f636f772c6572726f72733d636f6e74696e75652c696e6c696e655f646174612c6469726563745f696f2c6e6f6368616e6765732c70726a71756f74612c7265636f766572795f706173735f6c6173743d64656c6574655f646561645f696e6f6465732c6a6975722e616c5f7472616e73616374696f6e5f6e61191aedd57065726d69745f646972656374696f2c1001baae1a05981f003d2debff7db12bd6823330f905928781b3f72579d4070dd6ed502cc48ec4f6fc2b155575aa28fca37d611645217caf9f94b415b3a4fdbd83875d96d7a637ccd050b6278b4d8d8ecccbc72af0f4501d127dbcc699086abc688df2bcc2b8d795f45f1da04516a3e726"], 0x1, 0x5968, &(0x7f000000b5c0)="$eJzs3X+QXFW9IPBzu3synZn8mAR4RJDJEMh7PHiaCT9SKK+eeW/f01fAo2LxykfYKAxkwosmIZUEIQEluOBCARZaWor6B1pILRotqmCVSIn82IRVlGJ1qS2kVnfRrXILWVICWcpyna2ZvqfTc6fv3J7unpDA51Mwt8/p29/zveee7rnndE86AAAA8Law/5btBy864R9+/KnR12/8x+9vvin0lyfqq3GHgXR73ZuVIYdTb2XJxDY7Lv7i+m/+ZujKv/vRA33feGPf+pM3/OLvj7nykY+ev/furzz+2vyH/vRiUdw4nk4/VE5eTkKo/uDAFz697+njx+uSEEI5GdgdwqJk8eOLkkyI4T+EENanhXJl8p0Pvn7WhvHtTbf3TqpfmAlivL+9VdNxtuvgtWeEX/7t2pt/uvQ73+7Z89LuQ7sk1YbxFMKCyxsf35P+Pzctx9G2JD443a4JIfQ1PO7cgrxOaTH/FTnlE9PtnHTbXxAn3r8sUy5l9suWo57Mtq+gvU7l5dHufkXmZcrZF6NO5eUZ6xel2++l29NnGL8c/09CKQmVevqbkkNjJDSctyQkE+eyWi+X6uc2pMefKSeZcilTLvdkjmui3XSglZNkcn3cL1MfX44raf3Jja/VTVycU/+OdFtNn6hvxHLI3qjpn3KjflwTYl4HpsnlcCg1vAY1q6+Ps/Rk9Kd1/cniKY8ZayLet2/tHcvL657YP5CTR/JAksZPJvpopvF3/WTRvI9867Zr8s5tcnkpjV9qK/6vLnjmlUtv+/qXl+TFvyvGL7cV/8xH+16+4MlbluX1Tzyu/lBpK/7Ii0/dufTYK/bk5n9P7P9qW+d39d5neucffPSx3PM7HPtnblv5v3De+399/3MPv5QbP8T4fW3FX7d362d6Bw+elhv/sdg//e2Nn1f3rHp+cPC3Q3nxn43x57cV/77dd7/33oW3n597ftfE/hloK/6Fpz5y87yDD5+U+/y6p1u/OQHeno5Jr7FuTcvTzTN7p5lndqphvvCloUrtunVe+v/8bjaUufgcb2dBN+MDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAjhuDP+8wf+54cGXq6k5d70xgul2jbWzwkhmRtC2L5jZNuOjVuuGvro1dds2zKyaWhkx9Dolh3bdg6d/VdD20a3bhrZOX7v8LvOqj1ucUhq2+SkKW33jo2NlQYm18X2/s2pe365/Nz//bsQho/7+WAlN/8Vd2++99gmPzOS1WPv23zNRT8/52vpcQ2keQ00yWtsbGws5OT1fy75472fO/Cb00IY/rPp8nrqhb/54aSEJioOxUmVekMtod6kr2ke9azTfGJ/VTZs3DQ6PH3/jj++nHMc//b6l/6w4brP/rHWv9Xc42ixf+euHttU+uLaC//fF2+oVRTlVT+OTF6zfd6L+jseRcwv9l817e8F6XEtyDmuSk5/3/LTx577wQm3vbY7DFdeXTq17aLj6kkHQE/yjpbajS30JYsm1VfT/eMZj49bsWPz1hXbd+5618bNI1eNXjW65T0rz165avicVeesmDjyFV0+/tj+n7d4/K2Op2y7MxtPCz+++3vxZ2vjqSivov4Yz6u4PxozyuQ1f+Ln3NVjfRd/+vPvufvJi2rVReM87l1/HqbbvvHzvDI0jLepfdXsuIr6IYQw1KwfXnnt/HD8f9t4c9HrUOOZafyZkawee3rZ77927leX/HWt4rC8zjcm1ObrfD3rQ/lM9Fc1PR9jR2j/9oZyelz9TfNa+fSTPXfs/90n6vnNmROuG9mxY9vK2s95aabzkhOb5pWtjce1dOJnOaTdEurDtMl4HdcTavllXz/j7tle7U/v608WNz2urHjfvrV3LC+ve2J/Xk8nD9RanBufuMk7c/bclHlguZ5ws/aP1Odf0fgY/MBXH/rQQ989e8r4OLP2s+i4kpzj+s5z933+G5/999/t3nF94G+eGfj9f//X5bWKo+V1pZ51mk/S+LpyZghFz7+loflx5D7/Ss2Pp+j5l23n0P7N4w1lyv2hXPx8rYYpz9czH+17+YInb1mW+3w90Orz9YZJpXLB8/VIGT/Z51dSmZzH7D2/Jg2UZPXYj249ZvfjN645oVZRNK7rezcb12e1MP/IOa4fXvr84NVD/+6/du9145t/9eBlvxhZ/claRfvnPebSnfNeTfu3mtO/9azjvLOxf9995dWb1tfq3/Tr35om17/ptmD+E19Ktu/c9bGRTZtGt21v7bha/X0a28n2cru/T+Or2+KC4ypNOa7Zu9FKf7X6fIv5r2+7vyY/3/pD0tZ13K6fLJr3kW/dds3AlEelDV1eSuOX2or/qwueeeXS277+5dz4d8X4lbbij7z41J1Lj71iT278e5I0frWt+Kv3PtM7/+Cjj+XGH475z20r/gvnvf/X9z/38Eu58UOM399e/7+6Z9Xzg4O/zY3/bJK2M36NFMKDr5+1oVZOQk/6fIt59EzKK2TLSaZcypTLjeVSba213kA5SSbXx/3S+pMbcmnmX3Lq41VYdUlt+0Ysh+yN6euPNKWG1/5m9UXXqQAAb3Xx/f94DRrf/x9NL5TyVxrgkE7nYUty4sZ52KH1nDmT7l+Sxo+Pj+uAg+8Ow+Pbm4ZqF/ozfR8hPh+y65yxndNOmRxjJuucpXBonbNo/X1Zphzzqq2XVxrmoamp85pKaGH9fWo706+/Zw6/eH186NYpaQ01rFtlz19PumLW7PMOmXwr4xHyxkd2XSx+nmNwQVgz0V6L4yP7OZp4HrKfo4ntnJB54Wz3czSdjo+Y9jTjYyLl4vc3pp6/ME3/Hjp/zaNlz98Mznd1fP/Zfn+2C+uGTV/SDt+6YQvvhzWJ3+r7YfV1ydVT95ku/ttlXfJIXzeM9fE4Ki2uJ34op76V9cTGdbm89cT4chHzOjBNLoeD9UTgrSrO/+PviPH5//gF+P/N7Fd0HZq9aozxcj8nVG6eT9G8Y+rn9Pra+j2+bu/Wz/QOHjwt9zrnsVY/97N1Uqmv4HM/Rf24PFMu7MecBZqi+V62naJ+z34uoz/Mb6vf79t993vvXXj7+bn9vqb2i7S43z8/qTS/oN+PgvlC8/hvtfmCzzFMjt+lzzEUrZ+9afOR9INPszUf+eec+pl+vqFvyo36cU046uYjPYc3LwDg6BHn//X3z9L5//+IO6TXEUXz1tMz5Rgvd96ac32SN2/9p3R7XWb//vQvKmZ63XzhqY/cPO/gwyflzlvuaXUe+h8mlQYK56GdzZtz5xFruvN58dx5RH2e1dk8MTf/+jyxs3l6bvz6PL2zeXRu/9Tn0Z2tA+TGr68DHO3z3IL1ukxjsdjqet1bdh6d/vnsbM2jL86pn+k8un/KjfpxTTCPBgB4c8X5f7yMi/P/JzP7dfo+e+68oEvX7dl/D6Qe/9nDNa+c7XnfbM9bZ3teP9vrEkf7vHi214Vmd53sbT8vTht9+82L5x623AAA6Fyc/8eruPz5f2fzk2bzt55J8xPz86bxzc+PkPn50b7+Zf7vffFi3hcHAHhri/P/+GeP8d//+09pOfvv1pun58Q3TzdPn278vLpn1f0DrczTu7/OFnwO4M1dB2h4i9w6AAAAb4aeiZnS1L+z/3C6zf6dfd7f5V+as3+rKunl8RU7to2OXnbN1vUjO0Yv23L1+tHtl127beOOHaNbavt1Om/Mnbek88aeUEn7o/l+2XnbwvTfQ1iY8+8hZPePYU+cuDH130PINju34N8ROHT+Wss37/yVptm/2fjIO9958f8lZ/+ofv6v/NczL9uw/bKNWzbu2DiyaeOu0cn7jc9a+2bwvZmxW2b0famZH1OUZv79nd3JozQlj560P/K+nz3J5LEozWRR3vcf5OT94//yuY+fOvbH+0MYPq78zo76L1k99h8vGf2nHft/vnU8/7nT5l/fM82r6PtKs/vH46lsunr7jjM2XH3Nluw3SrYnrmeU6uVZWs9In/7lFtcn1uXUz/RzCuUpN45MLa9PAAAwSXz/P17PxvcPP5teQMX61ufpnb1/nDtPH548T8/7q9Ps95IVzdOz+8fjbXWeXu1wnp5tv2ie3mz/ZvP0vHl3Xvx/ztl/plofJ519ziN3nFze2npO9vsMisZJdv+ZjpOkw3GSbb9onDTbv9k4yTvvefE/mLN/ntbHQ2efy8kdD3e1Nh7+MlMuGg/Z/Wc6Hkodjods+0Xjodn+zcZD3vnNi39Rzv6tmjw+xgfGxLgYvezaq7d9rGG/2f7+i87zm93v/2hX6/nP7ue+Zj//2f1c2ezn39nff+Xm/2xnK2Gt5z+73+/SrsO2Xpt+2Kzo82dF67hrc+pnuo47Z8qNI5N1XHjzxPl/fLsnzv9vT7fdfhvo6P+eNN9j1jR+l77HrOg6xu/zaRo7Avh9DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCa3sqSie3+W7YfvOiEf/jxp0Zfv/Efv7/5pr+4/pu/Gbry7370QN833ti3/uQNv/j7Y6585KPn7737K4+/Nv+hP71YGHhg4mfl9LRYDSF5OQmh+oMDX/j0vqePH69LQgjlZGB3CIuSxY8vSjIRhv8QQlhfz3PynQ++ftaG8e1Nt/dOql+YCZI9rtBfjvk05hnCdYVHxFGomo6zXQevPSP88m/X3vzTpd/5ds+el3Yf2iWpNoynEBZc3vj4nhDC3PT/cXG0LYkPTrdrQgh9DY87tyCvU1rMf0VO+cR0Oyfd9hfEifcvy5RLmf2y5agns+0raK9TeXm0u1+ReZly9sWoU3l5xvpF6fZ76fb0GcYvx/+TUEpCpZ7+puTQGAkN5y0JycS5rNbLpfq5DenxZ8pJplzKlMs9meOaaDcdaOUkmVwf98vUx5fjSlp/cuNrdRMX59S/I91W0yfqG7Ecsjdq+qfcqB/XhJjXgWlyORxKDa9BzerrJz49Gf1pXX+yeMpjxpqI9+1be8fy8ron9g/k5JE8kKTxk7bi7/rJonkf+dZt1yzJi395KY1faiv+ry545pVLb/v6l3Pj3xXjl9uKf+ajfS9f8OQty3L750Dsn0pb8UdefOrOpcdesSc3/3ti/Gpb8VfvfaZ3/sFHH8vNfzj2z9y24r9w3vt/ff9zD7+UGz/E+H1txV+3d+tnegcPnpYb/7HYP/3tjZ9X96x6fnDwt0N58Z+N8ee3Ff++3Xe/996Ft5+fe37XxP4ZaCv+hac+cvO8gw+flPfamdzTrd+cAG9Px6TXWLem5XbnmZ1qmC98aahSu+abl/4/v5sNZYy3s2AW4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Nb0sxvO/vAl7/vg2koSQpKzz1gT8b7ynNWrh9pod+TFp+5ceuwVexrrlrQRBwAAACgW5+Glek01LAnXJnPDiU33j2sEJ8ZSMrk+u4YQ42TXCNqNU+pSnHKX4lS6FKenS3HmdClOb5fiVAviVENrceZOE6cyPipazKdv2nxaj9PfpTjzuhRnfpfiLOhSnIVdijMwbZzWx+GiLsVZ3KU4x3QpzrFdinNcl+L8WZfiHN+lONk15ZmOw/npnifkxZm4US6MU0nK9Tuaracfn7ZzUoft9Be0M7/o93GL7cxtsZ1TMo8rzbCdaovt/HmH7SQttvOXHbZTKmgnjtvrsvnFdmKpxfG/s0txdnUW53/F663ru5TPDV2K84kuxflkl+Lc2GGcbBkgT5z/H5rvDYTeyl+HvvQVJ7sKEOe7Syd+Tv19l/cCFOO9M1M/pyhedqKeibd0pvllFxAy8ZZl6nsmxavU5yPTxKs2xlueubPweLMLCpn8Ts/U9xbFyy4sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAs+tkNZ3/4kvd9cG1Iwvh/TY01Ee8rz1m9eqiNdvetvWN5ed0T+xvreittBAIAAAAKxXl4T72mGnorK0NvMmfSftV0HaCalssDte3ggrBmfJsMlSbKfcmiaR9XSR+3YsfmrSu279z1ro2bR64avWp0y3tWnr1y1fA5q85ZsWHjptHh2s8QegvihRAmlh+279z1sZFNm0a3ba9VZvNfkj5uSVpO0scNvjsMj29vSvNfXNBeaUp7O58/r3bXoZou3Sg4dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/2fX7kLkvOo/gJ9nZnZmum3+3T99m4ZmO+SlRC2axK2kWroPCBbaJGQpyEx1LcEmWNw0oU1KrGMbsK0JitASCJFcGInF1uJNX2wR+0IgUqMBNwZpi/ZCL5RWK2nJhaSMZHfO7MxkJrOOpWnj53PxPDPn/M75zZmLhe+zAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzgpmtjk5XxiepwEkLSo6beRZzL5tO0PEDfLz+/9fuF0ZPLW8cKuQE2AgAAAPqKOXyoOVIMhVw2ZMOVM+8Wn77kGxNhLvcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/e6ZrY5OV8YnqhUkISY+aehdxLptP0/IAfd9458nPvDo6+tfWsdIA+wAAAAD9xRyeaY4UQyksCUPJlW118dnAwo71nXVxn0XzrOt8dtCrbsk8666ZZ93H+tSta9x3BAAAAPjoi/k/1xwZCYXcgp75v1+uj3VXd9RlG/dBfisAAAAA/Hdi/i80R0qhkCs18/p88/7ijrq4vt//7eP6ZT3W9/t//trG3f/pAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCjY7o2NlkZn6hmkxCSHjX1LuJcNp+m5QH6rnph+O+3HHpocetYITfARgAAAEBfMYfPRe9iKOSGw1C4cCb3j960/+kvPv3sWAhhNubn82HHhm3b7l41e411K48cGvre4be+1dwm1q2cvZ6TwwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+r6drYZGV8onpBEkLSo6beRZzL5tO0PEDf1z/3hT8/fvy5N1vHSgPsAwAAAPQXc/hc9i+GUsiHfLh85l1r1j8t07G+1zMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Pxxzzfu+/qGqamNd3vhhRdeNF+c679MAADA++3qkIT6f+iK9ef6UwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8G07Wxycr4RLWYhJD0qKl3Eeey+TQtD9A3ff5oYcHJF15qHSsNsA8AAADQX8zhc9m/GEphKAyFy2bedXsmMJP/Rz7ADwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8qEzXxiYr4xPVBUkISY+aehdxLptP0/IAfR/bue+zBy/+7s2tY4XcABsBAAAAfcUcnm+OFEMh9/FQCFc13k+1L0iyjXv35wJz67a2LRue97pa27rsvNft6jhZrnGa2XXFuN/I7L25rnzmunLLulJoti+3rQt72lYt6PM5AwAAAJxDMf8XmiMjoZArtOTcn7TVj8i5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAP07Wxycr4RDVJQkh61NS7iHPZfJqWB+h732/+/6Kv/HT39tax0gD7AAAAAP3FHD6X/YuhFBaF/wuLZnJ/GGmvj3X/qJw6+Og//7I8hBWXHxvNdW77w/jiV6/f+GLnJYRMe3UmhIsb/ZIe/X79u0fvXVo/9XgIKy7LXnVGv3D2fnPq9XKS1p+pbFy77fCxrf2/HwAAADgfxPw/1BwZCYXcXT3zf0zeffJ/00wAv/jenT+/tHFtJPKOFZlC43cGmR79Pr/0yT8tW/23t07n/7P1+9S+zQcvbWs4O9IhSevjm7evO3bdgUw89ex5sx394/fypW+++a9NOx45Ndu/GIqN8YW5bv3PvHa4IK1PZfZW17y3t9beP9fj/A/99qXjv1y4+93T/d+5erjZ/5qznP/s/YdvfXjP9fsOrWvvH0Iod+v/9rs3hyv+cOeDnecf7ti49ZtvvXZI0vqRxScOrN5fuqG9f9LRP37/Pzv+2J4fP/KdZ2P/+FuR5Uvm2z/T0f+VXZfsfPmB9Qvb+2d6nP/F214d3VL+9u87z39H2665np/izPM/ce1Tt7+2Ib2/cwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD8Ml0bm6yMT1QzSQhJj5p6F3Eum0/T8gB937jl6Nu37f7RD1rHSgPsAwAAAPQXc/hc9i+GUsiHfBieyf3PVDau3Xb42NYwMjubNO65qS33bPvEpi3b77rjHH1yAAAAYL5i/s81R0ZCIbc0DDXy//jm7euOXXcgE/N/Jub/TXdObVwRmnWv7Lpk58sPrF/YfE4QwszPAoqn6z49V3fTjUdHTvzxa8u61q2aqzuy+MSB1ftLN8S60Fq3MjSfTzxx7VO3v7Yhvb/5+VrrPvnVLVONxxNx3+FbH95z/b5D65rnaNyHG/vGuqnM3uqa9/bWYl22cS82zg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnGm6NjZZGZ+ohmwISY+aehdxLptP0/IAfdcs/cWDF518blHrWCE3wEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBvduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBfP6FxlH0cwJ9nN3mzzSZt0r5gVEzTqij1YFEQ0YuKirQiBU+VItXWHkRBEFHqwVRasVTFi2D1UkQFNUpBwcZiaZVU/Fe8eFBBoXoQSjGgXYoHlew+s91Md1ydVEH9fGB48jwz853fzPPsbBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhHGegba7aHd9zfuOWcGz569K4Tj9z0zr3bLnr41e8mNl334d7Bl07ObF6x5cvrl23af/ea6d3PH/pp+K1fjvYMfqjVrErdWgjxeAyh9u7sM4/NfHzW3FgMIVTjyGQIo3HpodGYS1j9cwhhc7vO+TvfPHH5lrl2266BeeNLciH5+wr1alZPy8j8evl3qaV1trXx4CXh62vXb/90+Ruv908dmzx1SKx1rKcQFm/sPL8/hLAobXOy1TaWnZzadSGEwY7zruxR1/l/sP5LC/rnpvZ/qa33yMn2r8z1K7nj8v1Mf64d7HG9hSqqo+xxvQzl+vmX0UIV1ZmNj6b27dSu+pP51WyLoRJDX7v8e+KpNRI65i2G2JzLWrtfac9tSPef68dcv5LrV/tz99W8blpo1Rjnj2fH5caz13FfGl/R+a7u4taC8bNTW0sf1JNZP+T/aKmf9kf7vpqyumZ/p5a/Q6XjHdRtvD3xaTLqaawel552zq9dZPtm1j9xYXXDe4dHCuqIe2PKj6Xyt34yOnT7azsfGCvK31hJ+ZVS+d+sPfLDbTtfeK4w/+ksv1oq/7IDg8fXvr9jZeHzmc2eT1+p/DuOfvDk8v/fOdVtrpv5e7L8Wqn8a6aPDAw3DhwsrH919nwWlcr/6uobv33l833HCvNDlj9YKn/D9H1PDYw3Li7MP9j6KNSbK7TE+vlx6oovxse/nyjK/yx7/sNd8mPP/Jcnd1/14pJdawrX57rs+YyUqv/mC/ZvH2rsO6/o3Rn3nKlvToD/pmXpf6zHU7/s78yF6vi98OxEX+sbaChtw2fyQjlz11n8F+YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAb+zAAQkAAACAoP+v2xEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVAAAAP//fjwlGg==")
[ 86.515250][ T4708] Bluetooth: hci0: command tx timeout
[ 86.640415][ T54] cfg80211: failed to load regulatory.db
[ 87.116280][ T54] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[ 87.266998][ T54] usb 5-1: config 0 has no interfaces?
[ 87.274442][ T54] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 87.278895][ T54] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 87.282179][ T54] usb 5-1: Product: syz
[ 87.283941][ T54] usb 5-1: Manufacturer: syz
[ 87.287883][ T54] usb 5-1: SerialNumber: syz
[ 87.292230][ T54] usb 5-1: config 0 descriptor??
[ 87.949617][ T5372] loop0: detected capacity change from 0 to 32768
[ 88.032836][ T5372] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,prjquota,nochanges,recovery_pass_last=delete_dead_inodes,nojournal_transaction_names,read_only,nocow
[ 88.032857][ T5372] allowing incompatible features above 0.0: (unknown version)
[ 88.032865][ T5372] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 88.072761][ T5372] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 88.079149][ T5372] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing
[ 88.085813][ T5372] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none
[ 88.085831][ T5372] has non ptr field, deleting
[ 88.099785][ T5372] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 88.103593][ T5372] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete
[ 88.103593][ T5372] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive
[ 88.103593][ T5372] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents
[ 88.148069][ T5372] bcachefs (loop0): accounting_read... done
[ 88.156787][ T5372] bcachefs (loop0): alloc_read... done
[ 88.159454][ T5372] bcachefs (loop0): snapshots_read... done
[ 88.176445][ T5372] bcachefs (loop0): check_allocations...
[ 88.180654][ T5372] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree
[ 88.180684][ T5372] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing
[ 88.231176][ T5372] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree
[ 88.231193][ T5372] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 8 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 88.255915][ T5372] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[ 88.255931][ T5372] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 88.286435][ T5372] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[ 88.286452][ T5372] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 88.317489][ T5372] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.342357][ T5372] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.349307][ T5372] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.365936][ T5372] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.378786][ T5372] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.397056][ T5372] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.402699][ T5372] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.417926][ T5372] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.435591][ T5372] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.445207][ T5372] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.458172][ T5372] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.467917][ T5372] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.487427][ T5372] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.492546][ T5372] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.511780][ T5372] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.525500][ T5372] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing
[ 88.535853][ T5372] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.539934][ T5372] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.557110][ T5339] Bluetooth: hci0: command tx timeout
[ 88.565905][ T5372] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.570718][ T5372] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.578772][ T5372] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing
[ 88.578788][ T5372] Ratelimiting new instances of previous error
[ 88.587230][ T5372] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 88.587246][ T5372] Ratelimiting new instances of previous error
[ 88.604314][ T5372] done
[ 88.610222][ T5372] bcachefs (loop0): going read-write
[ 88.689756][ T5372] bcachefs (loop0): journal_replay... done
[ 88.747024][ T5372] bcachefs (loop0): check_extents_to_backpointers...
[ 88.758191][ T5372] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets
[ 88.777810][ T5372] done
[ 88.791614][ T5372] bcachefs (loop0): check_subvols... done
[ 88.794445][ T5372] bcachefs (loop0): check_inodes... done
[ 88.800019][ T5372] bcachefs (loop0): check_dirents...
[ 88.806056][ T5372] bcachefs (loop0): key in missing inode, found keys:
[ 88.806084][ T5372] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir
[ 88.806093][ T5372] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg
[ 88.806101][ T5372] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg
[ 88.806109][ T5372] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg
[ 88.806117][ T5372] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir
[ 88.806126][ T5372] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg
[ 88.806133][ T5372] , fixing
[ 88.919783][ T5372] bcachefs (loop0): hash table key at wrong offset: should be at 5240342740963825898
[ 88.919794][ T5372] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 88.941244][ T5372] bcachefs (loop0): hash table key at wrong offset: should be at 3897349168467944460
[ 88.941275][ T5372] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 88.975349][ T5372] bcachefs (loop0): hash table key at wrong offset: should be at 928099850427489118
[ 88.975364][ T5372] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 88.997929][ T5372] bcachefs (loop0): dirent points to missing inode:
[ 88.997943][ T5372] u64s 7 type dirent 4096:3897349168467944460:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 89.030777][ T5372] bcachefs (loop0): hash table key at wrong offset: should be at 2005868884587180293
[ 89.030793][ T5372] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 89.059243][ T5372] bcachefs (loop0): dirent points to missing inode:
[ 89.059256][ T5372] u64s 7 type dirent 4096:5240342740963825898:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 89.087251][ T5372] bcachefs (loop0): hash table key at wrong offset: should be at 6588339918895246882
[ 89.087266][ T5372] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing
[ 89.109685][ T5372] bcachefs (loop0): hash table key at wrong offset: should be at 8648280133977038779
[ 89.109697][ T5372] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing
[ 89.137078][ T5372] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 2 should be 1
[ 89.144982][ T5372] bcachefs (loop0): directory with wrong i_nlink: got 0, should be 1
[ 89.144996][ T5372] (disconnected), fixing
[ 89.158670][ T5372] bcachefs (loop0): key in missing inode, found keys:
[ 89.158684][ T5372] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk
[ 89.158691][ T5372] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg
[ 89.158698][ T5372] , fixing
[ 89.196194][ T5372] bcachefs (loop0): key in missing inode, found keys:
[ 89.196208][ T5372] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg
[ 89.196217][ T5372] , fixing
[ 89.220014][ T5372] bcachefs (loop0): check_dirents requires second pass
[ 89.228572][ T5372] bcachefs (loop0): dirent points to missing inode:
[ 89.228586][ T5372] u64s 7 type dirent 4096:928099850427489118:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 89.257724][ T5372] bcachefs (loop0): dirent points to missing inode:
[ 89.257739][ T5372] u64s 7 type dirent 4096:2005868884587180293:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 89.281765][ T5372] bcachefs (loop0): dirent points to missing inode:
[ 89.281778][ T5372] u64s 8 type dirent 4096:6588339918895246882:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing
[ 89.311592][ T5372] bcachefs (loop0): dirent points to missing inode:
[ 89.311606][ T5372] u64s 8 type dirent 4096:8648280133977038779:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing
[ 89.326094][ T5372] ==================================================================
[ 89.329612][ T5372] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0
[ 89.332997][ T5372] Read of size 1 at addr ffff888052d20140 by task syz.0.0/5372
[ 89.336264][ T5372]
[ 89.337359][ T5372] CPU: 0 UID: 0 PID: 5372 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 89.337375][ T5372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 89.337381][ T5372] Call Trace:
[ 89.337389][ T5372]
[ 89.337395][ T5372] dump_stack_lvl+0x189/0x250
[ 89.337411][ T5372] ? __kasan_check_byte+0x12/0x40
[ 89.337426][ T5372] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.337437][ T5372] ? lock_release+0x4b/0x3e0
[ 89.337454][ T5372] ? __virt_addr_valid+0x4a5/0x5c0
[ 89.337468][ T5372] print_report+0xca/0x240
[ 89.337479][ T5372] ? bch2_check_dirents+0x1fac/0x33f0
[ 89.337488][ T5372] kasan_report+0x118/0x150
[ 89.337500][ T5372] ? bch2_check_dirents+0x1fac/0x33f0
[ 89.337511][ T5372] bch2_check_dirents+0x1fac/0x33f0
[ 89.337524][ T5372] ? bch2_check_dirents+0x2f1/0x33f0
[ 89.337535][ T5372] ? desc_read+0x1b8/0x3f0
[ 89.337546][ T5372] ? prb_first_seq+0xfd/0x1a0
[ 89.337558][ T5372] ? __pfx_bch2_check_dirents+0x10/0x10
[ 89.337567][ T5372] ? __pfx_prb_first_seq+0x10/0x10
[ 89.337578][ T5372] ? desc_read+0x1b8/0x3f0
[ 89.337587][ T5372] ? this_cpu_in_panic+0x4f/0x80
[ 89.337597][ T5372] ? _prb_read_valid+0xa07/0xa90
[ 89.337606][ T5372] ? console_flush_all+0x13a/0xc40
[ 89.337622][ T5372] ? up+0xde/0x150
[ 89.337684][ T5372] ? __console_unlock+0x14c/0x1a0
[ 89.337696][ T5372] ? __pfx___console_unlock+0x10/0x10
[ 89.337710][ T5372] ? prb_read_valid+0x3c/0x60
[ 89.337722][ T5372] ? console_unlock+0x21b/0x270
[ 89.337734][ T5372] ? __pfx_console_unlock+0x10/0x10
[ 89.337749][ T5372] ? vprintk_emit+0x63e/0x7a0
[ 89.337767][ T5372] ? __bch2_print+0x176/0x220
[ 89.337781][ T5372] ? bch2_check_dirents+0x2f1/0x33f0
[ 89.337793][ T5372] ? lockdep_hardirqs_on+0x9c/0x150
[ 89.337812][ T5372] __bch2_run_recovery_passes+0x3bd/0x1060
[ 89.337832][ T5372] bch2_run_recovery_passes+0x184/0x210
[ 89.337845][ T5372] bch2_fs_recovery+0x2690/0x3a50
[ 89.337861][ T5372] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 89.337883][ T5372] ? __lock_acquire+0xab9/0xd20
[ 89.337903][ T5372] ? __mutex_trylock_common+0x153/0x260
[ 89.337917][ T5372] ? __lock_acquire+0xab9/0xd20
[ 89.337937][ T5372] ? __lock_acquire+0xab9/0xd20
[ 89.337960][ T5372] ? bch2_fs_start+0xa0f/0xda0
[ 89.337973][ T5372] ? up_write+0x1c4/0x420
[ 89.337985][ T5372] ? bch2_fs_start+0x5e7/0xda0
[ 89.337998][ T5372] bch2_fs_start+0xaaf/0xda0
[ 89.338011][ T5372] ? bch2_fs_start+0x5e7/0xda0
[ 89.338024][ T5372] ? __pfx_bch2_fs_start+0x10/0x10
[ 89.338042][ T5372] ? sget+0x267/0x620
[ 89.338054][ T5372] bch2_fs_get_tree+0xb39/0x1520
[ 89.338073][ T5372] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 89.338091][ T5372] ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 89.338112][ T5372] vfs_get_tree+0x92/0x2b0
[ 89.338127][ T5372] do_new_mount+0x2a2/0x9e0
[ 89.338144][ T5372] ? ns_capable+0x8a/0xf0
[ 89.338156][ T5372] ? __pfx_do_new_mount+0x10/0x10
[ 89.338170][ T5372] ? path_mount+0x61c/0xfe0
[ 89.338184][ T5372] ? user_path_at+0x44/0x60
[ 89.338197][ T5372] __se_sys_mount+0x317/0x410
[ 89.338215][ T5372] ? __pfx___se_sys_mount+0x10/0x10
[ 89.338231][ T5372] ? do_syscall_64+0xbe/0x3b0
[ 89.338254][ T5372] ? __x64_sys_mount+0x20/0xc0
[ 89.338275][ T5372] do_syscall_64+0xfa/0x3b0
[ 89.338293][ T5372] ? lockdep_hardirqs_on+0x9c/0x150
[ 89.338310][ T5372] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.338322][ T5372] ? clear_bhb_loop+0x60/0xb0
[ 89.338335][ T5372] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.338347][ T5372] RIP: 0033:0x7fcabdf9038a
[ 89.338360][ T5372] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 89.338371][ T5372] RSP: 002b:00007fcabee77e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 89.338386][ T5372] RAX: ffffffffffffffda RBX: 00007fcabee77ef0 RCX: 00007fcabdf9038a
[ 89.338395][ T5372] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fcabee77eb0
[ 89.338403][ T5372] RBP: 00002000000000c0 R08: 00007fcabee77ef0 R09: 0000000000818001
[ 89.338410][ T5372] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 89.338418][ T5372] R13: 00007fcabee77eb0 R14: 0000000000005968 R15: 0000200000000200
[ 89.338430][ T5372]
[ 89.338435][ T5372]
[ 89.514078][ T5372] The buggy address belongs to the physical page:
[ 89.516898][ T5372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888052d26000 pfn:0x52d20
[ 89.521990][ T5372] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 89.525705][ T5372] page_type: f0(buddy)
[ 89.527830][ T5372] raw: 04fff00000000000 ffffea000109a008 ffff88805ffd6f08 0000000000000000
[ 89.532299][ T5372] raw: ffff888052d26000 0000000000000005 00000000f0000000 0000000000000000
[ 89.536618][ T5372] page dumped because: kasan: bad access detected
[ 89.540008][ T5372] page_owner tracks the page as freed
[ 89.542934][ T5372] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5372, tgid 5363 (syz.0.0), ts 89219646884, free_ts 89326001679
[ 89.549291][ T5372] post_alloc_hook+0x240/0x2a0
[ 89.551426][ T5372] get_page_from_freelist+0x21e4/0x22c0
[ 89.553578][ T5372] __alloc_frozen_pages_noprof+0x181/0x370
[ 89.556047][ T5372] alloc_pages_mpol+0x232/0x4a0
[ 89.558146][ T5372] ___kmalloc_large_node+0x5f/0x1b0
[ 89.560467][ T5372] __kmalloc_large_node_noprof+0x18/0x90
[ 89.562814][ T5372] __kvmalloc_node_noprof+0x6d/0x5f0
[ 89.565026][ T5372] btree_node_sort+0x666/0x1760
[ 89.567056][ T5372] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 89.569556][ T5372] bch2_btree_node_prep_for_write+0x337/0x650
[ 89.572190][ T5372] bch2_trans_lock_write+0x669/0xba0
[ 89.574463][ T5372] __bch2_trans_commit+0x2773/0x8870
[ 89.576872][ T5372] bch2_check_dirents+0x811/0x33f0
[ 89.579634][ T5372] __bch2_run_recovery_passes+0x3bd/0x1060
[ 89.582404][ T5372] bch2_run_recovery_passes+0x184/0x210
[ 89.584932][ T5372] bch2_fs_recovery+0x2690/0x3a50
[ 89.587568][ T5372] page last free pid 5372 tgid 5363 stack trace:
[ 89.590265][ T5372] __free_pages_ok+0xa83/0xbe0
[ 89.592247][ T5372] free_large_kmalloc+0x13a/0x1f0
[ 89.594284][ T5372] btree_node_sort+0x117f/0x1760
[ 89.596481][ T5372] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 89.598960][ T5372] bch2_btree_node_prep_for_write+0x337/0x650
[ 89.601530][ T5372] bch2_trans_lock_write+0x669/0xba0
[ 89.603834][ T5372] __bch2_trans_commit+0x2773/0x8870
[ 89.606082][ T5372] bch2_check_dirents+0x1c5c/0x33f0
[ 89.608344][ T5372] __bch2_run_recovery_passes+0x3bd/0x1060
[ 89.610913][ T5372] bch2_run_recovery_passes+0x184/0x210
[ 89.613337][ T5372] bch2_fs_recovery+0x2690/0x3a50
[ 89.615507][ T5372] bch2_fs_start+0xaaf/0xda0
[ 89.617394][ T5372] bch2_fs_get_tree+0xb39/0x1520
[ 89.619607][ T5372] vfs_get_tree+0x92/0x2b0
[ 89.621519][ T5372] do_new_mount+0x2a2/0x9e0
[ 89.623456][ T5372] __se_sys_mount+0x317/0x410
[ 89.625524][ T5372]
[ 89.626609][ T5372] Memory state around the buggy address:
[ 89.629068][ T5372] ffff888052d20000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 89.633071][ T5372] ffff888052d20080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 89.636572][ T5372] >ffff888052d20100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 89.640108][ T5372] ^
[ 89.642834][ T5372] ffff888052d20180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 89.646363][ T5372] ffff888052d20200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 89.649831][ T5372] ==================================================================
[ 89.688968][ T5372] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 89.692232][ T5372] CPU: 0 UID: 0 PID: 5372 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 89.696071][ T5372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 89.699621][ T5372] Call Trace:
[ 89.700707][ T5372]
[ 89.701697][ T5372] dump_stack_lvl+0x99/0x250
[ 89.703552][ T5372] ? __asan_memcpy+0x40/0x70
[ 89.706443][ T5372] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.708879][ T5372] ? __pfx__printk+0x10/0x10
[ 89.711023][ T5372] vpanic+0x281/0x750
[ 89.712560][ T5372] ? preempt_schedule+0xae/0xc0
[ 89.714736][ T5372] ? __pfx_vpanic+0x10/0x10
[ 89.716662][ T5372] ? preempt_schedule_common+0x83/0xd0
[ 89.718999][ T5372] ? preempt_schedule+0xae/0xc0
[ 89.721257][ T5372] ? __pfx_preempt_schedule+0x10/0x10
[ 89.723521][ T5372] panic+0xb9/0xc0
[ 89.725228][ T5372] ? __pfx_panic+0x10/0x10
[ 89.727271][ T5372] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 89.729927][ T5372] ? bch2_check_dirents+0x1fac/0x33f0
[ 89.732345][ T5372] check_panic_on_warn+0x89/0xb0
[ 89.734643][ T5372] ? bch2_check_dirents+0x1fac/0x33f0
[ 89.737103][ T5372] end_report+0x78/0x160
[ 89.739216][ T5372] kasan_report+0x129/0x150
[ 89.741446][ T5372] ? bch2_check_dirents+0x1fac/0x33f0
[ 89.743945][ T5372] bch2_check_dirents+0x1fac/0x33f0
[ 89.746314][ T5372] ? bch2_check_dirents+0x2f1/0x33f0
[ 89.748699][ T5372] ? desc_read+0x1b8/0x3f0
[ 89.750667][ T5372] ? prb_first_seq+0xfd/0x1a0
[ 89.752823][ T5372] ? __pfx_bch2_check_dirents+0x10/0x10
[ 89.755375][ T5372] ? __pfx_prb_first_seq+0x10/0x10
[ 89.758229][ T5372] ? desc_read+0x1b8/0x3f0
[ 89.761062][ T5372] ? this_cpu_in_panic+0x4f/0x80
[ 89.763604][ T5372] ? _prb_read_valid+0xa07/0xa90
[ 89.765889][ T5372] ? console_flush_all+0x13a/0xc40
[ 89.768213][ T5372] ? up+0xde/0x150
[ 89.769985][ T5372] ? __console_unlock+0x14c/0x1a0
[ 89.772284][ T5372] ? __pfx___console_unlock+0x10/0x10
[ 89.774890][ T5372] ? prb_read_valid+0x3c/0x60
[ 89.777784][ T5372] ? console_unlock+0x21b/0x270
[ 89.780912][ T5372] ? __pfx_console_unlock+0x10/0x10
[ 89.783837][ T5372] ? vprintk_emit+0x63e/0x7a0
[ 89.785967][ T5372] ? __bch2_print+0x176/0x220
[ 89.788128][ T5372] ? bch2_check_dirents+0x2f1/0x33f0
[ 89.790552][ T5372] ? lockdep_hardirqs_on+0x9c/0x150
[ 89.792821][ T5372] __bch2_run_recovery_passes+0x3bd/0x1060
[ 89.795209][ T5372] bch2_run_recovery_passes+0x184/0x210
[ 89.797568][ T5372] bch2_fs_recovery+0x2690/0x3a50
[ 89.800335][ T5372] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 89.803279][ T5372] ? __lock_acquire+0xab9/0xd20
[ 89.805499][ T5372] ? __mutex_trylock_common+0x153/0x260
[ 89.807985][ T5372] ? __lock_acquire+0xab9/0xd20
[ 89.810259][ T5372] ? __lock_acquire+0xab9/0xd20
[ 89.812497][ T5372] ? bch2_fs_start+0xa0f/0xda0
[ 89.814894][ T5372] ? up_write+0x1c4/0x420
[ 89.817545][ T5372] ? bch2_fs_start+0x5e7/0xda0
[ 89.820216][ T5372] bch2_fs_start+0xaaf/0xda0
[ 89.822516][ T5372] ? bch2_fs_start+0x5e7/0xda0
[ 89.824785][ T5372] ? __pfx_bch2_fs_start+0x10/0x10
[ 89.827103][ T5372] ? sget+0x267/0x620
[ 89.828985][ T5372] bch2_fs_get_tree+0xb39/0x1520
[ 89.831094][ T5372] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 89.833294][ T5372] ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 89.835762][ T5372] vfs_get_tree+0x92/0x2b0
[ 89.837860][ T5372] do_new_mount+0x2a2/0x9e0
[ 89.840153][ T5372] ? ns_capable+0x8a/0xf0
[ 89.842019][ T5372] ? __pfx_do_new_mount+0x10/0x10
[ 89.844007][ T5372] ? path_mount+0x61c/0xfe0
[ 89.845798][ T5372] ? user_path_at+0x44/0x60
[ 89.847721][ T5372] __se_sys_mount+0x317/0x410
[ 89.849841][ T5372] ? __pfx___se_sys_mount+0x10/0x10
[ 89.852557][ T5372] ? do_syscall_64+0xbe/0x3b0
[ 89.854757][ T5372] ? __x64_sys_mount+0x20/0xc0
[ 89.856758][ T5372] do_syscall_64+0xfa/0x3b0
[ 89.859111][ T5372] ? lockdep_hardirqs_on+0x9c/0x150
[ 89.861332][ T5372] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.863986][ T5372] ? clear_bhb_loop+0x60/0xb0
[ 89.866111][ T5372] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.868913][ T5372] RIP: 0033:0x7fcabdf9038a
[ 89.870944][ T5372] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 89.879610][ T5372] RSP: 002b:00007fcabee77e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 89.884229][ T5372] RAX: ffffffffffffffda RBX: 00007fcabee77ef0 RCX: 00007fcabdf9038a
[ 89.888113][ T5372] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007fcabee77eb0
[ 89.891803][ T5372] RBP: 00002000000000c0 R08: 00007fcabee77ef0 R09: 0000000000818001
[ 89.894968][ T5372] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 89.897885][ T5372] R13: 00007fcabee77eb0 R14: 0000000000005968 R15: 0000200000000200
[ 89.901003][ T5372]
[ 89.902341][ T5372] Kernel Offset: disabled
[ 89.903834][ T5372] Rebooting in 86400 seconds..