program:
r0 = socket$kcm(0x29, 0x2, 0x0) (async)
r1 = gettid() (async, rerun: 32)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) (rerun: 32)
r2 = socket$netlink(0x10, 0x3, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={0xffffffffffffffff, 0x53, 0xd, 0x9}) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0) (async)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) (async)
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000480)={[{@inodes_32bit}, {@shared_inode_numbers}, {@errors_continue}, {@inline_data}, {@direct_io}, {@nochanges}, {@prjquota}, {@recovery_pass_last={'recovery_pass_last', 0x3d, 'delete_dead_inodes'}}, {@version_upgrade={'version_upgrade', 0x3d, 'incompatible'}}]}, 0x21, 0x5974, &(0x7f000000b5c0)="$eJzs3X2QHGX9IPCnZ2azk928bAL8iCCbJRBFULPhrVAsjZ5vBUjFwlLCRWEhG4wmIZUEIQEleOBBARZaWhr1D7SQOjRaVMEpkRJ5uYRTlOL0qCukTu/Qq/IKOVICOcrz3F/tTj+T2d7p7dnZWUjC51PJ9vQzPd/n208/09PPM7M7AQAAgNeFvTdu2X/+MR/41ReHX77uwz/bcH3oLY+VV+MGfeny6tcqQ15N3ZVFY8tsv3jzNT/488Bl7/vlPT3ff2XPmuPX/v79R1z2wGfO2b3z2w+/NPe+fz5bFDf2p5MPrCfPJyFUf77v61/a8/jRo2VJCKGc9O0IYUGy8OEFSSbE4N9DCGvSlXJl/J33vnza2tHl9bd0jyufnwmiv7++VdN+tn3/VaeEP7x31Q2/WfzjH3Xtem7HgU2SakN/CmHeJY2P70r/z07XY29bFB+cLleGEHoaHndWQV4ntJj/spz1Y9PlrHTZWxAn3r8ks17KbJddj7oyy56C+qYrL492tysyJ7OePRlNV16esXxBuvxpujx5ivHL8X8SSkmo1NNfnxzoI6HhuCUhGTuW1fp6qX5sQ7r/mfUks17KrJe7Mvs1Vm/a0cpJMr48bpcpj6fjSlp+fOO5uokLcsrfkC6r6RP1lbgesjdqeifcqO/XmJjXvklyeTWUGs5Bzcrr/Sw9GL1pWW+ycMJjRpqI9+1ZdevS8upH9vbl5JHck6Txk7E2mmr87b9eMOdTP7z5ykV58S8ppfFLbcX/47lPvHDRzd/7Vm7822P8clvxT32w5/lzH71xSV77xO7VGypj55apxh969rHbFh956a7c/O+I7V9t6/iu2P1E99z9Dz6Ue3wHY/vMbqt9njn7g3+6+6n7n/t/efFDjN/TVv6rd2/6cnf//pNy838otk9ve/3nxV1nPt3f/5eBvPhPxvhz28r/rh0733nn/FvOyT2+K2P79LWV/3knPnDDnP33H5d37kzu6NQrJ8Dr0xHpNdZN6fpk48zuScaZ09UwXvjmQKV23Ton/T+3kxVlLj5H65nXyfgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEEI46pT//KH/+fG+5yvpend645lSbRnLZ4WQzA4hbNk6tHnruo2XD3zmiis3bxxaPzC0dWB449bN2wZOf+vA5uFN64e2jd47+LbTao9bGJLaMjluQt3dIyMjpb7xZbG+f3Pirj8sPet//zWEwaN+11/JzX/Zzg13HtnkZ0ayYuQ9G648/3dnfDfdr740r74meY2MjIyENK+uTF7/58J/3PnVfX8+KYTBf5ksr8eeefcvxiU0VnAgTqrUHWoJdSc9TfOoZ53mE9ursnbd+uHBydt39PHlnPb9t9c89/e1V3/lH7X2rebuR4vtO3vFyPrSN1ad9/+/cW2toCiv+n5k8prp417U3nEvYn6x/appe89L92tezn5Vctr7xt889NTPj7n5pR1hsPLi4ol1F+1XV9oBupI3tFRvrKEnWTCuvJpuH494fNyyrRs2Lduybfvb1m0Yunz48uGN71h++vIzB88484xlY3u+rMP7H+t/U4v732p/ytY7tf40/3M7fhp/ttafivIqao/RvIrbozGjvOdfzwVf+to7dj56fq2gqJ/HrevPw3TZM3qcl4eG/jaxrZrtV1E7hBAGmrXDCy+dE47+b+tuKDoPNR6Zxp8ZyYqRx5f87btnfWfRu2oFrZ7ns3lN6TzfmFCb5/l61gfyGWuvano8Rg7S9u0O5XS/epvmtfzxR7tu3fvXz9fzmzUrXD20devm5bWfc9JM5yTHNs0rWxr3a/HYz3JImyXUu2mT/hrGXsdr+WXPn3HzbKv2pvf1Jgub7ldWvG/PqluXllc/sjevpZN7ajXODnNry+SNOVuuzzywXE+4Wf0H6/OvqH/0f+g79338vp+cPqF/nFr7WbRfSc5+/fipu772/a/8+590br8+9O4n+v723z+9tFZwqJxX6lmn+SSN55VTQyh6/i0Ozfcj9/lXar4/Rc+/bD0Htm8ebyCz3hvKxc/XapjwfD31wZ7nz330xiW5z9d9rT5frx23Vi54vh4s/Sf7/Eoq4/OYuefXuI6SrBj55U1H7Hj4upXH1AqK+nV962b9+rQWxh85+/WLi57uv2Lg3/3Xzp03fvDWey/+/dCKL9QK2j/uMZfOHPdq2r7VnPatZx3HnY3t+/bLrli/plZ+8F7/psuC8U88lWzZtv2zQ+vXD2/e0tp+tfp6GuvJtnK7r6fx7LawYL9KE/Zr5m600l6tPt9i/mvabq/xz7fekLR1Hbf91wvmfOqHN1/ZN+FRaUWXlNL4pbbi//HcJ1646ObvfSs3/u0xfqWt+EPPPnbb4iMv3ZUb/44kjV9tK/6K3U90z93/4EO58Qdj/rPbiv/M2R/8091P3f9cbvwQ4/e21/4v7jrz6f7+v+TGfzJJ6xm9Rgrh3pdPW1tbT8bmBKsNeXSNyytk15PMeimzXm5cL9XmWusVlJNkfHncLi0/viGXZj6RUx6vwqqLastX4nrI3pi8/GBTajj3Nysvuk4FADjcxff/4zVofP9/OL1Qyp9pgAOmOw5blBM3jsMOzOfMGnf/ojR+fHycB+x/exgcXV4/ULvQn+r7CPH5kJ3njPWcdML4GO3OcxbNvy/JrMe8avPllYZxaGriuKYSWph/n1jP5PPvmd0vnh8fuGlCWgMN81bZ49eVzpg1+7xDJt/KaIS8/pGdF4uf5+ifF1aO1ddi/8h+jiYeh+znaGI9x2ROnO1+jma6/SOmPUn/GEu5+P2NiccvTNK+B45f82jZ4zeF410d3X6m35/twLxh01Paqzdv2ML7YU3it/p+WH1ecsXEbSaL/3qZlzzY5w1jedyPSovziR/PKW9lPrFxXi5vPjGeLmJe+ybJ5dVgPhE4XMXxf3yNGB3/j16A/9/MdkXXodmrxhgv93NC5eb5FI07Jn5Or6et1/HVuzd9ubt//0m51zkPtfq5n03j1noKPvdT1I5LM+uF7ZgzQVM03svWU9Tu2c9l9Ia5bbX7XTt2vvPO+beck9vuK2svpMXt/rVxa3ML2v0QGC80j3+4jRcO9s8x7MzEP0Q+x1A0f/aajUfSDz7N1HjkYznlU/18Q8+EG/X9GnPIjUe6Rs+hAAATxfF//f2zdPz/P+IG6UVd0bj15Mx6jJc7bu1qnk/euPUj6fLqzPa96W9UTPW6+bwTH7hhzv77j8sdt9zR6jj0P4xb6ysch05v3Jw7jljZmc+L544j6uOs6Y0Tc/OvjxOnN07PjV8fp09vHJ3bPvVx9PTmAXLj1+cBDu33xQrn6zKVxdVW5+sO23F0+uuzMzWOviCnfKrj6N4JN+r7NeZQHEcDABxO4vg/XsbF8f+jme2m+z577rigQ9ft2b8HUo//5Ks1rmxj3Dc7hNDyuG+mx60zPa6f6XmJQ31cPNPzQjM7T/a6HxenlRoXAwBwMIvj//hZwfzx//TGJ83Gb13jxicH4fh8Su/LGp83jX/YjM8P9fkv43/vixcz/gcAOLzF8X/8tcf49//+U7qe/bv1xuk58Y3TjdMn6z8tj9M7P88WfA7gtZ0HaPhFbPMAAAC8FrrGRkoTf8/+k+ky+3v2eb+Xf1HO9q2qpJfHl27dPDx88ZWb1gxtHb544xVrhrdcfNXmdVu3Dm+sbTfdcWPuuCUdN3aFStoezbfLjtvmp38PYX7O30PIbh/DHjt2Y+LfQ8hWO7vg7wgcOH6t5Zt3/EqN21fHb9+sf+Qd77z4n8jZPqof/8s+ferFa7dcvG7juq3rhtav2z48frvRUWvPFL43MzbLlL4vNfNjgtLUv7+zM3mUJuTRlbZH3vezJ5k8FqSZLMj7/oOcvH/1X776uRNH/nF3CINHld84rfZLVoz8xwuHP7J17+82jeY/O5v/rMZ86lumeRV9X2l2+7g/lfVXbNl6ytorrtyY/UbJ9sT5jFJ9fYbmM9Knf7nF+YnVOeVT/ZxCecKNg1PL8xMAAIwT3/+P17Px/cOvpBdQsbz1cfr03j/OHacPtjZOz34vWdE4Pbt93N9Wx+nVaY7Ts/UXjdObbd9snJ437s6L/7Gc7aeq9X4yvc955PaTS1rrJ9nvMyjqJ9ntp9pPkmn2k2z9Rf2k2fbN+knecc+L/9Gc7fO03h+m97mc3P5we2v94S2Z9aL+kN1+qv2hNM3+kK2/qD80275Zf8g7vnnxz8/ZvlXj+8doxxjrF8MXX3XF5s82bDfT338x/fxm9vs/2tV6/jP7ua+Zz39mP1c28/lP73Nlufk/Ob2ZsNbzn9nvd2nXqzZfm85eF33+rGged1VO+VTncWdNuHFwMo8Lr504/o9v98Tx/y3pstNvAx3635N2iHyPWTb+IfI9ZkXXMV7PJ6nsIOD1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA13ZVFY8u9N27Zf/4xH/jVF4dfvu7DP9tw/Zuv+cGfBy573y/v6fn+K3vWHL/29+8/4rIHPnPO7p3ffviluff989nCwH1jPysnp6vVEJLnkxCqP9/39S/tefzo0bIkhFBO+naEsCBZ+PCCJBNh8O8hhDX1PMffee/Lp60dXV5/S/e48vmZINn9Cr3lmE9jniFcXbhHHIKqaT/bvv+qU8If3rvqht8s/vGPunY9t+PAJkm1oT+FMO+Sxsd3hRBmp/9Hxd62KD44Xa4MIfQ0PO6sgrxOaDH/ZTnrx6bLWemyd9Ios+q3lmS2L2W2zK5HXZllz6T1TV9eHu1uV2ROZj17MpquvDxj+YJ0+dN0efIU45fj/ySUklCpp78+aTz6B45bEpKxY1mtr5fqxzak+59ZTzLrpcx6uSuzX2P1ph2tnCTjy+N2mfJ4Oq6k5cc3nqubuCCn/A3pspo+UV+J6yF7o6Z3wo36fo2Jee2bJJdXQ6nhHNSsvH7g04PRm5b1JgsnPGakiXjfnlW3Li2vfmRvX04eyT1JGj9pK/72Xy+Y86kf3nzlorz4l5TS+KW24v/x3CdeuOjm730rN/7tMX65rfinPtjz/LmP3rgkt332xfaptBV/6NnHblt85KW7cvO/I8avthV/xe4nuufuf/Ch3PwHY/vMbiv+M2d/8E93P3X/c7nxQ4zf01b81bs3fbm7f/9JufEfiu3T217/eXHXmU/39/9lIC/+kzH+3Lbi37Vj5zvvnH/LObnHd2Vsn7624p934gM3zNl//3F5587kjk69cgK8Ph2RXmPdlK63O86crobxwjcHKrVrvjnp/7mdrChjtJ55MxgfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD02+vPf2TF77no6sqSQhJzjYjTcT7yrNWrBhoo96hZx+7bfGRl+5qLFvURhwAAACgWByHl+ol1bAoXJXMDsc23T7OERwb15Lx5dk5hBgnO0fQbpxSh+KUOxSn0qE4XR2KM6tDcbo7FKdaEKcaWosze5I4ldFe0WI+PZPm03qc3g7FmdOhOHM7FGdeh+LM71CcvknjtN4PF3QozsIOxTmiQ3GO7FCcozoU5186FOfoDsXJzilPtR/OTbc8Ji/O2I1yYZxKUq7f0Ww+/ei0nuOmWU9vQT1zi16PW6xndov1nJB5XGmK9VRbrOdN06wnabGet0yznlJBPbHfXp3NL9YT11rs/9s6FGf79OL8r3i9dU2H8rm2Q3E+36E4X+hQnOumGQegVXH8f2C81xe6K+8KPekZJzsLEMe7i8d+Tny9yzshxXhvzJTPKoqXHahn4i2ean7ZCYRMvCWZ8q5x8Sr18cgk8aqN8ZZm7izc3+yEQia/kzPl3UXx0h24tXlYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOio3157+icvfM9HV4UkjP5raqSJeF951ooVA23Uu2fVrUvLqx/Z21jWXWkjEAAAAFAojsO76iXV0F1ZHrqTWeO2q6bzANV0vdxXW/bPCytHl8lAaWy9J1kw6eMq6eOWbd2wadmWbdvftm7D0OXDlw9vfMfy05efOXjGmWcsW7tu/fBg7WcI3QXxQghj0w9btm3/7ND69cObt9QKs/kvSh+3KF1P0sf1vz0Mji6vT/NfWFBfaUJ9254+u3bXgZIO3Sg4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8K7v2FyLXVccB/NyZ2ZnptmlX+m8ams2QPyVq0SRuJdXSvSBYaJOQpSCz1bUEm2Bx04Q2KbGObcC2JihCSyBE8mAkFluLL/1ji9g/BCI1GnBjkLZoH/RBabWSljxIysjuzpmdmcxk1rE0bfx8Hu69c+7vnN8987DwvbMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfOCmqiMTldGx8cEkhKRLTa2DeC+bT9NyH32/8vy2HxSGT61oHivk+lgIAAAA6Cnm8IHGSDEUctmQDVfNfFoyfcjXb4S53A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz/maqOTFRGx8YvTEJIutTUOoj3svk0LffR9413nvzsq8PDf2seK/WxDgAAANBbzOGZxkgxlMLSMJBc1VIX3w0sbJvfXhfXWTTPuvZ3B93qls6z7pp51n28R936+nlnAAAAgI++mP9zjZGhUMgt6Jr/e+X6WLe4rS5bP/fzvwIAAADA/ybm/0JjpBQKuVIjr8837y9pq4vze/1uH+cv7zK/1+/56+pnv9MDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEfHVHVkojI6Np5NQki61NQ6iPey+TQt99F39QuD/7jl8ENLmscKuT4WAgAAAHqKOXwuehdDITcYBsKFM7l/+KYDT3/p6WdHQgizMT+fDzs3bt9+9+rZY6xbdfTwwPePvPXtxjKxbtXs8ZxsDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeF9NVUcmKqNj4xckISRdamodxHvZfJqW++j7+ue/+JfHTzz3ZvNYqY91AAAAgN5iDp/L/sVQCvmQD1fMfGrO+tMybfO7vTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzh/3fPO+b2ycnNx0twsXLlw0Ls71XyYAAOD9tjgkofZfunLDuX5qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgw2CqOjJRGR0bLyYhJF1qah3Ee9l8mpb76Js+f6yw4NQLLzWPlfpYBwAAAOgt5vC57F8MpTAQBsLlM586vROYyf9DH+BDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8qU9WRicro2PiCJISkS02tg3gvm0/Tch99H9u1/3OHLvnezc1jhVwfCwEAAAA9xRyeb4wUQyH3iVAIV9c/T7ZOSLL1c+f3AnPztrVMG5z3vGrLvOy85+1u21muvpvZecW43tDsuTGvfOa8ctO8Umi0L7fMC3tbZi3o8ZwBAAAAzqGY/wuNkaFQyBWacu5PW+qH5FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoIup6shEZXRsPElCSLrU1DqI97L5NC330fe+337soq/+bM+O5rFSH+sAAAAAvcUcPpf9i6EUFoWLw6KZ3B+GWutj3T8rpw89+q+/rghh5RXHh3Pty/4oXvz69RtfbD+EkGmtzoRwSb1f0qXfb37/6L3LaqcfD2Hl5dmrz+gXzt5vTq1WTtLaM5VN67YfOb6t9/cDAAAA54OY/wcaI0OhkLsrXHzx7A//7fk/Ju8e+b9hJoBfcu+uX1xWP9YTeduMzFA9/2e69PvCsif/vHzN39+azv9n6/fp/VsOXdbScHakTZLWRrfsWH/8uoOZuOvZ/tm2/vF7+fK33vz35p2PnJ7tXwzF+vjCXKf+Zx7bXJDWJjP7xte+t6/a2j/XZf8P/e6lE79auOfd6f7vLB5s9L/mLPs/e//BWx/ee/3+w+unP831DyGUO/V/+92bw5V/vPPB9v0Pti3c/M03H9ultaNLTh5cc6B0Q+v+k7b+8fv/+YnH9v7kke8+G/vH/xVZsXS+/VveOSVp7ZXdl+56+YENC1v7Z7rs/8XbXh3eWv7OH9r3f0fLqrmuT9EmSWtPXPvU7a9tTO8/46sBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4r0xVRyYqo2PjmSSEpEtNrYN4L5tP03Iffd+45djbt+358Q+bx0p9rAMAAAD0FnP4XPYvhlLIh3wYnMn9z1Q2rdt+5Pi2MDR7N6mfc5Nb79n+yc1bd9x1xzl6cgAAAGC+Yv7PNUaGQiG3LAzU8//olh3rj193MBPzfybm/813Tm5aGRp1r+y+dNfLD2xY2HhPEMLMvwUUp+s+M1d3043Hhk7+6evLO9atnqs7uuTkwTUHSjfEutBctyo03k88ce1Tt7+2Mb2/8XzNdZ/62tbJ+uuJuO7grQ/vvX7/4fWNfdTPg/V1Y91kZt/42vf2VWNdtn4u1vcNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxpqjoyURkdGw/ZEJIuNbUO4r1sPk3LffRdu+yXD1506rlFzWOFXB8LAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2EHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoK+/UTGkfZxwH8eXaTN9ts0ibtC0bFNK2KUg8WBRG9qKhIK1LwVClSbe1BFAQRpR5MpRVLVbwIVi9FVFCjFBRsLJZWScV/xYsHFRSqB6EUA9qleFDJ7jPbzXTH1UkV1M8HhifPMzPf+c08z85mAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgH2Wgb6zZHt5xf+OWc2746NG7Tjxy0zv3brvo4Ve/m9h03Yd7B186ObN5xZYvr1+2af/da6Z3P3/op+G3fjnaM/ihVrMqdWshxOMxhNq7s888NvPxWXNjMYRQjSOTIYzGpYdGYy5h9c8hhM3tOufvfPPE5Vvm2m27BuaNL8mF5O8r1KtZPS0j8+vl36WW1tnWxoOXhK+vXb/90+VvvN4/dWzy1CGx1rGeQli8sfP8/hDCorTNyVbbWHZyateFEAY7zruyR13n/8H6Ly3on5va/6W23iMn278y16/kjsv3M/25drDH9RaqqI6yx/UylOvnX0YLVVRnNj6a2rdTu+pP5lezLYZKDH3t8u+Jp9ZI6Ji3GGJzLmvtfqU9tyHdf64fc/1Krl/tz91X87ppoVVjnD+eHZcbz17HfWl8Ree7uotbC8bPTm0tfVBPZv2Q/6Olftof7ftqyuqa/Z1a/g6VjndQt/H2xKfJqKexelx62jm/dpHtm1n/xIXVDe8dHimoI+6NKT+Wyt/6yejQ7a/tfGCsKH9jJeVXSuV/s/bID7ftfOG5wvyns/xqqfzLDgweX/v+jpWFz2c2ez59pfLvOPrBk8v/f+dUt7lu5u/J8mul8q+ZPjIw3DhwsLD+1dnzWVQq/6urb/z2lc/3HSvMD1n+YKn8DdP3PTUw3ri4MP9g66NQb67QEuvnx6krvhgf/36iKP+z7PkPd8mPPfNfntx91YtLdq0pXJ/rsuczUqr+my/Yv32ose+8ondn3HOmvjkB/puWpf+xHk/9sr8zF6rj98KzE32tb6ChtA2fyQvlzF1n8V+YDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzGDhyQAAAAAAj6/7odgQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFMBAAD//wTHJsI=")
listen(r3, 0x3) (async)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000001080045000034006500000f06907864010101ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8c02ffff90780000080a0009f0080000005600004770ec8e639f9400008ec6e878f7f959bcc86e7ba2af54c82a5429017180b6b669f1d7ad9ccb3f32b00d3c067dbd6b9ac24dff34060584f2e0b1050b63850773a11958131cca5737c79464ce864b5143c3490d1bf1cb3266f33d684f"], 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x40, 0x0, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x40000200, 0x9}]}}}}}}}, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) (async)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish-asm)\x00'}, 0x58)
r5 = socket$kcm(0x2, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000059c0)='./bus\x00', 0x1400e, &(0x7f0000000540)={[{@jqfmt_vfsv0}]}, 0x1, 0x439, &(0x7f0000000100)="$eJzs28tvG8UfAPDvrp3219cvpiqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCgJC5YgqcUcckfgLOMEFASckrnBHlSqUSwsno7V3G8exncY4ccGfj7TtzO5EM1/PTjyzkw1gaI1l/yQRuyPi14gYbWRXFxhr/Hdr+crMn8tXZpKo1d74I6mXu7l8ZaYoWvzcriJTjkg/SeJgm3oXLl0+N12tzl3M8xOL59+dWLh0+Zmz56fPzJ2ZuzB18uTxY5PPnZh6ti9xZnHdPPDB/KH9r7x17bWZU9fe/vHrpIi/JY4+Get28fFarc/VDdaepnRSHmBD2JBSY5jGSH38j0YpVjpvNF7+eKCNAzZVrVar3df58lIN+A9LYtAtAAaj+KLP1r/FsUVTj7vCjRcaC6As7lv50bhSjjQvM9Kyvu2nsYg4tfTXF9kRm/McAgBglW+z+c/T7eZ/aTQ/F/p/vodSiYh7ImJvRJyIiH0RcW9Evez9EfHAButv3SRZO/9Jr/cU2B3K5n/P53tbq+d/xewvKqU8t6ce/0hy+mx17mj+mRyJke1ZfrJLHd+99Mtnna41z/+yI6u/mAvm7bhe3t6nYNu48VHEgXK7+JPbOwFJROyPiAM91nH2ya8Odbq2fvxd9GGfqfZlxBON/l+KlvgLSff9yYn/RXXu6ERxV6z1089XX+9U/z+Kvw+y/t/Z9v4v4t9TSZr3axc2XsfV3z7tuKbp5f6fnV6c3pa8uerc+9OLixcnI7Ylr9bzlebzUy3lplbKZ/EfOdx+/O+NlU/iYERkN/GDEfFQRDyct/2RiHg0Ig53if+HFx97p/f4N1cW/2zX/o+W/l9JbIvWM+0TpXPff7Oq0spG4s/6/3g9dSQ/k/X/enHdSbt6u5sBAADg3yeNiN2RpOO302k6Pt74G/59sTOtzi8sPnV6/r0Ls413BCoxkhZPukabnodO5sv6Ij/Vkj+WPzf+vLSjnh+fma/ODjp4GHK7Ooz/zO+lQbcO2HTe14LhZfzD8DL+YXgZ/zC82oz/HYNoB7D12n3/fziAdgBbr2X82/aDIWL9D8OrbL0PQ8v3PwylhR2x/kvyEhJrEpHeFc2Q6DGRRkS3MoP+zQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAffwcAAP//KvHjlA==") (async)
sendmsg$inet(r5, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r5}) (async)
sendmmsg$inet(r0, &(0x7f0000007ac0)=[{{&(0x7f0000000180)={0x2, 0x4e23, @remote}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000240)="2a69c258ca", 0x34000}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000480)="7349b402ed", 0x5}, {0x0, 0x11}], 0x2}}, {{0x0, 0x0, &(0x7f0000000b40)}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x5, 0x40)
[ 74.886749][ T5304] Bluetooth: hci0: command tx timeout
[ 74.947234][ T5325] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'.
[ 75.115094][ T5325] 8021q: adding VLAN 0 to HW filter on device team1
[ 75.150448][ T5325] Zero length message leads to an empty skb
[ 75.704120][ T5327] loop0: detected capacity change from 0 to 32768
[ 76.267809][ T5327] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,prjquota,nochanges,recovery_pass_last=delete_dead_inodes,nojournal_transaction_names,read_only,version_upgrade=incompatible
[ 76.267842][ T5327] allowing incompatible features above 0.0: (unknown version)
[ 76.267849][ T5327] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 76.349983][ T5327] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 76.355634][ T5327] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing
[ 76.373668][ T5327] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:c0004000b compress none
[ 76.373686][ T5327] has non ptr field, deleting
[ 76.400583][ T5327] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 76.408789][ T5327] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete
[ 76.408789][ T5327] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive
[ 76.408789][ T5327] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents
[ 76.437861][ T5327] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version)
[ 76.437861][ T5327]
[ 76.457617][ T1317] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.483117][ T1317] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.656612][ T5327] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing
[ 76.677580][ T5327] bcachefs (loop0): btree node read error at btree snapshots level 0/0
[ 76.677612][ T5327] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 251 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[ 76.677620][ T5327] loop0 node offset 16/251: btree node data missing: expected 251 sectors, found 16
[ 76.677626][ T5327] repair success (rewriting node)
[ 76.742683][ T5327] bcachefs (loop0): check_topology...
[ 76.742832][ T5327] bcachefs (loop0): btree root inodes unreadable, must recover from scan
[ 76.767080][ T5327] bcachefs (loop0): no nodes found for btree inodes, continuing
[ 76.795446][ T5327] done
[ 76.807427][ T5327] bcachefs (loop0): accounting_read... done
[ 76.815289][ T5327] bcachefs (loop0): alloc_read... done
[ 76.833195][ T5327] bcachefs (loop0): snapshots_read... done
[ 76.837136][ T5327] bcachefs (loop0): check_allocations...
[ 76.876316][ T5327] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[ 76.876347][ T5327] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 76.938693][ T5304] Bluetooth: hci0: command tx timeout
[ 76.976618][ T5327] bcachefs (loop0): bucket 0:32 data type btree ptr gen 0 missing in alloc btree
[ 76.976635][ T5327] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 251 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[ 76.990865][ T5327] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[ 76.990881][ T5327] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 77.050392][ T5327] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree
[ 77.050410][ T5327] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing
[ 77.077253][ T5327] bcachefs (loop0): bucket 0:0 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.101747][ T5327] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.152100][ T5327] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.159412][ T5327] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.182626][ T5327] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.201282][ T5327] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.234821][ T5327] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.281684][ T5327] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.315134][ T5327] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.326426][ T5327] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.356947][ T5327] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.374253][ T5327] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.392543][ T5327] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.397353][ T5327] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.414373][ T5327] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.432137][ T5327] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.443298][ T5327] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.461750][ T5327] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing
[ 77.467124][ T5327] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.483172][ T5327] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.495179][ T5327] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.495193][ T5327] Ratelimiting new instances of previous error
[ 77.504177][ T5327] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.504193][ T5327] Ratelimiting new instances of previous error
[ 77.533945][ T5327] done
[ 77.538649][ T5327] bcachefs (loop0): going read-write
[ 77.850458][ T5327] bcachefs (loop0): journal_replay... done
[ 77.972373][ T5327] bcachefs (loop0): check_lrus... done
[ 77.974834][ T5327] bcachefs (loop0): check_backpointers_to_extents... done
[ 77.978465][ T5327] bcachefs (loop0): check_extents_to_backpointers...
[ 77.992038][ T5327] bcachefs (loop0): scanning for missing backpointers in 3/128 buckets
[ 78.014664][ T5327] done
[ 78.016454][ T5327] bcachefs (loop0): check_subvols... done
[ 78.021454][ T5327] bcachefs (loop0): check_inodes... done
[ 78.024000][ T5327] bcachefs (loop0): check_dirents...
[ 78.064117][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 6076453918297802131
[ 78.064142][ T5327] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 78.092417][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 6281464990376724908
[ 78.092599][ T5327] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 78.117176][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 1104262178338636251
[ 78.117189][ T5327] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 78.151941][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 3356798661773636202
[ 78.151956][ T5327] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 78.175247][ T5327] bcachefs (loop0): dirent points to missing inode:
[ 78.175260][ T5327] u64s 7 type dirent 4096:6076453918297802131:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 78.185127][ T5327] bcachefs (loop0): dirent points to missing inode:
[ 78.185154][ T5327] u64s 7 type dirent 4096:6281464990376724908:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 78.194845][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 2651672581231352684
[ 78.194859][ T5327] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing
[ 78.220882][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 5713716849063172002
[ 78.220898][ T5327] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing
[ 78.237335][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 5067489069388758440
[ 78.237348][ T5327] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk, fixing
[ 78.258096][ T5327] bcachefs (loop0): hash table key at wrong offset: should be at 6407666665079626333
[ 78.258111][ T5327] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg, fixing
[ 78.282992][ T5327] bcachefs (loop0): check_dirents requires second pass
[ 78.293226][ T5327] bcachefs (loop0): dirent points to missing inode:
[ 78.293241][ T5327] u64s 7 type dirent 4096:1104262178338636251:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 78.312331][ T5327] bcachefs (loop0): dirent points to missing inode:
[ 78.312345][ T5327] u64s 8 type dirent 4096:2651672581231352684:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing
[ 78.369402][ T5327] bcachefs (loop0): dirent points to missing inode:
[ 78.369415][ T5327] u64s 7 type dirent 4096:3356798661773636202:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 78.390382][ T5327] ==================================================================
[ 78.394122][ T5327] BUG: KASAN: use-after-free in bch2_check_dirents+0x1efd/0x3390
[ 78.400223][ T5327] Read of size 1 at addr ffff888054be0118 by task syz.0.0/5327
[ 78.413311][ T5327]
[ 78.415030][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full)
[ 78.415046][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 78.415052][ T5327] Call Trace:
[ 78.415060][ T5327]
[ 78.415065][ T5327] dump_stack_lvl+0x189/0x250
[ 78.415085][ T5327] ? __virt_addr_valid+0x1c8/0x5c0
[ 78.415097][ T5327] ? rcu_is_watching+0x15/0xb0
[ 78.415115][ T5327] ? __kasan_check_byte+0x12/0x40
[ 78.415126][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 78.415141][ T5327] ? rcu_is_watching+0x15/0xb0
[ 78.415155][ T5327] ? lock_release+0x4b/0x3e0
[ 78.415170][ T5327] ? __virt_addr_valid+0x1c8/0x5c0
[ 78.415179][ T5327] ? __virt_addr_valid+0x4a5/0x5c0
[ 78.415190][ T5327] print_report+0xd2/0x2b0
[ 78.415204][ T5327] ? bch2_check_dirents+0x1efd/0x3390
[ 78.415219][ T5327] kasan_report+0x118/0x150
[ 78.415230][ T5327] ? bch2_check_dirents+0x1efd/0x3390
[ 78.415246][ T5327] bch2_check_dirents+0x1efd/0x3390
[ 78.415264][ T5327] ? bch2_check_dirents+0x2ea/0x3390
[ 78.415279][ T5327] ? desc_read+0x1b8/0x3f0
[ 78.415295][ T5327] ? prb_first_seq+0xfd/0x1a0
[ 78.415309][ T5327] ? __pfx_bch2_check_dirents+0x10/0x10
[ 78.415324][ T5327] ? __pfx_prb_first_seq+0x10/0x10
[ 78.415338][ T5327] ? desc_read+0x1b8/0x3f0
[ 78.415353][ T5327] ? this_cpu_in_panic+0x4f/0x80
[ 78.415367][ T5327] ? _prb_read_valid+0xa07/0xa90
[ 78.415382][ T5327] ? console_flush_all+0x13a/0xc40
[ 78.415393][ T5327] ? up+0xde/0x150
[ 78.415467][ T5327] ? __console_unlock+0x14c/0x1a0
[ 78.415477][ T5327] ? __pfx___console_unlock+0x10/0x10
[ 78.415490][ T5327] ? prb_read_valid+0x3c/0x60
[ 78.415504][ T5327] ? console_unlock+0x21b/0x270
[ 78.415514][ T5327] ? __pfx_console_unlock+0x10/0x10
[ 78.415534][ T5327] ? vprintk_emit+0x63e/0x7a0
[ 78.415549][ T5327] ? __bch2_print+0x176/0x220
[ 78.415567][ T5327] ? bch2_check_dirents+0x2ea/0x3390
[ 78.415582][ T5327] ? _raw_spin_unlock_irq+0x23/0x50
[ 78.415595][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 78.415611][ T5327] __bch2_run_recovery_passes+0x395/0x1010
[ 78.415628][ T5327] bch2_run_recovery_passes+0x184/0x210
[ 78.415640][ T5327] bch2_fs_recovery+0x25fd/0x3950
[ 78.415655][ T5327] ? check_noncircular+0xe0/0x160
[ 78.415667][ T5327] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 78.415685][ T5327] ? __lock_acquire+0xab9/0xd20
[ 78.415702][ T5327] ? __lock_acquire+0xab9/0xd20
[ 78.415717][ T5327] ? __lock_acquire+0xab9/0xd20
[ 78.415735][ T5327] ? bch2_fs_start+0x9fe/0xd90
[ 78.415746][ T5327] ? up_write+0x1c4/0x420
[ 78.415754][ T5327] ? bch2_fs_start+0x5c4/0xd90
[ 78.415764][ T5327] bch2_fs_start+0xa99/0xd90
[ 78.415774][ T5327] ? bch2_fs_start+0x5c4/0xd90
[ 78.415784][ T5327] ? __pfx_bch2_fs_start+0x10/0x10
[ 78.415798][ T5327] ? sget+0x267/0x620
[ 78.415813][ T5327] bch2_fs_get_tree+0xb02/0x14f0
[ 78.415834][ T5327] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 78.415853][ T5327] ? aa_get_newest_label+0xf7/0x5d0
[ 78.415867][ T5327] ? vfs_parse_monolithic_sep+0x2df/0x310
[ 78.415882][ T5327] ? apparmor_capable+0x137/0x1b0
[ 78.415894][ T5327] vfs_get_tree+0x8f/0x2b0
[ 78.415904][ T5327] do_new_mount+0x24a/0xa40
[ 78.415918][ T5327] __se_sys_mount+0x317/0x410
[ 78.415932][ T5327] ? __pfx___se_sys_mount+0x10/0x10
[ 78.415945][ T5327] ? do_syscall_64+0xbe/0x3b0
[ 78.415953][ T5327] ? __x64_sys_mount+0x20/0xc0
[ 78.415964][ T5327] do_syscall_64+0xfa/0x3b0
[ 78.415974][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 78.415987][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.415998][ T5327] ? clear_bhb_loop+0x60/0xb0
[ 78.416038][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.416050][ T5327] RIP: 0033:0x7f7c26d900ca
[ 78.416062][ T5327] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 78.416071][ T5327] RSP: 002b:00007f7c27c3ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 78.416084][ T5327] RAX: ffffffffffffffda RBX: 00007f7c27c3eef0 RCX: 00007f7c26d900ca
[ 78.416092][ T5327] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f7c27c3eeb0
[ 78.416099][ T5327] RBP: 00002000000000c0 R08: 00007f7c27c3eef0 R09: 0000000000818001
[ 78.416106][ T5327] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 78.416113][ T5327] R13: 00007f7c27c3eeb0 R14: 0000000000005974 R15: 0000200000000480
[ 78.416124][ T5327]
[ 78.416128][ T5327]
[ 78.906418][ T5327] The buggy address belongs to the physical page:
[ 78.912293][ T5327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54be0
[ 78.930672][ T5327] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 78.934748][ T5327] page_type: f0(buddy)
[ 78.938728][ T5327] raw: 04fff00000000000 ffffea0001588808 ffff88805ffd6f08 0000000000000000
[ 78.951198][ T5327] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000
[ 78.955564][ T5327] page dumped because: kasan: bad access detected
[ 78.958179][ T5327] page_owner tracks the page as freed
[ 78.970654][ T5327] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5327, tgid 5324 (syz.0.0), ts 78282483820, free_ts 78390301328
[ 78.977189][ T5327] post_alloc_hook+0x240/0x2a0
[ 78.989391][ T5327] get_page_from_freelist+0x21e4/0x22c0
[ 78.992278][ T5327] __alloc_frozen_pages_noprof+0x181/0x370
[ 78.995016][ T5327] __alloc_pages_noprof+0xa/0x30
[ 79.000378][ T5327] ___kmalloc_large_node+0x85/0x210
[ 79.002536][ T5327] __kmalloc_large_node_noprof+0x18/0x90
[ 79.010429][ T5327] __kvmalloc_node_noprof+0x6d/0x5f0
[ 79.012619][ T5327] btree_node_sort+0x666/0x1760
[ 79.014592][ T5327] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 79.030719][ T5327] bch2_btree_node_prep_for_write+0x337/0x650
[ 79.035185][ T5327] bch2_trans_lock_write+0x669/0xba0
[ 79.037817][ T5327] __bch2_trans_commit+0x2829/0x8880
[ 79.041589][ T5327] bch2_str_hash_repair_key+0x2a2d/0x3fa0
[ 79.050627][ T5327] __bch2_str_hash_check_key+0xa65/0xd40
[ 79.053226][ T5327] bch2_check_dirents+0x209b/0x3390
[ 79.055719][ T5327] __bch2_run_recovery_passes+0x395/0x1010
[ 79.058364][ T5327] page last free pid 5327 tgid 5324 stack trace:
[ 79.074498][ T5327] __free_pages_ok+0xa44/0xc20
[ 79.076569][ T5327] __folio_put+0x21b/0x2c0
[ 79.078455][ T5327] free_large_kmalloc+0x145/0x200
[ 79.094142][ T5327] btree_node_sort+0x117f/0x1760
[ 79.096476][ T5327] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 79.099152][ T5327] bch2_btree_node_prep_for_write+0x337/0x650
[ 79.102169][ T5327] bch2_trans_lock_write+0x669/0xba0
[ 79.104639][ T5327] __bch2_trans_commit+0x2829/0x8880
[ 79.107025][ T5327] bch2_check_dirents+0x1cdf/0x3390
[ 79.125625][ T5327] __bch2_run_recovery_passes+0x395/0x1010
[ 79.128225][ T5327] bch2_run_recovery_passes+0x184/0x210
[ 79.130669][ T5327] bch2_fs_recovery+0x25fd/0x3950
[ 79.133494][ T5327] bch2_fs_start+0xa99/0xd90
[ 79.135437][ T5327] bch2_fs_get_tree+0xb02/0x14f0
[ 79.137544][ T5327] vfs_get_tree+0x8f/0x2b0
[ 79.140438][ T5327] do_new_mount+0x24a/0xa40
[ 79.145692][ T5327]
[ 79.148209][ T5327] Memory state around the buggy address:
[ 79.154398][ T5327] ffff888054be0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 79.161096][ T5327] ffff888054be0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 79.166562][ T5327] >ffff888054be0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 79.185469][ T5327] ^
[ 79.187731][ T5327] ffff888054be0180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 79.191305][ T5327] ffff888054be0200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 79.194783][ T5327] ==================================================================
[ 79.235854][ T4673] Bluetooth: hci0: command tx timeout
[ 79.367950][ T5327] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 79.381738][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full)
[ 79.387087][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 79.408843][ T5327] Call Trace:
[ 79.411164][ T5327]
[ 79.413357][ T5327] dump_stack_lvl+0x99/0x250
[ 79.416096][ T5327] ? __asan_memcpy+0x40/0x70
[ 79.429733][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 79.432508][ T5327] ? __pfx__printk+0x10/0x10
[ 79.434830][ T5327] panic+0x2db/0x790
[ 79.436883][ T5327] ? __pfx_panic+0x10/0x10
[ 79.439938][ T5327] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 79.442907][ T5327] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 79.446246][ T5327] ? print_memory_metadata+0x314/0x400
[ 79.459254][ T5327] ? bch2_check_dirents+0x1efd/0x3390
[ 79.470876][ T5327] check_panic_on_warn+0x89/0xb0
[ 79.473770][ T5327] ? bch2_check_dirents+0x1efd/0x3390
[ 79.476130][ T5327] end_report+0x78/0x160
[ 79.484047][ T5327] kasan_report+0x129/0x150
[ 79.487163][ T5327] ? bch2_check_dirents+0x1efd/0x3390
[ 79.489883][ T5327] bch2_check_dirents+0x1efd/0x3390
[ 79.492794][ T5327] ? bch2_check_dirents+0x2ea/0x3390
[ 79.495740][ T5327] ? desc_read+0x1b8/0x3f0
[ 79.509388][ T5327] ? prb_first_seq+0xfd/0x1a0
[ 79.513327][ T5327] ? __pfx_bch2_check_dirents+0x10/0x10
[ 79.517370][ T5327] ? __pfx_prb_first_seq+0x10/0x10
[ 79.520698][ T5327] ? desc_read+0x1b8/0x3f0
[ 79.523229][ T5327] ? this_cpu_in_panic+0x4f/0x80
[ 79.526670][ T5327] ? _prb_read_valid+0xa07/0xa90
[ 79.529981][ T5327] ? console_flush_all+0x13a/0xc40
[ 79.535343][ T5327] ? up+0xde/0x150
[ 79.537693][ T5327] ? __console_unlock+0x14c/0x1a0
[ 79.542302][ T5327] ? __pfx___console_unlock+0x10/0x10
[ 79.561407][ T5327] ? prb_read_valid+0x3c/0x60
[ 79.563730][ T5327] ? console_unlock+0x21b/0x270
[ 79.565963][ T5327] ? __pfx_console_unlock+0x10/0x10
[ 79.576353][ T5327] ? vprintk_emit+0x63e/0x7a0
[ 79.578664][ T5327] ? __bch2_print+0x176/0x220
[ 79.581453][ T5327] ? bch2_check_dirents+0x2ea/0x3390
[ 79.583740][ T5327] ? _raw_spin_unlock_irq+0x23/0x50
[ 79.585834][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 79.588223][ T5327] __bch2_run_recovery_passes+0x395/0x1010
[ 79.591944][ T5327] bch2_run_recovery_passes+0x184/0x210
[ 79.614856][ T5327] bch2_fs_recovery+0x25fd/0x3950
[ 79.616971][ T5327] ? check_noncircular+0xe0/0x160
[ 79.621069][ T5327] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 79.633581][ T5327] ? __lock_acquire+0xab9/0xd20
[ 79.639012][ T5327] ? __lock_acquire+0xab9/0xd20
[ 79.641184][ T5327] ? __lock_acquire+0xab9/0xd20
[ 79.643290][ T5327] ? bch2_fs_start+0x9fe/0xd90
[ 79.645245][ T5327] ? up_write+0x1c4/0x420
[ 79.647061][ T5327] ? bch2_fs_start+0x5c4/0xd90
[ 79.661614][ T5327] bch2_fs_start+0xa99/0xd90
[ 79.671745][ T5327] ? bch2_fs_start+0x5c4/0xd90
[ 79.677586][ T5327] ? __pfx_bch2_fs_start+0x10/0x10
[ 79.682083][ T5327] ? sget+0x267/0x620
[ 79.684247][ T5327] bch2_fs_get_tree+0xb02/0x14f0
[ 79.703684][ T5327] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 79.715487][ T5327] ? aa_get_newest_label+0xf7/0x5d0
[ 79.718227][ T5327] ? vfs_parse_monolithic_sep+0x2df/0x310
[ 79.721443][ T5327] ? apparmor_capable+0x137/0x1b0
[ 79.724078][ T5327] vfs_get_tree+0x8f/0x2b0
[ 79.726608][ T5327] do_new_mount+0x24a/0xa40
[ 79.744324][ T5327] __se_sys_mount+0x317/0x410
[ 79.751696][ T5327] ? __pfx___se_sys_mount+0x10/0x10
[ 79.758397][ T5327] ? do_syscall_64+0xbe/0x3b0
[ 79.764257][ T5327] ? __x64_sys_mount+0x20/0xc0
[ 79.770978][ T5327] do_syscall_64+0xfa/0x3b0
[ 79.776663][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 79.784310][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.791348][ T5327] ? clear_bhb_loop+0x60/0xb0
[ 79.793704][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.799057][ T5327] RIP: 0033:0x7f7c26d900ca
[ 79.801240][ T5327] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 79.834630][ T5327] RSP: 002b:00007f7c27c3ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 79.851659][ T5327] RAX: ffffffffffffffda RBX: 00007f7c27c3eef0 RCX: 00007f7c26d900ca
[ 79.856581][ T5327] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f7c27c3eeb0
[ 79.860995][ T5327] RBP: 00002000000000c0 R08: 00007f7c27c3eef0 R09: 0000000000818001
[ 79.872193][ T5327] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 79.880222][ T5327] R13: 00007f7c27c3eeb0 R14: 0000000000005974 R15: 0000200000000480
[ 79.883400][ T5327]
[ 79.884986][ T5327] Kernel Offset: disabled
[ 79.886692][ T5327] Rebooting in 86400 seconds..